diff --git a/.clomonitor.yml b/.clomonitor.yml new file mode 100644 index 00000000..c75e8a7b --- /dev/null +++ b/.clomonitor.yml @@ -0,0 +1,27 @@ +# CLOMonitor metadata file +# This file must be located at the root of the repository + +# Checks exemptions +exemptions: + - check: dependency_update_tool + reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI) + - check: sbom + reason: "Tracking Helm dependencies is not yet a stable practice." + - check: self_assessment + reason: "Refer to self assessments supplied by the codebases Argo Helm supports." + - check: signed_releases + reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only." + - check: license_scanning + reason: "Temporary exemption: pending response from CNCF Service Desk" + +# TODO: +# License scanning information +# licenseScanning: + # URL with the repository's license scanning results + # + # CLOMonitor can extract license scanning results from FOSSA and Snyk badges + # in the repository README.md file automatically. If your repository uses a + # different scanning solution, this url can be set to pass the corresponding + # check. + # url: https://license-scanning-results.url + diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..cb90a2c2 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,4 @@ +[*.{md,md.gotmpl}] +indent_style = space +indent_size = 4 +trim_trailing_whitespace = false diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..c0d0ab9d --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,6 @@ +* @mkilchhofer @jmeridth @yu-croco + +/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 +/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 +/charts/argo-events/ @pdrastil @jmeridth @tico24 @yu-croco +/charts/argo-rollouts/ @jmeridth @yu-croco diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml index f69de536..bef979b8 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yaml +++ b/.github/ISSUE_TEMPLATE/bug_report.yaml @@ -22,10 +22,19 @@ body: - argo-rollouts - argo-workflows - argocd-image-updater + - argocd-apps - other validations: required: true +- type: input + attributes: + label: Helm chart version + description: Version of the Helm chart this issue relates to + placeholder: e.g. 0.16.2 + validations: + required: true + - type: textarea attributes: label: To Reproduce diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 5a31b2c7..bb9a2645 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,6 +1,9 @@ blank_issues_enabled: false contact_links: + - name: Ask a question + url: https://github.com/argoproj/argo-helm/discussions/new + about: Ask a question or start a discussion about our community Helm Charts - name: Chat on Slack url: https://argoproj.github.io/community/join-slack about: Maybe chatting with the community can help diff --git a/.github/ISSUE_TEMPLATE/feature_request.yaml b/.github/ISSUE_TEMPLATE/feature_request.yaml index b755e584..e3f0c1a8 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.yaml +++ b/.github/ISSUE_TEMPLATE/feature_request.yaml @@ -24,6 +24,7 @@ body: - argo-rollouts - argo-workflows - argocd-image-updater + - argocd-apps - other validations: required: true diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml index 01fdbe0c..154dbfbf 100644 --- a/.github/configs/cr.yaml +++ b/.github/configs/cr.yaml @@ -1,2 +1,12 @@ ## Reference: https://github.com/helm/chart-releaser -index-path: "./index.yaml" \ No newline at end of file +index-path: "./index.yaml" + +# PGP signing +sign: true +key: Argo Helm maintainers +# keyring: # Set via env variable CR_KEYRING +# passphrase-file: # Set via env variable CR_PASSPHRASE_FILE + +# Enable automatic generation of release notes using GitHubs release notes generator. +# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes +generate-release-notes: true diff --git a/.github/configs/ct-install.yaml b/.github/configs/ct-install.yaml index ff56c21c..df00bb1e 100644 --- a/.github/configs/ct-install.yaml +++ b/.github/configs/ct-install.yaml @@ -6,11 +6,7 @@ target-branch: main chart-dirs: - charts chart-repos: - - argo=https://argoproj.github.io/argo-helm - - minio=https://helm.min.io/ - dandydeveloper=https://dandydeveloper.github.io/charts/ - - stable=https://charts.helm.sh/stable - - incubator=https://charts.helm.sh/incubator helm-extra-args: "--timeout 600s" validate-chart-schema: false validate-maintainers: true diff --git a/.github/configs/ct-lint.yaml b/.github/configs/ct-lint.yaml index 16d01791..99cb8b3c 100644 --- a/.github/configs/ct-lint.yaml +++ b/.github/configs/ct-lint.yaml @@ -6,12 +6,7 @@ target-branch: main chart-dirs: - charts chart-repos: - - argo=https://argoproj.github.io/argo-helm - - minio=https://helm.min.io/ - dandydeveloper=https://dandydeveloper.github.io/charts/ - - stable=https://charts.helm.sh/stable - - incubator=https://charts.helm.sh/incubator -helm-extra-args: "--timeout 600s" validate-chart-schema: false validate-maintainers: true validate-yaml: true diff --git a/.github/configs/labeler.yaml b/.github/configs/labeler.yaml index b00bd383..80b72ba8 100644 --- a/.github/configs/labeler.yaml +++ b/.github/configs/labeler.yaml @@ -1,14 +1,23 @@ argo-cd: - - charts/argo-cd/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-cd/** argo-events: - - charts/argo-events/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-events/** argo-rollouts: - - charts/argo-rollouts/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-rollouts/** argo-workflows: - - charts/argo-workflows/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-workflows/** argocd-image-updater: - - charts/argocd-image-updater/**/* + - changed-files: + - any-glob-to-any-file: charts/argocd-image-updater/** + +argocd-apps: + - changed-files: + - any-glob-to-any-file: charts/argocd-apps/** diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js new file mode 100644 index 00000000..f453f640 --- /dev/null +++ b/.github/configs/renovate-config.js @@ -0,0 +1,8 @@ +module.exports = { + platform: 'github', + // This ensures that the gitAuthor and gitSignOff fields match + gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>', + autodiscover: false, + allowPostUpgradeCommandTemplating: true, + allowedPostUpgradeCommands: [".*"], + }; diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..4d8e45c5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +## Reference: https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: weekly + day: "saturday" + commit-message: + prefix: "chore(deps)" + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 741d56a9..ed14509e 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,6 +1,8 @@ + Checklist: @@ -8,7 +10,7 @@ Checklist: * [ ] I have updated the documentation according to [documentation](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#documentation) * [ ] I have updated the chart changelog with all the changes that come with this pull request according to [changelog](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). * [ ] Any new values are backwards compatible and/or have sensible default. -* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/main/community#contributing-to-argo). -* [ ] My build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)). +* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md). +* [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/stable/developer-guide/ci/)). -Changes are automatically published when merged to `main`. They are not published on branches. + diff --git a/.github/semantic.yml b/.github/semantic.yml deleted file mode 100644 index d93cf9cc..00000000 --- a/.github/semantic.yml +++ /dev/null @@ -1,3 +0,0 @@ -## Reference: https://github.com/zeke/semantic-pull-requests -# Always validate the PR title, and ignore the commits -titleOnly: true diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index b5bf57f3..c719d45d 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -1,27 +1,47 @@ ## Reference: https://github.com/helm/chart-testing-action ---- name: Linting and Testing on: pull_request -jobs: + +permissions: + contents: read + +jobs: + linter-artifacthub: + runs-on: ubuntu-latest + container: + image: public.ecr.aws/artifacthub/ah:v1.14.0 + options: --user 1001 + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Run ah lint + working-directory: ./charts + run: ah lint + chart-test: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@v2 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: - python-version: 3.7 + python-version: 3.9 - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.1.0 + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 + with: + # Note: Also update in scripts/lint.sh + version: v3.11.0 - name: List changed charts id: list-changed @@ -30,12 +50,13 @@ jobs: changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed) charts=$(echo "$changed" | tr '\n' ' ' | xargs) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" - echo "::set-output name=changed_charts::$charts" + echo "changed=true" >> $GITHUB_OUTPUT + echo "changed_charts=$charts" >> $GITHUB_OUTPUT fi + - name: Run chart-testing (lint) run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml - + - name: Run docs-testing (helm-docs) id: helm-docs run: | @@ -49,16 +70,18 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@v1.2.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml - - name: Deploy latest ArgoCD CRDs when testing ArgoCD extensions if: | - contains(steps.list-changed.outputs.changed_charts, 'argocd-image-updater') + contains(steps.list-changed.outputs.changed_charts, 'argocd-image-updater') || + contains(steps.list-changed.outputs.changed_charts, 'argocd-apps') run: | - kubectl apply -f charts/argo-cd/crds + helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ + helm dependency build charts/argo-cd/ + helm template charts/argo-cd/ --set server.extensions.enabled=true -s templates/crds/* | kubectl apply -f - - name: Skip HPA tests of ArgoCD if: contains(steps.list-changed.outputs.changed_charts, 'argo-cd') diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 4b2debef..9bde9db4 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -1,9 +1,12 @@ ## Reference: https://github.com/pascalgn/size-label-action ---- name: 'PR Labeling' + on: pull_request_target: - types: [opened, synchronize, reopened] + types: + - opened + - synchronize + - reopened permissions: contents: read @@ -13,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" @@ -22,7 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - name: size-label - uses: "pascalgn/size-label-action@v0.4.2" + - uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml new file mode 100644 index 00000000..170d908b --- /dev/null +++ b/.github/workflows/pr-title.yml @@ -0,0 +1,37 @@ +## Reference: https://github.com/amannn/action-semantic-pull-request +name: "Lint PR" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + contents: read + +jobs: + main: + permissions: + pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs + statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR + name: Validate PR title + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + # Configure which scopes are allowed. + scopes: | + argo-cd + argo-events + argo-rollouts + argo-workflows + argocd-image-updater + argocd-apps + deps + github + # Configure that a scope must always be provided. + requireScope: true diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f3b502e0..f6dcec99 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,42 +1,83 @@ ---- +## Reference: https://github.com/helm/chart-releaser-action name: Chart Publish on: push: branches: - main - - rewrite-build + paths: + - "charts/**" + +permissions: + contents: read + jobs: publish: + if: github.repository == 'argoproj/argo-helm' + permissions: + contents: write # for helm/chart-releaser-action to push chart release and create a release + packages: write # to push OCI chart package to GitHub Registry runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: v3.10.1 # Also update in lint-and-test.yaml - name: Add dependency chart repos run: | - helm repo add argo https://argoproj.github.io/argo-helm - helm repo add minio https://helm.min.io/ helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ - helm repo add stable https://charts.helm.sh/stable - helm repo add incubator https://charts.helm.sh/incubator + - name: Configure Git run: | git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases. - - name: Fetch current Chart Index + - name: Fetch current Chart Index run: | git checkout origin/gh-pages index.yaml + # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key + # in ASCII-armored format. To export a (new) key, run this command: + # `gpg --armor --export-secret-key ` + - name: Prepare PGP key + run: | + IFS="" + echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg + echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt + + # Tell chart-releaser-action where to find the key and its passphrase + echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV" + echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV" + env: + PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}" + PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" + - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.2.0 - with: + uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 + with: config: "./.github/configs/cr.yaml" env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Login to GHCR + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push chart to GHCR + run: | + shopt -s nullglob + for pkg in .cr-release-packages/*.tgz; do + if [ -z "${pkg:-}" ]; then + break + fi + helm push "${pkg}" oci://ghcr.io/${{ github.repository }} + done diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 00000000..9460d792 --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,38 @@ +name: Renovate +on: + # The "*" (#42, asterisk) character has special semantics in YAML, so this + # string has to be quoted. + schedule: + - cron: '0 * * * *' + # Manual trigger is also possible + workflow_dispatch: {} + +permissions: + contents: read + +jobs: + renovate: + if: github.repository == 'argoproj/argo-helm' + runs-on: ubuntu-latest + steps: + - name: Get token + uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5 + id: get_token + with: + app-id: ${{ vars.RENOVATE_APP_ID }} + private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@e084b5ac6fd201023db6dd7743aec023babb02c8 # v41.0.13 + with: + configurationFile: .github/configs/renovate-config.js + # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate + renovate-version: 39.153.2 + token: '${{ steps.get_token.outputs.token }}' + mount-docker-socket: true + env: + LOG_LEVEL: 'debug' + RENOVATE_REPOSITORIES: '${{ github.repository }}' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 00000000..29f267d3 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,73 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '21 6 * * 6' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + if: github.repository_owner == 'argoproj' + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + with: + sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 5947dfc3..159a0e8e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -3,11 +3,18 @@ name: Mark stale issues and pull requests on: schedule: - cron: "30 1 * * *" + +permissions: + contents: read + jobs: stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@v4 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index 7627dc16..00000000 --- a/CODEOWNERS +++ /dev/null @@ -1,16 +0,0 @@ -# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners - -# Other and new charts -/charts/ @oliverbaehler - -# Argo Workflows -/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand - -# Argo CD -/charts/argo-cd/ @davidkarlsen @mr-sour @yann-soubeyrand @mbevc1 @mkilchhofer - -# Argo Events -/charts/argo-events/ @jbehling @VaibhavPage - -# Argo Rollouts -/charts/argo-rollouts/ diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..37789a9d --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,9 @@ +# Code of Conduct + +We adhere to the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). Please reference the link for details. + +## TL;DR (too long didn't read) + +Be kind + +Your participation is at the discression of the maintainers of this project. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 36ef70b6..c20486f6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,110 +2,162 @@ Argo Helm is a collection of **community maintained** charts. Therefore we rely on you to test your changes sufficiently. - -# Pull Requests +## Pull Requests All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. See the above stated requirements for PR on this project. +### Pull Request Title Linting + +We lint the title of your pull request to ensure it follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification. This is done using GitHub actions and the [action-semantic-pull-request](.github/workflows/pr-title.yml) workflow. We require the scope of the change to be included in the title. The scope should be the name of the chart you are changing. For example, if you are changing the `argo-cd` chart, the title of your pull request should be `fix(argo-cd): Fix typo in values.yaml`. + +## Documentation + +The documentation for each chart is generated with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. + +We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges): + +```shell +./scripts/helm-docs.sh +``` + +> **Note** +> When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file. + +### Updating a chart README.md + +When updating the `README.md.gotmpl` inside a chart directory you must to run the `helm-docs` script to generate the updated `README.md` file. To reiterate, you should not edit the `README.md` file manually. It will be generated by the following command: + +```shell +./scripts/helm-docs.sh +``` + +> **Note** +> If you see changes to unrelated chart `README.md` files you may have accidentally updated a `README.md.gotmpl` file in another chart's folder unintentionally or someone else failed to run this script. Please revert those changes if you do not intend them to be a part of your pull request. + ## Versioning -Each chart's version follows the [semver standard](https://semver.org/). New charts should start at version `1.0.0`, if it's considered stable. If it's not considered stable, it must be released as [prerelease](#prerelease). +Each chart's version follows the [semver standard](https://semver.org/). + +New charts should start at version `1.0.0`, if it's considered stable. If it isn't considered stable, it must be released as `prerelease`. Any breaking changes to a chart (backwards incompatible) require: - * Bump of the current Major version of the chart - * State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` ([See Upgrade](#upgrades)) +* Bump of the current Major version of the chart +* State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` + +### New Application Versions + +Helm charts are intended to be created for all non-patched releases of Argo CD, Workflows, Rollouts, and Events. Associated dependencies, such as Redis, will use the version recommended by the associated release. + +When selecting new application versions ensure you make the following changes: + +* `values.yaml`: Bump all instances of the container image version +* `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version` + +Please ensure chart version changes adhere to semantic versioning standards: + +* Major: Large chart rewrites, major non-backwards compatible or destructive changes +* Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes +* Patch: App version patch updates, backwards compatible optional chart features ### Immutability Each release for each chart must be immutable. Any change to a chart (even just documentation) requires a version bump. Trying to release the same version twice will result in an error. +### Chart Versioning + +Currently we require a chart version bump for every change to a chart, including updating information for older versions. This may change in the future. ### Artifact Hub Annotations Since we release our charts on Artifact Hub we encourage making use of the provided chart annotations for Artifact Hub. - * [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/) +* [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/) #### Changelog We want to deliver transparent chart releases for our chart consumers. Therefore we require a changelog per new chart release. -Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). For every new release the entire `artifacthub.io/changes` needs to be rewritten. Each change requires a new bullet point following the pattern `- "[{type}]: {description}"`. You can use the following template: +Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). +A new `artifacthub.io/changes` needs to be written covering only the changes since the previous release. + +Each change requires a new bullet point following the pattern. See more information [Artifact Hub annotations in Helm Chart.yaml file](https://artifacthub.io/docs/topics/annotations/helm/). + +```yaml +- kind: {type} + description: {description} ``` + +You can use the following template: + +```yaml name: argo-cd -version: 3.4.1 +version: 5.19.12 ... annotations: artifacthub.io/changes: | - - "[Added]: Something New was added" - - "[Changed]: Changed Something within this chart" - - "[Changed]: Changed Something else within this chart" - - "[Deprecated]: Something deprecated" - - "[Removed]: Something was removed" - - "[Fixed]: Something was fixed" - - "[Security]": Some Security Patch was included" + - kind: added + description: Something New was added + - kind: changed + description: Changed Something within this chart + - kind: changed + description: Changed Something else within this chart + - kind: deprecated + description: Something deprecated + - kind: removed + description: Something was removed + - kind: fixed + description: Something was fixed + - kind: security + description: Some Security Patch was included ``` -## Documentation +## Testing -The documentation for each chart is done with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. - -We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges): - -``` -bash scripts/helm-docs.sh -``` - -**NOTE**: When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file. - - - -# Testing - -## Testing Argo Workflows Changes +### Testing Argo Workflows Changes Minimally: -``` +```shell helm install charts/argo-workflows -n argo argo version ``` -Follow this instructions for running a hello world workflow. +Follow [these](https://argo-workflows.readthedocs.io/en/stable/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow. -## Testing Argo CD Changes +### Testing Argo CD Changes Clean-up: -``` +```shell helm delete argo-cd --purge kubectl delete crd -l app.kubernetes.io/part-of=argocd ``` Pre-requisites: -``` + +```shell helm repo add redis-ha https://dandydeveloper.github.io/charts/ helm dependency update ``` Minimally: -``` -helm install charts/argo-cd --namespace argocd -n argo-cd +```shell +helm install argocd argo/argo-cd -n argocd --create-namespace kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443 ``` In a new terminal: -``` +```shell argocd version --server localhost:8080 --insecure # reset password to 'Password1!' kubectl -n argocd patch secret argocd-secret \ -p '{"stringData": { - "admin.password": "$2a$10$hDj12Tw9xVmvybSahN1Y0.f9DZixxN8oybyA32Uy/eqWklFU4Mo8O", - "admin.passwordMtime": "'$(date +%FT%T%Z)'" + "admin.password": "$2a$10$hDj12Tw9xVmvybSahN1Y0.f9DZixxN8oybyA32Uy/eqWklFU4Mo8O", + "admin.passwordMtime": "'$(date +%FT%T%Z)'" }}' argocd login localhost:8080 --username admin --password 'Password1!' @@ -114,38 +166,25 @@ argocd login localhost:8080 --username admin --password 'Password1!' Create and sync app: -``` +```shell argocd app create guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --path guestbook --project default --repo https://github.com/argoproj/argocd-example-apps.git argocd app sync guestbook ``` -## New Application Versions - -When raising application versions ensure you make the following changes: - -- `values.yaml`: Bump all instances of the container image version -- `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version` - -Please ensure chart version changes adhere to semantic versioning standards: - -- Patch: App version patch updates, backwards compatible optional chart features -- Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes -- Major: Large chart rewrites, major non-backwards compatible or destructive changes - -## Testing Charts +### Testing Charts As part of the Continuous Integration system we run Helm's [Chart Testing](https://github.com/helm/chart-testing) tool. -The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. +The checks for Chart Testing are stricter than the standard Helm requirements. For example, fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml) The linting can be invoked manually with the following command: -``` +```shell ./scripts/lint.sh ``` ## Publishing Changes -Changes are automatically publish whenever a commit is merged to main. The CI job (see `./.github/workflows/publish.yml`). +Changes are automatically publish whenever a commit is merged to the `main` branch by the CI job (see `./.github/workflows/publish.yml`). diff --git a/EMERITUS.md b/EMERITUS.md new file mode 100644 index 00000000..c0ff9674 --- /dev/null +++ b/EMERITUS.md @@ -0,0 +1,14 @@ +# Emeritus Approvers + +These are the people who have been approvers in the past, and have since retired from the role. + +We thank them for their service to the project. + +| Emeritus | GitHub ID | +| -------- | --------- | +| Oliver Bähler | [oliverbaehler](https://github.com/oliverbaehler) | +| Stefan Sedich | [stefansedich](https://github.com/stefansedich) | +| Pablo Osinaga | [paguos](https://github.com/paguos) | +| Yann Soubeyrand | [yann-soubeyrand](https://github.com/yann-soubeyrand) | +| David J. M. Karlsen | [davidkarlsen](https://github.com/davidkarlsen) | +| John Behling | [jbehling](https://github.com/jbehling) | diff --git a/OWNERS b/OWNERS deleted file mode 100644 index e393c5ba..00000000 --- a/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -owners: -- alexec -- alexmt -- jessesuen - -approvers: -- alexec -- alexmt -- jessesuen diff --git a/README.md b/README.md index a5bbf0d9..c4092e07 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,104 @@ # Argo Helm Charts +[![Slack](https://img.shields.io/badge/slack-%23argo--helm--charts-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) +[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo) +[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm) +[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7942/badge)](https://www.bestpractices.dev/projects/7942) -Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command: +Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command: -``` +```bash helm repo add argo https://argoproj.github.io/argo-helm ``` ## Contributing -We'd love to have you contribute! Please refer to our [contribution guidelines](CONTRIBUTING.md) for details. \ No newline at end of file +We'd love to have you contribute! Please refer to our [contribution guidelines](CONTRIBUTING.md) for details. + +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of the main four charts (argo-cd, argo-workflows, argo-events, argo-rollouts) by using `--set crds.install=false` when installing the chart. + +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Our CRDs have been moved to `/templates` to address this design decision. + +If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +Example: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=" + +# Eg. version v2.4.9 +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" +``` + +### Security Policy + +Please refer to [SECURITY.md](SECURITY.md) for details on how to report security issues. + +### Changelog + +Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). + +## Charts use Helm "Capabilities" + +Our charts make use of the Helm built-in object "Capabilities": +> This provides information about what capabilities the Kubernetes cluster supports. +> *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/* + +Today we use: + +- `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster +- `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1") + +If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster. + +For this you need to pass the `--api-versions` parameter to the `helm template` command: + +```bash +helm template argocd \ + oci://ghcr.io/argoproj/argo-helm/argo-cd \ + --api-versions monitoring.coreos.com/v1 \ + --values my-argocd-values.yaml +``` + +If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options. + +Example with Kustomize: + +```yaml +# kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: +- name: argo-cd + repo: oci://ghcr.io/argoproj/argo-helm + version: x.y.z + releaseName: argocd + apiVersions: + - monitoring.coreos.com/v1 + valuesFile: my-argocd-values.yaml +``` + +Example with helmfile: + +```yaml +# helmfile.yaml +repositories: + - name: argo + url: https://argoproj.github.io/argo-helm + +apiVersions: + - monitoring.coreos.com/v1 + +releases: + - name: argocd + namespace: argocd + chart: argo/argo-cd + values: + - my-argocd-values.yaml +``` diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml new file mode 100644 index 00000000..e3a6aeed --- /dev/null +++ b/SECURITY-INSIGHTS.yml @@ -0,0 +1,38 @@ +header: + schema-version: '1.0.0' + expiration-date: '2024-11-04T10:00:00.000Z' + project-url: https://github.com/argoproj/argo-helm +project-lifecycle: + status: active + bug-fixes-only: false + core-maintainers: + - https://github.com/mkilchhofer + - https://github.com/jmeridth +contribution-policy: + accepts-pull-requests: true + accepts-automated-pull-requests: true + automated-tools-list: + - automated-tool: dependabot + action: allowed + path: + - / + contributing-policy: https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md + code-of-conduct: https://github.com/cncf/foundation/blob/master/code-of-conduct.md +distribution-points: + - https://argoproj.github.io/argo-helm + - https://artifacthub.io/packages/search?org=argoproj&repo=argo +security-contacts: + - type: website + value: https://github.com/argoproj/argo-helm/security/advisories/new + primary: true +vulnerability-reporting: + accepts-vulnerability-reports: true + email-contact: cncf-argo-maintainers@lists.cncf.io + security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md + comment: | + Our preferred contact method related to vulnerabilities is the Security tab on GitHub. + Click the button "Report a vulnerability" to open the advisory form. + Please refer to the security policy for reporting information prior to using the email contact. +dependencies: + env-dependencies-policy: + policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..a066f67f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions and Upstream Reporting + +Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy document to find out how to report the security issue. + +* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md) +* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md) +* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md) +* [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md) +* [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md) + +## Reporting a Vulnerability for Argo Helm Charts + +We have enabled the ability to privately report security issues through the Security tab above. + +[Here are the details on how to file](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) on how to do that + +A repository owner/maintainer will respond as fast as possible to coordinate confirmation of issue and remediation. + +Thank you for helping to ensure this code stays secure. diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index 932ea555..36656a14 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.16.0 -digest: sha256:fa6a784ee32cc11fbc1bbbbaafcb179e447bc984e898ae35a1cd4408dbed7ccb -generated: "2022-05-25T11:44:28.53802+02:00" + version: 4.29.4 +digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7 +generated: "2024-11-13T09:07:36.494128+09:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 37ca3d54..5d12006a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,24 +1,30 @@ apiVersion: v2 -appVersion: v2.3.4 +appVersion: v2.14.2 +kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 4.8.0 +version: 7.8.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png +sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd keywords: - argoproj - argocd - gitops maintainers: - - name: alexec - - name: alexmt - - name: jessesuen - - name: seanson + - name: argoproj + url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.16.0 + version: 4.29.4 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - "[Changed]: Can specify log format for Argo-CD Notifications component" + - kind: changed + description: Bump dex version to v2.42.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 9adade21..25760a5f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -2,21 +2,22 @@ A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. -Source code can be found [here](https://argoproj.github.io/argo-cd/) +Source code can be found here: -## Additional Information +* +* -This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes. +This is a **community maintained** chart. This chart installs [argo-cd](https://argo-cd.readthedocs.io/en/stable/), a declarative, GitOps continuous delivery tool for Kubernetes. The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases). -If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative set up](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/) of Argo CD. +If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD. For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.). ## High Availability This chart installs the non-HA version of Argo CD by default. If you want to run Argo CD in HA mode, you can use one of the example values in the next sections. -Please also have a look into the upstream [Operator Manual regarding High Availability](https://argoproj.github.io/argo-cd/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail. +Please also have a look into the upstream [Operator Manual regarding High Availability](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail. > **Warning:** > You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes. @@ -28,7 +29,7 @@ redis-ha: enabled: true controller: - enableStatefulSet: true + replicas: 1 server: autoscaling: @@ -39,6 +40,9 @@ repoServer: autoscaling: enabled: true minReplicas: 2 + +applicationSet: + replicas: 2 ``` ### HA mode without autoscaling @@ -48,19 +52,192 @@ redis-ha: enabled: true controller: - enableStatefulSet: true + replicas: 1 server: replicas: 2 - env: - - name: ARGOCD_API_SERVER_REPLICAS - value: '2' repoServer: replicas: 2 + +applicationSet: + replicas: 2 ``` -### Synchronizing Changes from Original Repository +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +global: + domain: argocd.example.com + +certificate: + enabled: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +global: + domain: argocd.example.com + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect: '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + +## Synchronizing Changes from Original Repository In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). @@ -78,23 +255,304 @@ cd argo-cd git diff v1.8.7 v2.0.0 -- manifests/install.yaml ``` -Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/crds). - -## Upgrading +Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds). ### Custom resource definitions -Helm cannot upgrade custom resource definitions [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. -Please use `kubectl` to upgrade CRDs manually from [crds](crds/) folder or via the manifests from the upstream project repo: +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 5.2.0, the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo CD chart version prior to 5.2.0 or have elected to manage the Argo CD CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: ```bash -kubectl apply -k https://github.com/argoproj/argo-cd.git/manifests/crds?ref= +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=" -# Eg. version v2.3.3 -kubectl apply -k https://github.com/argoproj/argo-cd.git/manifests/crds?ref=v2.3.3 +# Eg. version v2.4.9 +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" ``` +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + +Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. + +### 7.0.0 + +We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. +If you used the value, please migrate like below. + +```yaml +# before +configs: + clusterCredentials: + - mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... + +# after +configs: + clusterCredentials: + mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... +``` + +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + +### 6.9.0 +ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). + +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + +### 6.1.0 + +Added support for global domain used by all components. + +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `.args.` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Please refer to [ingress configuration](#ingress-configuration) for examples. + +### 5.53.0 + +Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() + +### 5.52.0 + +Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. +If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. + +### 5.35.0 + +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + +### 5.31.0 +The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. +This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. +In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. + +### 5.26.0 + +This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. +Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics. + +To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`. +You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also. + +### 5.24.0 + +This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +Default `global.affinity` rules can be disabled when `none` value is used for the preset. + +### 5.22.0 + +This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. + +### 5.19.0 + +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. +You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. + +### 5.13.0 + +This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter. + +### 5.12.0 + +If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead. +For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`. +For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys. + +### 5.10.0 + +This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly. +The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project. + +### 5.7.0 + +This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively. +Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`. +If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes. + +### 5.5.20 + +This version moved API version templates into dedicated helper. If you are using these in your umbrella +chart please migrate your templates to pattern `argo-cd.apiVersion.`. + +### 5.5.0 + +This version introduces new `configs.params` section that replaces command line arguments for containers. +Please refer to documentation in values.yaml for migrating the configuration. + +### 5.2.0 + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs, please use following command: + +```bash +YOUR_ARGOCD_NAMESPACE="" # e.g. argo-cd +YOUR_ARGOCD_RELEASENAME="" # e.g. argo-cd + +for crd in "applications.argoproj.io" "applicationsets.argoproj.io" "argocdextensions.argoproj.io" "appprojects.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace="$YOUR_ARGOCD_NAMESPACE" + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name="$YOUR_ARGOCD_RELEASENAME" +done +``` + +### 5.0.0 + +This version **removes support for**: + +- deprecated repository credentials (parameter `configs.repositoryCredentials`) +- option to run application controller as a Deployment +- the parameters `server.additionalApplications` and `server.additionalProjects` + +Please carefully read the following section if you are using these parameters! + +In order to upgrade Applications and Projects safely against CRDs' upgrade, `server.additionalApplications` and `server.additionalProjects` are moved to [argocd-apps](../argocd-apps). + +If you are using `server.additionalApplications` or `server.additionalProjects`, you can adopt to [argocd-apps](../argocd-apps) as below: + +1. Add [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) to avoid resources being removed by upgrading Helm chart + +You can keep your existing CRDs by adding `"helm.sh/resource-policy": keep` on `additionalAnnotations`, under `server.additionalApplications` and `server.additionalProjects` blocks, and running `helm upgrade`. + +e.g: + +```yaml +server: + additionalApplications: + - name: guestbook + namespace: argocd + additionalLabels: {} + additionalAnnotations: + "helm.sh/resource-policy": keep # <-- add this + finalizers: + - resources-finalizer.argocd.argoproj.io + project: guestbook + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: guestbook + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ +``` + +You can also keep your existing CRDs by running the following scripts. + +```bash +# keep Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy=keep +done + +# keep Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy=keep +done +``` + +2. Upgrade argo-cd Helm chart to v5.0.0 + +3. Remove keep [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) + +```bash +# delete annotations from Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy- +done + +# delete annotations from Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy- +done +``` + +4. Adopt existing resources to [argocd-apps](../argocd-apps) + +### 4.9.0 + +This version starts to use upstream image with applicationset binary. Start command was changed from `applicationset-controller` to `argocd-applicationset-controller` + ### 4.3.* With this minor version, the notification notifier's `service.slack` is no longer configured by default. @@ -189,7 +647,9 @@ server: ## Prerequisites -- Kubernetes 1.7+ +- Kubernetes: `>=1.25.0-0` + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ ## Installing the Chart @@ -209,20 +669,112 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of certmanager resources rendered by this helm chart | -| apiVersionOverrides.ingress | string | `""` | String to override apiVersion of ingresses rendered by this helm chart | -| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | +| apiVersionOverrides | object | `{}` | | +| crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | +| crds.annotations | object | `{}` | Annotations to be added to all CRDs | +| crds.install | bool | `true` | Install and upgrade CRDs | +| crds.keep | bool | `true` | Keep CRDs on chart uninstall | +| createAggregateRoles | bool | `false` | Create aggregated roles that extend existing cluster roles to interact with argo-cd resources | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | +| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | +| fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | +| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | +| nameOverride | string | `"argocd"` | Provide a name in place of `argocd` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | +| openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server | + +## Global Configs + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. | +| global.additionalLabels | object | `{}` | Common labels for the all resources | +| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | +| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | +| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | +| global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | +| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | +| global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | +| global.domain | string | `"argocd.example.com"` | Default domain used by all components | +| global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | +| global.dualStack.ipFamilyPolicy | string | `""` | IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) | +| global.env | list | `[]` | Environment variables to pass to all deployed Deployments | +| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | +| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | +| global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all Argo CD deployments | +| global.image.tag | string | `""` | Overrides the global Argo CD image tag whose default is the chart appVersion | +| global.imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | +| global.logging.format | string | `"text"` | Set the global logging format. Either: `text` or `json` | +| global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` | +| global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | +| global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | +| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components | +| global.podAnnotations | object | `{}` | Annotations for the all deployed pods | +| global.podLabels | object | `{}` | Labels for the all deployed pods | +| global.priorityClassName | string | `""` | Default priority class for all components | +| global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| global.runtimeClassName | string | `""` | Runtime class name for all components | +| global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | +| global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | +| global.tolerations | list | `[]` | Default tolerations for all components | +| global.topologySpreadConstraints | list | `[]` | Default [TopologySpreadConstraints] rules for all components | + +## Argo CD Configs + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | +| configs.cm."admin.enabled" | bool | `true` | Enable local admin user | +| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) | +| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | +| configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | +| configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | +| configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | +| configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository | +| configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap | +| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] | +| configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap | +| configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap | +| configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm | | configs.credentialTemplates | object | `{}` | Repository credentials to be used as Templates for other repos | -| configs.gpgKeys | object | `{}` (See [values.yaml]) | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | -| configs.gpgKeysAnnotations | object | `{}` | GnuPG key ring annotations | -| configs.knownHosts.data.ssh_known_hosts | string | See [values.yaml] | Known Hosts | -| configs.knownHostsAnnotations | object | `{}` | Known Hosts configmap annotations | +| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | +| configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | +| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | +| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | +| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) | +| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | +| configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | +| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | +| configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | +| configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | +| configs.params."controller.status.processors" | int | `20` | Number of application status processors | +| configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") | +| configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | +| configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | +| configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | +| configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | +| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) | +| configs.params."server.insecure" | bool | `false` | Run server without TLS | +| configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | +| configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | +| configs.params."server.x.frame.options" | string | `"sameorigin"` | Set X-Frame-Options header in HTTP responses to value. To disable, set to "". | +| configs.params.annotations | object | `{}` | Annotations to be added to the argocd-cmd-params-cm ConfigMap | +| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | +| configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | +| configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | +| configs.rbac."policy.matchMode" | string | `"glob"` | Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. | +| configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | +| configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. | +| configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. | | configs.repositories | object | `{}` | Repositories list to be used by applications | -| configs.repositoryCredentials | object | `{}` | *DEPRECATED:* Instead, use `configs.credentialTemplates` and/or `configs.repositories` | +| configs.repositoriesAnnotations | object | `{}` | Annotations to be added to `configs.repositories` Secret | | configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret | | configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password | | configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` | -| configs.secret.argocdServerTlsConfig | object | `{}` | Argo TLS Data | +| configs.secret.azureDevops.password | string | `""` | Shared secret password for authenticating Azure DevOps webhook events | +| configs.secret.azureDevops.username | string | `""` | Shared secret username for authenticating Azure DevOps webhook events | | configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events | | configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events | | configs.secret.createSecret | bool | `true` | Create the argocd-secret | @@ -230,71 +782,62 @@ NAME: my-release | configs.secret.githubSecret | string | `""` | Shared secret for authenticating GitHub webhook events | | configs.secret.gitlabSecret | string | `""` | Shared secret for authenticating GitLab webhook events | | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | +| configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | +| configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap | +| configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. | +| configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories | +| configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. | | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | -| configs.tlsCerts | object | See [values.yaml] | TLS certificate | -| configs.tlsCertsAnnotations | object | `{}` | TLS certificate configmap annotations | -| createAggregateRoles | bool | `false` | Create clusterroles that extend existing clusterroles to interact with argo-cd crds | -| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | -| fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | -| global.additionalLabels | object | `{}` | Additional labels to add to all resources | -| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | -| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | -| global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all Argo CD deployments | -| global.image.tag | string | `""` | Overrides the global Argo CD image tag whose default is the chart appVersion | -| global.imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository | -| global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | -| global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | -| global.podAnnotations | object | `{}` | Annotations for the all deployed pods | -| global.podLabels | object | `{}` | Labels for the all deployed pods | -| global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] | -| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | -| nameOverride | string | `"argocd"` | Provide a name in place of `argocd` | -| openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server | -| server.additionalApplications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | -| server.additionalProjects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | +| configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap | +| configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories | +| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. | ## Argo CD Controller | Key | Type | Default | Description | |-----|------|---------|-------------| -| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | -| controller.args.appResyncPeriod | string | `"180"` | define the application controller `--app-resync` | -| controller.args.operationProcessors | string | `"10"` | define the application controller `--operation-processors` | -| controller.args.repoServerTimeoutSeconds | string | `"60"` | define the application controller `--repo-server-timeout-seconds` | -| controller.args.selfHealTimeout | string | `"5"` | define the application controller `--self-heal-timeout-seconds` | -| controller.args.statusProcessors | string | `"20"` | define the application controller `--status-processors` | -| controller.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments | +| controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| controller.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | -| controller.containerPort | int | `8082` | Application controller listening port | -| controller.containerSecurityContext | object | `{}` | Application controller container-level security context | -| controller.enableStatefulSet | bool | `true` | Deploy the application controller as a StatefulSet instead of a Deployment, this is required for HA capability. | +| controller.containerPorts.metrics | int | `8082` | Metrics container port | +| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment | +| controller.dnsConfig | object | `{}` | [DNS configuration] | +| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | +| controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution | +| controller.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for application controller | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | | controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | +| controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution | +| controller.hostNetwork | bool | `false` | Host Network for application controller pods | | controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | | controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | | controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller | +| controller.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | controller.initContainers | list | `[]` | Init containers to add to the application controller pod | -| controller.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | -| controller.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | -| controller.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | -| controller.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | -| controller.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| controller.logFormat | string | `"text"` | Application controller log format. Either `text` or `json` | -| controller.logLevel | string | `"info"` | Application controller log level | | controller.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric | | controller.metrics.applicationLabels.labels | list | `[]` | Additional labels | | controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels | +| controller.metrics.rules.annotations | object | `{}` | PrometheusRule annotations | | controller.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the application controller | +| controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace | +| controller.metrics.rules.selector | object | `{}` | PrometheusRule selector | | controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | +| controller.metrics.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | controller.metrics.service.labels | object | `{}` | Metrics service labels | | controller.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -303,30 +846,33 @@ NAME: my-release | controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | controller.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | controller.name | string | `"application-controller"` | Application controller name string | -| controller.nodeSelector | object | `{}` | [Node selector] | +| controller.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb | -| controller.pdb.enabled | bool | `false` | Deploy a Poddisruptionbudget for the application controller | +| controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller | | controller.pdb.labels | object | `{}` | Labels to be added to application controller pdb | +| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| controller.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | | controller.podLabels | object | `{}` | Labels to be added to application controller pods | -| controller.priorityClassName | string | `""` | Priority class for the application controller pods | +| controller.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the application controller pods | | controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | controller.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | controller.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| controller.replicas | int | `1` | The number of application controller pods to run. If changing the number of replicas you must pass the number as `ARGOCD_CONTROLLER_REPLICAS` as an environment variable | +| controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | -| controller.service.annotations | object | `{}` | Application controller service annotations | -| controller.service.labels | object | `{}` | Application controller service labels | -| controller.service.port | int | `8082` | Application controller service port | -| controller.service.portName | string | `"https-controller"` | Application controller service port name | +| controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | +| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | +| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account | | controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name | -| controller.tolerations | list | `[]` | [Tolerations] for use with node taints | -| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the application controller | +| controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container | | controller.volumes | list | `[]` | Additional volumes to the application controller pod | @@ -334,55 +880,77 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| repoServer.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| repoServer.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | +| repoServer.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD repo server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | | repoServer.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the repo server [HPA] | | repoServer.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the repo server [HPA] | | repoServer.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the repo server [HPA] | -| repoServer.clusterAdminAccess.enabled | bool | `false` | Enable RBAC for local cluster deployments | +| repoServer.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-repo-server-tls secret | +| repoServer.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | +| repoServer.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc) | +| repoServer.certificateSecret.enabled | bool | `false` | Create argocd-repo-server-tls secret | +| repoServer.certificateSecret.key | string | `""` | Certificate private key | +| repoServer.certificateSecret.labels | object | `{}` | Labels to be added to argocd-repo-server-tls secret | | repoServer.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the Repo server's Cluster Role resource | | repoServer.clusterRoleRules.rules | list | `[]` | List of custom rules for the Repo server's Cluster Role resource | -| repoServer.containerPort | int | `8081` | Configures the repo server port | -| repoServer.containerSecurityContext | object | `{}` | Repo server container-level security context | -| repoServer.copyutil.resources | object | `{}` | Resource limits and requests for the copyutil initContainer | +| repoServer.containerPorts.metrics | int | `8084` | Metrics container port | +| repoServer.containerPorts.server | int | `8081` | Repo server container port | +| repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | +| repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | +| repoServer.dnsConfig | object | `{}` | [DNS configuration] | +| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | +| repoServer.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for repo server | | repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | +| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes | | repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | | repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | +| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods | | repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server | | repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server | | repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | +| repoServer.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | repoServer.initContainers | list | `[]` | Init containers to add to the repo server pods | +| repoServer.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-repo-server container | | repoServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | repoServer.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | repoServer.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | repoServer.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | repoServer.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| repoServer.logFormat | string | `"text"` | Repo server log format: Either `text` or `json` | -| repoServer.logLevel | string | `"info"` | Repo server log level | | repoServer.metrics.enabled | bool | `false` | Deploy metrics service | | repoServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| repoServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | repoServer.metrics.service.labels | object | `{}` | Metrics service labels | | repoServer.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | repoServer.metrics.service.servicePort | int | `8084` | Metrics service port | +| repoServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | repoServer.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | repoServer.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| repoServer.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | repoServer.name | string | `"repo-server"` | Repo server name | -| repoServer.nodeSelector | object | `{}` | [Node selector] | -| repoServer.pdb.annotations | object | `{}` | Annotations to be added to Repo server pdb | -| repoServer.pdb.enabled | bool | `false` | Deploy a Poddisruptionbudget for the Repo server | -| repoServer.pdb.labels | object | `{}` | Labels to be added to Repo server pdb | +| repoServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb | +| repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server | +| repoServer.pdb.labels | object | `{}` | Labels to be added to repo server pdb | +| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| repoServer.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | repoServer.podAnnotations | object | `{}` | Annotations to be added to repo server pods | | repoServer.podLabels | object | `{}` | Labels to be added to repo server pods | -| repoServer.priorityClassName | string | `""` | Priority class for the repo server | +| repoServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the repo server pods | | repoServer.rbac | list | `[]` | Repo server rbac rules | | repoServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | repoServer.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | @@ -391,16 +959,20 @@ NAME: my-release | repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.replicas | int | `1` | The number of repo server pods to run | | repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server | | repoServer.service.annotations | object | `{}` | Repo server service annotations | | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | -| repoServer.service.portName | string | `"https-repo-server"` | Repo server service port name | +| repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name | | repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | repoServer.serviceAccount.create | bool | `true` | Create repo server service account | +| repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | | repoServer.serviceAccount.name | string | `""` | Repo server service account name | -| repoServer.tolerations | list | `[]` | [Tolerations] for use with node taints | -| repoServer.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the repo server | +| repoServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server | +| repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory | | repoServer.volumeMounts | list | `[]` | Additional volumeMounts to the repo server main container | | repoServer.volumes | list | `[]` | Additional volumes to the repo server pod | @@ -408,69 +980,92 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | -| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | -| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine | -| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | -| server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate | -| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | -| server.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| server.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | +| server.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | | server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo CD server [HPA] | | server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] | | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | -| server.certificate.additionalHosts | list | `[]` | Certificate manager additional hosts | -| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | -| server.certificate.duration | string | `""` | The requested 'duration' (i.e. lifetime) of the Certificate. Value must be in units accepted by Go time.ParseDuration | +| server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | +| server.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | +| server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | | server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | | server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | -| server.certificate.issuer.name | string | `""` | Certificate isser name. Eg. `letsencrypt` | -| server.certificate.renewBefore | string | `""` | How long before the currently issued certificate's expiry cert-manager should renew the certificate. Value must be in units accepted by Go time.ParseDuration | -| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | -| server.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments | -| server.config | object | See [values.yaml] | [General Argo CD configuration] | -| server.configAnnotations | object | `{}` | Annotations to be added to Argo CD ConfigMap | -| server.configEnabled | bool | `true` | Manage Argo CD configmap (Declarative Setup) | -| server.containerPort | int | `8080` | Configures the server port | -| server.containerSecurityContext | object | `{}` | Servers container-level security context | +| server.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| server.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | +| server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | +| server.certificate.usages | list | `[]` | Usages for the certificate | +| server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | +| server.certificateSecret.crt | string | `""` | Certificate data | +| server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | +| server.certificateSecret.key | string | `""` | Private Key of the certificate | +| server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret | +| server.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the server's ClusterRole resource | +| server.clusterRoleRules.rules | list | `[]` | List of custom rules for the server's ClusterRole resource | +| server.containerPorts.metrics | int | `8083` | Metrics container port | +| server.containerPorts.server | int | `8080` | Server container port | +| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | +| server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | +| server.dnsConfig | object | `{}` | [DNS configuration] | +| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | +| server.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for the Argo CD server | | server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | -| server.extensions.contents | list | `[]` | Extensions to be loaded into the server | -| server.extensions.enabled | bool | `false` | Enable support for extensions | -| server.extensions.image.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy for extensions | -| server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image | -| server.extensions.image.tag | string | `"v0.1.0"` | Tag to use for extensions image | +| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | +| server.extensions.enabled | bool | `false` | Enable support for Argo CD extensions | +| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | +| server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | +| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | +| server.hostNetwork | bool | `false` | Host Network for Server pods | | server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server | | server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server | | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | +| server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | server.ingress.annotations | object | `{}` | Additional ingress annotations | +| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | +| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` | | server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | -| server.ingress.extraPaths | list | `[]` | Additional ingress paths | -| server.ingress.hosts | list | `[]` | List of ingress hosts | -| server.ingress.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| server.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration | +| server.ingress.gke.backendConfig | object | `{}` (See [values.yaml]) | Google [BackendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer | +| server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource | +| server.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname | | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | | server.ingress.labels | object | `{}` | Additional ingress labels | +| server.ingress.path | string | `"/"` | The path to Argo CD server | | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| server.ingress.paths | list | `["/"]` | List of ingress paths | -| server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingress.hostname` | | server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] | -| server.ingressGrpc.awsALB.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | -| server.ingressGrpc.awsALB.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | | server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] | -| server.ingressGrpc.extraPaths | list | `[]` | Additional ingress paths for dedicated [gRPC-ingress] | -| server.ingressGrpc.hosts | list | `[]` | List of ingress hosts for dedicated [gRPC-ingress] | -| server.ingressGrpc.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingressGrpc.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] | +| server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.hostname | string | `""` (defaults to grpc.`server.ingress.hostname`) | Argo CD server hostname for dedicated [gRPC-ingress] | | server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] | -| server.ingressGrpc.isAWSALB | bool | `false` | Setup up gRPC ingress to work with an AWS ALB | | server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] | +| server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] | | server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| server.ingressGrpc.paths | list | `["/"]` | List of ingress paths for dedicated [gRPC-ingress] | -| server.ingressGrpc.tls | list | `[]` | Ingress TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` | | server.initContainers | list | `[]` | Init containers to add to the server pod | | server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-cd-server container | | server.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | @@ -478,33 +1073,35 @@ NAME: my-release | server.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | server.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | server.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| server.logFormat | string | `"text"` | Argo CD server log format: Either `text` or `json` | -| server.logLevel | string | `"info"` | Argo CD server log level | | server.metrics.enabled | bool | `false` | Deploy metrics service | | server.metrics.service.annotations | object | `{}` | Metrics service annotations | +| server.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | server.metrics.service.labels | object | `{}` | Metrics service labels | | server.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | server.metrics.service.servicePort | int | `8083` | Metrics service port | +| server.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | server.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | server.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| server.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | server.name | string | `"server"` | Argo CD server name | -| server.nodeSelector | object | `{}` | [Node selector] | -| server.pdb.annotations | object | `{}` | Annotations to be added to server pdb | -| server.pdb.enabled | bool | `false` | Deploy a Poddisruptionbudget for the server | -| server.pdb.labels | object | `{}` | Labels to be added to server pdb | +| server.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb | +| server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server | +| server.pdb.labels | object | `{}` | Labels to be added to Argo CD server pdb | +| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| server.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | server.podAnnotations | object | `{}` | Annotations to be added to server pods | | server.podLabels | object | `{}` | Labels to be added to server pods | -| server.priorityClassName | string | `""` | Priority class for the Argo CD server | -| server.rbacConfig | object | `{}` | Argo CD rbac config ([Argo CD RBAC policy]) | -| server.rbacConfigAnnotations | object | `{}` | Annotations to be added to Argo CD rbac ConfigMap | -| server.rbacConfigCreate | bool | `true` | Whether or not to create the configmap. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configMap created with the name above. | +| server.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the Argo CD server pods | | server.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | server.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | server.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | @@ -517,28 +1114,31 @@ NAME: my-release | server.route.hostname | string | `""` | Hostname of OpenShift Route | | server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route | | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | +| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server | | server.service.annotations | object | `{}` | Server service annotations | | server.service.externalIPs | list | `[]` | Server service external IPs | -| server.service.externalTrafficPolicy | string | `""` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | +| server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | | server.service.labels | object | `{}` | Server service labels | +| server.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | -| server.service.namedTargetPort | bool | `true` | Use named target port for argocd | | server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") | | server.service.nodePortHttps | int | `30443` | Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") | | server.service.servicePortHttp | int | `80` | Server service http port | | server.service.servicePortHttpName | string | `"http"` | Server service http port name, can be used to route traffic via istio | | server.service.servicePortHttps | int | `443` | Server service https port | +| server.service.servicePortHttpsAppProtocol | string | `""` | Server service https port appProtocol | | server.service.servicePortHttpsName | string | `"https"` | Server service https port name, can be used to route traffic via istio | -| server.service.sessionAffinity | string | `""` | Used to maintain session affinity. Supports `ClientIP` and `None` | +| server.service.sessionAffinity | string | `"None"` | Used to maintain session affinity. Supports `ClientIP` and `None` | | server.service.type | string | `"ClusterIP"` | Server service type | | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | server.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | server.serviceAccount.create | bool | `true` | Create server service account | +| server.serviceAccount.labels | object | `{}` | Labels applied to created service account | | server.serviceAccount.name | string | `"argocd-server"` | Server service account name | -| server.staticAssets.enabled | bool | `true` | Disable deprecated flag `--staticassets` | -| server.tolerations | list | `[]` | [Tolerations] for use with node taints | -| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | | server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | | server.volumes | list | `[]` | Additional volumes to the server pod | @@ -546,37 +1146,56 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| dex.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | -| dex.containerPortGrpc | int | `5557` | Container port for gRPC access | -| dex.containerPortHttp | int | `5556` | Container port for HTTP access | -| dex.containerPortMetrics | int | `5558` | Container port for metrics access | -| dex.containerSecurityContext | object | `{}` | Dex container-level security context | +| dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| dex.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret | +| dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | +| dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) | +| dex.certificateSecret.enabled | bool | `false` | Create argocd-dex-server-tls secret | +| dex.certificateSecret.key | string | `""` | Certificate private key | +| dex.certificateSecret.labels | object | `{}` | Labels to be added to argocd-dex-server-tls secret | +| dex.containerPorts.grpc | int | `5557` | gRPC container port | +| dex.containerPorts.http | int | `5556` | HTTP container port | +| dex.containerPorts.metrics | int | `5558` | Metrics container port | +| dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context | +| dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment | +| dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | +| dex.dnsConfig | object | `{}` | [DNS configuration] | +| dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | +| dex.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for Dex server | | dex.enabled | bool | `true` | Enable dex | | dex.env | list | `[]` | Environment variables to pass to the Dex server | | dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server | | dex.extraArgs | list | `[]` | Additional command line arguments to pass to the Dex server | | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | -| dex.extraVolumeMounts | list | `[]` | Extra volumeMounts to the dex pod | -| dex.extraVolumes | list | `[]` | Extra volumes to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.30.2"` | Dex image tag | +| dex.image.tag | string | `"v2.42.0"` | Dex image tag | +| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | | dex.initImage.repository | string | `""` (defaults to global.image.repository) | Argo CD init image repository | +| dex.initImage.resources | object | `{}` (defaults to dex.resources) | Argo CD init image resources | | dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag | | dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 | | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe | +| dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe | +| dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | | dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| dex.logFormat | string | `""` (defaults to global.logging.format) | Dex log format. Either `text` or `json` | +| dex.logLevel | string | `""` (defaults to global.logging.level) | Dex log level. One of: `debug`, `info`, `warn`, `error` | | dex.metrics.enabled | bool | `false` | Deploy metrics service | | dex.metrics.service.annotations | object | `{}` | Metrics service annotations | | dex.metrics.service.labels | object | `{}` | Metrics service labels | | dex.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -585,20 +1204,26 @@ NAME: my-release | dex.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | dex.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | dex.name | string | `"dex-server"` | Dex name | -| dex.nodeSelector | object | `{}` | [Node selector] | +| dex.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | dex.pdb.annotations | object | `{}` | Annotations to be added to Dex server pdb | -| dex.pdb.enabled | bool | `false` | Deploy a Poddisruptionbudget for the Dex server | +| dex.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Dex server | | dex.pdb.labels | object | `{}` | Labels to be added to Dex server pdb | +| dex.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| dex.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | dex.podAnnotations | object | `{}` | Annotations to be added to the Dex server pods | | dex.podLabels | object | `{}` | Labels to be added to the Dex server pods | -| dex.priorityClassName | string | `""` | Priority class for dex | +| dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods | | dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 | | dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe | +| dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe | +| dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | | dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex | | dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | dex.serviceAccount.create | bool | `true` | Create dex service account | @@ -608,10 +1233,11 @@ NAME: my-release | dex.servicePortHttp | int | `5556` | Service port for HTTP access | | dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access | | dex.servicePortMetrics | int | `5558` | Service port for metrics access | -| dex.tolerations | list | `[]` | [Tolerations] for use with node taints | -| dex.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to dex | -| dex.volumeMounts | list | `[{"mountPath":"/shared","name":"static-files"}]` | Additional volumeMounts to the dex main container | -| dex.volumes | list | `[{"emptyDir":{},"name":"static-files"}]` | Additional volumes to the dex pod | +| dex.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex | +| dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | +| dex.volumes | list | `[]` | Additional volumes to the dex pod | ## Redis @@ -619,24 +1245,50 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| redis.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | -| redis.containerPort | int | `6379` | Redis container port | -| redis.containerSecurityContext | object | `{}` | Redis container-level security context | +| redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| redis.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| redis.containerPorts.metrics | int | `9121` | Metrics container port | +| redis.containerPorts.redis | int | `6379` | Redis container port | +| redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | +| redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment | +| redis.dnsConfig | object | `{}` | [DNS configuration] | +| redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods | | redis.enabled | bool | `true` | Enable redis | | redis.env | list | `[]` | Environment variables to pass to the Redis server | | redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server | +| redis.exporter.containerSecurityContext | object | See [values.yaml] | Redis exporter security context | +| redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | +| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | +| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.67.0"` | Tag to use for the redis-exporter | +| redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | +| redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.exporter.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter (optional) | +| redis.exporter.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | -| redis.image.imagePullPolicy | string | `"IfNotPresent"` | Redis imagePullPolicy | -| redis.image.repository | string | `"redis"` | Redis repository | -| redis.image.tag | string | `"6.2.6-alpine"` | Redis tag | +| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | +| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| redis.image.tag | string | `"7.4.2-alpine"` | Redis tag | +| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | -| redis.metrics.containerPort | int | `9121` | Port to use for redis-exporter sidecar | -| redis.metrics.enabled | bool | `false` | Deploy metrics service and redis-exporter sidecar | -| redis.metrics.image.imagePullPolicy | string | `"IfNotPresent"` | redis-exporter image PullPolicy | -| redis.metrics.image.repository | string | `"bitnami/redis-exporter"` | redis-exporter image repository | -| redis.metrics.image.tag | string | `"1.26.0-debian-10-r2"` | redis-exporter image tag | -| redis.metrics.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | +| redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.metrics.enabled | bool | `false` | Deploy metrics service | | redis.metrics.service.annotations | object | `{}` | Metrics service annotations | | redis.metrics.service.clusterIP | string | `"None"` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | redis.metrics.service.labels | object | `{}` | Metrics service labels | @@ -644,7 +1296,9 @@ NAME: my-release | redis.metrics.service.servicePort | int | `9121` | Metrics service port | | redis.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped | | redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -653,15 +1307,24 @@ NAME: my-release | redis.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | redis.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | redis.name | string | `"redis"` | Redis name | -| redis.nodeSelector | object | `{}` | [Node selector] | -| redis.pdb.annotations | object | `{}` | Annotations to be added to Redis server pdb | -| redis.pdb.enabled | bool | `false` | Deploy a Poddisruptionbudget for the Redis server | -| redis.pdb.labels | object | `{}` | Labels to be added to Redis server pdb | +| redis.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| redis.pdb.annotations | object | `{}` | Annotations to be added to Redis pdb | +| redis.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Redis | +| redis.pdb.labels | object | `{}` | Labels to be added to Redis pdb | +| redis.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| redis.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | redis.podAnnotations | object | `{}` | Annotations to be added to the Redis server pods | | redis.podLabels | object | `{}` | Labels to be added to the Redis server pods | -| redis.priorityClassName | string | `""` | Priority class for redis | +| redis.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for redis pods | +| redis.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | -| redis.securityContext | object | `{"runAsNonRoot":true,"runAsUser":999}` | Redis pod-level security context | +| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis | +| redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | | redis.service.labels | object | `{}` | Additional redis service labels | | redis.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | @@ -669,8 +1332,9 @@ NAME: my-release | redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod | | redis.serviceAccount.name | string | `""` | Service account name for redis pod | | redis.servicePort | int | `6379` | Redis service port | -| redis.tolerations | list | `[]` | [Tolerations] for use with node taints | -| redis.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to redis | +| redis.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis | | redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container | | redis.volumes | list | `[]` | Additional volumes to the redis pod | @@ -682,24 +1346,41 @@ The main options are listed here: | Key | Type | Default | Description | |-----|------|---------|-------------| +| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | +| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH | +| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | -| redis-ha.exporter.enabled | bool | `true` | If `true`, the prometheus exporter sidecar is enabled | -| redis-ha.exporter.image | string | `nil` (follows subchart default) | Exporter image | -| redis-ha.exporter.tag | string | `nil` (follows subchart default) | Exporter tag | +| redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | +| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | +| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | +| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | -| redis-ha.haproxy.image.repository | string | `nil` (follows subchart default) | HAProxy Image Repository | -| redis-ha.haproxy.image.tag | string | `nil` (follows subchart default) | HAProxy Image Tag | +| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | -| redis-ha.image.repository | string | `nil` (follows subchart default) | Redis image repository | -| redis-ha.image.tag | string | `"6.2.6-alpine"` | Redis tag | -| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes | +| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | +| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | +| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| redis-ha.image.tag | string | `"7.4.2-alpine"` | Redis tag | +| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | +| redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | | redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | | redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | | redis-ha.topologySpreadConstraints.whenUnsatisfiable | string | `""` (defaults to `ScheduleAnyway`) | Enforcement policy, hard or soft | +| redis-ha.exporter.image | string | `nil` (follows subchart default) | Exporter image | +| redis-ha.exporter.tag | string | `nil` (follows subchart default) | Exporter tag | +| redis-ha.haproxy.image.repository | string | `nil` (follows subchart default) | HAProxy Image Repository | +| redis-ha.haproxy.image.tag | string | `nil` (follows subchart default) | HAProxy Image Tag | +| redis-ha.image.repository | string | `nil` (follows subchart default) | Redis image repository | ### Option 3 - External Redis @@ -707,183 +1388,329 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| -| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis credentials (must contain key `redis-password`). When it's set, the `externalRedis.password` parameter is ignored | +| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored | | externalRedis.host | string | `""` | External Redis server host | | externalRedis.password | string | `""` | External Redis password | | externalRedis.port | int | `6379` | External Redis server port | +| externalRedis.secretAnnotations | object | `{}` | External Redis Secret annotations | +| externalRedis.username | string | `""` | External Redis username | + +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | +| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | +| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | +| redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job | +| redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job | +| redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name | +| redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job | +| redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | +| redisSecretInit.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for Redis secret-init Job | +| redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | +| redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context | +| redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod | +| redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod | +| redisSecretInit.tolerations | list | `[]` (defaults to global.tolerations) | Tolerations to be added to the Redis secret-init Job | ## ApplicationSet | Key | Type | Default | Description | |-----|------|---------|-------------| -| applicationSet.affinity | object | `{}` | Assign custom [affinity] rules | -| applicationSet.args.debug | bool | `false` | Print debug logs | -| applicationSet.args.dryRun | bool | `false` | Enable dry run mode | -| applicationSet.args.enableLeaderElection | bool | `false` | The default leader election setting | -| applicationSet.args.metricsAddr | string | `":8080"` | The default metric address | -| applicationSet.args.policy | string | `"sync"` | How application is synced between the generator and the cluster | -| applicationSet.args.probeBindAddr | string | `":8081"` | The default health check port | -| applicationSet.enabled | bool | `true` | Enable Application Set controller | -| applicationSet.extraArgs | list | `[]` | List of extra cli args to add | -| applicationSet.extraContainers | list | `[]` | Additional containers to be added to the applicationset controller pod | -| applicationSet.extraEnv | list | `[]` | Environment variables to pass to the controller | -| applicationSet.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the controller | +| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature | +| applicationSet.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | +| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | +| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | +| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| applicationSet.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| applicationSet.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| applicationSet.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| applicationSet.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | +| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | +| applicationSet.containerPorts.probe | int | `8081` | Probe container port | +| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | +| applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | +| applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment | +| applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | +| applicationSet.dnsConfig | object | `{}` | [DNS configuration] | +| applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | +| applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller | +| applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | +| applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | +| applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller | +| applicationSet.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the ApplicationSet controller | | applicationSet.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | | applicationSet.extraVolumes | list | `[]` | List of extra volumes to add | -| applicationSet.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application set controller | -| applicationSet.image.repository | string | `"quay.io/argoproj/argocd-applicationset"` | Repository to use for the application set controller | -| applicationSet.image.tag | string | `"v0.4.1"` | Tag to use for the application set controller | -| applicationSet.imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. | +| applicationSet.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the ApplicationSet controller | +| applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller | +| applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller | +| applicationSet.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | If defined, uses a Secret to pull an image from a private Docker registry or repository. | +| applicationSet.ingress.annotations | object | `{}` | Additional ingress annotations | +| applicationSet.ingress.enabled | bool | `false` | Enable an ingress resource for ApplicationSet webhook | +| applicationSet.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration | +| applicationSet.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD ApplicationSet hostname | +| applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | +| applicationSet.ingress.labels | object | `{}` | Additional ingress labels | +| applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths | +| applicationSet.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| applicationSet.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` | +| applicationSet.initContainers | list | `[]` | Init containers to add to the ApplicationSet controller pod | +| applicationSet.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | +| applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| applicationSet.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| applicationSet.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| applicationSet.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.metrics.enabled | bool | `false` | Deploy metrics service | | applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations | +| applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | -| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port | +| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port | +| applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | applicationSet.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | applicationSet.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| applicationSet.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | -| applicationSet.name | string | `"applicationset-controller"` | Application Set controller name string | -| applicationSet.nodeSelector | object | `{}` | [Node selector] | -| applicationSet.podAnnotations | object | `{}` | Annotations for the controller pods | -| applicationSet.podLabels | object | `{}` | Labels for the controller pods | -| applicationSet.podSecurityContext | object | `{}` | Pod Security Context | -| applicationSet.priorityClassName | string | `""` | If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. | -| applicationSet.replicaCount | int | `1` | The number of controller pods to run | -| applicationSet.resources | object | `{}` | Resource limits and requests for the controller pods. | -| applicationSet.securityContext | object | `{}` | Security Context | -| applicationSet.service.annotations | object | `{}` | Application set service annotations | -| applicationSet.service.labels | object | `{}` | Application set service labels | -| applicationSet.service.port | int | `7000` | Application set service port | -| applicationSet.service.portName | string | `"webhook"` | Application set service port name | -| applicationSet.serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| applicationSet.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| applicationSet.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| applicationSet.tolerations | list | `[]` | [Tolerations] for use with node taints | -| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations | -| applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks | -| applicationSet.webhook.ingress.extraPaths | list | `[]` | Additional ingress paths | -| applicationSet.webhook.ingress.hosts | list | `[]` | List of ingress hosts | -| applicationSet.webhook.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | -| applicationSet.webhook.ingress.labels | object | `{}` | Additional ingress labels | -| applicationSet.webhook.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| applicationSet.webhook.ingress.paths | list | `["/api/webhook"]` | List of ingress paths | -| applicationSet.webhook.ingress.tls | list | `[]` | Ingress TLS configuration | +| applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string | +| applicationSet.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb | +| applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller | +| applicationSet.pdb.labels | object | `{}` | Labels to be added to ApplicationSet controller pdb | +| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| applicationSet.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| applicationSet.podAnnotations | object | `{}` | Annotations for the ApplicationSet controller pods | +| applicationSet.podLabels | object | `{}` | Labels for the ApplicationSet controller pods | +| applicationSet.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the ApplicationSet controller pods | +| applicationSet.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | +| applicationSet.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| applicationSet.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| applicationSet.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| applicationSet.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | +| applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | +| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller | +| applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | +| applicationSet.service.labels | object | `{}` | ApplicationSet service labels | +| applicationSet.service.port | int | `7000` | ApplicationSet service port | +| applicationSet.service.portName | string | `"http-webhook"` | ApplicationSet service port name | +| applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type | +| applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | +| applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name | +| applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | ## Notifications | Key | Type | Default | Description | |-----|------|---------|-------------| -| notifications.affinity | object | `{}` | Assign custom [affinity] rules | -| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | -| notifications.bots.slack.affinity | object | `{}` | Assign custom [affinity] rules | -| notifications.bots.slack.containerSecurityContext | object | `{}` | Container Security Context | -| notifications.bots.slack.enabled | bool | `false` | Enable slack bot | -| notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot | -| notifications.bots.slack.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Slack bot | -| notifications.bots.slack.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Slack bot | -| notifications.bots.slack.imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | -| notifications.bots.slack.nodeSelector | object | `{}` | [Node selector] | -| notifications.bots.slack.resources | object | `{}` | Resource limits and requests for the Slack bot | -| notifications.bots.slack.securityContext | object | `{"runAsNonRoot":true}` | Pod Security Context | -| notifications.bots.slack.service.annotations | object | `{}` | Service annotations for Slack bot | -| notifications.bots.slack.service.port | int | `80` | Service port for Slack bot | -| notifications.bots.slack.service.type | string | `"LoadBalancer"` | Service type for Slack bot | -| notifications.bots.slack.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | -| notifications.bots.slack.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| notifications.bots.slack.serviceAccount.name | string | `"argocd-notifications-bot"` | The name of the service account to use. | -| notifications.bots.slack.tolerations | list | `[]` | [Tolerations] for use with node taints | -| notifications.bots.slack.updateStrategy | object | `{"type":"Recreate"}` | The deployment strategy to use to replace existing pods with new ones | -| notifications.cm.create | bool | `true` | Whether helm chart creates controller config map | -| notifications.cm.name | string | `""` | The name of the config map to use. | -| notifications.containerSecurityContext | object | `{}` | Container Security Context | +| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | +| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | +| notifications.containerPorts.metrics | int | `9001` | Metrics container port | +| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | | notifications.context | object | `{}` | Define user-defined context | -| notifications.enabled | bool | `true` | Enable Notifications controller | -| notifications.extraArgs | list | `[]` | Extra arguments to provide to the controller | +| notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | +| notifications.deploymentStrategy | object | `{"type":"Recreate"}` | Deployment strategy to be added to the notifications controller Deployment | +| notifications.dnsConfig | object | `{}` | [DNS configuration] | +| notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods | +| notifications.enabled | bool | `true` | Enable notifications controller | +| notifications.extraArgs | list | `[]` | Extra arguments to provide to the notifications controller | +| notifications.extraContainers | list | `[]` | Additional containers to be added to the notifications controller pod | | notifications.extraEnv | list | `[]` | Additional container environment variables | +| notifications.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the notifications controller | | notifications.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | | notifications.extraVolumes | list | `[]` | List of extra volumes to add | | notifications.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the notifications controller | | notifications.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the notifications controller | | notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller | -| notifications.imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | -| notifications.logFormat | string | `"text"` | Application controller log format. Either `text` or `json` | -| notifications.logLevel | string | `"info"` | Set the logging level. (One of: `debug`, `info`, `warn`, `error`) | +| notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod | +| notifications.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` | +| notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` | | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | | notifications.metrics.port | int | `9001` | Metrics port | | notifications.metrics.service.annotations | object | `{}` | Metrics service annotations | +| notifications.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | notifications.metrics.service.labels | object | `{}` | Metrics service labels | | notifications.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| notifications.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | | notifications.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | notifications.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | notifications.name | string | `"notifications-controller"` | Notifications controller name string | -| notifications.nodeSelector | object | `{}` | [Node selector] | +| notifications.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | notifications.notifiers | object | See [values.yaml] | Configures notification services such as slack, email or custom webhook | -| notifications.podAnnotations | object | `{}` | Annotations to be applied to the controller Pods | -| notifications.podLabels | object | `{}` | Labels to be applied to the controller Pods | -| notifications.resources | object | `{}` | Resource limits and requests for the controller | +| notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb | +| notifications.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the notifications controller | +| notifications.pdb.labels | object | `{}` | Labels to be added to notifications controller pdb | +| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| notifications.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods | +| notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods | +| notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods | +| notifications.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | +| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | -| notifications.secret.create | bool | `true` | Whether helm chart creates controller secret | +| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | -| notifications.secret.name | string | `""` | The name of the secret to use. | -| notifications.securityContext | object | `{"runAsNonRoot":true}` | Pod Security Context | +| notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret | +| notifications.secret.name | string | `"argocd-notifications-secret"` | notifications controller Secret name | | notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | -| notifications.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | The name of the service account to use. | +| notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| notifications.serviceAccount.create | bool | `true` | Create notifications controller service account | +| notifications.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name | | notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions | | notifications.templates | object | `{}` | The notification template is used to generate the notification content | -| notifications.tolerations | list | `[]` | [Tolerations] for use with node taints | +| notifications.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | -| notifications.updateStrategy | object | `{"type":"Recreate"}` | The deployment strategy to use to replace existing pods with new ones | -### Using AWS ALB Ingress Controller With GRPC +## Commit server (Manifest Hydrator) -If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. -Example: +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. -```yaml -server: - ingress: - enabled: true - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internal - alb.ingress.kubernetes.io/target-type: ip - ingressGrpc: - enabled: true - isAWSALB: true - awsALB: - serviceType: ClusterIP - -``` +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | +| commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | +| commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | +| commitServer.dnsConfig | object | `{}` | [DNS configuration] | +| commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | +| commitServer.enabled | bool | `false` | Enable commit server | +| commitServer.extraArgs | list | `[]` | commit server command line flags | +| commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server | +| commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server | +| commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| commitServer.extraVolumes | list | `[]` | List of extra volumes to add | +| commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server | +| commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server | +| commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server | +| commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] | +| commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out | +| commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| commitServer.metrics.service.labels | object | `{}` | Metrics service labels | +| commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name | +| commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | +| commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| commitServer.name | string | `"commit-server"` | Commit server name | +| commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | +| commitServer.podLabels | object | `{}` | Labels for the commit server pods | +| commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods | +| commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. | +| commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | +| commitServer.service.annotations | object | `{}` | commit server service annotations | +| commitServer.service.labels | object | `{}` | commit server service labels | +| commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| commitServer.serviceAccount.create | bool | `true` | Create commit server service account | +| commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name | +| commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[Argo CD RBAC policy]: https://argoproj.github.io/argo-cd/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ -[external cluster credentials]: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters -[General Argo CD configuration]: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories -[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/ +[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ +[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters +[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup +[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ +[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md +[tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions +[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace +[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice +[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index d59f100f..d2862792 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -2,21 +2,21 @@ A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. -Source code can be found [here](https://argoproj.github.io/argo-cd/) +Source code can be found here: -## Additional Information +{{ template "chart.sourcesList" . }} -This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes. +This is a **community maintained** chart. This chart installs [argo-cd](https://argo-cd.readthedocs.io/en/stable/), a declarative, GitOps continuous delivery tool for Kubernetes. The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases). -If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative set up](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/) of Argo CD. +If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD. For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.). ## High Availability This chart installs the non-HA version of Argo CD by default. If you want to run Argo CD in HA mode, you can use one of the example values in the next sections. -Please also have a look into the upstream [Operator Manual regarding High Availability](https://argoproj.github.io/argo-cd/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail. +Please also have a look into the upstream [Operator Manual regarding High Availability](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail. > **Warning:** > You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes. @@ -28,7 +28,7 @@ redis-ha: enabled: true controller: - enableStatefulSet: true + replicas: 1 server: autoscaling: @@ -39,6 +39,9 @@ repoServer: autoscaling: enabled: true minReplicas: 2 + +applicationSet: + replicas: 2 ``` ### HA mode without autoscaling @@ -48,19 +51,193 @@ redis-ha: enabled: true controller: - enableStatefulSet: true + replicas: 1 server: replicas: 2 - env: - - name: ARGOCD_API_SERVER_REPLICAS - value: '2' repoServer: replicas: 2 + +applicationSet: + replicas: 2 ``` -### Synchronizing Changes from Original Repository +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +global: + domain: argocd.example.com + +certificate: + enabled: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +global: + domain: argocd.example.com + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect: '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + + +## Synchronizing Changes from Original Repository In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). @@ -78,23 +255,305 @@ cd argo-cd git diff v1.8.7 v2.0.0 -- manifests/install.yaml ``` -Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/crds). - -## Upgrading +Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds). ### Custom resource definitions -Helm cannot upgrade custom resource definitions [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. -Please use `kubectl` to upgrade CRDs manually from [crds](crds/) folder or via the manifests from the upstream project repo: +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 5.2.0, the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo CD chart version prior to 5.2.0 or have elected to manage the Argo CD CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: ```bash -kubectl apply -k https://github.com/argoproj/argo-cd.git/manifests/crds?ref= +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=" -# Eg. version v2.3.3 -kubectl apply -k https://github.com/argoproj/argo-cd.git/manifests/crds?ref=v2.3.3 +# Eg. version v2.4.9 +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" ``` +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + +Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. + +### 7.0.0 + +We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. +If you used the value, please migrate like below. + +```yaml +# before +configs: + clusterCredentials: + - mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... + +# after +configs: + clusterCredentials: + mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... +``` + +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + +### 6.9.0 +ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). + +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + +### 6.1.0 + +Added support for global domain used by all components. + +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `.args.` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Please refer to [ingress configuration](#ingress-configuration) for examples. + +### 5.53.0 + +Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() + +### 5.52.0 + +Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. +If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. + +### 5.35.0 + +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + + +### 5.31.0 +The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. +This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. +In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. + +### 5.26.0 + +This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. +Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics. + +To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`. +You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also. + +### 5.24.0 + +This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +Default `global.affinity` rules can be disabled when `none` value is used for the preset. + +### 5.22.0 + +This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. + +### 5.19.0 + +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. +You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. + +### 5.13.0 + +This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter. + +### 5.12.0 + +If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead. +For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`. +For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys. + +### 5.10.0 + +This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly. +The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project. + +### 5.7.0 + +This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively. +Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`. +If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes. + +### 5.5.20 + +This version moved API version templates into dedicated helper. If you are using these in your umbrella +chart please migrate your templates to pattern `argo-cd.apiVersion.`. + +### 5.5.0 + +This version introduces new `configs.params` section that replaces command line arguments for containers. +Please refer to documentation in values.yaml for migrating the configuration. + +### 5.2.0 + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs, please use following command: + +```bash +YOUR_ARGOCD_NAMESPACE="" # e.g. argo-cd +YOUR_ARGOCD_RELEASENAME="" # e.g. argo-cd + +for crd in "applications.argoproj.io" "applicationsets.argoproj.io" "argocdextensions.argoproj.io" "appprojects.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace="$YOUR_ARGOCD_NAMESPACE" + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name="$YOUR_ARGOCD_RELEASENAME" +done +``` + +### 5.0.0 + +This version **removes support for**: + +- deprecated repository credentials (parameter `configs.repositoryCredentials`) +- option to run application controller as a Deployment +- the parameters `server.additionalApplications` and `server.additionalProjects` + +Please carefully read the following section if you are using these parameters! + +In order to upgrade Applications and Projects safely against CRDs' upgrade, `server.additionalApplications` and `server.additionalProjects` are moved to [argocd-apps](../argocd-apps). + +If you are using `server.additionalApplications` or `server.additionalProjects`, you can adopt to [argocd-apps](../argocd-apps) as below: + +1. Add [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) to avoid resources being removed by upgrading Helm chart + +You can keep your existing CRDs by adding `"helm.sh/resource-policy": keep` on `additionalAnnotations`, under `server.additionalApplications` and `server.additionalProjects` blocks, and running `helm upgrade`. + +e.g: + +```yaml +server: + additionalApplications: + - name: guestbook + namespace: argocd + additionalLabels: {} + additionalAnnotations: + "helm.sh/resource-policy": keep # <-- add this + finalizers: + - resources-finalizer.argocd.argoproj.io + project: guestbook + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: guestbook + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ +``` + +You can also keep your existing CRDs by running the following scripts. + +```bash +# keep Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy=keep +done + +# keep Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy=keep +done +``` + +2. Upgrade argo-cd Helm chart to v5.0.0 + +3. Remove keep [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) + +```bash +# delete annotations from Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy- +done + +# delete annotations from Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy- +done +``` + +4. Adopt existing resources to [argocd-apps](../argocd-apps) + +### 4.9.0 + +This version starts to use upstream image with applicationset binary. Start command was changed from `applicationset-controller` to `argocd-applicationset-controller` + ### 4.3.* With this minor version, the notification notifier's `service.slack` is no longer configured by default. @@ -190,7 +649,9 @@ server: ## Prerequisites -- Kubernetes 1.7+ +- {{ template "chart.kubeVersionLine" . }} + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ ## Installing the Chart @@ -211,10 +672,27 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if not (or (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) ) }} + {{- if not (or (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) (hasPrefix "commitServer" .Key) ) }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} - {{- if hasPrefix "server.additional" .Key }} +{{- end }} + +## Global Configs + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "global" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Argo CD Configs + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "configs" .Key }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} @@ -284,6 +762,11 @@ The main options are listed here: | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} +| redis-ha.exporter.image | string | `nil` (follows subchart default) | Exporter image | +| redis-ha.exporter.tag | string | `nil` (follows subchart default) | Exporter tag | +| redis-ha.haproxy.image.repository | string | `nil` (follows subchart default) | HAProxy Image Repository | +| redis-ha.haproxy.image.tag | string | `nil` (follows subchart default) | HAProxy Image Tag | +| redis-ha.image.repository | string | `nil` (follows subchart default) | Redis image repository | ### Option 3 - External Redis @@ -297,6 +780,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide {{- end }} {{- end }} +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "redisSecretInit" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + ## ApplicationSet | Key | Type | Default | Description | @@ -317,47 +813,51 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide {{- end }} {{- end }} +## Commit server (Manifest Hydrator) -### Using AWS ALB Ingress Controller With GRPC +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. -If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. -Example: - -```yaml -server: - ingress: - enabled: true - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internal - alb.ingress.kubernetes.io/target-type: ip - ingressGrpc: - enabled: true - isAWSALB: true - awsALB: - serviceType: ClusterIP - -``` +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "commitServer" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[Argo CD RBAC policy]: https://argoproj.github.io/argo-cd/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ -[external cluster credentials]: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters -[General Argo CD configuration]: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories -[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/ +[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ +[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters +[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup +[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ +[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md +[tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions +[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace +[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice +[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/ci/default-values.yaml b/charts/argo-cd/ci/default-values.yaml index 507f1e54..ffc41c8a 100644 --- a/charts/argo-cd/ci/default-values.yaml +++ b/charts/argo-cd/ci/default-values.yaml @@ -1 +1,3 @@ # Test with default values +crds: + keep: false diff --git a/charts/argo-cd/ci/dynamic-sharding-values.yaml b/charts/argo-cd/ci/dynamic-sharding-values.yaml new file mode 100644 index 00000000..e0b72e73 --- /dev/null +++ b/charts/argo-cd/ci/dynamic-sharding-values.yaml @@ -0,0 +1,6 @@ +# Test application controller dynamic cluster distribution +crds: + keep: false + +controller: + dynamicClusterDistribution: true diff --git a/charts/argo-cd/ci/extension-values.yaml b/charts/argo-cd/ci/extension-values.yaml new file mode 100644 index 00000000..0896ca4c --- /dev/null +++ b/charts/argo-cd/ci/extension-values.yaml @@ -0,0 +1,14 @@ +# Test Argo CD extension +crds: + keep: false +# Ref: https://github.com/argoproj-labs/argocd-extension-metrics?tab=readme-ov-file#install-ui-extension +server: + extensions: + enabled: true + extensionList: + - name: extension-metrics + env: + - name: EXTENSION_URL + value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz + - name: EXTENSION_CHECKSUM_URL + value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt diff --git a/charts/argo-cd/ci/external-redis-values.yaml b/charts/argo-cd/ci/external-redis-values.yaml index 2bc126a0..74409b78 100644 --- a/charts/argo-cd/ci/external-redis-values.yaml +++ b/charts/argo-cd/ci/external-redis-values.yaml @@ -1,3 +1,6 @@ +crds: + keep: false + redis: enabled: false diff --git a/charts/argo-cd/ci/ha-autoscaling-values.yaml b/charts/argo-cd/ci/ha-autoscaling-values.yaml index b9a9e535..6e994e3f 100644 --- a/charts/argo-cd/ci/ha-autoscaling-values.yaml +++ b/charts/argo-cd/ci/ha-autoscaling-values.yaml @@ -1,10 +1,10 @@ # Test High Availability with autoscaling +crds: + keep: false + redis-ha: enabled: true -controller: - enableStatefulSet: true - server: autoscaling: enabled: true diff --git a/charts/argo-cd/ci/ha-static-values.yaml b/charts/argo-cd/ci/ha-static-values.yaml index 7acda8d1..ad5efd35 100644 --- a/charts/argo-cd/ci/ha-static-values.yaml +++ b/charts/argo-cd/ci/ha-static-values.yaml @@ -1,15 +1,12 @@ # Test High Availability without autoscaling +crds: + keep: false + redis-ha: enabled: true -controller: - enableStatefulSet: true - server: replicas: 2 - env: - - name: ARGOCD_API_SERVER_REPLICAS - value: '2' repoServer: replicas: 2 diff --git a/charts/argo-cd/ci/with-commit-server-values.yaml b/charts/argo-cd/ci/with-commit-server-values.yaml new file mode 100644 index 00000000..b4ffedca --- /dev/null +++ b/charts/argo-cd/ci/with-commit-server-values.yaml @@ -0,0 +1,3 @@ +# Test Argo CD with optional component "commit-server" +commitServer: + enabled: true diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml deleted file mode 100644 index e455a628..00000000 --- a/charts/argo-cd/crds/crd-application.yaml +++ /dev/null @@ -1,2305 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/name: applications.argoproj.io - app.kubernetes.io/part-of: argocd - name: applications.argoproj.io -spec: - group: argoproj.io - names: - kind: Application - listKind: ApplicationList - plural: applications - shortNames: - - app - - apps - singular: application - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.sync.status - name: Sync Status - type: string - - jsonPath: .status.health.status - name: Health Status - type: string - - jsonPath: .status.sync.revision - name: Revision - priority: 10 - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Application is a definition of Application resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - operation: - description: Operation contains information about a requested or running - operation - properties: - info: - description: Info is a list of informational items for this operation - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - initiatedBy: - description: InitiatedBy contains information about who initiated - the operations - properties: - automated: - description: Automated is set to true if operation was initiated - automatically by the application controller. - type: boolean - username: - description: Username contains the name of a user who started - operation - type: string - type: object - retry: - description: Retry controls the strategy to apply if a sync fails - properties: - backoff: - description: Backoff controls how to backoff on subsequent retries - of failed syncs - properties: - duration: - description: Duration is the amount to back off. Default unit - is seconds, but could also be a duration (e.g. "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply the base duration - after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of time allowed - for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts for retrying - a failed sync. If set to 0, no retries will be performed. - format: int64 - type: integer - type: object - sync: - description: Sync contains parameters for the operation - properties: - dryRun: - description: DryRun specifies to perform a `kubectl apply --dry-run` - without actually performing the sync - type: boolean - manifests: - description: Manifests is an optional field that overrides sync - source with a local directory for development - items: - type: string - type: array - prune: - description: Prune specifies to delete resources from the cluster - that are no longer tracked in git - type: boolean - resources: - description: Resources describes which resources shall be part - of the sync - items: - description: SyncOperationResource contains resources to sync. - properties: - group: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - type: array - revision: - description: Revision is the revision (Git) or chart version (Helm) - which to sync the application to If omitted, will use the revision - specified in app spec. - type: string - source: - description: Source overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation - properties: - chart: - description: Chart is a Helm chart name, and must be specified - for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match - paths against that should be explicitly excluded from - being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match - paths against that should be explicitly included during - manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External - Variables - items: - description: JsonnetVar represents a variable to - be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar represents a variable to - be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory - recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the - helm template - items: - description: HelmFileParameter is a file parameter that's - passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing - the values for the Helm parameter - type: string - type: object - type: array - ignoreMissingValueFiles: - description: IgnoreMissingValueFiles prevents helm template - from failing when valueFiles do not exist locally by - not appending them to helm template --values - type: boolean - parameters: - description: Parameters is a list of Helm parameters which - are passed to the helm template command upon manifest - generation - items: - description: HelmParameter is a parameter that's passed - to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to tell - Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - passCredentials: - description: PassCredentials pass credentials to all domains - (Helm's --pass-credentials) - type: boolean - releaseName: - description: ReleaseName is the Helm release name to use. - If omitted it will use the application name - type: string - skipCrds: - description: SkipCrds skips custom resource definition - installation step (Helm's --skip-crds) - type: boolean - valueFiles: - description: ValuesFiles is a list of Helm value files - to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed - to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating - (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional - annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels - to add to rendered manifests - type: object - forceCommonAnnotations: - description: ForceCommonAnnotations specifies whether - to force applying common annotations to resources for - Kustomize apps - type: boolean - forceCommonLabels: - description: ForceCommonLabels specifies whether to force - applying common labels to resources for Kustomize apps - type: boolean - images: - description: Images is a list of Kustomize image override - specifications - items: - description: KustomizeImage represents a Kustomize image - definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize - to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, - and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's - environment - properties: - name: - description: Name is the name of the variable, usually - expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git or - Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be - commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. - type: string - required: - - repoURL - type: object - syncOptions: - description: SyncOptions provide per-sync sync-options, e.g. Validate=false - items: - type: string - type: array - syncStrategy: - description: SyncStrategy describes how to perform the sync - properties: - apply: - description: Apply will perform a `kubectl apply` to perform - the sync. - properties: - force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. - type: boolean - type: object - hook: - description: Hook will submit any referenced resources to - perform the sync. This is the default strategy - properties: - force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. - type: boolean - type: object - type: object - type: object - type: object - spec: - description: ApplicationSpec represents desired application state. Contains - link to repository with application definition and additional parameters - link definition revision. - properties: - destination: - description: Destination is a reference to the target Kubernetes server - and namespace - properties: - name: - description: Name is an alternate way of specifying the target - cluster by its symbolic name - type: string - namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace - type: string - server: - description: Server specifies the URL of the target cluster and - must be set to the Kubernetes control plane API - type: string - type: object - ignoreDifferences: - description: IgnoreDifferences is a list of resources and their fields - which should be ignored during comparison - items: - description: ResourceIgnoreDifferences contains resource filter - and list of json paths which should be ignored during comparison - with live state. - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted managers. - Fields mutated by those managers will take precedence over - the desired state defined in the SCM and won't be displayed - in diffs - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - description: Info contains a list of information (URLs, email addresses, - and plain text) that relates to the application - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - description: Project is a reference to the project this application - belongs to. The empty string means that application belongs to the - 'default' project. - type: string - revisionHistoryLimit: - description: RevisionHistoryLimit limits the number of items kept - in the application's revision history, which is used for informational - purposes as well as for rollbacks to previous versions. This should - only be changed in exceptional circumstances. Setting to zero will - store no history. This will reduce storage used. Increasing will - increase the space used to store the history, so we do not recommend - increasing it. Default is 10. - format: int64 - type: integer - source: - description: Source is a reference to the location of the application's - manifests or chart - properties: - chart: - description: Chart is a Helm chart name, and must be specified - for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match paths - against that should be explicitly excluded from being used - during manifest generation - type: string - include: - description: Include contains a glob pattern to match paths - against that should be explicitly included during manifest - generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar represents a variable to be - passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar represents a variable to be - passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory - recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm - template - items: - description: HelmFileParameter is a file parameter that's - passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing - the values for the Helm parameter - type: string - type: object - type: array - ignoreMissingValueFiles: - description: IgnoreMissingValueFiles prevents helm template - from failing when valueFiles do not exist locally by not - appending them to helm template --values - type: boolean - parameters: - description: Parameters is a list of Helm parameters which - are passed to the helm template command upon manifest generation - items: - description: HelmParameter is a parameter that's passed - to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to tell - Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - passCredentials: - description: PassCredentials pass credentials to all domains - (Helm's --pass-credentials) - type: boolean - releaseName: - description: ReleaseName is the Helm release name to use. - If omitted it will use the application name - type: string - skipCrds: - description: SkipCrds skips custom resource definition installation - step (Helm's --skip-crds) - type: boolean - valueFiles: - description: ValuesFiles is a list of Helm value files to - use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed to - helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating - (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter - override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional annotations - to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels to - add to rendered manifests - type: object - forceCommonAnnotations: - description: ForceCommonAnnotations specifies whether to force - applying common annotations to resources for Kustomize apps - type: boolean - forceCommonLabels: - description: ForceCommonLabels specifies whether to force - applying common labels to resources for Kustomize apps - type: boolean - images: - description: Images is a list of Kustomize image override - specifications - items: - description: KustomizeImage represents a Kustomize image - definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize to - use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, - and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin - specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's - environment - properties: - name: - description: Name is the name of the variable, usually - expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git or Helm) - that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. - type: string - required: - - repoURL - type: object - syncPolicy: - description: SyncPolicy controls when and how a sync will be performed - properties: - automated: - description: Automated will keep an application synced to the - target revision - properties: - allowEmpty: - description: 'AllowEmpty allows apps have zero live resources - (default: false)' - type: boolean - prune: - description: 'Prune specifies whether to delete resources - from the cluster that are not found in the sources anymore - as part of automated sync (default: false)' - type: boolean - selfHeal: - description: 'SelfHeal specifes whether to revert resources - back to their desired state upon modification in the cluster - (default: false)' - type: boolean - type: object - retry: - description: Retry controls failed sync retry behavior - properties: - backoff: - description: Backoff controls how to backoff on subsequent - retries of failed syncs - properties: - duration: - description: Duration is the amount to back off. Default - unit is seconds, but could also be a duration (e.g. - "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply the base duration - after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of time - allowed for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts for retrying - a failed sync. If set to 0, no retries will be performed. - format: int64 - type: integer - type: object - syncOptions: - description: Options allow you to specify whole app sync-options - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - status: - description: ApplicationStatus contains status information for the application - properties: - conditions: - description: Conditions is a list of currently observed application - conditions - items: - description: ApplicationCondition contains details about an application - condition, which is usally an error or warning - properties: - lastTransitionTime: - description: LastTransitionTime is the time the condition was - last observed - format: date-time - type: string - message: - description: Message contains human-readable message indicating - details about condition - type: string - type: - description: Type is an application condition type - type: string - required: - - message - - type - type: object - type: array - health: - description: Health contains information about the application's current - health status - properties: - message: - description: Message is a human-readable informational message - describing the health status - type: string - status: - description: Status holds the status code of the application or - resource - type: string - type: object - history: - description: History contains information about the application's - sync history - items: - description: RevisionHistory contains history information about - a previous sync - properties: - deployStartedAt: - description: DeployStartedAt holds the time the sync operation - started - format: date-time - type: string - deployedAt: - description: DeployedAt holds the time the sync operation completed - format: date-time - type: string - id: - description: ID is an auto incrementing identifier of the RevisionHistory - format: int64 - type: integer - revision: - description: Revision holds the revision the sync was performed - against - type: string - source: - description: Source is a reference to the application source - used for the sync operation - properties: - chart: - description: Chart is a Helm chart name, and must be specified - for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match - paths against that should be explicitly excluded from - being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match - paths against that should be explicitly included during - manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External - Variables - items: - description: JsonnetVar represents a variable - to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level - Arguments - items: - description: JsonnetVar represents a variable - to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory - recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the - helm template - items: - description: HelmFileParameter is a file parameter - that's passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing - the values for the Helm parameter - type: string - type: object - type: array - ignoreMissingValueFiles: - description: IgnoreMissingValueFiles prevents helm template - from failing when valueFiles do not exist locally - by not appending them to helm template --values - type: boolean - parameters: - description: Parameters is a list of Helm parameters - which are passed to the helm template command upon - manifest generation - items: - description: HelmParameter is a parameter that's passed - to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to - tell Helm to interpret booleans and numbers - as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - passCredentials: - description: PassCredentials pass credentials to all - domains (Helm's --pass-credentials) - type: boolean - releaseName: - description: ReleaseName is the Helm release name to - use. If omitted it will use the application name - type: string - skipCrds: - description: SkipCrds skips custom resource definition - installation step (Helm's --skip-crds) - type: boolean - valueFiles: - description: ValuesFiles is a list of Helm value files - to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed - to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for - templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional - annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels - to add to rendered manifests - type: object - forceCommonAnnotations: - description: ForceCommonAnnotations specifies whether - to force applying common annotations to resources - for Kustomize apps - type: boolean - forceCommonLabels: - description: ForceCommonLabels specifies whether to - force applying common labels to resources for Kustomize - apps - type: boolean - images: - description: Images is a list of Kustomize image override - specifications - items: - description: KustomizeImage represents a Kustomize - image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize - to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, - and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's - environment - properties: - name: - description: Name is the name of the variable, - usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git or - Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. - type: string - required: - - repoURL - type: object - required: - - deployedAt - - id - - revision - type: object - type: array - observedAt: - description: 'ObservedAt indicates when the application state was - updated without querying latest git state Deprecated: controller - no longer updates ObservedAt field' - format: date-time - type: string - operationState: - description: OperationState contains information about any ongoing - operations, such as a sync - properties: - finishedAt: - description: FinishedAt contains time of operation completion - format: date-time - type: string - message: - description: Message holds any pertinent messages when attempting - to perform operation (typically errors). - type: string - operation: - description: Operation is the original requested operation - properties: - info: - description: Info is a list of informational items for this - operation - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - initiatedBy: - description: InitiatedBy contains information about who initiated - the operations - properties: - automated: - description: Automated is set to true if operation was - initiated automatically by the application controller. - type: boolean - username: - description: Username contains the name of a user who - started operation - type: string - type: object - retry: - description: Retry controls the strategy to apply if a sync - fails - properties: - backoff: - description: Backoff controls how to backoff on subsequent - retries of failed syncs - properties: - duration: - description: Duration is the amount to back off. Default - unit is seconds, but could also be a duration (e.g. - "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply the base - duration after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of - time allowed for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts for - retrying a failed sync. If set to 0, no retries will - be performed. - format: int64 - type: integer - type: object - sync: - description: Sync contains parameters for the operation - properties: - dryRun: - description: DryRun specifies to perform a `kubectl apply - --dry-run` without actually performing the sync - type: boolean - manifests: - description: Manifests is an optional field that overrides - sync source with a local directory for development - items: - type: string - type: array - prune: - description: Prune specifies to delete resources from - the cluster that are no longer tracked in git - type: boolean - resources: - description: Resources describes which resources shall - be part of the sync - items: - description: SyncOperationResource contains resources - to sync. - properties: - group: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - type: array - revision: - description: Revision is the revision (Git) or chart version - (Helm) which to sync the application to If omitted, - will use the revision specified in app spec. - type: string - source: - description: Source overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation - properties: - chart: - description: Chart is a Helm chart name, and must - be specified for applications sourced from a Helm - repo. - type: string - directory: - description: Directory holds path/directory specific - options - properties: - exclude: - description: Exclude contains a glob pattern to - match paths against that should be explicitly - excluded from being used during manifest generation - type: string - include: - description: Include contains a glob pattern to - match paths against that should be explicitly - included during manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to - Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet - External Variables - items: - description: JsonnetVar represents a variable - to be passed to jsonnet during manifest - generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level - Arguments - items: - description: JsonnetVar represents a variable - to be passed to jsonnet during manifest - generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan - a directory recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters - to the helm template - items: - description: HelmFileParameter is a file parameter - that's passed to helm template during manifest - generation - properties: - name: - description: Name is the name of the Helm - parameter - type: string - path: - description: Path is the path to the file - containing the values for the Helm parameter - type: string - type: object - type: array - ignoreMissingValueFiles: - description: IgnoreMissingValueFiles prevents - helm template from failing when valueFiles do - not exist locally by not appending them to helm - template --values - type: boolean - parameters: - description: Parameters is a list of Helm parameters - which are passed to the helm template command - upon manifest generation - items: - description: HelmParameter is a parameter that's - passed to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether - to tell Helm to interpret booleans and - numbers as strings - type: boolean - name: - description: Name is the name of the Helm - parameter - type: string - value: - description: Value is the value for the - Helm parameter - type: string - type: object - type: array - passCredentials: - description: PassCredentials pass credentials - to all domains (Helm's --pass-credentials) - type: boolean - releaseName: - description: ReleaseName is the Helm release name - to use. If omitted it will use the application - name - type: string - skipCrds: - description: SkipCrds skips custom resource definition - installation step (Helm's --skip-crds) - type: boolean - valueFiles: - description: ValuesFiles is a list of Helm value - files to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be - passed to helm template, typically defined as - a block - type: string - version: - description: Version is the Helm version to use - for templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet - component parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional - annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional - labels to add to rendered manifests - type: object - forceCommonAnnotations: - description: ForceCommonAnnotations specifies - whether to force applying common annotations - to resources for Kustomize apps - type: boolean - forceCommonLabels: - description: ForceCommonLabels specifies whether - to force applying common labels to resources - for Kustomize apps - type: boolean - images: - description: Images is a list of Kustomize image - override specifications - items: - description: KustomizeImage represents a Kustomize - image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to - resources for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to - resources for Kustomize apps - type: string - version: - description: Version controls which version of - Kustomize to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git - repository, and is only valid for applications sourced - from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - description: Env is a list of environment variable - entries - items: - description: EnvEntry represents an entry in - the application's environment - properties: - name: - description: Name is the name of the variable, - usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository - (Git or Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. - type: string - required: - - repoURL - type: object - syncOptions: - description: SyncOptions provide per-sync sync-options, - e.g. Validate=false - items: - type: string - type: array - syncStrategy: - description: SyncStrategy describes how to perform the - sync - properties: - apply: - description: Apply will perform a `kubectl apply` - to perform the sync. - properties: - force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. - type: boolean - type: object - hook: - description: Hook will submit any referenced resources - to perform the sync. This is the default strategy - properties: - force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. - type: boolean - type: object - type: object - type: object - type: object - phase: - description: Phase is the current phase of the operation - type: string - retryCount: - description: RetryCount contains time of operation retries - format: int64 - type: integer - startedAt: - description: StartedAt contains time of operation start - format: date-time - type: string - syncResult: - description: SyncResult is the result of a Sync operation - properties: - resources: - description: Resources contains a list of sync result items - for each individual resource in a sync operation - items: - description: ResourceResult holds the operation result details - of a specific resource - properties: - group: - description: Group specifies the API group of the resource - type: string - hookPhase: - description: HookPhase contains the state of any operation - associated with this resource OR hook This can also - contain values for non-hook resources. - type: string - hookType: - description: HookType specifies the type of the hook. - Empty for non-hook resources - type: string - kind: - description: Kind specifies the API kind of the resource - type: string - message: - description: Message contains an informational or error - message for the last sync OR operation - type: string - name: - description: Name specifies the name of the resource - type: string - namespace: - description: Namespace specifies the target namespace - of the resource - type: string - status: - description: Status holds the final result of the sync. - Will be empty if the resources is yet to be applied/pruned - and is always zero-value for hooks - type: string - syncPhase: - description: SyncPhase indicates the particular phase - of the sync that this result was acquired in - type: string - version: - description: Version specifies the API version of the - resource - type: string - required: - - group - - kind - - name - - namespace - - version - type: object - type: array - revision: - description: Revision holds the revision this sync operation - was performed to - type: string - source: - description: Source records the application source information - of the sync, used for comparing auto-sync - properties: - chart: - description: Chart is a Helm chart name, and must be specified - for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match - paths against that should be explicitly excluded - from being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match - paths against that should be explicitly included - during manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External - Variables - items: - description: JsonnetVar represents a variable - to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level - Arguments - items: - description: JsonnetVar represents a variable - to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory - recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to - the helm template - items: - description: HelmFileParameter is a file parameter - that's passed to helm template during manifest - generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing - the values for the Helm parameter - type: string - type: object - type: array - ignoreMissingValueFiles: - description: IgnoreMissingValueFiles prevents helm - template from failing when valueFiles do not exist - locally by not appending them to helm template --values - type: boolean - parameters: - description: Parameters is a list of Helm parameters - which are passed to the helm template command upon - manifest generation - items: - description: HelmParameter is a parameter that's - passed to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether - to tell Helm to interpret booleans and numbers - as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm - parameter - type: string - type: object - type: array - passCredentials: - description: PassCredentials pass credentials to all - domains (Helm's --pass-credentials) - type: boolean - releaseName: - description: ReleaseName is the Helm release name - to use. If omitted it will use the application name - type: string - skipCrds: - description: SkipCrds skips custom resource definition - installation step (Helm's --skip-crds) - type: boolean - valueFiles: - description: ValuesFiles is a list of Helm value files - to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed - to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for - templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional - annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional - labels to add to rendered manifests - type: object - forceCommonAnnotations: - description: ForceCommonAnnotations specifies whether - to force applying common annotations to resources - for Kustomize apps - type: boolean - forceCommonLabels: - description: ForceCommonLabels specifies whether to - force applying common labels to resources for Kustomize - apps - type: boolean - images: - description: Images is a list of Kustomize image override - specifications - items: - description: KustomizeImage represents a Kustomize - image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize - to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, - and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - description: Env is a list of environment variable - entries - items: - description: EnvEntry represents an entry in the - application's environment - properties: - name: - description: Name is the name of the variable, - usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git - or Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. - type: string - required: - - repoURL - type: object - required: - - revision - type: object - required: - - operation - - phase - - startedAt - type: object - reconciledAt: - description: ReconciledAt indicates when the application state was - reconciled using the latest git version - format: date-time - type: string - resources: - description: Resources is a list of Kubernetes resources managed by - this application - items: - description: 'ResourceStatus holds the current sync and health status - of a resource TODO: describe members of this type' - properties: - group: - type: string - health: - description: HealthStatus contains information about the currently - observed health state of an application or resource - properties: - message: - description: Message is a human-readable informational message - describing the health status - type: string - status: - description: Status holds the status code of the application - or resource - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - description: SyncStatusCode is a type which represents possible - comparison results - type: string - version: - type: string - type: object - type: array - sourceType: - description: SourceType specifies the type of this application - type: string - summary: - description: Summary contains a list of URLs and container images - used by this application - properties: - externalURLs: - description: ExternalURLs holds all external URLs of application - child resources. - items: - type: string - type: array - images: - description: Images holds all images of application child resources. - items: - type: string - type: array - type: object - sync: - description: Sync contains information about the application's current - sync status - properties: - comparedTo: - description: ComparedTo contains information about what has been - compared - properties: - destination: - description: Destination is a reference to the application's - destination used for comparison - properties: - name: - description: Name is an alternate way of specifying the - target cluster by its symbolic name - type: string - namespace: - description: Namespace specifies the target namespace - for the application's resources. The namespace will - only be set for namespace-scoped resources that have - not set a value for .metadata.namespace - type: string - server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API - type: string - type: object - source: - description: Source is a reference to the application's source - used for comparison - properties: - chart: - description: Chart is a Helm chart name, and must be specified - for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match - paths against that should be explicitly excluded - from being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match - paths against that should be explicitly included - during manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External - Variables - items: - description: JsonnetVar represents a variable - to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level - Arguments - items: - description: JsonnetVar represents a variable - to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory - recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to - the helm template - items: - description: HelmFileParameter is a file parameter - that's passed to helm template during manifest - generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing - the values for the Helm parameter - type: string - type: object - type: array - ignoreMissingValueFiles: - description: IgnoreMissingValueFiles prevents helm - template from failing when valueFiles do not exist - locally by not appending them to helm template --values - type: boolean - parameters: - description: Parameters is a list of Helm parameters - which are passed to the helm template command upon - manifest generation - items: - description: HelmParameter is a parameter that's - passed to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether - to tell Helm to interpret booleans and numbers - as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm - parameter - type: string - type: object - type: array - passCredentials: - description: PassCredentials pass credentials to all - domains (Helm's --pass-credentials) - type: boolean - releaseName: - description: ReleaseName is the Helm release name - to use. If omitted it will use the application name - type: string - skipCrds: - description: SkipCrds skips custom resource definition - installation step (Helm's --skip-crds) - type: boolean - valueFiles: - description: ValuesFiles is a list of Helm value files - to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed - to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for - templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional - annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional - labels to add to rendered manifests - type: object - forceCommonAnnotations: - description: ForceCommonAnnotations specifies whether - to force applying common annotations to resources - for Kustomize apps - type: boolean - forceCommonLabels: - description: ForceCommonLabels specifies whether to - force applying common labels to resources for Kustomize - apps - type: boolean - images: - description: Images is a list of Kustomize image override - specifications - items: - description: KustomizeImage represents a Kustomize - image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize - to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, - and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - description: Env is a list of environment variable - entries - items: - description: EnvEntry represents an entry in the - application's environment - properties: - name: - description: Name is the name of the variable, - usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git - or Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. - type: string - required: - - repoURL - type: object - required: - - destination - - source - type: object - revision: - description: Revision contains information about the revision - the comparison has been performed to - type: string - status: - description: Status is the sync state of the comparison - type: string - required: - - status - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: {} diff --git a/charts/argo-cd/crds/crd-applicationset.yaml b/charts/argo-cd/crds/crd-applicationset.yaml deleted file mode 100644 index d2eb86c0..00000000 --- a/charts/argo-cd/crds/crd-applicationset.yaml +++ /dev/null @@ -1,6496 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/name: applicationsets.argoproj.io - app.kubernetes.io/part-of: argocd - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - name: applicationsets.argoproj.io -spec: - group: argoproj.io - names: - kind: ApplicationSet - listKind: ApplicationSetList - plural: applicationsets - shortNames: - - appset - - appsets - singular: applicationset - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - generators: - items: - properties: - clusterDecisionResource: - properties: - configMapRef: - type: string - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string - type: object - required: - - configMapRef - type: object - clusters: - properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string - type: object - type: object - git: - properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: - items: - properties: - path: - type: string - required: - - path - type: object - type: array - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: - type: string - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - repoURL - - revision - type: object - list: - properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - elements - type: object - matrix: - properties: - generators: - items: - properties: - clusterDecisionResource: - properties: - configMapRef: - type: string - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string - type: object - required: - - configMapRef - type: object - clusters: - properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string - type: object - type: object - git: - properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: - items: - properties: - path: - type: string - required: - - path - type: object - type: array - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: - type: string - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - repoURL - - revision - type: object - list: - properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - elements - type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true - pullRequest: - properties: - github: - properties: - api: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - owner - - repo - type: object - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - type: object - scmProvider: - properties: - cloneProtocol: - type: string - filters: - items: - properties: - branchMatch: - type: string - labelMatch: - type: string - pathsExist: - items: - type: string - type: array - repositoryMatch: - type: string - type: object - type: array - github: - properties: - allBranches: - type: boolean - api: - type: string - organization: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - organization - type: object - gitlab: - properties: - allBranches: - type: boolean - api: - type: string - group: - type: string - includeSubgroups: - type: boolean - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - group - type: object - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - type: object - type: object - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - generators - type: object - merge: - properties: - generators: - items: - properties: - clusterDecisionResource: - properties: - configMapRef: - type: string - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - name: - type: string - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string - type: object - required: - - configMapRef - type: object - clusters: - properties: - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string - type: object - type: object - git: - properties: - directories: - items: - properties: - exclude: - type: boolean - path: - type: string - required: - - path - type: object - type: array - files: - items: - properties: - path: - type: string - required: - - path - type: object - type: array - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: - type: string - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - repoURL - - revision - type: object - list: - properties: - elements: - items: - x-kubernetes-preserve-unknown-fields: true - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - elements - type: object - matrix: - x-kubernetes-preserve-unknown-fields: true - merge: - x-kubernetes-preserve-unknown-fields: true - pullRequest: - properties: - github: - properties: - api: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - owner - - repo - type: object - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - type: object - scmProvider: - properties: - cloneProtocol: - type: string - filters: - items: - properties: - branchMatch: - type: string - labelMatch: - type: string - pathsExist: - items: - type: string - type: array - repositoryMatch: - type: string - type: object - type: array - github: - properties: - allBranches: - type: boolean - api: - type: string - organization: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - organization - type: object - gitlab: - properties: - allBranches: - type: boolean - api: - type: string - group: - type: string - includeSubgroups: - type: boolean - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - group - type: object - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - type: object - type: object - type: array - mergeKeys: - items: - type: string - type: array - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - generators - - mergeKeys - type: object - pullRequest: - properties: - github: - properties: - api: - type: string - labels: - items: - type: string - type: array - owner: - type: string - repo: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - owner - - repo - type: object - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - type: object - scmProvider: - properties: - cloneProtocol: - type: string - filters: - items: - properties: - branchMatch: - type: string - labelMatch: - type: string - pathsExist: - items: - type: string - type: array - repositoryMatch: - type: string - type: object - type: array - github: - properties: - allBranches: - type: boolean - api: - type: string - organization: - type: string - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - organization - type: object - gitlab: - properties: - allBranches: - type: boolean - api: - type: string - group: - type: string - includeSubgroups: - type: boolean - tokenRef: - properties: - key: - type: string - secretName: - type: string - required: - - key - - secretName - type: object - required: - - group - type: object - requeueAfterSeconds: - format: int64 - type: integer - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - type: object - type: object - type: array - syncPolicy: - properties: - preserveResourcesOnDeletion: - type: boolean - type: object - template: - properties: - metadata: - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - properties: - destination: - properties: - name: - type: string - namespace: - type: string - server: - type: string - type: object - ignoreDifferences: - items: - properties: - group: - type: string - jqPathExpressions: - items: - type: string - type: array - jsonPointers: - items: - type: string - type: array - kind: - type: string - managedFieldsManagers: - items: - type: string - type: array - name: - type: string - namespace: - type: string - required: - - kind - type: object - type: array - info: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - type: string - revisionHistoryLimit: - format: int64 - type: integer - source: - properties: - chart: - type: string - directory: - properties: - exclude: - type: string - include: - type: string - jsonnet: - properties: - extVars: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - items: - type: string - type: array - tlas: - items: - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - properties: - fileParameters: - items: - properties: - name: - type: string - path: - type: string - type: object - type: array - ignoreMissingValueFiles: - type: boolean - parameters: - items: - properties: - forceString: - type: boolean - name: - type: string - value: - type: string - type: object - type: array - passCredentials: - type: boolean - releaseName: - type: string - skipCrds: - type: boolean - valueFiles: - items: - type: string - type: array - values: - type: string - version: - type: string - type: object - ksonnet: - properties: - environment: - type: string - parameters: - items: - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - properties: - commonAnnotations: - additionalProperties: - type: string - type: object - commonLabels: - additionalProperties: - type: string - type: object - forceCommonAnnotations: - type: boolean - forceCommonLabels: - type: boolean - images: - items: - type: string - type: array - namePrefix: - type: string - nameSuffix: - type: string - version: - type: string - type: object - path: - type: string - plugin: - properties: - env: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - type: string - targetRevision: - type: string - required: - - repoURL - type: object - syncPolicy: - properties: - automated: - properties: - allowEmpty: - type: boolean - prune: - type: boolean - selfHeal: - type: boolean - type: object - retry: - properties: - backoff: - properties: - duration: - type: string - factor: - format: int64 - type: integer - maxDuration: - type: string - type: object - limit: - format: int64 - type: integer - type: object - syncOptions: - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - generators - - template - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - message - - reason - - status - - type - type: object - type: array - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/argo-cd/crds/crd-extension.yaml b/charts/argo-cd/crds/crd-extension.yaml deleted file mode 100644 index ddb11e70..00000000 --- a/charts/argo-cd/crds/crd-extension.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/name: argocdextensions.argoproj.io - app.kubernetes.io/part-of: argocd - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - name: argocdextensions.argoproj.io -spec: - group: argoproj.io - names: - kind: ArgoCDExtension - listKind: ArgoCDExtensionList - plural: argocdextensions - singular: argocdextension - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ArgoCDExtension is the Schema for the argocdextensions API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ArgoCDExtensionSpec defines the desired state of ArgoCDExtension - properties: - sources: - description: Sources specifies where the extension should come from - items: - description: ExtensionSource specifies where the extension should - be sourced from - properties: - git: - description: Git is specified if the extension should be sourced - from a git repository - properties: - revision: - description: Revision specifies the revision of the Repository - to fetch - type: string - url: - description: URL specifies the Git repository URL to fetch - type: string - type: object - web: - description: Web is specified if the extension should be sourced - from a web file - properties: - url: - description: URK specifies the remote file URL - type: string - type: object - type: object - type: array - required: - - sources - type: object - status: - description: ArgoCDExtensionStatus defines the observed state of ArgoCDExtension - properties: - conditions: - items: - properties: - message: - description: Message contains human-readable message indicating - details about condition - type: string - status: - description: Boolean status describing if the condition is currently - true - type: string - type: - description: Type is an ArgoCDExtension condition type - type: string - required: - - message - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 34cdaaca..8821ab75 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,22 +1,22 @@ -{{- if or .Values.configs.repositoryCredentials .Values.server.config.repositories }} -WARNING: You are using configs.repositoryCredentials and/or server.config.repositories parameter that are DEPRECATED -Instead, use configs.repositoryTemplates and/or configs.repositories parameters -Read More about here: https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#legacy-behaviour - -{{- end}} In order to access the server UI you have the following options: -1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 +1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443 and then open the browser on http://localhost:8080 and accept the certificate 2. enable ingress in the values file `server.ingress.enabled` and either - - Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough - - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts + - Add the annotation for ssl passthrough: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough + - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts +{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}} After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: -kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d +kubectl -n {{ include "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d -(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli) +(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli) +{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}} +After reaching the UI the first time you can login using Dex or OIDC. +{{ else -}} +After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `configs.cm.dex.config` or OIDC via `configs.cm.oidc.config`. +{{ end -}} diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl new file mode 100644 index 00000000..4173876c --- /dev/null +++ b/charts/argo-cd/templates/_common.tpl @@ -0,0 +1,147 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "argo-cd.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "argo-cd.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-cd.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create Argo CD app version +*/}} +{{- define "argo-cd.defaultTag" -}} +{{- default .Chart.AppVersion .Values.global.image.tag }} +{{- end -}} + +{{/* +Return valid version label +*/}} +{{- define "argo-cd.versionLabelValue" -}} +{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "argo-cd.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-cd.labels" -}} +helm.sh/chart: {{ include "argo-cd.chart" .context }} +{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argocd +app.kubernetes.io/version: {{ include "argo-cd.versionLabelValue" .context }} +{{- with .context.Values.global.additionalLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-cd.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }} +{{ end -}} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Common affinity definition +Pod affinity + - Soft prefers different nodes + - Hard requires different nodes and prefers different availibility zones +Node affinity + - Soft prefers given user expressions + - Hard requires given user expressions +*/}} +{{- define "argo-cd.affinity" -}} +{{- with .component.affinity -}} + {{- toYaml . -}} +{{- else -}} +{{- $preset := .context.Values.global.affinity -}} +{{- if (eq $preset.podAntiAffinity "soft") }} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname +{{- else if (eq $preset.podAntiAffinity "hard") }} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: topology.kubernetes.io/zone + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname +{{- end }} +{{- with $preset.nodeAffinity.matchExpressions }} +{{- if (eq $preset.nodeAffinity.type "soft") }} +nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + {{- toYaml . | nindent 6 }} +{{- else if (eq $preset.nodeAffinity.type "hard") }} +nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- toYaml . | nindent 6 }} +{{- end }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Common deployment strategy definition +- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite +*/}} +{{- define "argo-cd.strategy" -}} +{{- $preset := . -}} +{{- if (eq (toString $preset.type) "Recreate") }} +type: Recreate +{{- else if (eq (toString $preset.type) "RollingUpdate") }} +type: RollingUpdate +{{- with $preset.rollingUpdate }} +rollingUpdate: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 44af06dd..aeaf3df8 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -1,34 +1,22 @@ {{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "argo-cd.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "argo-cd.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - {{/* Create controller name and version as used by the chart label. +Truncated at 52 chars because StatefulSet label 'controller-revision-hash' is limited +to 63 chars and it includes 10 chars of hash and a separating '-'. */}} {{- define "argo-cd.controller.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 52 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-cd.controller.serviceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} {{- end -}} {{/* @@ -38,6 +26,28 @@ Create dex name and version as used by the chart label. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create Dex server endpoint +*/}} +{{- define "argo-cd.dex.server" -}} +{{- $insecure := index .Values.configs.params "dexserver.disable.tls" | toString -}} +{{- $scheme := (eq $insecure "true") | ternary "http" "https" -}} +{{- $host := include "argo-cd.dex.fullname" . -}} +{{- $port := int .Values.dex.servicePortHttp -}} +{{- printf "%s://%s:%d" $scheme $host $port }} +{{- end }} + +{{/* +Create the name of the dex service account to use +*/}} +{{- define "argo-cd.dex.serviceAccountName" -}} +{{- if .Values.dex.serviceAccount.create -}} + {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.dex.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create redis name and version as used by the chart label. */}} @@ -53,6 +63,48 @@ Create redis name and version as used by the chart label. {{- end -}} {{- end -}} +{{/* +Return Redis server endpoint +*/}} +{{- define "argo-cd.redis.server" -}} +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} + {{- printf "%s:%s" (include "argo-cd.redis.fullname" .) (toString .Values.redis.servicePort) }} +{{- else if and .Values.externalRedis.host .Values.externalRedis.port }} + {{- printf "%s:%s" .Values.externalRedis.host (toString .Values.externalRedis.port) }} +{{- end }} +{{- end -}} + +{{/* +Create the name of the redis service account to use +*/}} +{{- define "argo-cd.redis.serviceAccountName" -}} +{{- if .Values.redis.serviceAccount.create -}} + {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redis.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Create Redis secret-init name +*/}} +{{- define "argo-cd.redisSecretInit.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Redis secret-init service account to use +*/}} +{{- define "argo-cd.redisSecretInit.serviceAccountName" -}} +{{- if .Values.redisSecretInit.serviceAccount.create -}} + {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redisSecretInit.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create argocd server name and version as used by the chart label. */}} @@ -60,6 +112,17 @@ Create argocd server name and version as used by the chart label. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create the name of the Argo CD server service account to use +*/}} +{{- define "argo-cd.server.serviceAccountName" -}} +{{- if .Values.server.serviceAccount.create -}} + {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.server.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create argocd repo-server name and version as used by the chart label. */}} @@ -67,6 +130,17 @@ Create argocd repo-server name and version as used by the chart label. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create the name of the repo-server service account to use +*/}} +{{- define "argo-cd.repoServer.serviceAccountName" -}} +{{- if .Values.repoServer.serviceAccount.create -}} + {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.repoServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create argocd application set name and version as used by the chart label. */}} @@ -74,6 +148,17 @@ Create argocd application set name and version as used by the chart label. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.applicationSet.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create the name of the application set service account to use +*/}} +{{- define "argo-cd.applicationSet.serviceAccountName" -}} +{{- if .Values.applicationSet.serviceAccount.create -}} + {{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.applicationSet.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create argocd notifications name and version as used by the chart label. */}} @@ -81,76 +166,10 @@ Create argocd notifications name and version as used by the chart label. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.notifications.name | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{/* -Create the name of the controller service account to use -*/}} -{{- define "argo-cd.controllerServiceAccountName" -}} -{{- if .Values.controller.serviceAccount.create -}} - {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.controller.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the dex service account to use -*/}} -{{- define "argo-cd.dexServiceAccountName" -}} -{{- if .Values.dex.serviceAccount.create -}} - {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.dex.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the redis service account to use -*/}} -{{- define "argo-cd.redisServiceAccountName" -}} -{{- if .Values.redis.serviceAccount.create -}} - {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.redis.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the Argo CD server service account to use -*/}} -{{- define "argo-cd.serverServiceAccountName" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the repo-server service account to use -*/}} -{{- define "argo-cd.repoServerServiceAccountName" -}} -{{- if .Values.repoServer.serviceAccount.create -}} - {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.repoServer.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the application set service account to use -*/}} -{{- define "argo-cd.applicationSetServiceAccountName" -}} -{{- if .Values.applicationSet.serviceAccount.create -}} - {{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.applicationSet.serviceAccount.name }} -{{- end -}} -{{- end -}} - {{/* Create the name of the notifications service account to use */}} -{{- define "argo-cd.notificationsServiceAccountName" -}} +{{- define "argo-cd.notifications.serviceAccountName" -}} {{- if .Values.notifications.serviceAccount.create -}} {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }} {{- else -}} @@ -159,139 +178,100 @@ Create the name of the notifications service account to use {{- end -}} {{/* -Create the name of the notifications bots slack service account to use +Create argocd commit-server name and version as used by the chart label. */}} -{{- define "argo-cd.notificationsBotsSlackServiceAccountName" -}} -{{- if .Values.notifications.bots.slack.serviceAccount.create -}} - {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.bots.slack.serviceAccount.name }} +{{- define "argo-cd.commitServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the commit-server service account to use +*/}} +{{- define "argo-cd.commitServer.serviceAccountName" -}} +{{- if .Values.commitServer.serviceAccount.create -}} + {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }} {{- else -}} - {{ default "default" .Values.notifications.bots.slack.serviceAccount.name }} + {{ default "default" .Values.commitServer.serviceAccount.name }} {{- end -}} {{- end -}} {{/* -Create chart name and version as used by the chart label. +Argo Configuration Preset Values (Influenced by Values configuration) */}} -{{- define "argo-cd.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- define "argo-cd.config.cm.presets" -}} +{{- $presets := dict -}} +{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} +{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}} +{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} {{- end -}} - -{{/* -Common labels -*/}} -{{- define "argo-cd.labels" -}} -helm.sh/chart: {{ include "argo-cd.chart" .context }} -{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} -app.kubernetes.io/managed-by: {{ .context.Release.Service }} -app.kubernetes.io/part-of: argocd -{{- with .context.Values.global.additionalLabels }} -{{ toYaml . }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "argo-cd.selectorLabels" -}} -{{- if .name -}} -app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }} -{{ end -}} -app.kubernetes.io/instance: {{ .context.Release.Name }} -{{- if .component }} -app.kubernetes.io/component: {{ .component }} -{{- end }} -{{- end }} - -{{/* -Return the appropriate apiVersion for ingress -*/}} -{{- define "argo-cd.ingress.apiVersion" -}} -{{- if .Values.apiVersionOverrides.ingress -}} -{{- print .Values.apiVersionOverrides.ingress -}} -{{- else if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} +{{- if .Values.configs.styles -}} +{{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} -{{- end -}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "argo-cd.kubeVersion" -}} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} -{{- end -}} - -{{/* -Argo Configuration Preset Values (Incluenced by Values configuration) -*/}} -{{- define "argo-cd.config.presets" -}} - {{- if .Values.configs.styles }} -ui.cssurl: "./custom/custom.styles.css" - {{- end }} +{{- toYaml $presets }} {{- end -}} {{/* Merge Argo Configuration with Preset Configuration */}} -{{- define "argo-cd.config" -}} - {{- if .Values.server.configEnabled -}} -{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }} - {{- end -}} +{{- define "argo-cd.config.cm" -}} +{{- $config := omit .Values.configs.cm "create" "annotations" -}} +{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}} +{{- range $key, $value := mergeOverwrite $preset $config }} +{{- $fmted := $value | toString }} +{{- if not (eq $fmted "") }} +{{ $key }}: {{ $fmted | toYaml }} +{{- end }} +{{- end }} {{- end -}} {{/* -Return the default Argo CD app version +Argo Params Default Configuration Presets +NOTE: Configuration keys must be stored as dict because YAML treats dot as separator */}} -{{- define "argo-cd.defaultTag" -}} - {{- default .Chart.AppVersion .Values.global.image.tag }} +{{- define "argo-cd.config.params.presets" -}} +{{- $presets := dict -}} +{{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}} +{{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}} +{{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} +{{- if .Values.dex.enabled -}} +{{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}} +{{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}} +{{- end -}} +{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}} +{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} +{{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} +{{- end -}} +{{- toYaml $presets }} {{- end -}} {{/* -Create the name of the notifications controller secret to use +Merge Argo Params Configuration with Preset Configuration */}} -{{- define "argo-cd.notifications.secretName" -}} -{{- if .Values.notifications.secret.create -}} - {{ default (printf "%s-secret" (include "argo-cd.notifications.fullname" .)) .Values.notifications.secret.name }} -{{- else -}} - {{ default "argocd-notifications-secret" .Values.notifications.secret.name }} -{{- end -}} +{{- define "argo-cd.config.params" -}} +{{- $config := omit .Values.configs.params "create" "annotations" }} +{{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}} +{{- range $key, $value := mergeOverwrite $preset $config }} +{{ $key }}: {{ toString $value | toYaml }} +{{- end }} {{- end -}} {{/* -Create the name of the configmap to use +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. */}} -{{- define "argo-cd.notifications.configMapName" -}} -{{- if .Values.notifications.cm.create -}} - {{ default (printf "%s-cm" (include "argo-cd.notifications.fullname" .)) .Values.notifications.cm.name }} -{{- else -}} - {{ default "argocd-notifications-cm" .Values.notifications.cm.name }} -{{- end -}} -{{- end -}} - -{{- define "argo-cd.redisPasswordEnv" -}} - {{- if or .Values.externalRedis.password .Values.externalRedis.existingSecret }} -- name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.externalRedis.existingSecret }} - name: {{ .Values.externalRedis.existingSecret }} - {{- else }} - name: {{ template "argo-cd.redis.fullname" . }} - {{- end }} - key: redis-password - {{- end }} -{{- end -}} +{{- define "argo-cd.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} {{/* -Return the appropriate apiVersion for pod disruption budget +Dual stack definition */}} -{{- define "argo-cd.podDisruptionBudget.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "argo-cd.kubeVersion" $) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} +{{- define "argo-cd.dualStack" -}} +{{- with .Values.global.dualStack.ipFamilyPolicy }} +ipFamilyPolicy: {{ . }} +{{- end }} +{{- with .Values.global.dualStack.ipFamilies }} +ipFamilies: {{ toYaml . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl new file mode 100644 index 00000000..966dad97 --- /dev/null +++ b/charts/argo-cd/templates/_versions.tpl @@ -0,0 +1,7 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-cd.kubeVersion" -}} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-aggregate-roles.yaml b/charts/argo-cd/templates/aggregate-roles.yaml similarity index 100% rename from charts/argo-cd/templates/argocd-aggregate-roles.yaml rename to charts/argo-cd/templates/aggregate-roles.yaml diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml index 0aa82961..615b56f9 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -1,23 +1,23 @@ -{{- if .Values.controller.clusterAdminAccess.enabled }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: {{- if .Values.controller.clusterRoleRules.enabled }} - {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 0 }} + {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }} {{- else }} -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 86d7c883..6076c531 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -1,16 +1,16 @@ -{{- if .Values.controller.clusterAdminAccess.enabled }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml old mode 100755 new mode 100644 index c4370aee..0b8285b7 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -1,161 +1,420 @@ -{{- $redisHa := (index .Values "redis-ha") -}} +{{- if .Values.controller.dynamicClusterDistribution }} apiVersion: apps/v1 -kind: {{ .Values.controller.enableStatefulSet | ternary "StatefulSet" "Deployment" }} +kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag | quote }} spec: + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} - {{- if .Values.controller.enableStatefulSet }} - serviceName: {{ template "argo-cd.controller.fullname" . }} - {{- end }} - revisionHistoryLimit: 5 - replicas: {{ .Values.controller.replicas }} template: metadata: - {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag | quote }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} containers: - - command: - - argocd-application-controller - - --status-processors - - {{ .Values.controller.args.statusProcessors | quote }} - - --operation-processors - - {{ .Values.controller.args.operationProcessors | quote }} - - --app-resync - - {{ .Values.controller.args.appResyncPeriod | quote }} - - --self-heal-timeout-seconds - - {{ .Values.controller.args.selfHealTimeout | quote }} - - --repo-server - - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - - --repo-server-timeout-seconds - - {{ .Values.controller.args.repoServerTimeoutSeconds | quote }} - - --logformat - - {{ .Values.controller.logFormat }} - - --loglevel - - {{ .Values.controller.logLevel }} + - args: + - /usr/local/bin/argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} {{- if .Values.controller.metrics.applicationLabels.enabled }} {{- range .Values.controller.metrics.applicationLabels.labels }} - --metrics-application-labels - {{ . }} {{- end }} {{- end }} - {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - - --redis - - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} - {{- else if and .Values.externalRedis.host .Values.externalRedis.port }} - - --redis - - {{ .Values.externalRedis.host }}:{{ .Values.externalRedis.port }} - {{- end }} {{- with .Values.controller.extraArgs }} - {{- . | toYaml | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} name: {{ .Values.controller.name }} - {{- if .Values.controller.containerSecurityContext }} - securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if or .Values.controller.env .Values.externalRedis.password .Values.externalRedis.existingSecret }} env: - {{- include "argo-cd.redisPasswordEnv" . | nindent 8 }} - {{- with .Values.controller.env }} - {{- toYaml . | nindent 8 }} + {{- with (concat .Values.global.env .Values.controller.env) }} + {{- toYaml . | nindent 10 }} {{- end }} - {{- end }} + - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION + value: "true" + - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME + value: {{ .Values.controller.heartbeatTime | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.hard.reconciliation + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.status.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.operation.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.format + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.level + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.metrics.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.resource.health.persist + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} + key: redis-password + {{- else }} + key: auth + {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.default.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true {{- with .Values.controller.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} + envFrom: + {{- toYaml . | nindent 10 }} {{- end }} ports: - - name: controller - containerPort: {{ .Values.controller.containerPort }} + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} protocol: TCP - livenessProbe: + readinessProbe: httpGet: path: /healthz - port: {{ .Values.controller.containerPort }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - readinessProbe: - tcpSocket: - port: {{ .Values.controller.containerPort }} + port: metrics initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - workingDir: /home/argocd - volumeMounts: - - name: argocd-home - mountPath: /home/argocd - - mountPath: /app/config/controller/tls - name: argocd-repo-server-tls - {{- with .Values.controller.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + workingDir: /home/argocd + volumeMounts: + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- with .Values.controller.extraContainers }} - {{- toYaml . | nindent 6 }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- if .Values.controller.nodeSelector }} - nodeSelector: -{{- toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.controller.tolerations }} - tolerations: -{{- toYaml .Values.controller.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.controller.affinity }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} affinity: -{{- toYaml .Values.controller.affinity | nindent 8 }} - {{- end }} - {{- with .Values.controller.topologySpreadConstraints }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} topologySpreadConstraints: - {{- range $constraint := . }} + {{- range $constraint := . }} - {{ toYaml $constraint | nindent 8 | trim }} - {{- if not $constraint.labelSelector }} + {{- if not $constraint.labelSelector }} labelSelector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} {{- end }} {{- end }} - {{- end }} - serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: + volumes: + {{- with .Values.controller.volumes }} {{- toYaml . | nindent 6 }} {{- end }} - volumes: - - emptyDir: {} - name: argocd-home + - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-repo-server-tls secret: + secretName: argocd-repo-server-tls + optional: true items: - key: tls.crt path: tls.crt @@ -163,15 +422,19 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: optional: true - secretName: argocd-repo-server-tls - {{- with .Values.controller.volumes }} - {{- toYaml . | nindent 6 }} + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} - {{- if .Values.controller.initContainers }} - initContainers: - {{- toYaml .Values.controller.initContainers | nindent 6 }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} {{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml deleted file mode 100644 index 44e8eff3..00000000 --- a/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.controller.metrics.enabled}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.controller.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} -{{- if .Values.controller.metrics.service.labels }} -{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.controller.fullname" . }}-metrics -spec: - ports: - - name: {{ .Values.controller.metrics.service.portName }} - protocol: TCP - port: {{ .Values.controller.metrics.service.servicePort }} - targetPort: controller - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml new file mode 100644 index 00000000..086dfe9b --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.controller.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.controller.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} + {{- with .Values.controller.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.controller.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.controller.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.controller.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.controller.metrics.service.type }} + {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.controller.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.controller.metrics.service.portName }} + protocol: TCP + port: {{ .Values.controller.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml index 9116fbcf..db1ee7c2 100644 --- a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml @@ -5,12 +5,13 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: - namespaceSelector: {} ports: - - port: controller + - port: metrics podSelector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml new file mode 100644 index 00000000..bef09799 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.controller.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.controller.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.controller.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/poddisruptionbudget.yaml b/charts/argo-cd/templates/argocd-application-controller/poddisruptionbudget.yaml deleted file mode 100644 index 536294f1..00000000 --- a/charts/argo-cd/templates/argocd-application-controller/poddisruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.controller.pdb.enabled }} -apiVersion: {{ include "argo-cd.podDisruptionBudget.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "argo-cd.controller.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - {{- with .Values.controller.pdb.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.controller.pdb.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.controller.pdb.minAvailable }} - minAvailable: {{ .Values.controller.pdb.minAvailable }} - {{- else if .Values.controller.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml index 485ed1aa..6ddc7f4c 100644 --- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml @@ -1,11 +1,9 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ template "argo-cd.controller.fullname" . }} - {{- if .Values.controller.metrics.rules.namespace }} - namespace: {{ .Values.controller.metrics.rules.namespace }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- if .Values.controller.metrics.rules.selector }} @@ -14,6 +12,10 @@ metadata: {{- if .Values.controller.metrics.rules.additionalLabels }} {{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }} {{- end }} + {{- with .Values.controller.metrics.rules.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: groups: - name: argocd diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index 75aec8db..27e3e956 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: @@ -33,4 +34,26 @@ rules: - events verbs: - create - - list \ No newline at end of file + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch +{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - argocd-app-controller-shard-cm + verbs: + - get + - list + - watch + - create + - update +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml index f37f4b0c..48681637 100644 --- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -1,14 +1,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + - kind: ServiceAccount + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-application-controller/service.yaml b/charts/argo-cd/templates/argocd-application-controller/service.yaml deleted file mode 100644 index db563135..00000000 --- a/charts/argo-cd/templates/argocd-application-controller/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.controller.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.controller.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} -spec: - ports: - - name: {{ .Values.controller.service.portName }} - port: {{ .Values.controller.service.port }} - targetPort: {{ .Values.controller.containerPort }} - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index 4703236c..575cbf6d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -3,13 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.controllerServiceAccountName" . }} -{{- if .Values.controller.serviceAccount.annotations }} + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.controller.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.controller.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 28b230db..d1912470 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -1,11 +1,9 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.controller.fullname" . }} - {{- with .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} @@ -14,12 +12,19 @@ metadata: {{- with .Values.controller.metrics.serviceMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - port: {{ .Values.controller.metrics.service.portName }} {{- with .Values.controller.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.controller.metrics.serviceMonitor.relabelings }} relabelings: @@ -29,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }} {{- with .Values.controller.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} @@ -38,7 +44,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml new file mode 100644 index 00000000..733290d1 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -0,0 +1,444 @@ +{{- if not .Values.controller.dynamicClusterDistribution | default false }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.controller.statefulsetAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} + serviceName: {{ include "argo-cd.controller.fullname" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} + containers: + - args: + - /usr/local/bin/argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + {{- if .Values.controller.metrics.applicationLabels.enabled }} + {{- range .Values.controller.metrics.applicationLabels.labels }} + - --metrics-application-labels + - {{ . }} + {{- end }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + name: {{ .Values.controller.name }} + env: + {{- with (concat .Values.global.env .Values.controller.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_CONTROLLER_REPLICAS + value: {{ .Values.controller.replicas | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.hard.reconciliation + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.status.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.operation.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.format + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.level + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.metrics.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.resource.health.persist + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} + key: redis-password + {{- else }} + key: auth + {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.default.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + workingDir: /home/argocd + volumeMounts: + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + - name: argocd-application-controller-tmp + mountPath: /tmp + {{- with .Values.controller.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - emptyDir: {} + name: argocd-application-controller-tmp + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml new file mode 100644 index 00000000..fce26bf5 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -0,0 +1,39 @@ +{{- if .Values.applicationSet.certificate.enabled -}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + secretName: argocd-applicationset-controller-tls + commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} + dnsNames: + - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} + {{- range .Values.applicationSet.certificate.additionalHosts }} + - {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} + issuerRef: + {{- with .Values.applicationSet.certificate.issuer.group }} + group: {{ . | quote }} + {{- end }} + kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }} + name: {{ .Values.applicationSet.certificate.issuer.name | quote }} + {{- with .Values.applicationSet.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml new file mode 100644 index 00000000..2723e3d2 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -0,0 +1,90 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml new file mode 100644 index 00000000..9dcae8d2 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.applicationSet.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 131e7504..9c085123 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -1,128 +1,354 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "argo-cd.applicationSet.fullname" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.applicationSet.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag | quote }} spec: - replicas: {{ .Values.applicationSet.replicaCount }} + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.applicationSet.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + replicas: {{ .Values.applicationSet.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} template: metadata: - {{- with .Values.applicationSet.podAnnotations }} annotations: - {{- toYaml . | nindent 8 }} - {{- end }} + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag | quote }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.applicationSet.imagePullSecrets }} + {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} securityContext: - {{- toYaml (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.applicationSet.podSecurityContext) | nindent 8 }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.applicationSet.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }} containers: - name: {{ .Values.applicationSet.name }} - securityContext: - {{- toYaml .Values.applicationSet.securityContext | nindent 12 }} - command: - - applicationset-controller - - --metrics-addr={{ .Values.applicationSet.args.metricsAddr }} - - --probe-addr={{ .Values.applicationSet.args.probeBindAddr }} - {{- if or (gt ( .Values.applicationSet.replicaCount | int64) 1) .Values.applicationSet.args.enableLeaderElection }} - - --enable-leader-election=true - {{- end }} - - --namespace={{ .Release.Namespace }} - - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - - --policy={{ .Values.applicationSet.args.policy }} - - --debug={{ .Values.applicationSet.args.debug }} - - --dry-run={{ .Values.applicationSet.args.dryRun }} + image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-applicationset-controller + - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} + - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} + - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} {{- with .Values.applicationSet.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} - image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }} - ports: - - name: http - containerPort: {{ (split ":" .Values.applicationSet.args.probeBindAddr)._1 }} - protocol: TCP - - name: metrics - containerPort: {{ (split ":" .Values.applicationSet.args.metricsAddr)._1 }} - protocol: TCP - - name: webhook - containerPort: 7000 - protocol: TCP - {{- with .Values.applicationSet.extraEnv }} env: - {{- toYaml . | nindent 12 }} - {{- end }} + {{- with (concat .Values.global.env .Values.applicationSet.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.syncs + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.concurrent.reconciliations.max + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.applicationSet.containerPorts.metrics }} + protocol: TCP + - name: probe + containerPort: {{ .Values.applicationSet.containerPorts.probe }} + protocol: TCP + - name: webhook + containerPort: {{ .Values.applicationSet.containerPorts.webhook }} + protocol: TCP + {{- if .Values.applicationSet.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: probe + initialDelaySeconds: {{ .Values.applicationSet.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.applicationSet.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.applicationSet.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.applicationSet.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.applicationSet.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.applicationSet.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: probe + initialDelaySeconds: {{ .Values.applicationSet.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.applicationSet.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.applicationSet.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.applicationSet.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.applicationSet.readinessProbe.failureThreshold }} + {{- end }} resources: {{- toYaml .Values.applicationSet.resources | nindent 12 }} + {{- with .Values.applicationSet.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: - - mountPath: /tmp - name: tmp-dir - {{- if .Values.configs.knownHosts }} + {{- with .Values.applicationSet.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} - mountPath: /app/config/ssh name: ssh-known-hosts - {{- end }} - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring - {{- with .Values.applicationSet.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /tmp + name: tmp {{- with .Values.applicationSet.extraContainers }} - {{- toYaml . | nindent 8 }} + {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} - volumes: - - emptyDir: {} - name: tmp-dir - {{- if .Values.configs.knownHosts }} - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts + {{- with .Values.applicationSet.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - configMap: - name: argocd-gpg-keys-cm - name: gpg-keys - - emptyDir: {} - name: gpg-keyring - {{- with .Values.applicationSet.extraVolumes }} - {{- toYaml . | nindent 6 }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) }} + affinity: + {{- trim . | nindent 8 }} {{- end }} - {{- with .Values.applicationSet.nodeSelector }} + {{- with .Values.applicationSet.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.applicationSet.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.applicationSet.tolerations }} + {{- with .Values.applicationSet.tolerations | default .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.applicationSet.priorityClassName }} - priorityClassName: {{ . }} + {{- with .Values.applicationSet.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.applicationSet.name) | nindent 12 }} + {{- end }} + {{- end }} {{- end }} -{{- end }} + volumes: + {{- with .Values.applicationSet.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with .Values.applicationSet.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.applicationSet.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml new file mode 100644 index 00000000..5cdf0cfe --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.applicationSet.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.applicationSet.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.applicationSet.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.applicationSet.ingress.path }} + pathType: {{ .Values.applicationSet.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" . }} + port: + number: {{ .Values.applicationSet.service.port }} + {{- range .Values.applicationSet.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.applicationSet.ingress.path .path }} + pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" $ }} + port: + number: {{ $.Values.applicationSet.service.port }} + {{- end }} + {{- with .Values.applicationSet.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }} + tls: + {{- if .Values.applicationSet.ingress.tls }} + - hosts: + - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} + secretName: argocd-applicationset-controller-tls + {{- end }} + {{- with .Values.applicationSet.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics-service.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics-service.yaml deleted file mode 100644 index a6ce523f..00000000 --- a/charts/argo-cd/templates/argocd-applicationset/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.applicationSet.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.applicationSet.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }} -{{- if .Values.applicationSet.metrics.service.labels }} -{{- toYaml .Values.applicationSet.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.applicationSet.fullname" . }}-metrics -spec: - ports: - - name: {{ .Values.applicationSet.metrics.service.portName }} - protocol: TCP - port: {{ .Values.applicationSet.metrics.service.servicePort }} - targetPort: metrics - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml new file mode 100644 index 00000000..de5638ad --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.applicationSet.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }} + {{- with .Values.applicationSet.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.applicationSet.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.applicationSet.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.applicationSet.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.applicationSet.metrics.service.type }} + {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.applicationSet.metrics.service.portName }} + protocol: TCP + port: {{ .Values.applicationSet.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index 176de64b..3a295f77 100644 --- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -1,13 +1,14 @@ -{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }} +{{- if and .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: ingress: - {{- if .Values.applicationSet.webhook.ingress.enabled }} + {{- if .Values.applicationSet.ingress.enabled }} - ports: - port: webhook {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml new file mode 100644 index 00000000..5d0ebc88 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.applicationSet.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.applicationSet.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.applicationSet.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml index dc83f06a..d8cfed62 100644 --- a/charts/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -1,8 +1,8 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "argo-cd.applicationSet.fullname" . }} + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: @@ -10,7 +10,6 @@ rules: - argoproj.io resources: - applications - - appprojects - applicationsets - applicationsets/finalizers verbs: @@ -29,17 +28,35 @@ rules: - get - patch - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch - apiGroups: - "" resources: - events verbs: - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update - delete - get - list - patch - - update - watch - apiGroups: - "" @@ -49,18 +66,6 @@ rules: - get - list - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - apps - extensions @@ -82,4 +87,3 @@ rules: - patch - update - watch -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml index 91cddeae..5d4f1e4a 100644 --- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -1,16 +1,15 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.applicationSet.fullname" . }} + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.applicationSet.fullname" . }} + name: {{ include "argo-cd.applicationSet.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.applicationSetServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index 4d2fd4eb..bf58c6b4 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: v1 kind: Service metadata: @@ -9,13 +8,18 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +{{- with .Values.applicationSet.service.labels }} +{{- toYaml . | nindent 4 }} +{{- end }} spec: + type: {{ .Values.applicationSet.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.applicationSet.service.portName }} port: {{ .Values.applicationSet.service.port }} targetPort: webhook selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index 4fafac8d..4869cad0 100644 --- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -1,15 +1,19 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.serviceAccount.create }} +{{- if .Values.applicationSet.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.applicationSetServiceAccountName" . }} -{{- if .Values.applicationSet.serviceAccount.annotations }} + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.applicationSet.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 10c950da..52d70700 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -1,12 +1,9 @@ -{{- if .Values.applicationSet.enabled }} -{{- if and .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - {{- with .Values.applicationSet.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.metrics.serviceMonitor.selector }} @@ -15,12 +12,19 @@ metadata: {{- with .Values.applicationSet.metrics.serviceMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - port: {{ .Values.applicationSet.metrics.service.portName }} {{- with .Values.applicationSet.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }} relabelings: @@ -30,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }} {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} @@ -39,9 +44,8 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }} {{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml deleted file mode 100644 index 4d1291ba..00000000 --- a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}} -{{- $serviceName := include "argo-cd.applicationSet.fullname" . -}} -{{- $servicePort := .Values.applicationSet.service.portName -}} -{{- $paths := .Values.applicationSet.webhook.ingress.paths -}} -{{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}} -{{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}} -apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} -kind: Ingress -metadata: -{{- if .Values.applicationSet.webhook.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.applicationSet.webhook.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.applicationSet.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} - {{- if .Values.applicationSet.webhook.ingress.labels }} - {{- toYaml .Values.applicationSet.webhook.ingress.labels | nindent 4 }} - {{- end }} -spec: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - {{- with .Values.applicationSet.webhook.ingress.ingressClassName }} - ingressClassName: {{ . }} - {{- end }} - {{- end }} - rules: - {{- if .Values.applicationSet.webhook.ingress.hosts }} - {{- range $host := .Values.applicationSet.webhook.ingress.hosts }} - - host: {{ $host }} - http: - paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - service: - name: {{ $serviceName }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - service: - name: {{ $serviceName }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- if .Values.applicationSet.webhook.ingress.tls }} - tls: - {{- toYaml .Values.applicationSet.webhook.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/argo-cd/templates/argocd-commit-server/deployment.yaml b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml new file mode 100644 index 00000000..96cf6575 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml @@ -0,0 +1,238 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }} + containers: + - name: {{ .Values.commitServer.name }} + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-commit-server + {{- with .Values.commitServer.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.metrics.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.format + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + {{- with .Values.commitServer.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8086 + name: server + protocol: TCP + - containerPort: 8087 + name: metrics + protocol: TCP + {{- if .Values.commitServer.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.commitServer.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }} + {{- end }} + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commitServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.commitServer.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + mountPath: /app/config/ssh + - name: tls-certs + mountPath: /app/config/tls + - name: gpg-keys + mountPath: /app/config/gpg/source + - name: gpg-keyring + mountPath: /app/config/gpg/keys + # We need a writeable temp directory for the askpass socket file. + - name: tmp + mountPath: /tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + name: copyutil + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + volumes: + {{- with .Values.commitServer.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + emptyDir: {} + - name: tmp + emptyDir: {} + - name: argocd-commit-server-tls + secret: + secretName: argocd-commit-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - emptyDir: {} + name: var-files + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.commitServer.hostNetwork }} + hostNetwork: {{ .Values.commitServer.hostNetwork }} + {{- end }} + {{- with .Values.commitServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.commitServer.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/metrics.yaml b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml new file mode 100644 index 00000000..7d198a70 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.commitServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }} + {{- with .Values.commitServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.commitServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.commitServer.metrics.service.type }} + {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.commitServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.commitServer.metrics.service.servicePort }} + targetPort: 8087 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml new file mode 100644 index 00000000..6ec0a6ac --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }} + ports: + - protocol: TCP + port: 8086 + - from: + - namespaceSelector: { } + ports: + - port: 8087 +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/service.yaml b/charts/argo-cd/templates/argocd-commit-server/service.yaml new file mode 100644 index 00000000..7b0bf878 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commitServer.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + ports: + - name: server + protocol: TCP + port: 8086 + targetPort: 8086 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml new file mode 100644 index 00000000..d0cf9e73 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.commitServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.commitServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/applications.yaml b/charts/argo-cd/templates/argocd-configs/applications.yaml deleted file mode 100644 index cdde790d..00000000 --- a/charts/argo-cd/templates/argocd-configs/applications.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- range .Values.server.additionalApplications }} ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - {{- with .additionalAnnotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- with .additionalLabels }} - labels: - {{- toYaml . | nindent 4 }} - {{- end }} - name: {{ .name }} - {{- with .namespace }} - namespace: {{ . }} - {{- end }} - {{- with .finalizers }} - finalizers: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - project: {{ tpl .project $ }} - source: - {{- toYaml .source | nindent 4 }} - destination: - {{- toYaml .destination | nindent 4 }} - {{- with .syncPolicy }} - syncPolicy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .ignoreDifferences }} - ignoreDifferences: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .info }} - info: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index 0da0c1ed..6bd19f5c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -1,15 +1,17 @@ -{{- if .Values.server.configEnabled }} +{{- if .Values.configs.cm.create }} apiVersion: v1 kind: ConfigMap metadata: name: argocd-cm + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} - {{- if .Values.server.configAnnotations }} + {{- with .Values.configs.cm.annotations }} annotations: - {{- range $key, $value := .Values.server.configAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} - {{- end }} -data: {{- include "argo-cd.config" $ | nindent 4 }} -{{- end }} \ No newline at end of file +data: + {{- include "argo-cd.config.cm" . | trim | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml new file mode 100644 index 00000000..f0c81b24 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -0,0 +1,17 @@ +{{- if .Values.configs.params.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmd-params-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }} + {{- if .Values.configs.params.annotations }} + annotations: + {{- range $key, $value := .Values.configs.params.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- include "argo-cd.config.params" . | trim | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml new file mode 100644 index 00000000..a5d29f6c --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml @@ -0,0 +1,25 @@ +{{- if .Values.configs.cmp.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmp-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }} + {{- with .Values.configs.cmp.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- range $cmp_plugin, $cmp_plugin_config := .Values.configs.cmp.plugins }} + {{ $cmp_plugin }}.yaml: | + apiVersion: argoproj.io/v1alpha1 + kind: ConfigManagementPlugin + metadata: + name: {{ $cmp_plugin }} + spec: + {{- toYaml $cmp_plugin_config | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml new file mode 100644 index 00000000..747fa13c --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.dex.enabled .Values.dex.certificateSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-dex-server-tls + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }} + {{- with .Values.dex.certificateSecret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.certificateSecret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: kubernetes.io/tls +data: + {{- with .Values.dex.certificateSecret.ca }} + ca.crt: {{ . | b64enc | quote }} + {{- end }} + tls.crt: {{ .Values.dex.certificateSecret.crt | b64enc | quote }} + tls.key: {{ .Values.dex.certificateSecret.key | b64enc | quote }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml index e96ef9aa..ed299b59 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -1,16 +1,17 @@ apiVersion: v1 kind: ConfigMap metadata: - {{- if .Values.configs.gpgKeysAnnotations }} + name: argocd-gpg-keys-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} + {{- with .Values.configs.gpg.annotations }} annotations: - {{- range $key, $value := .Values.configs.gpgKeysAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} - name: argocd-gpg-keys-cm -{{- with .Values.configs.gpgKeys }} +{{- with .Values.configs.gpg.keys }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/configmap.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml similarity index 70% rename from charts/argo-cd/templates/argocd-notifications/configmap.yaml rename to charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml index df1c9a6c..663862e2 100644 --- a/charts/argo-cd/templates/argocd-notifications/configmap.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -2,15 +2,16 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "argo-cd.notifications.configMapName" . }} + name: argocd-notifications-cm + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} data: context: | - argocdUrl: {{ .Values.notifications.argocdUrl | quote }} - {{- with .Values.notifications.context }} - {{- toYaml . | nindent 4 }} - {{- end }} + argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }} + {{- with .Values.notifications.context }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.notifications.notifiers }} {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml similarity index 56% rename from charts/argo-cd/templates/argocd-notifications/secret.yaml rename to charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index 342bf79f..f64a91f5 100644 --- a/charts/argo-cd/templates/argocd-notifications/secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -2,18 +2,22 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "argo-cd.notifications.secretName" . }} + name: {{ .Values.notifications.secret.name }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} - {{- if .Values.notifications.secret.annotations }} + {{- with .Values.notifications.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.secret.annotations }} annotations: - {{- range $key, $value := .Values.notifications.secret.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} - {{- end }} + {{- end }} {{- end }} type: Opaque stringData: {{- with .Values.notifications.secret.items }} - {{ toYaml . | nindent 2 }} + {{- toYaml . | nindent 2 }} {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index b02e3a00..ae48404e 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -1,18 +1,19 @@ -{{- if .Values.server.rbacConfigCreate }} +{{- if .Values.configs.rbac.create }} apiVersion: v1 kind: ConfigMap metadata: name: argocd-rbac-cm + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} - {{- if .Values.server.rbacConfigAnnotations }} + {{- with .Values.configs.rbac.annotations }} annotations: - {{- range $key, $value := .Values.server.rbacConfigAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} - {{- end }} -{{- if .Values.server.rbacConfig }} +{{- with (omit .Values.configs.rbac "create" "annotations") }} data: -{{- toYaml .Values.server.rbacConfig | nindent 4 }} + {{- toYaml . | nindent 2 }} {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml new file mode 100644 index 00000000..8635d64e --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml @@ -0,0 +1,25 @@ +{{- if .Values.repoServer.certificateSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repo-server-tls + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }} + {{- with .Values.repoServer.certificateSecret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.repoServer.certificateSecret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: kubernetes.io/tls +data: + {{- with .Values.repoServer.certificateSecret.ca }} + ca.crt: {{ . | b64enc | quote }} + {{- end }} + tls.crt: {{ .Values.repoServer.certificateSecret.crt | b64enc | quote }} + tls.key: {{ .Values.repoServer.certificateSecret.key | b64enc | quote }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 62cf6be4..9462be26 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -3,36 +3,40 @@ apiVersion: v1 kind: Secret metadata: name: argocd-secret + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} - {{- if .Values.configs.secret.annotations }} + {{- with .Values.configs.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.configs.secret.annotations }} annotations: - {{- range $key, $value := .Values.configs.secret.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} - {{- end }} + {{- end }} {{- end }} type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }} # Setting a blank data again will wipe admin password/key/cert data: - {{- if .Values.configs.secret.githubSecret }} - webhook.github.secret: {{ .Values.configs.secret.githubSecret | b64enc }} + {{- with .Values.configs.secret.githubSecret }} + webhook.github.secret: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.gitlabSecret }} - webhook.gitlab.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }} + {{- with .Values.configs.secret.gitlabSecret }} + webhook.gitlab.secret: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.bitbucketServerSecret }} - webhook.bitbucketserver.secret: {{ .Values.configs.secret.bitbucketServerSecret | b64enc }} + {{- with .Values.configs.secret.bitbucketServerSecret }} + webhook.bitbucketserver.secret: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.bitbucketUUID }} - webhook.bitbucket.uuid: {{ .Values.configs.secret.bitbucketUUID | b64enc }} + {{- with .Values.configs.secret.bitbucketUUID }} + webhook.bitbucket.uuid: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.gogsSecret }} - webhook.gogs.secret: {{ .Values.configs.secret.gogsSecret | b64enc }} + {{- with .Values.configs.secret.gogsSecret }} + webhook.gogs.secret: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.argocdServerTlsConfig }} - tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }} - tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }} + {{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }} + webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }} + webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }} {{- end }} {{- if .Values.configs.secret.argocdServerAdminPassword }} admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml new file mode 100644 index 00000000..97116472 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.server.certificateSecret.enabled (not .Values.server.certificate.enabled) }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-server-tls + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }} + {{- with .Values.server.certificateSecret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.certificateSecret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.server.certificateSecret.crt | b64enc | quote }} + tls.key: {{ .Values.server.certificateSecret.key | b64enc | quote }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index 289885bd..0218d40b 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -1,13 +1,21 @@ +{{- if .Values.configs.ssh.create }} apiVersion: v1 -{{- toYaml .Values.configs.knownHosts | nindent 0 }} kind: ConfigMap metadata: + name: argocd-ssh-known-hosts-cm + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "ssh-known-hosts-cm") | nindent 4 }} - {{- if .Values.configs.knownHostsAnnotations }} + {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} + {{- with .Values.configs.ssh.annotations }} annotations: - {{- range $key, $value := .Values.configs.knownHostsAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} - {{- end }} - name: argocd-ssh-known-hosts-cm \ No newline at end of file +data: + ssh_known_hosts: | + {{- .Values.configs.ssh.knownHosts | nindent 4 }} + {{- with .Values.configs.ssh.extraHosts }} + {{- . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml index a8079671..77421542 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -2,10 +2,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: argocd-custom-styles + name: argocd-styles-cm + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} data: custom.styles.css: | {{- .Values.configs.styles | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index 5b3f5fe5..3aad4011 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -1,15 +1,19 @@ +{{- if .Values.configs.tls.create }} apiVersion: v1 -{{- if .Values.configs.tlsCerts }} -{{- toYaml .Values.configs.tlsCerts | nindent 0 }} -{{- end }} kind: ConfigMap metadata: + name: argocd-tls-certs-cm + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "tls-certs-cm") | nindent 4 }} - {{- if .Values.configs.tlsCertsAnnotations }} + {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} + {{- with .Values.configs.tls.annotations }} annotations: - {{- range $key, $value := .Values.configs.tlsCertsAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} - {{- end }} - name: argocd-tls-certs-cm \ No newline at end of file +{{- with .Values.configs.tls.certificates }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index fce3211e..956bbf54 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -1,16 +1,17 @@ -{{- range .Values.configs.clusterCredentials }} +{{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }} --- apiVersion: v1 kind: Secret metadata: - name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} + name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} - {{- with .labels }} + {{- with $cluster_value.labels }} {{- toYaml . | nindent 4 }} {{- end }} argocd.argoproj.io/secret-type: cluster - {{- with .annotations }} + {{- with $cluster_value.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} @@ -18,14 +19,20 @@ metadata: {{- end }} type: Opaque stringData: - name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} - server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} - {{- if .namespaces }} - namespaces: {{ .namespaces }} - {{- if .clusterResources }} - clusterResources: {{ .clusterResources | quote }} + {{- if $cluster_value.shard }} + shard: {{ $cluster_value.shard | quote }} + {{- end }} + name: {{ $cluster_key }} + server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} + {{- if $cluster_value.namespaces }} + namespaces: {{ $cluster_value.namespaces }} + {{- if $cluster_value.clusterResources }} + clusterResources: {{ $cluster_value.clusterResources | quote }} {{- end }} {{- end }} + {{- if $cluster_value.project }} + project: {{ $cluster_value.project | quote }} + {{- end }} config: | - {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }} + {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml index 3d806902..2cfefde9 100644 --- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -1,11 +1,23 @@ -{{- if and .Values.externalRedis.password (not .Values.externalRedis.existingSecret) }} +{{- if and (or .Values.externalRedis.username .Values.externalRedis.password) (not .Values.externalRedis.existingSecret) }} apiVersion: v1 kind: Secret metadata: - name: {{ template "argo-cd.redis.fullname" . }} + name: argocd-redis + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with .Values.externalRedis.secretAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} type: Opaque data: - redis-password: {{ .Values.externalRedis.password | b64enc }} + {{- with .Values.externalRedis.username }} + redis-username: {{ . | b64enc }} + {{- end }} + {{- with .Values.externalRedis.password }} + redis-password: {{ . | b64enc }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/projects.yaml b/charts/argo-cd/templates/argocd-configs/projects.yaml deleted file mode 100644 index 54a232c1..00000000 --- a/charts/argo-cd/templates/argocd-configs/projects.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- range .Values.server.additionalProjects }} ---- -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - {{- with .additionalAnnotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- with .additionalLabels }} - labels: - {{- toYaml . | nindent 4 }} - {{- end }} - name: {{ .name }} - {{- with .namespace }} - namespace: {{ . }} - {{- end }} - {{- with .finalizers }} - finalizers: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - description: {{ .description }} - sourceRepos: - {{- toYaml .sourceRepos | nindent 4 }} - destinations: - {{- toYaml .destinations | nindent 4 }} - {{- with .clusterResourceWhitelist }} - clusterResourceWhitelist: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .namespaceResourceBlacklist }} - namespaceResourceBlacklist: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .namespaceResourceWhitelist }} - namespaceResourceWhitelist: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .orphanedResources }} - orphanedResources: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .roles }} - roles: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .syncWindows }} - syncWindows: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .signatureKeys }} - signatureKeys: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml deleted file mode 100644 index a89bedcb..00000000 --- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.configs.repositoryCredentials }} -apiVersion: v1 -kind: Secret -metadata: - name: argocd-repository-credentials - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} -type: Opaque -data: -{{- range $key, $value := .Values.configs.repositoryCredentials }} - {{ $key }}: {{ $value | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml index f9165d5d..e4d23f9a 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml @@ -4,9 +4,16 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-creds-{{ $repo_cred_key }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: argocd.argoproj.io/secret-type: repo-creds {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with $.Values.configs.credentialTemplatesAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} data: {{- range $key, $value := $repo_cred_value }} {{ $key }}: {{ $value | toString | b64enc }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml index 2c0d4f08..4a77cf1b 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml @@ -4,9 +4,16 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-{{ $repo_key }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: argocd.argoproj.io/secret-type: repository {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with $.Values.configs.repositoriesAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} data: {{- range $key, $value := $repo_value }} {{ $key }}: {{ $value | b64enc }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml deleted file mode 100644 index 8561406e..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }} -spec: - strategy: - {{- .Values.notifications.bots.slack.updateStrategy | toYaml | nindent 4 }} - selector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }} - template: - metadata: - labels: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 8 }} - spec: - {{- with .Values.notifications.bots.slack.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }} - securityContext: {{- toYaml (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.notifications.securityContext) | nindent 8 }} - containers: - - name: {{ template "argo-cd.notifications.fullname" . }}-bot - image: {{ default .Values.global.image.repository .Values.notifications.bots.slack.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.bots.slack.image.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.bots.slack.image.pullPolicy }} - resources: - {{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }} - command: - - argocd-notifications - - bot - workingDir: /app - ports: - - containerPort: 8080 - name: http - {{- with .Values.notifications.bots.slack.containerSecurityContext }} - securityContext: {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.notifications.bots.slack.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.bots.slack.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.bots.slack.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{ end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/role.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/role.yaml deleted file mode 100644 index 26df5b9c..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - get - - list - - watch - - update - - patch -{{ end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml deleted file mode 100644 index 80813f5e..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "argo-cd.notifications.fullname" . }}-bot -subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }} -{{ end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/service.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/service.yaml deleted file mode 100644 index 5cbbd2b1..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot - {{- if .Values.notifications.bots.slack.service.annotations }} - annotations: - {{- toYaml .Values.notifications.bots.slack.service.annotations | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: {{ .Values.notifications.bots.slack.service.port }} - protocol: TCP - targetPort: http - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }} - type: {{ .Values.notifications.bots.slack.service.type }} -{{ end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml deleted file mode 100644 index bdffa2cf..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.notifications.bots.slack.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }} -{{- if .Values.notifications.bots.slack.serviceAccount.annotations }} - annotations: - {{- range $key, $value := .Values.notifications.bots.slack.serviceAccount.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml new file mode 100644 index 00000000..eba5973f --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +rules: + {{- with .Values.notifications.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} + {{- end }} + - apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - create + {{- end }} + {{- if .Values.notifications.cm.create }} + - apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get + {{- end }} + - apiGroups: + - "" + resourceNames: + - {{ .Values.notifications.secret.name }} + resources: + - secrets + verbs: + - get +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml new file mode 100644 index 00000000..9a6fa7c5 --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.notifications.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.notifications.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index f394f82b..cee627d5 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -2,70 +2,147 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "argo-cd.notifications.fullname" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag | quote }} spec: + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.notifications.deploymentStrategy) }} strategy: - {{- .Values.notifications.updateStrategy | toYaml | nindent 4 }} + {{- trim . | nindent 4 }} + {{- end }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} template: metadata: - {{- if .Values.notifications.podAnnotations }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.notifications.podAnnotations) }} annotations: - {{- range $key, $value := .Values.notifications.podAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} - {{- end }} + {{- end }} {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 8 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag | quote }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.notifications.podLabels) }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }} + {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }} - securityContext: {{- toYaml (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.notifications.securityContext) | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.notifications.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.notifications.automountServiceAccountToken }} containers: - name: {{ .Values.notifications.name }} image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }} - resources: - {{- toYaml .Values.notifications.resources | nindent 12 }} - command: - - argocd-notifications - - --loglevel={{ .Values.notifications.logLevel }} - - --logformat={{ .Values.notifications.logFormat }} - {{- if .Values.notifications.metrics.enabled }} - - --metrics-port={{ .Values.notifications.metrics.port }} - {{- end }} - - --namespace={{ .Release.Namespace }} + args: + - /usr/local/bin/argocd-notifications + - --metrics-port={{ .Values.notifications.containerPorts.metrics }} + - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }} + - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} + - --namespace={{ include "argo-cd.namespace" . }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - - --secret-name={{ include "argo-cd.notifications.secretName" . }} - - --config-map-name={{ include "argo-cd.notifications.configMapName" . }} + - --secret-name={{ .Values.notifications.secret.name }} {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} - workingDir: /app + env: + {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + {{- with .Values.notifications.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} ports: - {{- if .Values.notifications.metrics.enabled }} - - containerPort: {{ .Values.notifications.metrics.port }} - name: metrics + - name: metrics + containerPort: {{ .Values.notifications.containerPorts.metrics }} protocol: TCP + {{- if .Values.notifications.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }} {{- end }} - {{- if .Values.notifications.containerSecurityContext }} - securityContext: {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }} + {{- if .Values.notifications.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }} {{- end }} - {{- with .Values.notifications.extraEnv }} - env: {{ toYaml . | nindent 12 }} + resources: + {{- toYaml .Values.notifications.resources | nindent 12 }} + {{- with .Values.notifications.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} {{- end }} + workingDir: /app volumeMounts: - name: tls-certs mountPath: /app/config/tls @@ -74,12 +151,47 @@ spec: {{- with .Values.notifications.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.notifications.extraContainers }} + {{- tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + {{- with .Values.notifications.initContainers }} + initContainers: + {{- tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.notifications.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} volumes: - - configMap: + {{- with .Values.notifications.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: tls-certs + configMap: name: argocd-tls-certs-cm - name: tls-certs - name: argocd-repo-server-tls secret: + secretName: argocd-repo-server-tls + optional: true items: - key: tls.crt path: tls.crt @@ -87,21 +199,9 @@ spec: path: tls.key - key: ca.crt path: ca.crt - optional: true - secretName: argocd-repo-server-tls - {{- with .Values.notifications.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.nodeSelector }} - nodeSelector: + {{- with .Values.notifications.dnsConfig }} + dnsConfig: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.notifications.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + dnsPolicy: {{ .Values.notifications.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml new file mode 100644 index 00000000..9dd18c8b --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.notifications.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }} + {{- with .Values.notifications.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.notifications.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.notifications.metrics.port | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.notifications.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.notifications.metrics.service.type }} + {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} + ports: + - name: {{ .Values.notifications.metrics.service.portName }} + protocol: TCP + port: {{ .Values.notifications.metrics.port }} + targetPort: metrics +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml index 6bd0c04e..b03c26ca 100644 --- a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml @@ -3,6 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-notifications/pdb.yaml b/charts/argo-cd/templates/argocd-notifications/pdb.yaml new file mode 100644 index 00000000..4bdf211a --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/pdb.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.notifications.enabled .Values.notifications.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.notifications.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.notifications.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/role.yaml b/charts/argo-cd/templates/argocd-notifications/role.yaml index 75a88e5f..800a937a 100644 --- a/charts/argo-cd/templates/argocd-notifications/role.yaml +++ b/charts/argo-cd/templates/argocd-notifications/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} rules: @@ -28,7 +29,7 @@ rules: - apiGroups: - "" resourceNames: - - {{ template "argo-cd.notifications.fullname" . }}-cm + - argocd-notifications-cm resources: - configmaps verbs: @@ -36,7 +37,7 @@ rules: - apiGroups: - "" resourceNames: - - {{ template "argo-cd.notifications.fullname" . }}-secret + - {{ .Values.notifications.secret.name }} resources: - secrets verbs: diff --git a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml index e78ac5c6..e2259621 100644 --- a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml @@ -2,15 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.notifications.fullname" . }} + name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.notifications.fullname" . }} + name: {{ include "argo-cd.notifications.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.notificationsServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + name: {{ include "argo-cd.notifications.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/service-metrics.yaml b/charts/argo-cd/templates/argocd-notifications/service-metrics.yaml deleted file mode 100644 index 118fc428..00000000 --- a/charts/argo-cd/templates/argocd-notifications/service-metrics.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-metrics - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }} - {{- with .Values.notifications.metrics.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.notifications.metrics.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} - ports: - - name: {{ .Values.notifications.metrics.service.portName }} - port: {{ .Values.notifications.metrics.port }} - targetPort: {{ .Values.notifications.metrics.port }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml index 48c6967f..3da8f27c 100644 --- a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml @@ -3,13 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.notificationsServiceAccountName" . }} -{{- if .Values.notifications.serviceAccount.annotations }} + name: {{ include "argo-cd.notifications.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.notifications.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.notifications.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 7ed6237a..22b882a6 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -1,11 +1,9 @@ -{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.notifications.fullname" . }} - {{- if .Values.notifications.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.notifications.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.metrics.serviceMonitor.selector }} @@ -14,6 +12,10 @@ metadata: {{- if .Values.notifications.metrics.serviceMonitor.additionalLabels }} {{- toYaml .Values.notifications.metrics.serviceMonitor.additionalLabels | nindent 4 }} {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - port: {{ .Values.notifications.metrics.service.portName }} @@ -31,9 +33,18 @@ spec: tlsConfig: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml index 4ea41da3..23439b18 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml @@ -1,23 +1,23 @@ -{{- if and .Values.repoServer.serviceAccount.create .Values.repoServer.clusterAdminAccess.enabled }} +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: - {{- if .Values.repoServer.clusterRoleRules.enabled }} - {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 0 }} + {{- with .Values.repoServer.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} {{- else }} -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index 9757912e..d8bd88aa 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -1,16 +1,16 @@ -{{- if and .Values.repoServer.serviceAccount.create .Values.repoServer.clusterAdminAccess.enabled }} +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.repoServerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index c16bd1a8..f12332e9 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -1,126 +1,364 @@ -{{- $redisHa := (index .Values "redis-ha") -}} apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.repoServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag | quote }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.repoServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + {{- if not .Values.repoServer.autoscaling.enabled }} + replicas: {{ .Values.repoServer.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} - revisionHistoryLimit: 5 - {{- if (ne .Values.repoServer.autoscaling.enabled true) }} - replicas: {{ .Values.repoServer.replicas }} - {{- end }} template: metadata: - {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }} annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.repoServer.certificateSecret.enabled }} + checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.configs.cmp.create }} + checksum/cmp-cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmp-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag | quote }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.repoServer.podLabels) }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.repoServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.repoServer.automountServiceAccountToken }} containers: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} - command: - - entrypoint.sh args: - - argocd-repo-server - {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - - --redis - - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} - {{- else if and .Values.externalRedis.host .Values.externalRedis.port }} - - --redis - - {{ .Values.externalRedis.host }}:{{ .Values.externalRedis.port }} - {{- end }} - - --logformat - - {{ .Values.repoServer.logFormat }} - - --loglevel - - {{ .Values.repoServer.logLevel }} + - /usr/local/bin/argocd-repo-server + - --port={{ .Values.repoServer.containerPorts.server }} + - --metrics-port={{ .Values.repoServer.containerPorts.metrics }} {{- with .Values.repoServer.extraArgs }} - {{- . | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.repoServer.containerSecurityContext }} - securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 8 }} {{- end }} env: - - name: HELM_CACHE_HOME - value: /helm-working-dir - - name: HELM_CONFIG_HOME - value: /helm-working-dir - - name: HELM_DATA_HOME - value: /helm-working-dir - {{- include "argo-cd.redisPasswordEnv" . | nindent 8 }} - {{- with .Values.repoServer.env }} - {{- toYaml . | nindent 8 }} + {{- with (concat .Values.global.env .Values.repoServer.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.openshift.enabled }} + - name: USER_NAME + value: argocd + {{- end }} + - name: ARGOCD_REPO_SERVER_NAME + value: {{ template "argo-cd.repoServer.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.log.format + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.log.level + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.parallelism.limit + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.metrics.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.disable.tls + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.tls.minversion + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.tls.maxversion + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.tls.ciphers + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.repo.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} + key: redis-password + {{- else }} + key: auth + {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.default.cache.expiration + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.max.combined.directory.manifests.size + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.plugin.tar.exclusions + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.disable.helm.manifest.max.extracted.size + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir {{- end }} - {{- if .Values.openshift.enabled }} - - name: USER_NAME - value: argocd - {{- end }} {{- with .Values.repoServer.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} + envFrom: + {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: {{- if .Values.repoServer.volumeMounts }} {{- toYaml .Values.repoServer.volumeMounts | nindent 8 }} {{- end }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs - mountPath: /app/config/gpg/source name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring - {{- if .Values.configs.knownHosts }} - - mountPath: /app/config/ssh - name: ssh-known-hosts - {{- end }} - - mountPath: /app/config/tls - name: tls-certs - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls - - mountPath: /tmp - name: tmp-dir + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - mountPath: /helm-working-dir name: helm-working-dir + {{- end }} - mountPath: /home/argocd/cmp-server/plugins name: plugins + - mountPath: /tmp + name: tmp ports: - name: repo-server - containerPort: {{ .Values.repoServer.containerPort }} + containerPort: {{ .Values.repoServer.containerPorts.server }} protocol: TCP - {{ if .Values.repoServer.metrics.enabled }} - name: metrics - containerPort: 8084 + containerPort: {{ .Values.repoServer.containerPorts.metrics }} protocol: TCP - {{- end }} livenessProbe: - tcpSocket: - port: {{ .Values.repoServer.containerPort }} + httpGet: + path: /healthz?full=true + port: metrics initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }} failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }} readinessProbe: - tcpSocket: - port: {{ .Values.repoServer.containerPort }} + httpGet: + path: /healthz + port: metrics initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }} @@ -128,76 +366,20 @@ spec: failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.repoServer.resources | nindent 10 }} - {{- with .Values.repoServer.extraContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .Values.repoServer.nodeSelector }} - nodeSelector: -{{- toYaml .Values.repoServer.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.repoServer.tolerations }} - tolerations: -{{- toYaml .Values.repoServer.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.repoServer.affinity }} - affinity: -{{- toYaml .Values.repoServer.affinity | nindent 8 }} - {{- end }} - {{- with .Values.repoServer.topologySpreadConstraints }} - topologySpreadConstraints: - {{- range $constraint := . }} - - {{ toYaml $constraint | nindent 8 | trim }} - {{- if not $constraint.labelSelector }} - labelSelector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.repoServer.name) | nindent 12 }} + {{- with .Values.repoServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.repoServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.repoServer.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- end }} - serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} - volumes: - {{- if .Values.repoServer.volumes }} - {{- toYaml .Values.repoServer.volumes | nindent 6 }} - {{- end }} - - name: gpg-keys - configMap: - name: argocd-gpg-keys-cm - - emptyDir: {} - name: gpg-keyring - {{- if .Values.configs.knownHosts }} - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - {{- end }} - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - - name: helm-working-dir - emptyDir: {} - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls - - emptyDir: {} - name: tmp-dir - - emptyDir: {} - name: var-files - - emptyDir: {} - name: plugins initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server @@ -205,16 +387,126 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} name: copyutil resources: - {{- toYaml .Values.repoServer.copyutil.resources | nindent 10 }} - {{- if .Values.repoServer.containerSecurityContext }} - securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} + {{- toYaml .Values.repoServer.resources | nindent 10 }} + {{- with .Values.repoServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: - mountPath: /var/run/argocd name: var-files - {{- if .Values.repoServer.initContainers }} - {{- toYaml .Values.repoServer.initContainers | nindent 6 }} + {{- with .Values.repoServer.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} -{{- if .Values.repoServer.priorityClassName }} - priorityClassName: {{ .Values.repoServer.priorityClassName }} -{{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.repoServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.repoServer.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} + - name: helm-working-dir + {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}} + {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + {{- end }} + - name: plugins + {{- if .Values.repoServer.existingVolumes.plugins -}} + {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: var-files + {{- if .Values.repoServer.existingVolumes.varFiles -}} + {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: tmp + {{- if .Values.repoServer.existingVolumes.tmp -}} + {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + {{- if .Values.repoServer.existingVolumes.gpgKeyring -}} + {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- if .Values.repoServer.hostNetwork }} + hostNetwork: {{ .Values.repoServer.hostNetwork }} + {{- end }} + {{- with .Values.repoServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.repoServer.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index 65e379dd..7615a412 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -1,28 +1,41 @@ {{- if .Values.repoServer.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }} - name: {{ template "argo-cd.repoServer.fullname" . }}-hpa + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} metrics: -{{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} + {{- with .Values.repoServer.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} + {{- else }} + {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu - targetAverageUtilization: {{ . }} -{{- end }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.repoServer.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml deleted file mode 100644 index 14ca18d9..00000000 --- a/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.repoServer.metrics.enabled}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.repoServer.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} -{{- if .Values.repoServer.metrics.service.labels }} -{{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.repoServer.fullname" . }}-metrics -spec: - ports: - - name: {{ .Values.repoServer.metrics.service.portName }} - protocol: TCP - port: {{ .Values.repoServer.metrics.service.servicePort }} - targetPort: metrics - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml new file mode 100644 index 00000000..6ede9ddb --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.repoServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} + {{- with .Values.repoServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.repoServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.repoServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.repoServer.metrics.service.type }} + {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.repoServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.repoServer.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml index 619a65ca..c11ab129 100644 --- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: @@ -19,11 +20,9 @@ spec: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }} {{- end }} - {{- if .Values.applicationSet.enabled }} - podSelector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }} - {{- end }} ports: - port: repo-server protocol: TCP diff --git a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml new file mode 100644 index 00000000..f79af3d7 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.repoServer.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + {{- with .Values.repoServer.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.repoServer.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.repoServer.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.repoServer.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/poddisruptionbudget.yaml b/charts/argo-cd/templates/argocd-repo-server/poddisruptionbudget.yaml deleted file mode 100644 index d4a4c93a..00000000 --- a/charts/argo-cd/templates/argocd-repo-server/poddisruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.repoServer.pdb.enabled }} -apiVersion: {{ include "argo-cd.podDisruptionBudget.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - {{- with .Values.repoServer.pdb.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.repoServer.pdb.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.repoServer.pdb.minAvailable }} - minAvailable: {{ .Values.repoServer.pdb.minAvailable }} - {{- else if .Values.repoServer.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.repoServer.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo-cd/templates/argocd-repo-server/role.yaml index bc422c43..596874d4 100644 --- a/charts/argo-cd/templates/argocd-repo-server/role.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml index 3cfa312f..2bc88b66 100644 --- a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -2,15 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.repoServerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo-cd/templates/argocd-repo-server/service.yaml index 6ab15747..24ca10ef 100644 --- a/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -9,12 +9,17 @@ metadata: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +{{- with .Values.repoServer.service.labels }} +{{- toYaml . | nindent 4 }} +{{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.repoServer.service.portName }} protocol: TCP port: {{ .Values.repoServer.service.port }} targetPort: repo-server selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} \ No newline at end of file + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index b045da74..9b5777f1 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -3,13 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.repoServerServiceAccountName" . }} -{{- if .Values.repoServer.serviceAccount.annotations }} + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.repoServer.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} -{{- end }} \ No newline at end of file + {{- with .Values.repoServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 8f6bf9c8..3d7cc497 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -1,11 +1,9 @@ -{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - {{- with .Values.repoServer.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.metrics.serviceMonitor.selector }} @@ -14,12 +12,19 @@ metadata: {{- with .Values.repoServer.metrics.serviceMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - port: {{ .Values.repoServer.metrics.service.portName }} {{- with .Values.repoServer.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.repoServer.metrics.serviceMonitor.relabelings }} relabelings: @@ -29,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }} {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} @@ -38,7 +44,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml new file mode 100644 index 00000000..46d24d3c --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -0,0 +1,71 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingressGrpc.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }}-grpc + port: + number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml similarity index 60% rename from charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml rename to charts/argo-cd/templates/argocd-server/aws/service.yaml index 4adcd82d..0e9de75a 100644 --- a/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -1,24 +1,26 @@ -{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} apiVersion: v1 kind: Service metadata: annotations: - alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }} + alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }} labels: {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-grpc + namespace: {{ include "argo-cd.namespace" . }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP port: {{ .Values.server.service.servicePortHttp }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: {{ .Values.server.containerPorts.server }} - name: {{ .Values.server.service.servicePortHttpsName }} protocol: TCP port: {{ .Values.server.service.servicePortHttps }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: {{ .Values.server.containerPorts.server }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None - type: {{ .Values.server.ingressGrpc.awsALB.serviceType }} + type: {{ .Values.server.ingress.aws.serviceType }} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/backendconfig.yaml deleted file mode 100644 index 16c99c0a..00000000 --- a/charts/argo-cd/templates/argocd-server/backendconfig.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.server.GKEbackendConfig.enabled }} -apiVersion: cloud.google.com/v1beta1 -kind: BackendConfig -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -spec: - {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 80f89b03..a9862139 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -1,38 +1,50 @@ {{- if .Values.server.certificate.enabled -}} -{{- if .Values.apiVersionOverrides.certmanager -}} -apiVersion: {{ .Values.apiVersionOverrides.certmanager }} -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} apiVersion: cert-manager.io/v1 -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }} -apiVersion: cert-manager.io/v1alpha3 -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }} -apiVersion: cert-manager.io/v1alpha2 -{{- else }} -apiVersion: certmanager.k8s.io/v1alpha1 -{{- end }} kind: Certificate metadata: - name: {{ template "argo-cd.server.fullname" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: - commonName: {{ .Values.server.certificate.domain | quote }} + {{- with .Values.server.certificate.secretTemplateAnnotations }} + secretTemplate: + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + secretName: argocd-server-tls + commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: - - {{ .Values.server.certificate.domain | quote }} + - {{ .Values.server.certificate.domain | default .Values.global.domain }} {{- range .Values.server.certificate.additionalHosts }} - {{ . | quote }} {{- end }} {{- with .Values.server.certificate.duration }} duration: {{ . | quote }} {{- end }} + {{- with .Values.server.certificate.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} issuerRef: {{- with .Values.server.certificate.issuer.group }} group: {{ . | quote }} {{- end }} kind: {{ .Values.server.certificate.issuer.kind | quote }} name: {{ .Values.server.certificate.issuer.name | quote }} - {{- with .Values.server.certificate.renewBefore }} - renewBefore: {{ . | quote }} + {{- with .Values.server.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.certificate.usages }} + usages: + {{- toYaml . | nindent 4 }} {{- end }} - secretName: {{ .Values.server.certificate.secretName | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 63e3ee47..1bc9aed5 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -1,30 +1,78 @@ -{{- if .Values.server.clusterAdminAccess.enabled }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: + {{- if .Values.server.clusterRoleRules.enabled }} + {{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }} + {{- else }} - apiGroups: - '*' resources: - '*' verbs: - - delete - - get - - patch + - delete # supports deletion a live object in UI + - get # supports viewing live object manifest in UI + - patch # supports `argocd app patch` - apiGroups: - "" resources: - events verbs: - - list + - list # supports listing events in UI + - create - apiGroups: - "" resources: - pods - pods/log + verbs: + - get # supports viewing pod logs from UI + {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + {{- end }} + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets verbs: - get -{{- end }} \ No newline at end of file + - list + - update + - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - create + - delete + - update + - patch + {{- end }} + - apiGroups: + - batch + resources: + {{/* supports triggering jobs from UI */}} + - jobs + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + {{/* supports triggering workflows from UI */}} + - create + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 9f5a960d..ce4a4d70 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -1,16 +1,16 @@ -{{- if .Values.server.clusterAdminAccess.enabled }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 4395120d..0b75f062 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -1,126 +1,423 @@ -{{- $redisHa := (index .Values "redis-ha") -}} apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.server.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag | quote }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.server.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + {{- if not .Values.server.autoscaling.enabled }} + replicas: {{ .Values.server.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} - revisionHistoryLimit: 5 - {{- if (ne .Values.server.autoscaling.enabled true) }} - replicas: {{ .Values.server.replicas }} - {{- end }} template: metadata: - {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} - app.kubernetes.io/version: {{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag | quote }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.server.podLabels) }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.server.automountServiceAccountToken }} containers: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} - command: - - argocd-server - {{ if .Values.server.staticAssets.enabled }} - - --staticassets - - /shared/app - {{ end }} - - --repo-server - - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - {{- if .Values.dex.enabled }} - - --dex-server - - http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }} - {{- end }} - - --logformat - - {{ .Values.server.logFormat }} - - --loglevel - - {{ .Values.server.logLevel }} - {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - - --redis - - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} - {{- else if and .Values.externalRedis.host .Values.externalRedis.port }} - - --redis - - {{ .Values.externalRedis.host }}:{{ .Values.externalRedis.port }} - {{- end }} + args: + - /usr/local/bin/argocd-server + - --port={{ .Values.server.containerPorts.server }} + - --metrics-port={{ .Values.server.containerPorts.metrics }} {{- with .Values.server.extraArgs }} - {{- . | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.server.containerSecurityContext }} - securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if or .Values.server.env .Values.externalRedis.password .Values.externalRedis.existingSecret }} - env: - {{- include "argo-cd.redisPasswordEnv" . | nindent 8 }} - {{- with .Values.server.env }} {{- toYaml . | nindent 8 }} - {{- end }} {{- end }} + env: + {{- with (concat .Values.global.env .Values.server.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_SERVER_NAME + value: {{ template "argo-cd.server.fullname" . }} + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.insecure + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.basehref + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.rootpath + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.format + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.level + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.disable.auth + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.gzip + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.timeout.seconds + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.x.frame.options + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.content.security.policy + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.plaintext + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.strict.tls + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.plaintext + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.strict.tls + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.minversion + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.maxversion + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.ciphers + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.connection.status.cache.expiration + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.oidc.cache.expiration + optional: true + - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.login.attempts.expiration + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.staticassets + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} + key: redis-password + {{- else }} + key: auth + {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.default.cache.expiration + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.http.cookie.maxnumber + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.proxy.extension + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.api.content.types + optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true {{- with .Values.server.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} + envFrom: + {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: - {{- if .Values.server.volumeMounts }} -{{- toYaml .Values.server.volumeMounts | nindent 8}} + {{- with .Values.server.volumeMounts }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.server.extensions.enabled }} - - name: extensions - mountPath: /tmp/extensions/ - {{- end }} - {{- if .Values.configs.knownHosts }} - mountPath: /app/config/ssh name: ssh-known-hosts - {{- end }} - mountPath: /app/config/tls name: tls-certs - mountPath: /app/config/server/tls name: argocd-repo-server-tls - {{- if .Values.configs.styles }} - - mountPath: "/shared/app/custom/custom.styles.css" - subPath: "custom.styles.css" - name: custom-styles - {{- end }} - {{- if .Values.server.containerSecurityContext.readOnlyRootFilesystem }} - - mountPath: /home/argocd/.aws - name: aws-config - {{- end }} + - mountPath: /app/config/dex/tls + name: argocd-dex-server-tls - mountPath: /home/argocd name: plugins-home + - mountPath: /shared/app/custom + name: styles - mountPath: /tmp - name: tmp-dir - ports: - - name: {{ .Values.server.name }} - containerPort: {{ .Values.server.containerPort }} - protocol: TCP - {{ if .Values.server.metrics.enabled }} - - name: metrics - containerPort: 8083 - protocol: TCP + name: tmp + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + {{- if .Values.server.extensions.enabled }} + - mountPath: /tmp/extensions + name: extensions {{- end }} + ports: + - name: server + containerPort: {{ .Values.server.containerPorts.server }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.server.containerPorts.metrics }} + protocol: TCP livenessProbe: httpGet: - path: /healthz - port: {{ .Values.server.containerPort }} + path: /healthz?full=true + port: server initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} @@ -129,7 +426,7 @@ spec: readinessProbe: httpGet: path: /healthz - port: {{ .Values.server.containerPort }} + port: server initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} @@ -137,80 +434,107 @@ spec: failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.server.resources | nindent 10 }} - {{- if .Values.server.lifecycle }} + {{- with .Values.server.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.server.lifecycle }} lifecycle: - {{- toYaml .Values.server.lifecycle | nindent 10 }} + {{- toYaml . | nindent 10 }} {{- end }} {{- with .Values.server.extraContainers }} - {{- toYaml . | nindent 6 }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- if or .Values.server.initContainers (and .Values.server.extensions.enabled .Values.server.extensions.extensionList) }} + initContainers: + {{- with .Values.server.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} {{- if .Values.server.extensions.enabled }} - - name: argocd-extensions - image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }} - imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }} + {{- range .Values.server.extensions.extensionList }} + - name: {{ .name }} + image: {{ $.Values.server.extensions.image.repository }}:{{ $.Values.server.extensions.image.tag }} + imagePullPolicy: {{ default $.Values.global.image.imagePullPolicy $.Values.server.extensions.image.imagePullPolicy }} + resources: + {{- toYaml $.Values.server.extensions.resources | nindent 10 }} + {{- with $.Values.server.extensions.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: - name: extensions mountPath: /tmp/extensions/ - resources: - {{- toYaml .Values.server.extensions.resources | nindent 10 }} + - name: tmp + mountPath: /tmp + env: + {{- toYaml .env | nindent 10 }} {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: -{{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: -{{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.server.affinity }} + {{- end }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }} affinity: -{{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - {{- with .Values.server.topologySpreadConstraints }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.server.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} topologySpreadConstraints: - {{- range $constraint := . }} + {{- range $constraint := . }} - {{ toYaml $constraint | nindent 8 | trim }} {{- if not $constraint.labelSelector }} labelSelector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }} {{- end }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} + {{- end }} {{- end }} volumes: - {{- if .Values.server.volumes }} -{{- toYaml .Values.server.volumes | nindent 6}} + {{- with .Values.server.volumes }} + {{- toYaml . | nindent 6}} {{- end }} {{- if .Values.server.extensions.enabled }} - name: extensions + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - - emptyDir: {} - name: tmp-dir - {{- if .Values.server.containerSecurityContext.readOnlyRootFilesystem }} - - emptyDir: {} - name: aws-config - {{- end }} - {{- if .Values.configs.styles }} - - configMap: - name: argocd-custom-styles - name: custom-styles - {{- end }} - {{- if .Values.configs.knownHosts }} - - configMap: + - name: plugins-home + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: ssh-known-hosts + configMap: name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - {{- end }} - - configMap: + - name: tls-certs + configMap: name: argocd-tls-certs-cm - name: tls-certs + - name: styles + configMap: + name: argocd-styles-cm + optional: true - name: argocd-repo-server-tls secret: + secretName: argocd-repo-server-tls + optional: true items: - key: tls.crt path: tls.crt @@ -218,14 +542,27 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-dex-server-tls + secret: + secretName: argocd-dex-server-tls optional: true - secretName: argocd-repo-server-tls - - emptyDir: {} - name: plugins-home - {{- if .Values.server.initContainers }} - initContainers: - {{- toYaml .Values.server.initContainers | nindent 6 }} + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: server.profile.enabled + path: profiler.enabled + {{- if .Values.server.hostNetwork }} + hostNetwork: {{ .Values.server.hostNetwork }} {{- end }} -{{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} -{{- end }} + {{- with .Values.server.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.server.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-server/extensions-rolebinding.yaml b/charts/argo-cd/templates/argocd-server/extensions-rolebinding.yaml deleted file mode 100644 index 3e8ec5d6..00000000 --- a/charts/argo-cd/templates/argocd-server/extensions-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.server.extensions.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - name: argocd-server-extensions -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-server-extensions -subjects: -- kind: ServiceAccount - name: argocd-server -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/extensions.yaml b/charts/argo-cd/templates/argocd-server/extensions.yaml deleted file mode 100644 index 5ac595db..00000000 --- a/charts/argo-cd/templates/argocd-server/extensions.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.server.extensions.enabled }} -{{- range $extension := .Values.server.extensions.contents }} ---- -apiVersion: argoproj.io/v1alpha1 -kind: ArgoCDExtension -metadata: - name: {{ $extension.name }} - finalizers: - - extensions-finalizer.argocd.argoproj.io - labels: - {{- include "argo-cd.labels" (dict "context" $ "component" $.Values.server.name "name" (printf "%s-extensions" $.Values.server.name)) | nindent 4 }} -spec: - sources: - - web: - url: {{ $extension.url }} -{{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/extentions-role.yaml b/charts/argo-cd/templates/argocd-server/extentions-role.yaml deleted file mode 100644 index 53e592ae..00000000 --- a/charts/argo-cd/templates/argocd-server/extentions-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.server.extensions.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - name: argocd-server-extensions -rules: -- apiGroups: - - argoproj.io - resources: - - argocdextensions - verbs: - - create - - get - - list - - watch - - update - - delete - - patch -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/frontendconfig.yaml b/charts/argo-cd/templates/argocd-server/frontendconfig.yaml deleted file mode 100644 index 46fc43a9..00000000 --- a/charts/argo-cd/templates/argocd-server/frontendconfig.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.server.GKEfrontendConfig.enabled }} -apiVersion: networking.gke.io/v1beta1 -kind: FrontendConfig -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -spec: - {{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml new file mode 100644 index 00000000..515e6d74 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.backendConfig }} +apiVersion: cloud.google.com/v1 +kind: BackendConfig +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.backendConfig }} +spec: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml new file mode 100644 index 00000000..ae460a38 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.frontendConfig }} +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.frontendConfig }} +spec: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml new file mode 100644 index 00000000..b030435b --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -0,0 +1,69 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + ingressClassName: "gce" + {{- if .Values.server.ingress.gke.managedCertificate.create }} + networking.gke.io/managed-certificates: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- if .Values.server.ingress.gke.frontendConfig }} + networking.gke.io/v1beta1.FrontendConfig: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ .Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml new file mode 100644 index 00000000..2dd6f5e9 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.managedCertificate.create }} +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + domains: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index e079a7e2..51fe559d 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -1,28 +1,41 @@ {{- if .Values.server.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-hpa" .Values.server.name)) | nindent 4 }} - name: {{ template "argo-cd.server.fullname" . }}-hpa + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} minReplicas: {{ .Values.server.autoscaling.minReplicas }} maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} metrics: -{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + {{- with .Values.server.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} + {{- else }} + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu - targetAverageUtilization: {{ . }} -{{- end }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index fb8cabae..3ad5a519 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,89 +1,63 @@ -{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}} -{{- $serviceName := include "argo-cd.server.fullname" . -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} -{{- $paths := .Values.server.ingressGrpc.paths -}} -{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} -{{- $pathType := .Values.server.ingressGrpc.pathType -}} -apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} +{{- if .Values.server.ingressGrpc.enabled -}} +{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: -{{- if .Values.server.ingressGrpc.annotations }} - annotations: - {{- range $key, $value := .Values.server.ingressGrpc.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }}-grpc + name: {{ include "argo-cd.server.fullname" . }}-grpc + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- if .Values.server.ingressGrpc.labels }} - {{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }} + {{- with .Values.server.ingressGrpc.labels }} + {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.ingressGrpc.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} {{- with .Values.server.ingressGrpc.ingressClassName }} ingressClassName: {{ . }} {{- end }} - {{- end }} rules: - {{- if .Values.server.ingressGrpc.hosts }} - {{- range $host := .Values.server.ingressGrpc.hosts }} - - host: {{ $host }} + - host: {{ .Values.server.ingressGrpc.hostname | default $hostname }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} - {{- range $p := $paths }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: {{ $pathType }} - {{- end }} + {{- with .Values.server.ingressGrpc.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingressGrpc.path }} + pathType: {{ .Values.server.ingressGrpc.pathType }} backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + number: {{ .Values.server.service.servicePortHttps }} + {{- range .Values.server.ingressGrpc.extraHosts }} + - host: {{ .name | quote }} + http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} - {{- range $p := $paths }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: {{ $pathType }} - {{- end }} + - path: {{ default $.Values.server.ingressGrpc.path .path }} + pathType: {{ default $.Values.server.ingressGrpc.pathType .pathType }} backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" $ }} port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- if .Values.server.ingressGrpc.tls }} + number: {{ $.Values.server.service.servicePortHttps }} + {{- end }} + {{- with .Values.server.ingressGrpc.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} tls: - {{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingressGrpc.tls }} + - hosts: + - {{ .Values.server.ingressGrpc.hostname | default $hostname }} + secretName: argocd-server-grpc-tls + {{- end }} + {{- with .Values.server.ingressGrpc.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 576b94df..8724baa7 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -1,113 +1,69 @@ -{{- if .Values.server.ingress.enabled -}} -{{- $serviceName := include "argo-cd.server.fullname" . -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} -{{- $paths := .Values.server.ingress.paths -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $pathType := .Values.server.ingress.pathType -}} -apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "generic") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: -{{- if .Values.server.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }} - alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: | - [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] - {{- end }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- if .Values.server.ingress.labels }} - {{- toYaml .Values.server.ingress.labels | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ tpl (toString $value) $ | quote }} {{- end }} -spec: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - {{- with .Values.server.ingress.ingressClassName }} - ingressClassName: {{ . }} {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ tpl . $ }} {{- end }} rules: - {{- if .Values.server.ingress.hosts }} - {{- range $host := .Values.server.ingress.hosts }} - - host: {{ $host }} + - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - {{- range $p := $paths }} - {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix - {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: - name: {{ template "argo-cd.server.fullname" $ }}-grpc + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ template "argo-cd.server.fullname" $ }}-grpc - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - service: - name: {{ $serviceName }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + {{- range .Values.server.ingress.extraHosts }} + - host: {{ tpl .name $ | quote }} + http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: {{ $pathType }} - {{- end }} + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" $ }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- if .Values.server.ingress.tls }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: - {{- toYaml .Values.server.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} + {{- range .Values.server.ingress.extraHosts }} + {{- if .name }} + - {{ tpl .name $ }} + {{- end }} + {{- end }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/metrics-service.yaml b/charts/argo-cd/templates/argocd-server/metrics-service.yaml deleted file mode 100644 index 4d19dc07..00000000 --- a/charts/argo-cd/templates/argocd-server/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.server.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.server.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.server.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} -{{- if .Values.server.metrics.service.labels }} -{{- toYaml .Values.server.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }}-metrics -spec: - ports: - - name: {{ .Values.server.metrics.service.portName }} - protocol: TCP - port: {{ .Values.server.metrics.service.servicePort }} - targetPort: metrics - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml new file mode 100644 index 00000000..d08dbae0 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.server.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.server.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} + {{- with .Values.server.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.server.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.server.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.server.metrics.service.type }} + {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.server.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.server.metrics.service.portName }} + protocol: TCP + port: {{ .Values.server.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml index 8300d696..4621e24f 100644 --- a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - {} diff --git a/charts/argo-cd/templates/argocd-server/route.yaml b/charts/argo-cd/templates/argocd-server/openshift/route.yaml similarity index 85% rename from charts/argo-cd/templates/argocd-server/route.yaml rename to charts/argo-cd/templates/argocd-server/openshift/route.yaml index f1fc8012..b018f724 100644 --- a/charts/argo-cd/templates/argocd-server/route.yaml +++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml @@ -3,6 +3,7 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.route.annotations }} @@ -12,7 +13,7 @@ metadata: {{- end }} {{- end }} spec: - host: {{ .Values.server.route.hostname | quote }} + host: {{ .Values.server.route.hostname | default .Values.global.domain | quote }} to: kind: Service name: {{ template "argo-cd.server.fullname" . }} diff --git a/charts/argo-cd/templates/argocd-server/pdb.yaml b/charts/argo-cd/templates/argocd-server/pdb.yaml new file mode 100644 index 00000000..6bc93305 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.server.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.server.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.server.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/poddisruptionbudget.yaml b/charts/argo-cd/templates/argocd-server/poddisruptionbudget.yaml deleted file mode 100644 index 29784ce6..00000000 --- a/charts/argo-cd/templates/argocd-server/poddisruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.server.pdb.enabled }} -apiVersion: {{ include "argo-cd.podDisruptionBudget.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- with .Values.server.pdb.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.server.pdb.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.server.pdb.minAvailable }} - minAvailable: {{ .Values.server.pdb.minAvailable }} - {{- else if .Values.server.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 46eb68d5..8d12e30d 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -1,7 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: @@ -22,6 +23,7 @@ rules: - argoproj.io resources: - applications + - applicationsets - appprojects verbs: - create @@ -37,4 +39,12 @@ rules: - events verbs: - create - - list \ No newline at end of file + - list +{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-server/rolebinding.yaml index 54d4eaeb..4d635aa9 100644 --- a/charts/argo-cd/templates/argocd-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -1,7 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: @@ -10,5 +11,5 @@ roleRef: name: {{ template "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 1dc04116..86f8abb0 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -1,52 +1,59 @@ apiVersion: v1 kind: Service metadata: -{{- if .Values.server.service.annotations }} - annotations: - {{- range $key, $value := .Values.server.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -{{- if .Values.server.service.labels }} -{{- toYaml .Values.server.service.labels | nindent 4 }} -{{- end }} + {{- with .Values.server.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: type: {{ .Values.server.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} + {{- with .Values.server.service.externalIPs }} + externalIPs: {{ . }} + {{- end }} + {{- if or (eq .Values.server.service.type "LoadBalancer") (eq .Values.server.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} + {{- end }} + {{- if eq .Values.server.service.type "LoadBalancer" }} + {{- with .Values.server.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + sessionAffinity: {{ .Values.server.service.sessionAffinity }} ports: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP port: {{ .Values.server.service.servicePortHttp }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: {{ .Values.server.containerPorts.server }} {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttp }} {{- end }} - name: {{ .Values.server.service.servicePortHttpsName }} protocol: TCP port: {{ .Values.server.service.servicePortHttps }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: {{ .Values.server.containerPorts.server }} {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttps }} {{- end }} + {{- with .Values.server.service.servicePortHttpsAppProtocol }} + appProtocol: {{ . }} + {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} -{{- if eq .Values.server.service.type "LoadBalancer" }} -{{- if .Values.server.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }} -{{- end }} -{{- if .Values.server.service.externalIPs }} - externalIPs: {{ .Values.server.service.externalIPs }} -{{- end }} -{{- if .Values.server.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end -}} -{{- with .Values.server.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ . }} -{{- end }} -{{- with .Values.server.service.sessionAffinity }} - sessionAffinity: {{ . }} -{{- end }} \ No newline at end of file + diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index cd95480b..9789e1d0 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -3,13 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.serverServiceAccountName" . }} -{{- if .Values.server.serviceAccount.annotations }} + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.server.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.server.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 61d31390..49c24138 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -1,11 +1,9 @@ -{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.server.fullname" . }} - {{- if .Values.server.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.server.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.metrics.serviceMonitor.selector }} @@ -14,12 +12,19 @@ metadata: {{- with .Values.server.metrics.serviceMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - port: {{ .Values.server.metrics.service.portName }} {{- with .Values.server.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.server.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.server.metrics.serviceMonitor.relabelings }} relabelings: @@ -29,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }} {{- with .Values.server.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} @@ -38,7 +44,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml new file mode 100644 index 00000000..2c69f9ba --- /dev/null +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -0,0 +1,5756 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: applications.argoproj.io + app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + name: applications.argoproj.io +spec: + group: argoproj.io + names: + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + - apps + singular: application + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.sync.status + name: Sync Status + type: string + - jsonPath: .status.health.status + name: Health Status + type: string + - jsonPath: .status.sync.revision + name: Revision + priority: 10 + type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Application is a definition of Application resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + operation: + description: Operation contains information about a requested or running + operation + properties: + info: + description: Info is a list of informational items for this operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent retries + of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default unit + is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed + for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply --dry-run` + without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync + source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from the cluster + that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall be part + of the sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by + not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources for + Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform + the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to + perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + spec: + description: ApplicationSpec represents desired application state. Contains + link to repository with application definition and additional parameters + link definition revision. + properties: + destination: + description: Destination is a reference to the target Kubernetes server + and namespace + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources and their fields + which should be ignored during comparison + items: + description: ResourceIgnoreDifferences contains resource filter + and list of json paths which should be ignored during comparison + with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information (URLs, email addresses, + and plain text) that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location of the application's + manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being used + during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether to + apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to + add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force + applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize to + use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + description: Sources is a reference to the location of the application's + manifests or chart + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being + used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to + force applying common annotations to resources for Kustomize + apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + description: SyncPolicy controls when and how a sync will be performed + properties: + automated: + description: Automated will keep an application synced to the + target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies whether to delete resources + from the cluster that are not found in the sources anymore + as part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal specifies whether to revert resources + back to their desired state upon modification in the cluster + (default: false)' + type: boolean + type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time + allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + status: + description: ApplicationStatus contains status information for the application + properties: + conditions: + description: Conditions is a list of currently observed application + conditions + items: + description: ApplicationCondition contains details about an application + condition, which is usually an error or warning + properties: + lastTransitionTime: + description: LastTransitionTime is the time the condition was + last observed + format: date-time + type: string + message: + description: Message contains human-readable message indicating + details about condition + type: string + type: + description: Type is an application condition type + type: string + required: + - message + - type + type: object + type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string + health: + description: Health contains information about the application's current + health status + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application or + resource + type: string + type: object + history: + description: History contains information about the application's + sync history + items: + description: RevisionHistory contains history information about + a previous sync + properties: + deployStartedAt: + description: DeployStartedAt holds the time the sync operation + started + format: date-time + type: string + deployedAt: + description: DeployedAt holds the time the sync operation completed + format: date-time + type: string + id: + description: ID is an auto incrementing identifier of the RevisionHistory + format: int64 + type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + revision: + description: Revision holds the revision the sync was performed + against + type: string + revisions: + description: Revisions holds the revision of each source in + sources field the sync was performed against + items: + type: string + type: array + source: + description: Source is a reference to the application source + used for the sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application sources + used for the sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - deployedAt + - id + type: object + type: array + observedAt: + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field + format: date-time + type: string + operationState: + description: OperationState contains information about any ongoing + operations, such as a sync + properties: + finishedAt: + description: FinishedAt contains time of operation completion + format: date-time + type: string + message: + description: Message holds any pertinent messages when attempting + to perform operation (typically errors). + type: string + operation: + description: Operation is the original requested operation + properties: + info: + description: Info is a list of informational items for this + operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was + initiated automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who + started operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync + fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base + duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of + time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for + retrying a failed sync. If set to 0, no retries will + be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply + --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides + sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from + the cluster that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall + be part of the sync + items: + description: SyncOperationResource contains resources + to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to + Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles do + not exist locally by not appending them to helm + template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over + Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of + Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in + the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required + information about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles + do not exist locally by not appending them + to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during manifest + generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource + definition installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to + be passed to helm template, typically defined + as a block. ValuesObject takes precedence + over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to + use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of + additional annotations to add to rendered + manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of + kustomize components to add to the kustomization + before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize + patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize + Replicas override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the + Git repository, and is only valid for applications + sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the + variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an + array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map + type parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a + string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source + within sources field. This field will not be used + if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, + e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the + sync + properties: + apply: + description: Apply will perform a `kubectl apply` + to perform the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources + to perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + phase: + description: Phase is the current phase of the operation + type: string + retryCount: + description: RetryCount contains time of operation retries + format: int64 + type: integer + startedAt: + description: StartedAt contains time of operation start + format: date-time + type: string + syncResult: + description: SyncResult is the result of a Sync operation + properties: + managedNamespaceMetadata: + description: ManagedNamespaceMetadata contains the current + sync state of managed namespace metadata + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + resources: + description: Resources contains a list of sync result items + for each individual resource in a sync operation + items: + description: ResourceResult holds the operation result details + of a specific resource + properties: + group: + description: Group specifies the API group of the resource + type: string + hookPhase: + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. + type: string + hookType: + description: HookType specifies the type of the hook. + Empty for non-hook resources + type: string + kind: + description: Kind specifies the API kind of the resource + type: string + message: + description: Message contains an informational or error + message for the last sync OR operation + type: string + name: + description: Name specifies the name of the resource + type: string + namespace: + description: Namespace specifies the target namespace + of the resource + type: string + status: + description: Status holds the final result of the sync. + Will be empty if the resources is yet to be applied/pruned + and is always zero-value for hooks + type: string + syncPhase: + description: SyncPhase indicates the particular phase + of the sync that this result was acquired in + type: string + version: + description: Version specifies the API version of the + resource + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + revision: + description: Revision holds the revision this sync operation + was performed to + type: string + revisions: + description: Revisions holds the revision this sync operation + was performed for respective indexed source in sources field + items: + type: string + type: array + source: + description: Source records the application source information + of the sync, used for comparing auto-sync + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Source records the application source information + of the sync, used for comparing auto-sync + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - revision + type: object + required: + - operation + - phase + - startedAt + type: object + reconciledAt: + description: ReconciledAt indicates when the application state was + reconciled using the latest git version + format: date-time + type: string + resourceHealthSource: + description: 'ResourceHealthSource indicates where the resource health + status is stored: inline if not set or appTree' + type: string + resources: + description: Resources is a list of Kubernetes resources managed by + this application + items: + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type + properties: + group: + type: string + health: + description: HealthStatus contains information about the currently + observed health state of an application or resource + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application + or resource + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + description: SyncStatusCode is a type which represents possible + comparison results + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object + sourceType: + description: SourceType specifies the type of this application + type: string + sourceTypes: + description: SourceTypes specifies the type of the sources included + in the application + items: + description: ApplicationSourceType specifies the type of the application's + source + type: string + type: array + summary: + description: Summary contains a list of URLs and container images + used by this application + properties: + externalURLs: + description: ExternalURLs holds all external URLs of application + child resources. + items: + type: string + type: array + images: + description: Images holds all images of application child resources. + items: + type: string + type: array + type: object + sync: + description: Sync contains information about the application's current + sync status + properties: + comparedTo: + description: ComparedTo contains information about what has been + compared + properties: + destination: + description: Destination is a reference to the application's + destination used for comparison + properties: + name: + description: Name is an alternate way of specifying the + target cluster by its symbolic name. This must be set + if Server is not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a reference to the application's + ignored differences used for comparison + items: + description: ResourceIgnoreDifferences contains resource + filter and list of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + source: + description: Source is a reference to the application's source + used for comparison + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application's multiple + sources used for comparison + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - destination + type: object + revision: + description: Revision contains information about the revision + the comparison has been performed to + type: string + revisions: + description: Revisions contains information about the revisions + of multiple sources the comparison has been performed to + items: + type: string + type: array + status: + description: Status is the sync state of the comparison + type: string + required: + - status + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +{{- end }} + diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml new file mode 100644 index 00000000..eff945f8 --- /dev/null +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -0,0 +1,17466 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + name: applicationsets.argoproj.io +spec: + group: argoproj.io + names: + kind: ApplicationSet + listKind: ApplicationSetList + plural: applicationsets + shortNames: + - appset + - appsets + singular: applicationset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + applyNestedSelectors: + type: boolean + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + goTemplate: + type: boolean + goTemplateOptions: + items: + type: string + type: array + ignoreApplicationDifferences: + items: + properties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + name: + type: string + type: object + type: array + preservedFields: + properties: + annotations: + items: + type: string + type: array + labels: + items: + type: string + type: array + type: object + strategy: + properties: + rollingSync: + properties: + steps: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: array + type: object + type: + type: string + type: object + syncPolicy: + properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string + preserveResourcesOnDeletion: + type: boolean + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + templatePatch: + type: string + required: + - generators + - template + type: object + status: + properties: + applicationStatus: + items: + properties: + application: + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + step: + type: string + targetRevisions: + items: + type: string + type: array + required: + - application + - message + - status + - step + - targetRevisions + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - message + - reason + - status + - type + type: object + type: array + resources: + items: + properties: + group: + type: string + health: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-cd/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml similarity index 69% rename from charts/argo-cd/crds/crd-project.yaml rename to charts/argo-cd/templates/crds/crd-project.yaml index 79179e8e..1865aa2d 100644 --- a/charts/argo-cd/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -1,9 +1,20 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: appprojects.argoproj.io spec: group: argoproj.io @@ -20,22 +31,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing - controls for: * where the apps may deploy to (cluster whitelist) * what - may be deployed (repository whitelist, resource whitelist/blacklist) * who - can access these applications (roles, OIDC group claims bindings) * and - what they can do (RBAC policies) * automation access to these roles (JWT - tokens)' + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -46,9 +63,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -63,9 +80,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -79,6 +96,32 @@ spec: description: description: Description contains optional project description type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array destinations: description: Destinations contains list of destinations available for deployment @@ -88,16 +131,18 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. type: string type: object type: array @@ -105,9 +150,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -122,9 +167,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -159,6 +204,10 @@ spec: for apps which have orphaned resources type: boolean type: object + permitOnlyProjectScopedClusters: + description: PermitOnlyProjectScopedClusters determines whether destinations + can only reference clusters which are project-scoped + type: boolean roles: description: Roles are user defined RBAC roles associated with this project @@ -221,6 +270,12 @@ spec: - keyID type: object type: array + sourceNamespaces: + description: SourceNamespaces defines the namespaces application resources + are allowed to be created in + items: + type: string + type: array sourceRepos: description: SourceRepos contains list of repository URLs which can be used for deployment @@ -310,3 +365,4 @@ spec: type: object served: true storage: true +{{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index b23aeb63..4c6209ad 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -2,157 +2,240 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dex.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} - app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.dex.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} template: metadata: - {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.dex.podAnnotations) }} annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (index .Values.configs.cm "dex.config") }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.dex.certificateSecret.enabled }} + checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.dex.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }} - app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.dex.podLabels) }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} {{- end }} - initContainers: - - name: copyutil - image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} - resources: -{{- toYaml .Values.dex.resources | nindent 10 }} - {{- if .Values.dex.containerSecurityContext }} - securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} - {{- end }} - command: - - cp - - -n - - /usr/local/bin/argocd - - /shared/argocd-dex - volumeMounts: - - mountPath: /shared - name: static-files + {{- with.Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.dex.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.dex.automountServiceAccountToken }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }} command: - /shared/argocd-dex + - --logformat={{ default .Values.global.logging.format .Values.dex.logFormat }} + - --loglevel={{ default .Values.global.logging.level .Values.dex.logLevel }} + args: - rundex {{- with .Values.dex.extraArgs }} - {{- . | toYaml | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.dex.containerSecurityContext }} - securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.dex.env }} env: -{{- toYaml .Values.dex.env | nindent 8 }} - {{- end }} + {{- with (concat .Values.global.env .Values.dex.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: dexserver.disable.tls + optional: true {{- with .Values.dex.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} + envFrom: + {{- toYaml . | nindent 10 }} {{- end }} ports: - name: http - containerPort: {{ .Values.dex.containerPortHttp }} + containerPort: {{ .Values.dex.containerPorts.http }} protocol: TCP - name: grpc - containerPort: {{ .Values.dex.containerPortGrpc }} + containerPort: {{ .Values.dex.containerPorts.grpc }} protocol: TCP - name: metrics - containerPort: {{ .Values.dex.containerPortMetrics }} + containerPort: {{ .Values.dex.containerPorts.metrics }} protocol: TCP {{- if .Values.dex.livenessProbe.enabled }} livenessProbe: httpGet: - path: /healthz/live - port: metrics - {{- with .Values.dex.livenessProbe }} - {{- omit . "enabled" | toYaml | nindent 10 }} - {{- end }} + path: {{ .Values.dex.livenessProbe.httpPath }} + port: {{ .Values.dex.livenessProbe.httpPort }} + scheme: {{ .Values.dex.livenessProbe.httpScheme }} + initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.dex.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.dex.livenessProbe.failureThreshold }} {{- end }} {{- if .Values.dex.readinessProbe.enabled }} readinessProbe: httpGet: - path: /healthz/ready - port: metrics - {{- with .Values.dex.readinessProbe }} - {{- omit . "enabled" | toYaml | nindent 10 }} - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /tmp - name: tmp-dir - {{- if .Values.dex.volumeMounts }} - {{- toYaml .Values.dex.volumeMounts | nindent 8 }} - {{- end }} - {{- if .Values.dex.extraVolumeMounts }} - {{- toYaml .Values.dex.extraVolumeMounts | nindent 8 }} + path: {{ .Values.dex.readinessProbe.httpPath }} + port: {{ .Values.dex.readinessProbe.httpPort }} + scheme: {{ .Values.dex.readinessProbe.httpScheme }} + initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.dex.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.dex.readinessProbe.failureThreshold }} {{- end }} resources: {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.dex.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: static-files + mountPath: /shared + - name: dexconfig + mountPath: /tmp + - name: argocd-dex-server-tls + mountPath: /tls {{- with .Values.dex.extraContainers }} - {{- toYaml . | nindent 6 }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- if .Values.dex.nodeSelector }} - nodeSelector: -{{- toYaml .Values.dex.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.dex.tolerations }} - tolerations: -{{- toYaml .Values.dex.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.dex.affinity }} + initContainers: + - name: copyutil + image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} + command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /shared/argocd-dex + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + resources: + {{- toYaml (default .Values.dex.resources .Values.dex.initImage.resources) | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.dex.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.dex) }} affinity: -{{- toYaml .Values.dex.affinity | nindent 8 }} - {{- end }} - {{- with .Values.dex.topologySpreadConstraints }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.dex.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} topologySpreadConstraints: - {{- range $constraint := . }} + {{- range $constraint := . }} - {{ toYaml $constraint | nindent 8 | trim }} - {{- if not $constraint.labelSelector }} + {{- if not $constraint.labelSelector }} labelSelector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.dex.name) | nindent 12 }} + {{- end }} {{- end }} {{- end }} - {{- end }} - serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: + volumes: + - name: static-files + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: dexconfig + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-dex-server-tls + secret: + secretName: argocd-dex-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with .Values.dex.volumes }} {{- toYaml . | nindent 6 }} {{- end }} - volumes: - - emptyDir: {} - name: tmp-dir - {{- if .Values.dex.volumes }} - {{- toYaml .Values.dex.volumes | nindent 6 }} + {{- with .Values.dex.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.dex.extraVolumes }} - {{- toYaml .Values.dex.extraVolumes | nindent 6 }} - {{- end }} - {{- if .Values.dex.initContainers }} - initContainers: - {{- toYaml .Values.dex.initContainers | nindent 6 }} - {{- end }} -{{- if .Values.dex.priorityClassName }} - priorityClassName: {{ .Values.dex.priorityClassName }} -{{- end }} + dnsPolicy: {{ .Values.dex.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo-cd/templates/dex/networkpolicy.yaml index e79a2e3e..6d0c9789 100644 --- a/charts/argo-cd/templates/dex/networkpolicy.yaml +++ b/charts/argo-cd/templates/dex/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/dex/pdb.yaml b/charts/argo-cd/templates/dex/pdb.yaml new file mode 100644 index 00000000..12161024 --- /dev/null +++ b/charts/argo-cd/templates/dex/pdb.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.dex.enabled .Values.dex.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + {{- with .Values.dex.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.dex.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.dex.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/dex/poddisruptionbudget.yaml b/charts/argo-cd/templates/dex/poddisruptionbudget.yaml deleted file mode 100644 index 7a16d8bf..00000000 --- a/charts/argo-cd/templates/dex/poddisruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.dex.pdb.enabled }} -apiVersion: {{ include "argo-cd.podDisruptionBudget.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "argo-cd.dex.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} - {{- with .Values.dex.pdb.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.dex.pdb.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.dex.pdb.minAvailable }} - minAvailable: {{ .Values.dex.pdb.minAvailable }} - {{- else if .Values.dex.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.dex.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} -{{- end }} diff --git a/charts/argo-cd/templates/dex/role.yaml b/charts/argo-cd/templates/dex/role.yaml index 6b9b3f69..e79b3cf7 100644 --- a/charts/argo-cd/templates/dex/role.yaml +++ b/charts/argo-cd/templates/dex/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} rules: @@ -15,4 +16,4 @@ rules: - get - list - watch -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/argo-cd/templates/dex/rolebinding.yaml index 4cc47005..792a465a 100644 --- a/charts/argo-cd/templates/dex/rolebinding.yaml +++ b/charts/argo-cd/templates/dex/rolebinding.yaml @@ -2,15 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.dex.fullname" . }} + name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.dex.fullname" . }} + name: {{ include "argo-cd.dex.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.dexServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file + name: {{ include "argo-cd.dex.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 9661c7e0..b52acfb1 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} {{- if .Values.dex.metrics.service.annotations }} annotations: {{- range $key, $value := .Values.dex.metrics.service.annotations }} @@ -15,6 +16,7 @@ metadata: {{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.dex.servicePortHttpName }} protocol: TCP diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index 71707f09..aeff2441 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -3,13 +3,14 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.dexServiceAccountName" . }} -{{- if .Values.dex.serviceAccount.annotations }} + name: {{ include "argo-cd.dex.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.dex.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.dex.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index ec98991a..2564cfa1 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -1,11 +1,9 @@ -{{- if and .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.dex.fullname" . }} - {{- with .Values.dex.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.metrics.serviceMonitor.selector }} @@ -14,6 +12,10 @@ metadata: {{- with .Values.dex.metrics.serviceMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - port: {{ .Values.dex.metrics.service.portName }} @@ -29,6 +31,7 @@ spec: metricRelabelings: {{- toYaml . |nindent 8 }} {{- end }} + honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }} {{- with .Values.dex.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} @@ -38,7 +41,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }} diff --git a/charts/argo-cd/templates/extra-manifests.yaml b/charts/argo-cd/templates/extra-manifests.yaml index a9bb3b6b..fc9a76b8 100644 --- a/charts/argo-cd/templates/extra-manifests.yaml +++ b/charts/argo-cd/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} diff --git a/charts/argo-cd/templates/networkpolicy-default-deny.yaml b/charts/argo-cd/templates/networkpolicy-default-deny.yaml index 3d47a397..06d1979a 100644 --- a/charts/argo-cd/templates/networkpolicy-default-deny.yaml +++ b/charts/argo-cd/templates/networkpolicy-default-deny.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} name: {{ template "argo-cd.fullname" . }}-default-deny + namespace: {{ include "argo-cd.namespace" . }} spec: podSelector: {} policyTypes: diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml new file mode 100644 index 00000000..5fd41f64 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -0,0 +1,70 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.jobAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +spec: + ttlSecondsAfterFinished: 60 + template: + metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redisSecretInit.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redisSecretInit.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - command: + - argocd + - admin + - redis-initial-password + image: {{ default .Values.global.image.repository .Values.redisSecretInit.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.redisSecretInit.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redisSecretInit.image.imagePullPolicy }} + name: secret-init + resources: + {{- toYaml .Values.redisSecretInit.resources | nindent 10 }} + {{- with .Values.redisSecretInit.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.redisSecretInit.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + restartPolicy: OnFailure + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/role.yaml b/charts/argo-cd/templates/redis-secret-init/role.yaml new file mode 100644 index 00000000..9e8259f9 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/role.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml new file mode 100644 index 00000000..a199628a --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.redisSecretInit.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml new file mode 100644 index 00000000..85540d26 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.redisSecretInit.enabled .Values.redisSecretInit.serviceAccount.create (not .Values.externalRedis.host) }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index fb0c481f..65581665 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -1,124 +1,220 @@ -{{- $redisHa := (index .Values "redis-ha") -}} +{{- $redisHa := index .Values "redis-ha" -}} {{- if and .Values.redis.enabled (not $redisHa.enabled) -}} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "argo-cd.redis.fullname" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.redis.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} - app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} spec: + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} template: metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redis.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redis.podAnnotations) }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }} - app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} - {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redis.podLabels) }} - {{- toYaml . | nindent 8 }} - {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} - serviceAccountName: {{ template "argo-cd.redisServiceAccountName" . }} - {{- if .Values.redis.securityContext }} - securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.redis.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.redis.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.redis.automountServiceAccountToken }} containers: - - name: {{ template "argo-cd.redis.fullname" . }} + - name: {{ .Values.redis.name }} + image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.image.imagePullPolicy }} args: + {{- with .Values.redis.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} - --save - "" - --appendonly - "no" - {{- with .Values.redis.extraArgs }} - {{- . | toYaml | nindent 8 }} - {{- end }} - image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} - imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} - {{- if .Values.redis.containerSecurityContext }} - securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.redis.env }} + - --requirepass $(REDIS_PASSWORD) env: -{{- toYaml .Values.redis.env | nindent 8 }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + {{- with (concat .Values.global.env .Values.redis.env) }} + {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.redis.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} + envFrom: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh {{- end }} ports: - - containerPort: {{ .Values.redis.containerPort }} - name: redis -{{- if .Values.redis.volumeMounts }} - volumeMounts: -{{- toYaml .Values.redis.volumeMounts | nindent 10 }} -{{- end }} + - name: redis + containerPort: {{ .Values.redis.containerPorts.redis }} + protocol: TCP resources: -{{- toYaml .Values.redis.resources | nindent 10 }} - {{- if .Values.redis.metrics.enabled }} + {{- toYaml .Values.redis.resources | nindent 10 }} + {{- with .Values.redis.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /health + name: health + {{- with .Values.redis.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.redis.exporter.enabled }} - name: metrics + image: {{ .Values.redis.exporter.image.repository }}:{{ .Values.redis.exporter.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.exporter.image.imagePullPolicy }} env: - name: REDIS_ADDR - value: {{ printf "redis://localhost:%v" .Values.redis.containerPort }} + value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: {{ printf "0.0.0.0:%v" .Values.redis.metrics.containerPort }} - image: {{ .Values.redis.metrics.image.repository }}:{{ .Values.redis.metrics.image.tag }} - imagePullPolicy: {{ .Values.redis.metrics.image.imagePullPolicy}} + value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + {{- with (concat .Values.global.env .Values.redis.exporter.env) }} + {{- toYaml . | nindent 8 }} + {{- end }} ports: - - containerPort: {{ .Values.redis.metrics.containerPort }} - name: metrics + - name: metrics + containerPort: {{ .Values.redis.containerPorts.metrics }} protocol: TCP - resources: {{- toYaml .Values.redis.metrics.resources | nindent 10 }} - {{- with .Values.redis.containerSecurityContext }} - securityContext: {{- toYaml . | nindent 10 }} + {{- if .Values.redis.exporter.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.redis.exporter.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.redis.exporter.resources | nindent 10 }} + {{- with .Values.redis.exporter.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - {{- with .Values.redis.extraContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .Values.redis.nodeSelector }} + {{- with .Values.redis.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.redis.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.redis.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: -{{- toYaml .Values.redis.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.redis.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.tolerations | default .Values.global.tolerations }} tolerations: -{{- toYaml .Values.redis.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.redis.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redis) }} affinity: -{{- toYaml .Values.redis.affinity | nindent 8 }} - {{- end }} - {{- with .Values.redis.topologySpreadConstraints }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.redis.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} topologySpreadConstraints: - {{- range $constraint := . }} + {{- range $constraint := . }} - {{ toYaml $constraint | nindent 8 | trim }} {{- if not $constraint.labelSelector }} labelSelector: matchLabels: app.kubernetes.io/name: {{ include "argo-cd.name" $ }}-{{ $.Values.redis.name }} {{- end }} + {{- end }} {{- end }} - {{- end }} -{{- if .Values.redis.volumes }} volumes: -{{- toYaml .Values.redis.volumes | nindent 8}} -{{- end }} - {{- if .Values.redis.initContainers }} - initContainers: - {{- toYaml .Values.redis.initContainers | nindent 6 }} + - name: health + configMap: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + defaultMode: 493 + {{- with .Values.redis.volumes }} + {{- toYaml . | nindent 8}} {{- end }} -{{- if .Values.redis.priorityClassName }} - priorityClassName: {{ .Values.redis.priorityClassName }} -{{- end }} + {{- with .Values.redis.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.redis.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/redis/health-configmap.yaml b/charts/argo-cd/templates/redis/health-configmap.yaml new file mode 100644 index 00000000..7443625f --- /dev/null +++ b/charts/argo-cd/templates/redis/health-configmap.yaml @@ -0,0 +1,37 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" +{{- end }} diff --git a/charts/argo-cd/templates/redis/metrics-service.yaml b/charts/argo-cd/templates/redis/metrics.yaml similarity index 58% rename from charts/argo-cd/templates/redis/metrics-service.yaml rename to charts/argo-cd/templates/redis/metrics.yaml index da96a22b..040f5ebf 100644 --- a/charts/argo-cd/templates/redis/metrics-service.yaml +++ b/charts/argo-cd/templates/redis/metrics.yaml @@ -3,21 +3,27 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "argo-cd.redis.fullname" . }}-metrics - {{- with .Values.redis.metrics.service.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} + name: {{ include "argo-cd.redis.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- if or .Values.redis.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.redis.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.redis.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: - {{- with .Values.redis.metrics.service.clusterIP }} - clusterIP: {{ . }} + type: {{ .Values.redis.metrics.service.type }} + {{- if and .Values.redis.metrics.service.clusterIP (eq .Values.redis.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.redis.metrics.service.clusterIP }} {{- end }} ports: - name: {{ .Values.redis.metrics.service.portName }} @@ -26,5 +32,4 @@ spec: targetPort: metrics selector: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} - type: {{ .Values.redis.metrics.service.type }} {{- end }} diff --git a/charts/argo-cd/templates/redis/networkpolicy.yaml b/charts/argo-cd/templates/redis/networkpolicy.yaml index 8b564add..d602a931 100644 --- a/charts/argo-cd/templates/redis/networkpolicy.yaml +++ b/charts/argo-cd/templates/redis/networkpolicy.yaml @@ -6,6 +6,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/redis/pdb.yaml b/charts/argo-cd/templates/redis/pdb.yaml new file mode 100644 index 00000000..c614144d --- /dev/null +++ b/charts/argo-cd/templates/redis/pdb.yaml @@ -0,0 +1,28 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) .Values.redis.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with .Values.redis.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.redis.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.redis.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} +{{- end }} diff --git a/charts/argo-cd/templates/redis/poddisruptionbudget.yaml b/charts/argo-cd/templates/redis/poddisruptionbudget.yaml deleted file mode 100644 index 4de55b7e..00000000 --- a/charts/argo-cd/templates/redis/poddisruptionbudget.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.redis.pdb.enabled }} -apiVersion: {{ include "argo-cd.podDisruptionBudget.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "argo-cd.redis.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} - {{- with .Values.redis.pdb.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.redis.pdb.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.redis.pdb.minAvailable }} - minAvailable: {{ .Values.redis.pdb.minAvailable }} - {{- else if .Values.redis.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.redis.pdb.maxUnavailable }} - {{- else }} - minAvailable: 0 - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} -{{- end }} diff --git a/charts/argo-cd/templates/redis/service.yaml b/charts/argo-cd/templates/redis/service.yaml index af273d71..a60cf77e 100644 --- a/charts/argo-cd/templates/redis/service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.service.labels }} @@ -16,10 +17,11 @@ metadata: {{- end }} {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: redis port: {{ .Values.redis.servicePort }} - targetPort: {{ .Values.redis.containerPort }} + targetPort: redis selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml index ae67d3b2..bc942e22 100644 --- a/charts/argo-cd/templates/redis/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -3,13 +3,14 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.redisServiceAccountName" . }} -{{- if .Values.redis.serviceAccount.annotations }} + name: {{ include "argo-cd.redis.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.redis.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.redis.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 8cd9a111..4710d286 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -1,12 +1,10 @@ {{- $redisHa := (index .Values "redis-ha") -}} -{{- if and .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled .Values.redis.metrics.serviceMonitor.enabled -}} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled .Values.redis.metrics.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.redis.fullname" . }} - {{- with .Values.redis.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.redis.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.serviceMonitor.selector }} @@ -15,6 +13,10 @@ metadata: {{- with .Values.redis.metrics.serviceMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - port: {{ .Values.redis.metrics.service.portName }} @@ -30,6 +32,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.redis.metrics.serviceMonitor.honorLabels }} {{- with .Values.redis.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} @@ -39,7 +42,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 6 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml old mode 100755 new mode 100644 index 27c67d36..f1213daf --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -6,10 +6,55 @@ nameOverride: argocd # -- String to fully override `"argo-cd.fullname"` fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" +# Override APIVersions +# If you want to template helm charts but cannot access k8s API server +# you can set api versions here +apiVersionOverrides: {} +# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: false +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD runs +createClusterRoles: true + +openshift: + # -- enables using arbitrary uid for argo repo server + enabled: false + +## Custom resource configuration +crds: + # -- Install and upgrade CRDs + install: true + # -- Keep CRDs on chart uninstall + keep: true + # -- Annotations to be added to all CRDs + annotations: {} + # -- Addtional labels to be added to all CRDs + additionalLabels: {} + +## Globally shared configuration global: + # -- Default domain used by all components + ## Used for ingresses, certificates, SSO, notifications, etc. + domain: argocd.example.com + + # -- Runtime class name for all components + runtimeClassName: "" + + # -- Common labels for the all resources + additionalLabels: {} + # app: argo-cd + + # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected. + revisionHistoryLimit: 3 + + # Default image used by all components image: # -- If defined, a repository applied to all Argo CD deployments repository: quay.io/argoproj/argocd @@ -17,48 +62,556 @@ global: tag: "" # -- If defined, a imagePullPolicy applied to all Argo CD deployments imagePullPolicy: IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + imagePullSecrets: [] + + # Default logging options used by all components + logging: + # -- Set the global logging format. Either: `text` or `json` + format: text + # -- Set the global logging level. One of: `debug`, `info`, `warn` or `error` + level: info + + # -- Annotations for the all deployed Statefulsets + statefulsetAnnotations: {} + + # -- Annotations for the all deployed Deployments + deploymentAnnotations: {} + # -- Annotations for the all deployed pods podAnnotations: {} + # -- Labels for the all deployed pods podLabels: {} - # -- Toggle and define securityContext. See [values.yaml] + + # -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. + addPrometheusAnnotations: false + + # -- Toggle and define pod-level security context. + # @default -- `{}` (See [values.yaml]) securityContext: {} # runAsUser: 999 # runAsGroup: 999 # fsGroup: 999 - # -- If defined, uses a Secret to pull an image from a private Docker registry or repository - imagePullSecrets: [] # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files hostAliases: [] # - ip: 10.20.30.40 # hostnames: # - git.myhostname - # -- Additional labels to add to all resources - additionalLabels: {} - # app: argo-cd + # Configure dual-stack used by all component services + dualStack: + # -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + ipFamilyPolicy: "" + # -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + ipFamilies: [] + # Default network policy rules used by all components networkPolicy: # -- Create NetworkPolicy objects for all components create: false # -- Default deny all ingress traffic defaultDenyIngress: false -# Override APIVersions -# If you want to template helm charts but cannot access k8s API server -# you can set api versions here -apiVersionOverrides: - # -- String to override apiVersion of certmanager resources rendered by this helm chart - certmanager: "" # cert-manager.io/v1 - # -- String to override apiVersion of ingresses rendered by this helm chart - ingress: "" # networking.k8s.io/v1beta1 + # -- Default priority class for all components + priorityClassName: "" -# -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds -## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles -createAggregateRoles: false + # -- Default node selector for all components + nodeSelector: + kubernetes.io/os: linux + + # -- Default tolerations for all components + tolerations: [] + + # Default affinity preset for all components + affinity: + # -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard` + podAntiAffinity: soft + # Node affinity rules + nodeAffinity: + # -- Default node affinity rules. Either: `none`, `soft` or `hard` + type: hard + # -- Default match expressions for node affinity + matchExpressions: [] + # - key: topology.kubernetes.io/zone + # operator: In + # values: + # - antarctica-east1 + # - antarctica-west1 + + # -- Default [TopologySpreadConstraints] rules for all components + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector of the component + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy for the all deployed Deployments + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Environment variables to pass to all deployed Deployments + env: [] + + # -- Annotations for the all deployed Certificates + certificateAnnotations: {} + +## Argo Configs +configs: + # General Argo CD configuration + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml + cm: + # -- Create the argocd-cm configmap for [declarative setup] + create: true + + # -- Annotations to be added to argocd-cm configmap + annotations: {} + + # -- The name of tracking label used by Argo CD for resource pruning + application.instanceLabelKey: argocd.argoproj.io/instance + + # -- Enable control of the service account used for the sync operation (alpha) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ + application.sync.impersonation.enabled: false + + # -- Enable logs RBAC enforcement + ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement + server.rbac.log.enforce.enable: false + + # -- Enable exec feature in Argo UI + ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource + exec.enabled: false + + # -- Enable local admin user + ## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user + admin.enabled: true + + # -- Timeout to discover if a new manifests version got published to the repository + timeout.reconciliation: 180s + + # -- Timeout to refresh application data as well as target manifests cache + timeout.hard.reconciliation: 0s + + # -- Enable Status Badge + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/ + statusbadge.enabled: false + + # Dex configuration + # dex.config: | + # connectors: + # # GitHub example + # - type: github + # id: github + # name: GitHub + # config: + # clientID: aabbccddeeff00112233 + # clientSecret: $dex.github.clientSecret # Alternatively $:dex.github.clientSecret + # orgs: + # - name: your-github-org + + # OIDC configuration as an alternative to dex (optional). + # oidc.config: | + # name: AzureAD + # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 + # clientID: CLIENT_ID + # clientSecret: $oidc.azuread.clientSecret + # rootCA: | + # -----BEGIN CERTIFICATE----- + # ... encoded certificate data here ... + # -----END CERTIFICATE----- + # requestedIDTokenClaims: + # groups: + # essential: true + # requestedScopes: + # - openid + # - profile + # - email + + # Extension Configuration + ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/ + # extension.config: | + # extensions: + # - name: httpbin + # backend: + # connectionTimeout: 2s + # keepAlive: 15s + # idleConnectionTimeout: 60s + # maxIdleConnections: 30 + # services: + # - url: http://httpbin.org + # headers: + # - name: some-header + # value: '$some.argocd.secret.key' + # cluster: + # name: some-cluster + # server: https://some-cluster + + # Argo CD configuration parameters + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml + params: + # -- Create the argocd-cmd-params-cm configmap + # If false, it is expected the configmap will be created by something else. + create: true + + # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap + annotations: {} + + ## Generic parameters + # -- Open-Telemetry collector address: (e.g. "otel-collector:4317") + otlp.address: '' + + ## Controller Properties + # -- Number of application status processors + controller.status.processors: 20 + # -- Number of application operation processors + controller.operation.processors: 10 + # -- Specifies timeout between application self heal attempts + controller.self.heal.timeout.seconds: 5 + # -- Repo server RPC call timeout seconds. + controller.repo.server.timeout.seconds: 60 + + ## Server properties + # -- Run server without TLS + ## NOTE: This value should be set when you generate params by other means as it changes ports used by ingress template. + server.insecure: false + # -- Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / + server.basehref: / + # -- Used if Argo CD is running behind reverse proxy under subpath different from / + server.rootpath: '' + # -- Directory path that contains additional static assets + server.staticassets: /shared/app + # -- Disable Argo CD RBAC for user authentication + server.disable.auth: false + # -- Enable GZIP compression + server.enable.gzip: true + # -- Enable proxy extension feature. (proxy extension is in Alpha phase) + server.enable.proxy.extension: false + # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". + server.x.frame.options: sameorigin + + ## Repo-server properties + # -- Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. + reposerver.parallelism.limit: 0 + + ## ApplicationSet Properties + # -- Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` + applicationsetcontroller.policy: sync + # -- Enables use of the Progressive Syncs capability + applicationsetcontroller.enable.progressive.syncs: false + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) + # @default -- `""` (default is only the ns where the controller is installed) + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/ + applicationsetcontroller.namespaces: "" + + # -- Enables [Applications in any namespace] + ## List of additional namespaces where applications may be created in and reconciled from. + ## The namespace where Argo CD is installed to will always be allowed. + ## Set comma-separated list. (e.g. app-team-one, app-team-two) + application.namespaces: "" + + # -- JQ Path expression timeout + ## By default, the evaluation of a JQPathExpression is limited to one second. + ## If you encounter a "JQ patch execution timed out" error message due to a complex JQPathExpression + ## that requires more time to evaluate, you can extend the timeout period. + controller.ignore.normalizer.jq.timeout: "1s" + + # Argo CD RBAC policy configuration + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md + rbac: + # -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. + # If false, it is expected the configmap will be created by something else. + # Argo CD will not work if there is no configmap created with the name above. + create: true + + # -- Annotations to be added to argocd-rbac-cm configmap + annotations: {} + + # -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). + # If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... + policy.default: '' + + # -- File containing user-defined policies and role definitions. + # @default -- `''` (See [values.yaml]) + policy.csv: '' + # Policy rules are in the form: + # p, subject, resource, action, object, effect + # Role definitions and bindings are in the form: + # g, subject, inherited-subject + # policy.csv: | + # p, role:org-admin, applications, *, */*, allow + # p, role:org-admin, clusters, get, *, allow + # p, role:org-admin, repositories, *, *, allow + # p, role:org-admin, logs, get, *, allow + # p, role:org-admin, exec, create, */*, allow + # g, your-github-org:your-team, role:org-admin + + # -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). + # The scope value can be a string, or a list of strings. + scopes: "[groups]" + + # -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. + policy.matchMode: "glob" + + # GnuPG public keys for commit verification + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ + gpg: + # -- Annotations to be added to argocd-gpg-keys-cm configmap + annotations: {} + + # -- [GnuPG] public keys to add to the keyring + # @default -- `{}` (See [values.yaml]) + ## Note: Public keys should be exported with `gpg --export --armor ` + keys: {} + # 4AEE18F83AFDEB23: | + # -----BEGIN PGP PUBLIC KEY BLOCK----- + # ... + # -----END PGP PUBLIC KEY BLOCK----- + + # SSH known hosts for Git repositories + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys + ssh: + # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. + create: true + + # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap + annotations: {} + + # -- Known hosts to be added to the known host list by default. + # @default -- See [values.yaml] + knownHosts: | + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + + # -- Additional known hosts for private repositories + extraHosts: '' + + # Repository TLS certificates + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca + tls: + # -- Annotations to be added to argocd-tls-certs-cm configmap + annotations: {} + + # -- TLS certificates for Git repositories + # @default -- `{}` (See [values.yaml]) + certificates: {} + # server.example.com: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + + # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm. + create: true + + # ConfigMap for Config Management Plugins + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ + cmp: + # -- Create the argocd-cmp-cm configmap + create: false + + # -- Annotations to be added to argocd-cmp-cm configmap + annotations: {} + + # -- Plugin yaml files to be added to argocd-cmp-cm + plugins: {} + # --- First plugin + # my-plugin: + # init: + # command: [sh] + # args: [-c, 'echo "Initializing..."'] + # generate: + # command: [sh, -c] + # args: + # - | + # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}" + # discover: + # fileName: "./subdir/s*.yaml" + # find: + # glob: "**/Chart.yaml" + # command: [sh, -c, find . -name env.yaml] + + # --- Second plugin + # my-plugin2: + # init: + # command: [sh] + # args: [-c, 'echo "Initializing..."'] + # generate: + # command: [sh, -c] + # args: + # - | + # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}" + # discover: + # fileName: "./subdir/s*.yaml" + # find: + # glob: "**/Chart.yaml" + # command: [sh, -c, find . -name env.yaml] + + # -- Provide one or multiple [external cluster credentials] + # @default -- `{}` (See [values.yaml]) + ## Ref: + ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters + ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials + ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters + clusterCredentials: {} + # mycluster: + # server: https://mycluster.example.com + # labels: {} + # annotations: {} + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + # mycluster2: + # server: https://mycluster2.example.com + # labels: {} + # annotations: {} + # namespaces: namespace1,namespace2 + # clusterResources: true + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + # mycluster3-project-scoped: + # server: https://mycluster3.example.com + # labels: {} + # annotations: {} + # project: my-project1 + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + # mycluster4-sharded: + # shard: 1 + # server: https://mycluster4.example.com + # labels: {} + # annotations: {} + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + + # -- Repository credentials to be used as Templates for other repos + ## Creates a secret for each key/value specified below to create repository credentials + credentialTemplates: {} + # github-enterprise-creds-1: + # url: https://github.com/argoproj + # githubAppID: 1 + # githubAppInstallationID: 2 + # githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3 + # githubAppPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + # https-creds: + # url: https://github.com/argoproj + # password: my-password + # username: my-username + # ssh-creds: + # url: git@github.com:argoproj-labs + # sshPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + + # -- Annotations to be added to `configs.credentialTemplates` Secret + credentialTemplatesAnnotations: {} + + # -- Repositories list to be used by applications + ## Creates a secret for each key/value specified below to create repositories + ## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates". + repositories: {} + # istio-helm-repo: + # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts + # name: istio.io + # type: helm + # private-helm-repo: + # url: https://my-private-chart-repo.internal + # name: private-repo + # type: helm + # password: my-password + # username: my-username + # private-repo: + # url: https://github.com/argoproj/private-repo + + # -- Annotations to be added to `configs.repositories` Secret + repositoriesAnnotations: {} + + # Argo CD sensitive data + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets + secret: + # -- Create the argocd-secret + createSecret: true + # -- Labels to be added to argocd-secret + labels: {} + # -- Annotations to be added to argocd-secret + annotations: {} + + # -- Shared secret for authenticating GitHub webhook events + githubSecret: "" + # -- Shared secret for authenticating GitLab webhook events + gitlabSecret: "" + # -- Shared secret for authenticating BitbucketServer webhook events + bitbucketServerSecret: "" + # -- UUID for authenticating Bitbucket webhook events + bitbucketUUID: "" + # -- Shared secret for authenticating Gogs webhook events + gogsSecret: "" + ## Azure DevOps + azureDevops: + # -- Shared secret username for authenticating Azure DevOps webhook events + username: "" + # -- Shared secret password for authenticating Azure DevOps webhook events + password: "" + + # -- add additional secrets to be added to argocd-secret + ## Custom secrets. Useful for injecting SSO secrets into environment variables. + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets + ## Note that all values must be non-empty. + extra: + {} + # LDAP_PASSWORD: "mypassword" + + # -- Bcrypt hashed admin password + ## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with + ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` + argocdServerAdminPassword: "" + # -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` + # @default -- `""` (defaults to current time) + argocdServerAdminPasswordMtime: "" + + # -- Define custom [CSS styles] for your argo instance. + # This setting will automatically mount the provided CSS and reference it in the argo configuration. + # @default -- `""` (See [values.yaml]) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ + styles: "" + # styles: | + # .sidebar { + # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); + # } # -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates extraObjects: [] # - apiVersion: secrets-store.csi.x-k8s.io/v1 # kind: SecretProviderClass @@ -86,11 +639,53 @@ extraObjects: [] # labels: # app.kubernetes.io/part-of: argocd -## Controller +## Application controller controller: # -- Application controller name string name: application-controller + # -- The number of application controller pods to run. + # Additional replicas will cause sharding of managed clusters across number of replicas. + ## With dynamic cluster distribution turned on, sharding of the clusters will gracefully + ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha) + replicas: 1 + + # -- Enable dynamic cluster distribution (alpha) + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution + ## This is done using a deployment instead of a statefulSet + ## When replicas are added or removed, the sharding algorithm is re-run to ensure that the + ## clusters are distributed according to the algorithm. If the algorithm is well-balanced, + ## like round-robin, then the shards will be well-balanced. + dynamicClusterDistribution: false + + # -- Runtime class name for the application controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + # -- Application controller heartbeat time + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution + heartbeatTime: 10 + + # -- Maximum number of controller revisions that will be maintained in StatefulSet history + revisionHistoryLimit: 5 + + ## Application controller Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the application controller + enabled: false + # -- Labels to be added to application controller pdb + labels: {} + # -- Annotations to be added to application controller pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `controller.pdb.minAvailable` + maxUnavailable: "" + + ## Application controller image image: # -- Repository to use for the application controller # @default -- `""` (defaults to global.image.repository) @@ -102,39 +697,15 @@ controller: # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" - # -- The number of application controller pods to run. - # If changing the number of replicas you must pass the number as `ARGOCD_CONTROLLER_REPLICAS` as an environment variable - replicas: 1 - - # -- Deploy the application controller as a StatefulSet instead of a Deployment, this is required for HA capability. - enableStatefulSet: true - - ## Application controller commandline flags - args: - # -- define the application controller `--status-processors` - statusProcessors: "20" - # -- define the application controller `--operation-processors` - operationProcessors: "10" - # -- define the application controller `--app-resync` - appResyncPeriod: "180" - # -- define the application controller `--self-heal-timeout-seconds` - selfHealTimeout: "5" - # -- define the application controller `--repo-server-timeout-seconds` - repoServerTimeoutSeconds: "60" - - # -- Application controller log format. Either `text` or `json` - logFormat: text - # -- Application controller log level - logLevel: info + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] # -- Additional command line arguments to pass to application controller extraArgs: [] # -- Environment variables to pass to application controller - env: - [] - # - name: "ARGOCD_CONTROLLER_REPLICAS" - # value: "" + env: [] # -- envFrom to pass to application controller # @default -- `[]` (See [values.yaml]) @@ -144,27 +715,92 @@ controller: # - secretRef: # name: secret-name + # -- Additional containers to be added to the application controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the application controller pod + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the server pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + ## Note: Supports use of custom Helm templates + initContainers: [] + # - name: download-tools + # image: alpine:3 + # command: [sh, -c] + # args: + # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && + # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + + # -- Additional volumeMounts to the application controller main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin + # name: custom-tools + # subPath: kubelogin + + # -- Additional volumes to the application controller pod + volumes: [] + # - name: custom-tools + # emptyDir: {} + + ## Application controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for application controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # -- Annotations for the application controller StatefulSet + statefulsetAnnotations: {} + + # -- Annotations for the application controller Deployment + deploymentAnnotations: {} + # -- Annotations to be added to application controller pods podAnnotations: {} # -- Labels to be added to application controller pods podLabels: {} + # -- Resource limits and requests for the application controller pods + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + # Application controller container ports + containerPorts: + # -- Metrics container port + metrics: 8082 + + # -- Host Network for application controller pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for application controller pods + dnsPolicy: "ClusterFirst" + # -- Application controller container-level security context + # @default -- See [values.yaml] containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true - # runAsNonRoot: true + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL - # -- Application controller listening port - containerPort: 8082 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## + # Readiness probe for application controller + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -176,61 +812,37 @@ controller: successThreshold: 1 # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 - livenessProbe: - # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded - failureThreshold: 3 - # -- Number of seconds after the container has started before [probe] is initiated - initialDelaySeconds: 10 - # -- How often (in seconds) to perform the [probe] - periodSeconds: 10 - # -- Minimum consecutive successes for the [probe] to be considered successful after having failed - successThreshold: 1 - # -- Number of seconds after which the [probe] times out - timeoutSeconds: 1 - # -- Additional volumeMounts to the application controller main container - volumeMounts: [] + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 - # -- Additional volumes to the application controller pod - volumes: [] - - ## Controller service configuration - service: - # -- Application controller service annotations - annotations: {} - # -- Application controller service labels - labels: {} - # -- Application controller service port - port: 8082 - # -- Application controller service port name - portName: https-controller + # -- Priority class for the application controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the application controller - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule - # -- Priority class for the application controller pods - priorityClassName: "" - - # -- Resource limits and requests for the application controller pods - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 250m - # memory: 256Mi + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true serviceAccount: # -- Create a service account for the application controller @@ -239,6 +851,8 @@ controller: name: argocd-application-controller # -- Annotations applied to created service account annotations: {} + # -- Labels applied to created service account + labels: {} # -- Automount API credentials for the Service Account automountServiceAccountToken: true @@ -246,12 +860,18 @@ controller: metrics: # -- Deploy metrics service enabled: false + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" applicationLabels: # -- Enables additional labels in argocd_app_labels metric enabled: false # -- Additional labels labels: [] service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -265,6 +885,8 @@ controller: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -281,14 +903,27 @@ controller: namespace: "" # "monitoring" # -- Prometheus ServiceMonitor labels additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} rules: # -- Deploy a PrometheusRule for the application controller enabled: false + # -- PrometheusRule namespace + namespace: "" # "monitoring" + # -- PrometheusRule selector + selector: {} + # prometheus: kube-prometheus + + # -- PrometheusRule labels + additionalLabels: {} + # -- PrometheusRule annotations + annotations: {} + # -- PrometheusRule.Spec for the application controller spec: [] # - alert: ArgoAppMissing # expr: | - # absent(argocd_app_info) + # absent(argocd_app_info) == 1 # for: 15m # labels: # severity: critical @@ -310,15 +945,6 @@ controller: # The application [{{`{{$labels.name}}`}} has not been synchronized for over # 12 hours which means that the state of this cloud has drifted away from the # state inside Git. - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} - - ## Enable if you would like to grant rights to Argo CD to deploy to the local Kubernetes cluster. - clusterAdminAccess: - # -- Enable RBAC for local cluster deployments - enabled: true ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off @@ -328,39 +954,6 @@ controller: # -- List of custom rules for the application controller's ClusterRole resource rules: [] - # -- Additional containers to be added to the application controller pod - extraContainers: [] - - # -- Init containers to add to the application controller pod - ## If your target Kubernetes cluster(s) require a custom auth provider executable - ## you could use this (and the same in the server pod) to bootstrap - ## that executable into your Argo CD container - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - - pdb: - # -- Labels to be added to application controller pdb - labels: {} - # -- Annotations to be added to application controller pdb - annotations: {} - - # -- Deploy a Poddisruptionbudget for the application controller - enabled: false - # minAvailable: 1 - # maxUnavailable: 0 - ## Dex dex: # -- Enable dex @@ -371,6 +964,10 @@ dex: # -- Additional command line arguments to pass to the Dex server extraArgs: [] + # -- Runtime class name for Dex + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + metrics: # -- Deploy metrics service enabled: false @@ -386,6 +983,8 @@ dex: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -402,15 +1001,40 @@ dex: namespace: "" # "monitoring" # -- Prometheus ServiceMonitor labels additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + ## Dex Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the Dex server + enabled: false + # -- Labels to be added to Dex server pdb + labels: {} + # -- Annotations to be added to Dex server pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `dex.pdb.minAvailable` + maxUnavailable: "" + + ## Dex image image: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.30.2 + tag: v2.42.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # Argo CD init image that creates Dex config initImage: # -- Argo CD init image repository # @default -- `""` (defaults to global.image.repository) @@ -421,6 +1045,15 @@ dex: # -- Argo CD init image imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" + # -- Argo CD init image resources + # @default -- `{}` (defaults to dex.resources) + resources: {} + # requests: + # cpu: 5m + # memory: 96Mi + # limits: + # cpu: 10m + # memory: 144Mi # -- Environment variables to pass to the Dex server env: [] @@ -433,17 +1066,100 @@ dex: # - secretRef: # name: secret-name + # -- Additional containers to be added to the dex pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the dex pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- Additional volumeMounts to the dex main container + volumeMounts: [] + + # -- Additional volumes to the dex pod + volumes: [] + + ## Dex server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for Dex server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # TLS certificate configuration via Secret + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server + ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers. + certificateSecret: + # -- Create argocd-dex-server-tls secret + enabled: false + # -- Labels to be added to argocd-dex-server-tls secret + labels: {} + # -- Annotations to be added to argocd-dex-server-tls secret + annotations: {} + # -- Certificate authority. Required for self-signed certificates. + ca: '' + # -- Certificate private key + key: '' + # -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) + crt: '' + + # -- Annotations to be added to the Dex server Deployment + deploymentAnnotations: {} + # -- Annotations to be added to the Dex server pods podAnnotations: {} # -- Labels to be added to the Dex server pods podLabels: {} + # -- Resource limits and requests for dex + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + + # Dex container ports + # NOTE: These ports are currently hardcoded and cannot be changed + containerPorts: + # -- HTTP container port + http: 5556 + # -- gRPC container port + grpc: 5557 + # -- Metrics container port + metrics: 5558 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Dex server pods + dnsPolicy: "ClusterFirst" + + # -- Dex container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ## Probes for Dex server ## Supported from Dex >= 2.28.0 livenessProbe: # -- Enable Kubernetes liveness probe for Dex >= 2.28.0 enabled: false + # -- Http path to use for the liveness probe + httpPath: /healthz/live + # -- Http port to use for the liveness probe + httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated @@ -454,9 +1170,16 @@ dex: successThreshold: 1 # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + readinessProbe: # -- Enable Kubernetes readiness probe for Dex >= 2.28.0 enabled: false + # -- Http path to use for the readiness probe + httpPath: /healthz/ready + # -- Http port to use for the readiness probe + httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated @@ -468,6 +1191,12 @@ dex: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create dex service account create: true @@ -478,103 +1207,55 @@ dex: # -- Automount API credentials for the Service Account automountServiceAccountToken: true - # -- Additional volumeMounts to the dex main container - volumeMounts: - - name: static-files - mountPath: /shared - - # -- Additional volumes to the dex pod - volumes: - - name: static-files - emptyDir: {} - - # -- Extra volumes to the dex pod - extraVolumes: [] - - # -- Extra volumeMounts to the dex pod - extraVolumeMounts: [] - - # -- Container port for HTTP access - containerPortHttp: 5556 # -- Service port for HTTP access servicePortHttp: 5556 # -- Service port name for HTTP access servicePortHttpName: http - # -- Container port for gRPC access - containerPortGrpc: 5557 # -- Service port for gRPC access servicePortGrpc: 5557 # -- Service port name for gRPC access servicePortGrpcName: grpc - # -- Container port for metrics access - containerPortMetrics: 5558 # -- Service port for metrics access servicePortMetrics: 5558 + # -- Priority class for the dex pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to dex - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule - # -- Priority class for dex - priorityClassName: "" + # -- Deployment strategy to be added to the Dex server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% - # -- Dex container-level security context - containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true - -# -- Resource limits and requests for dex - resources: {} - # limits: - # cpu: 50m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi - - # -- Additional containers to be added to the dex pod - extraContainers: [] - - # -- Init containers to add to the dex pod - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - - pdb: - # -- Labels to be added to Dex server pdb - labels: {} - # -- Annotations to be added to Dex server pdb - annotations: {} - - # -- Deploy a Poddisruptionbudget for the Dex server - enabled: false - # minAvailable: 1 - # maxUnavailable: 0 + # -- Dex log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + logFormat: "" + # -- Dex log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + logLevel: "" ## Redis redis: @@ -583,24 +1264,111 @@ redis: # -- Redis name name: redis + # -- Runtime class name for redis + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Redis Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the Redis + enabled: false + # -- Labels to be added to Redis pdb + labels: {} + # -- Annotations to be added to Redis pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `redis.pdb.minAvailable` + maxUnavailable: "" + + ## Redis image image: # -- Redis repository - repository: redis + repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 6.2.6-alpine - # -- Redis imagePullPolicy - imagePullPolicy: IfNotPresent + tag: 7.4.2-alpine + # -- Redis image pull policy + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + ## Prometheus redis-exporter sidecar + exporter: + # -- Enable Prometheus redis-exporter sidecar + enabled: false + # -- Environment variables to pass to the Redis exporter + env: [] + ## Prometheus redis-exporter image + image: + # -- Repository to use for the redis-exporter + repository: public.ecr.aws/bitnami/redis-exporter + # -- Tag to use for the redis-exporter + tag: 1.67.0 + # -- Image pull policy for the redis-exporter + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Redis exporter security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for Redis exporter (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter (optional) + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + + # -- Resource limits and requests for redis-exporter sidecar + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] # -- Additional command line arguments to pass to redis-server extraArgs: [] # - --bind # - "0.0.0.0" - # -- Redis container port - containerPort: 6379 - # -- Redis service port - servicePort: 6379 - # -- Environment variables to pass to the Redis server env: [] @@ -612,42 +1380,129 @@ redis: # - secretRef: # name: secret-name + ## Probes for Redis server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + + # -- Additional containers to be added to the redis pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the redis pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- Additional volumeMounts to the redis container + volumeMounts: [] + + # -- Additional volumes to the redis pod + volumes: [] + + # -- Annotations to be added to the Redis server Deployment + deploymentAnnotations: {} + # -- Annotations to be added to the Redis server pods podAnnotations: {} # -- Labels to be added to the Redis server pods podLabels: {} - # -- [Node selector] - nodeSelector: {} - # -- [Tolerations] for use with node taints - tolerations: [] - # -- Assign custom [affinity] rules to the deployment - affinity: {} - - # -- Assign custom [TopologySpreadConstraints] rules to redis - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment - topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - - # -- Priority class for redis - priorityClassName: "" - - # -- Redis container-level security context - containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true + # -- Resource limits and requests for redis + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi # -- Redis pod-level security context + # @default -- See [values.yaml] securityContext: runAsNonRoot: true runAsUser: 999 + seccompProfile: + type: RuntimeDefault + + # Redis container ports + containerPorts: + # -- Redis container port + redis: 6379 + # -- Metrics container port + metrics: 9121 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Redis server pods + dnsPolicy: "ClusterFirst" + + # -- Redis container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + + # -- Redis service port + servicePort: 6379 + + # -- Priority class for redis pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to redis + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true serviceAccount: # -- Create a service account for the redis pod @@ -659,39 +1514,6 @@ redis: # -- Automount API credentials for the Service Account automountServiceAccountToken: false - # -- Resource limits and requests for redis - resources: {} - # limits: - # cpu: 200m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 64Mi - - # -- Additional volumeMounts to the redis container - volumeMounts: [] - # -- Additional volumes to the redis pod - volumes: [] - - # -- Additional containers to be added to the redis pod - extraContainers: [] - - # -- Init containers to add to the redis pod - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - service: # -- Redis service annotations annotations: {} @@ -699,25 +1521,10 @@ redis: labels: {} metrics: - # -- Deploy metrics service and redis-exporter sidecar + # -- Deploy metrics service enabled: false - image: - # -- redis-exporter image repository - repository: bitnami/redis-exporter - # -- redis-exporter image tag - tag: 1.26.0-debian-10-r2 - # -- redis-exporter image PullPolicy - imagePullPolicy: IfNotPresent - # -- Port to use for redis-exporter sidecar - containerPort: 9121 - # -- Resource limits and requests for redis-exporter sidecar - resources: {} - # limits: - # cpu: 50m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi + + # Redis metrics service configuration service: # -- Metrics service type type: ClusterIP @@ -731,11 +1538,14 @@ redis: servicePort: 9121 # -- Metrics service port name portName: http-metrics + serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false # -- Interval at which metrics should be scraped interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -752,36 +1562,32 @@ redis: namespace: "" # "monitoring" # -- Prometheus ServiceMonitor labels additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} - pdb: - # -- Labels to be added to Redis server pdb - labels: {} - # -- Annotations to be added to Redis server pdb - annotations: {} - - # -- Deploy a Poddisruptionbudget for the Redis server - enabled: false - # minAvailable: 1 - # maxUnavailable: 0 - -# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true) -# the custom redis deployment is omitted -# Check the redis-ha chart for more properties +## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` +# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml redis-ha: # -- Enables the Redis HA subchart and disables the custom Redis single node deployment enabled: false + ## Redis image + image: + # -- Redis repository + repository: public.ecr.aws/docker/library/redis + # -- Redis tag + tag: 7.4.2-alpine + ## Prometheus redis-exporter sidecar exporter: - # -- If `true`, the prometheus exporter sidecar is enabled - enabled: true - # -- Exporter image - # @default -- `nil` (follows subchart default) - image: ~ - # -- Exporter tag - # @default -- `nil` (follows subchart default) - tag: ~ - persistentVolume: - # -- Configures persistency on Redis nodes + # -- Enable Prometheus redis-exporter sidecar enabled: false + # -- Repository to use for the redis-exporter + image: public.ecr.aws/bitnami/redis-exporter + # -- Tag to use for the redis-exporter + tag: 1.58.0 + persistentVolume: + # -- Configures persistence on Redis nodes + enabled: false + ## Redis specific configuration options redis: # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated masterGroupName: argocd @@ -791,27 +1597,50 @@ redis-ha: # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled # @default -- `'""'` save: '""' + ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. haproxy: # -- Enabled HAProxy LoadBalancing/Proxy enabled: true - image: - # -- HAProxy Image Repository - # @default -- `nil` (follows subchart default) - repository: ~ - # -- HAProxy Image Tag - # @default -- `nil` (follows subchart default) - tag: ~ + # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. + labels: + app.kubernetes.io/name: argocd-redis-ha-haproxy metrics: # -- HAProxy enable prometheus metric scraping enabled: true - image: - # -- Redis image repository - # @default -- `nil` (follows subchart default) - repository: ~ - # -- Redis tag - tag: 6.2.6-alpine + # -- Whether the haproxy pods should be forced to run on separate nodes. + hardAntiAffinity: true + # -- Additional affinities to add to the haproxy pods. + additionalAffinities: {} + # -- Assign custom [affinity] rules to the haproxy pods. + affinity: | - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + # -- [Tolerations] for use with node taints for haproxy pods. + tolerations: [] + # -- HAProxy container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- Configures redis-ha with AUTH + auth: true + # -- Existing Secret to use for redis-ha authentication. + # By default the redis-secret-init Job is generating this Secret. + existingSecret: argocd-redis + + # -- Whether the Redis server pods should be forced to run on separate nodes. + hardAntiAffinity: true + + # -- Additional affinities to add to the Redis server pods. + additionalAffinities: {} + + # -- Assign custom [affinity] rules to the Redis pods. + affinity: | + + # -- [Tolerations] for use with node taints for Redis pods. + tolerations: [] + + # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ topologySpreadConstraints: # -- Enable Redis HA topology spread constraints enabled: false @@ -824,18 +1653,105 @@ redis-ha: # -- Enforcement policy, hard or soft # @default -- `""` (defaults to `ScheduleAnyway`) whenUnsatisfiable: "" + # -- Redis HA statefulset container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true # External Redis parameters externalRedis: # -- External Redis server host host: "" + # -- External Redis username + username: "" # -- External Redis password password: "" # -- External Redis server port port: 6379 - # -- The name of an existing secret with Redis credentials (must contain key `redis-password`). + # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. # When it's set, the `externalRedis.password` parameter is ignored existingSecret: "" + # -- External Redis Secret annotations + secretAnnotations: {} + +redisSecretInit: + # -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods + enabled: true + # -- Redis secret-init name + name: redis-secret-init + + image: + # -- Repository to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the Redis secret-init Job + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Annotations to be added to the Redis secret-init Job + jobAnnotations: {} + + # -- Annotations to be added to the Redis secret-init Job + podAnnotations: {} + + # -- Labels to be added to the Redis secret-init Job + podLabels: {} + + # -- Resource limits and requests for Redis secret-init Job + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + + # -- Application controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + # -- Redis secret-init Job pod-level security context + securityContext: {} + + serviceAccount: + # -- Create a service account for the redis pod + create: true + # -- Service account name for redis pod + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Priority class for Redis secret-init Job + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- Assign custom [affinity] rules to the Redis secret-init Job + affinity: {} + + # -- Node selector to be added to the Redis secret-init Job + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- Tolerations to be added to the Redis secret-init Job + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] ## Server server: @@ -845,6 +1761,11 @@ server: # -- The number of server pods to run replicas: 1 + # -- Runtime class name for the Argo CD server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Argo CD server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server enabled: false @@ -856,7 +1777,41 @@ server: targetCPUUtilizationPercentage: 50 # -- Average memory utilization percentage for the Argo CD server [HPA] targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] + ## Argo CD server Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the Argo CD server + enabled: false + # -- Labels to be added to Argo CD server pdb + labels: {} + # -- Annotations to be added to Argo CD server pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `server.pdb.minAvailable` + maxUnavailable: "" + + ## Argo CD server image image: # -- Repository to use for the Argo CD server # @default -- `""` (defaults to global.image.repository) @@ -868,14 +1823,12 @@ server: # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" # IfNotPresent + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + # -- Additional command line arguments to pass to Argo CD server extraArgs: [] - # - --insecure - - # This flag is used to either remove or pass the CLI flag --staticassets /shared/app to the Argo CD server app - staticAssets: - # -- Disable deprecated flag `--staticassets` - enabled: true # -- Environment variables to pass to Argo CD server env: [] @@ -891,506 +1844,60 @@ server: # -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container lifecycle: {} - # -- Argo CD server log format: Either `text` or `json` - logFormat: text - # -- Argo CD server log level - logLevel: info - - # -- Annotations to be added to server pods - podAnnotations: {} - - # -- Labels to be added to server pods - podLabels: {} - - # -- Configures the server port - containerPort: 8080 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - readinessProbe: - # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded - failureThreshold: 3 - # -- Number of seconds after the container has started before [probe] is initiated - initialDelaySeconds: 10 - # -- How often (in seconds) to perform the [probe] - periodSeconds: 10 - # -- Minimum consecutive successes for the [probe] to be considered successful after having failed - successThreshold: 1 - # -- Number of seconds after which the [probe] times out - timeoutSeconds: 1 - livenessProbe: - # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded - failureThreshold: 3 - # -- Number of seconds after the container has started before [probe] is initiated - initialDelaySeconds: 10 - # -- How often (in seconds) to perform the [probe] - periodSeconds: 10 - # -- Minimum consecutive successes for the [probe] to be considered successful after having failed - successThreshold: 1 - # -- Number of seconds after which the [probe] times out - timeoutSeconds: 1 - - # -- Additional volumeMounts to the server main container - volumeMounts: [] - - # -- Additional volumes to the server pod - volumes: [] - - # -- [Node selector] - nodeSelector: {} - # -- [Tolerations] for use with node taints - tolerations: [] - # -- Assign custom [affinity] rules to the deployment - affinity: {} - - # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment - topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - - # -- Priority class for the Argo CD server - priorityClassName: "" - - # -- Servers container-level security context - containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true - - # -- Resource limits and requests for the Argo CD server - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 50m - # memory: 64Mi - - ## Certificate configuration - certificate: - # -- Deploy a Certificate resource (requires cert-manager) + ## Argo CD extensions + ## This function in tech preview stage, do expect instability or breaking changes in newer versions. + ## Ref: https://github.com/argoproj-labs/argocd-extension-installer + ## When you enable extensions, you need to configure RBAC of logged in Argo CD user. + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource + extensions: + # -- Enable support for Argo CD extensions enabled: false - # -- Certificate primary domain (commonName) - domain: argocd.example.com - # -- The requested 'duration' (i.e. lifetime) of the Certificate. Value must be in units accepted by Go time.ParseDuration - duration: "" - # -- How long before the currently issued certificate's expiry cert-manager should renew the certificate. Value must be in units accepted by Go time.ParseDuration - renewBefore: "" - issuer: - # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` - group: "" - # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` - kind: "" - # -- Certificate isser name. Eg. `letsencrypt` - name: "" - # -- Certificate manager additional hosts - additionalHosts: [] - # -- The name of the Secret that will be automatically created and managed by this Certificate resource - secretName: argocd-server-tls - ## Server service configuration - service: - # -- Server service annotations - annotations: {} - # -- Server service labels - labels: {} - # -- Server service type - type: ClusterIP - # -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") - nodePortHttp: 30080 - # -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") - nodePortHttps: 30443 - # -- Server service http port - servicePortHttp: 80 - # -- Server service https port - servicePortHttps: 443 - # -- Server service http port name, can be used to route traffic via istio - servicePortHttpName: http - # -- Server service https port name, can be used to route traffic via istio - servicePortHttpsName: https - # -- Use named target port for argocd - ## Named target ports are not supported by GCE health checks, so when deploying argocd on GKE - ## and exposing it via GCE ingress, the health checks fail and the load balancer returns a 502. - namedTargetPort: true - # -- LoadBalancer will get created with the IP specified in this field - loadBalancerIP: "" - # -- Source IP ranges to allow access to service from - loadBalancerSourceRanges: [] - # -- Server service external IPs - externalIPs: [] - # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - externalTrafficPolicy: "" - # -- Used to maintain session affinity. Supports `ClientIP` and `None` - sessionAffinity: "" + ## Argo CD extension installer image + image: + # -- Repository to use for extension installer image + repository: "quay.io/argoprojlabs/argocd-extension-installer" + # -- Tag to use for extension installer image + tag: "v0.0.8" + # -- Image pull policy for extensions + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" - ## Server metrics service configuration - metrics: - # -- Deploy metrics service - enabled: false - service: - # -- Metrics service annotations - annotations: {} - # -- Metrics service labels - labels: {} - # -- Metrics service port - servicePort: 8083 - # -- Metrics service port name - portName: http-metrics - serviceMonitor: - # -- Enable a prometheus ServiceMonitor - enabled: false - # -- Prometheus ServiceMonitor interval - interval: 30s - # -- Prometheus [RelabelConfigs] to apply to samples before scraping - relabelings: [] - # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion - metricRelabelings: [] - # -- Prometheus ServiceMonitor selector - selector: {} - # prometheus: kube-prometheus + # -- Extensions for Argo CD + # @default -- `[]` (See [values.yaml]) + ## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension + extensionList: [] + # - name: extension-metrics + # env: + # - name: EXTENSION_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz + # - name: EXTENSION_CHECKSUM_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt - # -- Prometheus ServiceMonitor scheme - scheme: "" - # -- Prometheus ServiceMonitor tlsConfig - tlsConfig: {} - # -- Prometheus ServiceMonitor namespace - namespace: "" # monitoring - # -- Prometheus ServiceMonitor labels - additionalLabels: {} + # -- Server UI extensions container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL - serviceAccount: - # -- Create server service account - create: true - # -- Server service account name - name: argocd-server - # -- Annotations applied to created service account - annotations: {} - # -- Automount API credentials for the Service Account - automountServiceAccountToken: true - - ingress: - # -- Enable an ingress resource for the Argo CD server - enabled: false - # -- Additional ingress annotations - annotations: {} - # -- Additional ingress labels - labels: {} - # -- Defines which ingress controller will implement the resource - ingressClassName: "" - - # -- List of ingress hosts - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - hosts: - [] - # - argocd.example.com - - # -- List of ingress paths - paths: - - / - # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` - pathType: Prefix - # -- Additional ingress paths - extraPaths: - [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - - # -- Ingress TLS configuration - tls: - [] - # - secretName: argocd-tls-certificate - # hosts: - # - argocd.example.com - - # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` - https: false - - # dedicated ingress for gRPC as documented at - # Ref: https://argoproj.github.io/argo-cd/operator-manual/ingress/ - ingressGrpc: - # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] - enabled: false - # -- Setup up gRPC ingress to work with an AWS ALB - isAWSALB: false - # -- Additional ingress annotations for dedicated [gRPC-ingress] - annotations: {} - # -- Additional ingress labels for dedicated [gRPC-ingress] - labels: {} - # -- Defines which ingress controller will implement the resource [gRPC-ingress] - ingressClassName: "" - - awsALB: - # -- Service type for the AWS ALB gRPC service - ## Service Type if isAWSALB is set to true - ## Can be of type NodePort or ClusterIP depending on which mode you are - ## are running. Instance mode needs type NodePort, IP mode needs type - ## ClusterIP - ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic - serviceType: NodePort - # -- Backend protocol version for the AWS ALB gRPC service - ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features - backendProtocolVersion: HTTP2 - - # -- List of ingress hosts for dedicated [gRPC-ingress] - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - ## - hosts: - [] - # - argocd.example.com - - # -- List of ingress paths for dedicated [gRPC-ingress] - paths: - - / - # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` - pathType: Prefix - # -- Additional ingress paths for dedicated [gRPC-ingress] - extraPaths: - [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - - # -- Ingress TLS configuration for dedicated [gRPC-ingress] - tls: - [] - # - secretName: argocd-tls-certificate - # hosts: - # - argocd.example.com - - # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` - https: false - - # Create a OpenShift Route with SSL passthrough for UI and CLI - # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain - # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: - # If 'hostname' is an empty string "" OpenShift will create a hostname for you. - route: - # -- Enable an OpenShift Route for the Argo CD server - enabled: false - # -- Openshift Route annotations - annotations: {} - # -- Hostname of OpenShift Route - hostname: "" - # -- Termination type of Openshift Route - termination_type: passthrough - # -- Termination policy of Openshift Route - termination_policy: None - - # -- Manage Argo CD configmap (Declarative Setup) - ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml - configEnabled: true - # -- [General Argo CD configuration] - # @default -- See [values.yaml] - config: - # Argo CD's externally facing base URL (optional). Required when configuring SSO - url: "" - # Argo CD instance label key - application.instanceLabelKey: argocd.argoproj.io/instance - - # DEPRECATED: Please instead use configs.credentialTemplates and configs.repositories - # repositories: | - # - url: git@github.com:group/repo.git - # sshPrivateKeySecret: - # name: secret-name - # key: sshPrivateKey - # - type: helm - # url: https://charts.helm.sh/stable - # name: stable - # - type: helm - # url: https://argoproj.github.io/argo-helm - # name: argo - - # oidc.config: | - # name: AzureAD - # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 - # clientID: CLIENT_ID - # clientSecret: $oidc.azuread.clientSecret - # requestedIDTokenClaims: - # groups: - # essential: true - # requestedScopes: - # - openid - # - profile - # - email - - # -- Annotations to be added to Argo CD ConfigMap - configAnnotations: {} - - # -- Argo CD rbac config ([Argo CD RBAC policy]) - ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md - rbacConfig: - {} - # policy.csv is a file containing user-defined RBAC policies and role definitions (optional). - # Policy rules are in the form: - # p, subject, resource, action, object, effect - # Role definitions and bindings are in the form: - # g, subject, inherited-subject - # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information. - # policy.csv: | - # # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project' - # p, my-org:team-alpha, applications, sync, my-project/*, allow - # # Grant all members of 'my-org:team-beta' admins - # g, my-org:team-beta, role:admin - # policy.default is the name of the default role which Argo CD will falls back to, when - # authorizing API requests (optional). If omitted or empty, users may be still be able to login, - # but will see no apps, projects, etc... - # policy.default: role:readonly - # scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). - # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings. - # scopes: '[cognito:groups, email]' - - # -- Annotations to be added to Argo CD rbac ConfigMap - rbacConfigAnnotations: {} - - # -- Whether or not to create the configmap. If false, it is expected the configmap will be created - # by something else. Argo CD will not work if there is no configMap created with the name above. - rbacConfigCreate: true - - # -- Deploy Argo CD Applications within this helm release - # @default -- `[]` (See [values.yaml]) - ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ - additionalApplications: [] - # - name: guestbook - # namespace: argocd - # additionalLabels: {} - # additionalAnnotations: {} - # finalizers: - # - resources-finalizer.argocd.argoproj.io - # project: guestbook - # source: - # repoURL: https://github.com/argoproj/argocd-example-apps.git - # targetRevision: HEAD - # path: guestbook - # directory: - # recurse: true - # destination: - # server: https://kubernetes.default.svc - # namespace: guestbook - # syncPolicy: - # automated: - # prune: false - # selfHeal: false - # ignoreDifferences: - # - group: apps - # kind: Deployment - # jsonPointers: - # - /spec/replicas - # info: - # - name: url - # value: https://argoproj.github.io/ - - # -- Deploy Argo CD Projects within this helm release - # @default -- `[]` (See [values.yaml]) - ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ - additionalProjects: [] - # - name: guestbook - # namespace: argocd - # additionalLabels: {} - # additionalAnnotations: {} - # finalizers: - # - resources-finalizer.argocd.argoproj.io - # description: Example Project - # sourceRepos: - # - '*' - # destinations: - # - namespace: guestbook - # server: https://kubernetes.default.svc - # clusterResourceWhitelist: [] - # namespaceResourceBlacklist: - # - group: '' - # kind: ResourceQuota - # - group: '' - # kind: LimitRange - # - group: '' - # kind: NetworkPolicy - # orphanedResources: {} - # roles: [] - # namespaceResourceWhitelist: - # - group: 'apps' - # kind: Deployment - # - group: 'apps' - # kind: StatefulSet - # orphanedResources: {} - # roles: [] - # syncWindows: - # - kind: allow - # schedule: '10 1 * * *' - # duration: 1h - # applications: - # - '*-prod' - # manualSync: true - # signatureKeys: - # - keyID: ABCDEF1234567890 - - ## Enable Admin ClusterRole resources. - ## Enable if you would like to grant rights to Argo CD to deploy to the local Kubernetes cluster. - clusterAdminAccess: - # -- Enable RBAC for local cluster deployments - enabled: true - - GKEbackendConfig: - # -- Enable BackendConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [BackendConfigSpec] - spec: {} - # spec: - # iap: - # enabled: true - # oauthclientCredentials: - # secretName: argocd-secret - - ## Create a Google Managed Certificate for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs - GKEmanagedCertificate: - # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. - enabled: false - # -- Domains for the Google Managed Certificate - domains: - - argocd.example.com - - ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters - GKEfrontendConfig: - # -- Enable FrontConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [FrontendConfigSpec] - spec: {} - # spec: - # redirectToHttps: - # enabled: true - # responseCodeName: RESPONSE_CODE + # -- Resource limits and requests for the argocd-extensions container + resources: {} + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi # -- Additional containers to be added to the server pod - ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + ## Note: Supports use of custom Helm templates extraContainers: [] # - name: my-sidecar # image: nginx:latest @@ -1414,124 +1921,85 @@ server: # mountPath: /srv/var/lib/lemonldap-ng/portal/skins # -- Init containers to add to the server pod - ## If your target Kubernetes cluster(s) require a custom auth provider executable - ## you could use this (and the same in the application controller pod) to bootstrap - ## that executable into your Argo CD container + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the application controller pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins initContainers: [] # - name: download-tools - # image: alpine:3.8 + # image: alpine:3 # command: [sh, -c] # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ + # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && + # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ # volumeMounts: # - mountPath: /custom-tools # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm + + # -- Additional volumeMounts to the server main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin # name: custom-tools - # subPath: helm + # subPath: kubelogin - extensions: - # -- Enable support for extensions - ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. - enabled: false + # -- Additional volumes to the server pod + volumes: [] + # - name: custom-tools + # emptyDir: {} - image: - # -- Repository to use for extensions image - repository: "ghcr.io/argoproj-labs/argocd-extensions" - # -- Tag to use for extensions image - tag: "v0.1.0" - # -- Image pull policy for extensions - imagePullPolicy: IfNotPresent + ## Argo CD server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for the Argo CD server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" - # -- Resource limits and requests for the argocd-extensions container - resources: {} - # limits: - # cpu: 50m - # memory: 128Mi - # requests: - # cpu: 10m - # memory: 64Mi + # -- Annotations to be added to server Deployment + deploymentAnnotations: {} - # -- Extensions to be loaded into the server - contents: [] - # - name: argo-rollouts - # url: https://github.com/argoproj-labs/rollout-extension/releases/download/v0.1.0/extension.tar - - pdb: - # -- Labels to be added to server pdb - labels: {} - # -- Annotations to be added to server pdb - annotations: {} - - # -- Deploy a Poddisruptionbudget for the server - enabled: false - # minAvailable: 1 - # maxUnavailable: 0 - -## Repo Server -repoServer: - # -- Repo server name - name: repo-server - - # -- The number of repo server pods to run - replicas: 1 - - autoscaling: - # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server - enabled: false - # -- Minimum number of replicas for the repo server [HPA] - minReplicas: 1 - # -- Maximum number of replicas for the repo server [HPA] - maxReplicas: 5 - # -- Average CPU utilization percentage for the repo server [HPA] - targetCPUUtilizationPercentage: 50 - # -- Average memory utilization percentage for the repo server [HPA] - targetMemoryUtilizationPercentage: 50 - - image: - # -- Repository to use for the repo server - # @default -- `""` (defaults to global.image.repository) - repository: "" # defaults to global.image.repository - # -- Tag to use for the repo server - # @default -- `""` (defaults to global.image.tag) - tag: "" # defaults to global.image.tag - # -- Image pull policy for the repo server - # @default -- `""` (defaults to global.image.imagePullPolicy) - imagePullPolicy: "" # IfNotPresent - - # -- Additional command line arguments to pass to repo server - extraArgs: [] - - # -- Environment variables to pass to repo server - env: [] - - # -- envFrom to pass to repo server - # @default -- `[]` (See [values.yaml]) - envFrom: [] - # - configMapRef: - # name: config-map-name - # - secretRef: - # name: secret-name - - # -- Repo server log format: Either `text` or `json` - logFormat: text - # -- Repo server log level - logLevel: info - - # -- Annotations to be added to repo server pods + # -- Annotations to be added to server pods podAnnotations: {} - # -- Labels to be added to repo server pods + # -- Labels to be added to server pods podLabels: {} - # -- Configures the repo server port - containerPort: 8081 + # -- Resource limits and requests for the Argo CD server + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 50m + # memory: 64Mi + + # Server container ports + containerPorts: + # -- Server container port + server: 8080 + # -- Metrics container port + metrics: 8083 + + # -- Host Network for Server pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Server pods + dnsPolicy: "ClusterFirst" + + # -- Server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -1543,6 +2011,7 @@ repoServer: successThreshold: 1 # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + livenessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -1555,437 +2024,155 @@ repoServer: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 - # -- Additional volumeMounts to the repo server main container - volumeMounts: [] + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 - # -- Additional volumes to the repo server pod - volumes: [] - ## Use init containers to configure custom tooling - ## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/ - ## When using the volumes & volumeMounts section bellow, please comment out those above. - # - name: custom-tools - # emptyDir: {} - - # -- [Node selector] - nodeSelector: {} - # -- [Tolerations] for use with node taints - tolerations: [] - # -- Assign custom [affinity] rules to the deployment - affinity: {} - - # -- Assign custom [TopologySpreadConstraints] rules to the repo server - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment - topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - - # -- Priority class for the repo server + # -- Priority class for the Argo CD server pods + # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" - # -- Repo server container-level security context - containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} - # -- Resource limits and requests for the repo server pods - resources: {} - # limits: - # cpu: 50m - # memory: 128Mi - # requests: - # cpu: 10m - # memory: 64Mi + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] - ## Repo server service configuration + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # TLS certificate configuration via cert-manager + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server + certificate: + # -- Deploy a Certificate resource (requires cert-manager) + enabled: false + # -- Certificate primary domain (commonName) + # @default -- `""` (defaults to global.domain) + domain: "" + # -- Certificate Subject Alternate Names (SANs) + additionalHosts: [] + # -- The requested 'duration' (i.e. lifetime) of the certificate. + # @default -- `""` (defaults to 2160h = 90d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + duration: "" + # -- How long before the expiry a certificate should be renewed. + # @default -- `""` (defaults to 360h = 15d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + renewBefore: "" + # Certificate issuer + ## Ref: https://cert-manager.io/docs/concepts/issuer + issuer: + # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` + group: "" + # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` + kind: "" + # -- Certificate issuer name. Eg. `letsencrypt` + name: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 + # -- Annotations to be applied to the Server Certificate + annotations: {} + # -- Usages for the certificate + ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage + usages: [] + # -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources + secretTemplateAnnotations: {} + + # TLS certificate configuration via Secret + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server + certificateSecret: + # -- Create argocd-server-tls secret + enabled: false + # -- Annotations to be added to argocd-server-tls secret + annotations: {} + # -- Labels to be added to argocd-server-tls secret + labels: {} + # -- Private Key of the certificate + key: '' + # -- Certificate data + crt: '' + + ## Server service configuration service: - # -- Repo server service annotations + # -- Server service annotations annotations: {} - # -- Repo server service labels + # -- Server service labels labels: {} - # -- Repo server service port - port: 8081 - # -- Repo server service port name - portName: https-repo-server + # -- Server service type + type: ClusterIP + # -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") + nodePortHttp: 30080 + # -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") + nodePortHttps: 30443 + # -- Server service http port + servicePortHttp: 80 + # -- Server service https port + servicePortHttps: 443 + # -- Server service http port name, can be used to route traffic via istio + servicePortHttpName: http + # -- Server service https port name, can be used to route traffic via istio + servicePortHttpsName: https + # -- Server service https port appProtocol + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + servicePortHttpsAppProtocol: "" + # -- The class of the load balancer implementation + loadBalancerClass: "" + # -- LoadBalancer will get created with the IP specified in this field + loadBalancerIP: "" + # -- Source IP ranges to allow access to service from + ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer + ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb + loadBalancerSourceRanges: [] + # -- Server service external IPs + externalIPs: [] + # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: Cluster + # -- Used to maintain session affinity. Supports `ClientIP` and `None` + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + sessionAffinity: None - ## Repo server metrics service configuration + ## Server metrics service configuration metrics: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels labels: {} # -- Metrics service port - servicePort: 8084 - # -- Metrics service port name - portName: http-metrics - serviceMonitor: - # -- Enable a prometheus ServiceMonitor - enabled: false - # -- Prometheus ServiceMonitor interval - interval: 30s - # -- Prometheus [RelabelConfigs] to apply to samples before scraping - relabelings: [] - # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion - metricRelabelings: [] - # -- Prometheus ServiceMonitor selector - selector: {} - # prometheus: kube-prometheus - - # -- Prometheus ServiceMonitor scheme - scheme: "" - # -- Prometheus ServiceMonitor tlsConfig - tlsConfig: {} - # -- Prometheus ServiceMonitor namespace - namespace: "" # "monitoring" - # -- Prometheus ServiceMonitor labels - additionalLabels: {} - - ## Enable Admin ClusterRole resources. - ## Enable if you would like to grant cluster rights to Argo CD repo server. - clusterAdminAccess: - # -- Enable RBAC for local cluster deployments - enabled: false - ## Enable Custom Rules for the Repo server's Cluster Role resource - ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. - ## Defaults to off - clusterRoleRules: - # -- Enable custom rules for the Repo server's Cluster Role resource - enabled: false - # -- List of custom rules for the Repo server's Cluster Role resource - rules: [] - - ## Repo server service account - ## If create is set to true, make sure to uncomment the name and update the rbac section below - serviceAccount: - # -- Create repo server service account - create: true - # -- Repo server service account name - name: "" # "argocd-repo-server" - # -- Annotations applied to created service account - annotations: {} - # -- Automount API credentials for the Service Account - automountServiceAccountToken: true - - # -- Additional containers to be added to the repo server pod - extraContainers: [] - - # -- Repo server rbac rules - rbac: [] - # - apiGroups: - # - argoproj.io - # resources: - # - applications - # verbs: - # - get - # - list - # - watch - - # Init container to copy argocd binary - copyutil: - # -- Resource limits and requests for the copyutil initContainer - resources: {} - # limits: - # cpu: 50m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi - - # -- Init containers to add to the repo server pods - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - - pdb: - # -- Labels to be added to Repo server pdb - labels: {} - # -- Annotations to be added to Repo server pdb - annotations: {} - - # -- Deploy a Poddisruptionbudget for the Repo server - enabled: false - # minAvailable: 1 - # maxUnavailable: 0 - -## Argo Configs -configs: - # -- Provide one or multiple [external cluster credentials] - # @default -- `[]` (See [values.yaml]) - ## Ref: - ## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters - ## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials - clusterCredentials: [] - # - name: mycluster - # server: https://mycluster.com - # labels: {} - # annotations: {} - # config: - # bearerToken: "" - # tlsClientConfig: - # insecure: false - # caData: "" - # - name: mycluster2 - # server: https://mycluster2.com - # labels: {} - # annotations: {} - # namespaces: namespace1,namespace2 - # clusterResources: true - # config: - # bearerToken: "" - # tlsClientConfig: - # insecure: false - # caData: "" - - # -- GnuPG key ring annotations - gpgKeysAnnotations: {} - # -- [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring - # @default -- `{}` (See [values.yaml]) - gpgKeys: {} - # 4AEE18F83AFDEB23: | - # -----BEGIN PGP PUBLIC KEY BLOCK----- - # - # mQENBFmUaEEBCACzXTDt6ZnyaVtueZASBzgnAmK13q9Urgch+sKYeIhdymjuMQta - # x15OklctmrZtqre5kwPUosG3/B2/ikuPYElcHgGPL4uL5Em6S5C/oozfkYzhwRrT - # SQzvYjsE4I34To4UdE9KA97wrQjGoz2Bx72WDLyWwctD3DKQtYeHXswXXtXwKfjQ - # 7Fy4+Bf5IPh76dA8NJ6UtjjLIDlKqdxLW4atHe6xWFaJ+XdLUtsAroZcXBeWDCPa - # buXCDscJcLJRKZVc62gOZXXtPfoHqvUPp3nuLA4YjH9bphbrMWMf810Wxz9JTd3v - # yWgGqNY0zbBqeZoGv+TuExlRHT8ASGFS9SVDABEBAAG0NUdpdEh1YiAod2ViLWZs - # b3cgY29tbWl0IHNpZ25pbmcpIDxub3JlcGx5QGdpdGh1Yi5jb20+iQEiBBMBCAAW - # BQJZlGhBCRBK7hj4Ov3rIwIbAwIZAQAAmQEH/iATWFmi2oxlBh3wAsySNCNV4IPf - # DDMeh6j80WT7cgoX7V7xqJOxrfrqPEthQ3hgHIm7b5MPQlUr2q+UPL22t/I+ESF6 - # 9b0QWLFSMJbMSk+BXkvSjH9q8jAO0986/pShPV5DU2sMxnx4LfLfHNhTzjXKokws - # +8ptJ8uhMNIDXfXuzkZHIxoXk3rNcjDN5c5X+sK8UBRH092BIJWCOfaQt7v7wig5 - # 4Ra28pM9GbHKXVNxmdLpCFyzvyMuCmINYYADsC848QQFFwnd4EQnupo6QvhEVx1O - # j7wDwvuH5dCrLuLwtwXaQh0onG4583p0LGms2Mf5F+Ick6o/4peOlBoZz48= - # =Bvzs - # -----END PGP PUBLIC KEY BLOCK----- - - # -- Known Hosts configmap annotations - knownHostsAnnotations: {} - knownHosts: - data: - # -- Known Hosts - # @default -- See [values.yaml] - ssh_known_hosts: | - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - # -- TLS certificate configmap annotations - tlsCertsAnnotations: {} - # -- TLS certificate - # @default -- See [values.yaml] - tlsCerts: - {} - # data: - # argocd.example.com: | - # -----BEGIN CERTIFICATE----- - # MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL - # BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE - # BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0 - # c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda - # Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT - # YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES - # MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi - # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5 - # NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc - # CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u - # P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G - # ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+ - # YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E - # Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko - # Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J - # kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u - # kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO - # gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7 - # bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86 - # r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/ - # BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn - # Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx - # CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2 - # XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT - # +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr - # d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO - # OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so - # 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr - # jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8 - # 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W - # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK - # XWyb96wrUlv+E8I= - # -----END CERTIFICATE----- - - # -- *DEPRECATED:* Instead, use `configs.credentialTemplates` and/or `configs.repositories` - repositoryCredentials: {} - - # -- Repository credentials to be used as Templates for other repos - ## Creates a secret for each key/value specified below to create repository credentials - credentialTemplates: {} - # github-enterprise-creds-1: - # url: https://github.com/argoproj - # githubAppID: 1 - # githubAppInstallationID: 2 - # githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3 - # githubAppPrivateKey: | - # -----BEGIN OPENSSH PRIVATE KEY----- - # ... - # -----END OPENSSH PRIVATE KEY----- - # https-creds: - # url: https://github.com/argoproj - # password: my-password - # username: my-username - # ssh-creds: - # url: git@github.com:argoproj-labs - # sshPrivateKey: | - # -----BEGIN OPENSSH PRIVATE KEY----- - # ... - # -----END OPENSSH PRIVATE KEY----- - - # -- Repositories list to be used by applications - ## Creates a secret for each key/value specified below to create repositories - ## Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredentials". - repositories: {} - # istio-helm-repo: - # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts - # name: istio.io - # type: helm - # private-helm-repo: - # url: https://my-private-chart-repo.internal - # name: private-repo - # type: helm - # password: my-password - # username: my-username - # private-repo: - # url: https://github.com/argoproj/private-repo - - secret: - # -- Create the argocd-secret - createSecret: true - # -- Annotations to be added to argocd-secret - annotations: {} - - # -- Shared secret for authenticating GitHub webhook events - githubSecret: "" - # -- Shared secret for authenticating GitLab webhook events - gitlabSecret: "" - # -- Shared secret for authenticating BitbucketServer webhook events - bitbucketServerSecret: "" - # -- UUID for authenticating Bitbucket webhook events - bitbucketUUID: "" - # -- Shared secret for authenticating Gogs webhook events - gogsSecret: "" - - # -- add additional secrets to be added to argocd-secret - ## Custom secrets. Useful for injecting SSO secrets into environment variables. - ## Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/ - ## Note that all values must be non-empty. - extra: - {} - # LDAP_PASSWORD: "mypassword" - - # -- Argo TLS Data - argocdServerTlsConfig: - {} - # key: - # crt: | - # -----BEGIN CERTIFICATE----- - # - # -----END CERTIFICATE----- - # -----BEGIN CERTIFICATE----- - # - # -----END CERTIFICATE----- - - # -- Bcrypt hashed admin password - ## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with - ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` - argocdServerAdminPassword: "" - # -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` - # @default -- `""` (defaults to current time) - argocdServerAdminPasswordMtime: "" - - # -- Define custom [CSS styles] for your argo instance. - # This setting will automatically mount the provided CSS and reference it in the argo configuration. - # @default -- `""` (See [values.yaml]) - ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ - styles: "" - # styles: | - # .nav-bar { - # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); - # } - -openshift: - # -- enables using arbitrary uid for argo repo server - enabled: false - -applicationSet: - # -- Enable Application Set controller - enabled: true - - # -- Application Set controller name string - name: applicationset-controller - - # -- The number of controller pods to run - replicaCount: 1 - - image: - # -- Repository to use for the application set controller - repository: quay.io/argoproj/argocd-applicationset - # -- Tag to use for the application set controller - tag: "v0.4.1" - # -- Image pull policy for the application set controller - # @default -- `""` (defaults to global.image.imagePullPolicy) - imagePullPolicy: "" - - args: - # -- The default metric address - metricsAddr: :8080 - # -- The default health check port - probeBindAddr: :8081 - # -- The default leader election setting - enableLeaderElection: false - # -- How application is synced between the generator and the cluster - policy: sync - # -- Print debug logs - debug: false - # -- Enable dry run mode - dryRun: false - - # -- Additional containers to be added to the applicationset controller pod - extraContainers: [] - - ## Metrics service configuration - metrics: - # -- Deploy metrics service - enabled: false - service: - # -- Metrics service annotations - annotations: {} - # -- Metrics service labels - labels: {} - # -- Metrics service port - servicePort: 8085 + servicePort: 8083 # -- Metrics service port name portName: http-metrics serviceMonitor: @@ -1993,6 +2180,10 @@ applicationSet: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2009,94 +2200,676 @@ applicationSet: namespace: "" # monitoring # -- Prometheus ServiceMonitor labels additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} - # -- If defined, uses a Secret to pull an image from a private Docker registry or repository. - imagePullSecrets: [] - - ## Application set service configuration - service: - # -- Application set service annotations - annotations: {} - # -- Application set service labels - labels: {} - # -- Application set service port - port: 7000 - # -- Application set service port name - portName: webhook + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true serviceAccount: - # -- Specifies whether a service account should be created + # -- Create server service account create: true - # -- Annotations to add to the service account + # -- Server service account name + name: argocd-server + # -- Annotations applied to created service account annotations: {} - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true - # -- Annotations for the controller pods + # Argo CD server ingress configuration + ingress: + # -- Enable an ingress resource for the Argo CD server + enabled: false + # -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke` + ## Additional configuration might be required in related configuration sections + controller: generic + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough + annotations: {} + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + + # -- Defines which ingress controller will implement the resource + ingressClassName: "" + + # -- Argo CD server hostname + # @default -- `""` (defaults to global.domain) + hostname: "" + + # -- The path to Argo CD server + path: / + + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret `argocd-server-tls` + ## You can create this secret via `certificate` or `certificateSecret` option + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - http: + # paths: + # - path: / + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.server.fullname" . }}' + # port: + # name: '{{ .Values.server.service.servicePortHttpsName }}' + + # -- Additional TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - hosts: + # - argocd.example.com + # secretName: your-certificate-name + + # AWS specific options for Application Load Balancer + # Applies only when `serv.ingress.controller` is set to `aws` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode + aws: + # -- Backend protocol version for the AWS ALB gRPC service + ## This tells AWS to send traffic from the ALB using gRPC. + ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings + backendProtocolVersion: GRPC + # -- Service type for the AWS ALB gRPC service + ## Can be of type NodePort or ClusterIP depending on which mode you are running. + ## Instance mode needs type NodePort, IP mode needs type ClusterIP + ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic + serviceType: NodePort + + # Google specific options for Google Application Load Balancer + # Applies only when `server.ingress.controller` is set to `gke` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress + gke: + # -- Google [BackendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + backendConfig: {} + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argocd-secret + + # -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + frontendConfig: {} + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + + # Managed GKE certificate for ingress hostname + managedCertificate: + # -- Create ManagedCertificate resource and annotations for Google Load balancer + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + create: true + # -- Additional domains for ManagedCertificate resource + extraDomains: [] + # - argocd.example.com + + # Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts + ingressGrpc: + # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] + enabled: false + # -- Additional ingress annotations for dedicated [gRPC-ingress] + annotations: {} + # -- Additional ingress labels for dedicated [gRPC-ingress] + labels: {} + # -- Defines which ingress controller will implement the resource [gRPC-ingress] + ingressClassName: "" + + # -- Argo CD server hostname for dedicated [gRPC-ingress] + # @default -- `""` (defaults to grpc.`server.ingress.hostname`) + hostname: "" + + # -- Argo CD server ingress path for dedicated [gRPC-ingress] + path: / + + # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` + ## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: grpc.argocd.example.com + # path: / + + # -- Additional ingress paths for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - http: + # paths: + # - path: / + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.server.fullname" . }}' + # port: + # name: '{{ .Values.server.service.servicePortHttpName }}' + + # -- Additional TLS configuration for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - secretName: your-certificate-name + # hosts: + # - argocd.example.com + + # Create a OpenShift Route with SSL passthrough for UI and CLI + # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain + # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: + # If 'hostname' is an empty string "" OpenShift will create a hostname for you. + route: + # -- Enable an OpenShift Route for the Argo CD server + enabled: false + # -- Openshift Route annotations + annotations: {} + # -- Hostname of OpenShift Route + hostname: "" + # -- Termination type of Openshift Route + termination_type: passthrough + # -- Termination policy of Openshift Route + termination_policy: None + + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the server's ClusterRole resource + enabled: false + # -- List of custom rules for the server's ClusterRole resource + rules: [] + +## Repo Server +repoServer: + # -- Repo server name + name: repo-server + + # -- The number of repo server pods to run + replicas: 1 + + # -- Runtime class name for the repo server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Repo server Horizontal Pod Autoscaler + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server + enabled: false + # -- Minimum number of replicas for the repo server [HPA] + minReplicas: 1 + # -- Maximum number of replicas for the repo server [HPA] + maxReplicas: 5 + # -- Average CPU utilization percentage for the repo server [HPA] + targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the repo server [HPA] + targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD repo server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] + + ## Repo server Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the repo server + enabled: false + # -- Labels to be added to repo server pdb + labels: {} + # -- Annotations to be added to repo server pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `repoServer.pdb.minAvailable` + maxUnavailable: "" + + ## Repo server image + image: + # -- Repository to use for the repo server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the repo server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the repo server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to repo server + extraArgs: [] + + # -- Environment variables to pass to repo server + env: [] + + # -- envFrom to pass to repo server + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container + lifecycle: {} + + # -- Additional containers to be added to the repo server pod + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ + ## Note: Supports use of custom Helm templates + extraContainers: [] + # - name: cmp-my-plugin + # command: + # - "/var/run/argocd/argocd-cmp-server" + # image: busybox + # securityContext: + # runAsNonRoot: true + # runAsUser: 999 + # volumeMounts: + # - mountPath: /var/run/argocd + # name: var-files + # - mountPath: /home/argocd/cmp-server/plugins + # name: plugins + # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. + # - mountPath: /home/argocd/cmp-server/config/plugin.yaml + # subPath: my-plugin.yaml + # name: argocd-cmp-cm + # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # # mitigate path traversal attacks. + # - mountPath: /tmp + # name: cmp-tmp + # - name: cmp-my-plugin2 + # command: + # - "/var/run/argocd/argocd-cmp-server" + # image: busybox + # securityContext: + # runAsNonRoot: true + # runAsUser: 999 + # volumeMounts: + # - mountPath: /var/run/argocd + # name: var-files + # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. + # - mountPath: /home/argocd/cmp-server/plugins + # name: plugins + # - mountPath: /home/argocd/cmp-server/config/plugin.yaml + # subPath: my-plugin2.yaml + # name: argocd-cmp-cm + # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # # mitigate path traversal attacks. + # - mountPath: /tmp + # name: cmp-tmp + + # -- Init containers to add to the repo server pods + initContainers: [] + + # -- Additional volumeMounts to the repo server main container + volumeMounts: [] + + # -- Additional volumes to the repo server pod + volumes: [] + # - name: argocd-cmp-cm + # configMap: + # name: argocd-cmp-cm + # - name: cmp-tmp + # emptyDir: {} + + # -- Volumes to be used in replacement of emptydir on default volumes + existingVolumes: {} + # gpgKeyring: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-keyring + # helmWorkingDir: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-workdir + # tmp: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-tmp + # varFiles: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-varfiles + # plugins: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-plugins + + ## RepoServer emptyDir volumes + emptyDir: + # -- EmptyDir size limit for repo server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # -- Toggle the usage of a ephemeral Helm working directory + useEphemeralHelmWorkingDir: true + + # -- Annotations to be added to repo server Deployment + deploymentAnnotations: {} + + # -- Annotations to be added to repo server pods podAnnotations: {} - # -- Labels for the controller pods + # -- Labels to be added to repo server pods podLabels: {} - # -- Pod Security Context - podSecurityContext: {} - # fsGroup: 2000 - - # -- Security Context - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - # -- Resource limits and requests for the controller pods. + # -- Resource limits and requests for the repo server pods resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + + # Repo server container ports + containerPorts: + # -- Repo server container port + server: 8081 + # -- Metrics container port + metrics: 8084 + + # -- Host Network for Repo server pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Repo server pods + dnsPolicy: "ClusterFirst" + + # -- Repo server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] - # -- Assign custom [affinity] rules + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} - # -- If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. + # -- Assign custom [TopologySpreadConstraints] rules to the repo server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the repo server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the repo server pods + # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" - # -- List of extra mounts to add (normally used with extraVolumes) - extraVolumeMounts: [] - # - mountPath: /tmp/foobar - # name: foobar + # TLS certificate configuration via Secret + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server + ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers. + certificateSecret: + # -- Create argocd-repo-server-tls secret + enabled: false + # -- Annotations to be added to argocd-repo-server-tls secret + annotations: {} + # -- Labels to be added to argocd-repo-server-tls secret + labels: {} + # -- Certificate authority. Required for self-signed certificates. + ca: '' + # -- Certificate private key + key: '' + # -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc) + crt: '' - # -- List of extra volumes to add - extraVolumes: [] - # - name: foobar - # emptyDir: {} + ## Repo server service configuration + service: + # -- Repo server service annotations + annotations: {} + # -- Repo server service labels + labels: {} + # -- Repo server service port + port: 8081 + # -- Repo server service port name + portName: tcp-repo-server - # -- List of extra cli args to add + ## Repo server metrics service configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8084 + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + ## Enable Custom Rules for the Repo server's Cluster Role resource + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the Repo server's Cluster Role resource + enabled: false + # -- List of custom rules for the Repo server's Cluster Role resource + rules: [] + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + ## Repo server service account + ## If create is set to true, make sure to uncomment the name and update the rbac section below + serviceAccount: + # -- Create repo server service account + create: true + # -- Repo server service account name + name: "" # "argocd-repo-server" + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Repo server rbac rules + rbac: [] + # - apiGroups: + # - argoproj.io + # resources: + # - applications + # verbs: + # - get + # - list + # - watch + +## ApplicationSet controller +applicationSet: + # -- ApplicationSet controller name string + name: applicationset-controller + + # -- The number of ApplicationSet controller pods to run + replicas: 1 + + # -- Runtime class name for the ApplicationSet controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## ApplicationSet controller Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the ApplicationSet controller + enabled: false + # -- Labels to be added to ApplicationSet controller pdb + labels: {} + # -- Annotations to be added to ApplicationSet controller pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `applicationSet.pdb.minAvailable` + maxUnavailable: "" + + ## ApplicationSet controller image + image: + # -- Repository to use for the ApplicationSet controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the ApplicationSet controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the ApplicationSet controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- If defined, uses a Secret to pull an image from a private Docker registry or repository. + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- ApplicationSet controller command line flags extraArgs: [] - # - --loglevel=warn - # -- Environment variables to pass to the controller + # -- Environment variables to pass to the ApplicationSet controller extraEnv: [] # - name: "MY_VAR" # value: "value" - # -- envFrom to pass to the controller + # -- envFrom to pass to the ApplicationSet controller # @default -- `[]` (See [values.yaml]) extraEnvFrom: [] # - configMapRef: @@ -2104,64 +2877,348 @@ applicationSet: # - secretRef: # name: secret-name - ## Webhook for the Git Generator - ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) - webhook: - ingress: - # -- Enable an ingress resource for Webhooks - enabled: false - # -- Additional ingress annotations + # -- Additional containers to be added to the ApplicationSet controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the ApplicationSet controller pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + ## ApplicationSet controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for applicationSet controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + ## Metrics service configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations annotations: {} - # -- Additional ingress labels + # -- Metrics service labels labels: {} - # -- Defines which ingress controller will implement the resource - ingressClassName: "" + # -- Metrics service port + servicePort: 8080 + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus - # -- List of ingress hosts - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - hosts: [] - # - argocd-applicationset.example.com + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # monitoring + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} - # -- List of ingress paths - paths: - - /api/webhook - # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` - pathType: Prefix - # -- Additional ingress paths - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation + ## ApplicationSet service configuration + service: + # -- ApplicationSet service annotations + annotations: {} + # -- ApplicationSet service labels + labels: {} + # -- ApplicationSet service type + type: ClusterIP + # -- ApplicationSet service port + port: 7000 + # -- ApplicationSet service port name + portName: http-webhook - # -- Ingress TLS configuration - tls: [] - # - secretName: argocd-applicationset-tls - # hosts: - # - argocd-applicationset.example.com + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: + # -- Create ApplicationSet controller service account + create: true + # -- ApplicationSet controller service account name + name: argocd-applicationset-controller + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Annotations to be added to ApplicationSet controller Deployment + deploymentAnnotations: {} + + # -- Annotations for the ApplicationSet controller pods + podAnnotations: {} + + # -- Labels for the ApplicationSet controller pods + podLabels: {} + + # -- Resource limits and requests for the ApplicationSet controller pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # ApplicationSet controller container ports + containerPorts: + # -- Metrics container port + metrics: 8080 + # -- Probe container port + probe: 8081 + # -- Webhook container port + webhook: 7000 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for ApplicationSet controller pods + dnsPolicy: "ClusterFirst" + + # -- ApplicationSet controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for ApplicationSet controller (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for ApplicationSet controller + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for ApplicationSet controller + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the ApplicationSet controller Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the ApplicationSet controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # TLS certificate configuration via cert-manager + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration + certificate: + # -- Deploy a Certificate resource (requires cert-manager) + enabled: false + # -- Certificate primary domain (commonName) + # @default -- `""` (defaults to global.domain) + domain: "" + # -- Certificate Subject Alternate Names (SANs) + additionalHosts: [] + # -- The requested 'duration' (i.e. lifetime) of the certificate. + # @default -- `""` (defaults to 2160h = 90d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + duration: "" + # -- How long before the expiry a certificate should be renewed. + # @default -- `""` (defaults to 360h = 15d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + renewBefore: "" + # Certificate issuer + ## Ref: https://cert-manager.io/docs/concepts/issuer + issuer: + # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` + group: "" + # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` + kind: "" + # -- Certificate issuer name. Eg. `letsencrypt` + name: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 + # -- Annotations to be applied to the ApplicationSet Certificate + annotations: {} + + ## Ingress for the Git Generator webhook + ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) + ingress: + # -- Enable an ingress resource for ApplicationSet webhook + enabled: false + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + annotations: {} + + # -- Defines which ingress ApplicationSet controller will implement the resource + ingressClassName: "" + + # -- Argo CD ApplicationSet hostname + # @default -- `""` (defaults to global.domain) + hostname: "" + + # -- List of ingress paths + path: /api/webhook + + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - http: + # paths: + # - path: /api/webhook + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.applicationSet.fullname" . }}' + # port: + # name: '{{ .Values.applicationSet.service.portName }}' + + # -- Additional ingress TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - secretName: argocd-applicationset-tls + # hosts: + # - argocd-applicationset.example.com + # -- Enable ApplicationSet in any namespace feature + allowAnyNamespace: false +## Notifications controller notifications: - # -- Enable Notifications controller + # -- Enable notifications controller enabled: true # -- Notifications controller name string name: notifications-controller - # -- Assign custom [affinity] rules - affinity: {} - # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates - argocdUrl: + # @default -- `""` (defaults to https://`global.domain`) + argocdUrl: "" + # -- Runtime class name for the notifications controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Notifications controller Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the notifications controller + enabled: false + # -- Labels to be added to notifications controller pdb + labels: {} + # -- Annotations to be added to notifications controller pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `notifications.pdb.minAvailable` + maxUnavailable: "" + + ## Notifications controller image image: # -- Repository to use for the notifications controller # @default -- `""` (defaults to global.image.repository) @@ -2174,68 +3231,79 @@ notifications: imagePullPolicy: "" # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- [Node selector] - nodeSelector: {} + # -- Notifications controller log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + logFormat: "" + # -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + logLevel: "" - # -- The deployment strategy to use to replace existing pods with new ones - updateStrategy: - type: Recreate - - # -- Define user-defined context - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/#defining-user-defined-context - context: {} - # region: east - # environmentName: staging - - secret: - # -- Whether helm chart creates controller secret - create: true - - # -- key:value pairs of annotations to be added to the secret - annotations: {} - - # -- The name of the secret to use. - ## If not set and create is true, the default name 'argocd-notifications-secret' is used - name: "" - - # -- Generic key:value pairs to be inserted into the secret - ## Can be used for templates, notification services etc. Some examples given below. - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ - items: {} - # slack-token: - # # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/slack/ - - # grafana-apiKey: - # # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/grafana/ - - # webhooks-github-token: - - # email-username: - # email-password: - # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/email/ - - # -- Set the logging level. (One of: `debug`, `info`, `warn`, `error`) - logLevel: info - # -- Application controller log format. Either `text` or `json` - logFormat: text - - # -- Extra arguments to provide to the controller + # -- Extra arguments to provide to the notifications controller extraArgs: [] # -- Additional container environment variables extraEnv: [] + # -- envFrom to pass to the notifications controller + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Additional containers to be added to the notifications controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the notifications controller pod + ## Note: Supports use of custom Helm templates + initContainers: [] + # -- List of extra mounts to add (normally used with extraVolumes) extraVolumeMounts: [] - # - mountPath: /tmp/foobar - # name: foobar # -- List of extra volumes to add extraVolumes: [] - # - name: foobar - # emptyDir: {} + + # -- Define user-defined context + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context + context: {} + # region: east + # environmentName: staging + + secret: + # -- Whether helm chart creates notifications controller secret + ## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name. + create: true + + # -- notifications controller Secret name + name: "argocd-notifications-secret" + + # -- key:value pairs of annotations to be added to the secret + annotations: {} + + # -- key:value pairs of labels to be added to the secret + labels: {} + + # -- Generic key:value pairs to be inserted into the secret + ## Can be used for templates, notification services etc. Some examples given below. + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ + items: {} + # slack-token: + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/ + + # grafana-apiKey: + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/ + + # webhooks-github-token: + + # email-username: + # email-password: + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/ metrics: # -- Enables prometheus metrics server @@ -2243,6 +3311,10 @@ notifications: # -- Metrics port port: 9001 service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -2257,6 +3329,8 @@ notifications: # prometheus: kube-prometheus # -- Prometheus ServiceMonitor labels additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} # namespace: monitoring # interval: 30s # scrapeTimeout: 10s @@ -2264,28 +3338,30 @@ notifications: scheme: "" # -- Prometheus ServiceMonitor tlsConfig tlsConfig: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] # -- Configures notification services such as slack, email or custom webhook # @default -- See [values.yaml] - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ notifiers: {} # service.slack: | # token: $slack-token - # -- Annotations to be applied to the controller Pods + # -- Annotations to be applied to the notifications controller Deployment + deploymentAnnotations: {} + + # -- Annotations to be applied to the notifications controller Pods podAnnotations: {} - # -- Labels to be applied to the controller Pods + # -- Labels to be applied to the notifications controller Pods podLabels: {} - # -- Pod Security Context - securityContext: - runAsNonRoot: true - - # -- Container Security Context - containerSecurityContext: {} - - # -- Resource limits and requests for the controller + # -- Resource limits and requests for the notifications controller resources: {} # limits: # cpu: 100m @@ -2294,27 +3370,117 @@ notifications: # cpu: 100m # memory: 128Mi + # Notification controller container ports + containerPorts: + # -- Metrics container port + metrics: 9001 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for notifications controller Pods + dnsPolicy: "ClusterFirst" + + # -- Notification controller container-level security Context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for notifications controller Pods (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the application controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the notifications controller Deployment + deploymentStrategy: + type: Recreate + + # -- Priority class for the notifications controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: - # -- Specifies whether a service account should be created + # -- Create notifications controller service account create: true - - # -- The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template + # -- Notification controller service account name name: argocd-notifications-controller - # -- Annotations applied to created service account annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true cm: - # -- Whether helm chart creates controller config map + # -- Whether helm chart creates notifications controller config map create: true - # -- The name of the config map to use. - ## If not set and create is true, the default name 'argocd-notifications-cm' is used - name: "" + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- List of custom rules for the notifications controller's ClusterRole resource + rules: [] # -- Contains centrally managed global application subscriptions - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/ subscriptions: [] # # subscription for on-sync-status-unknown trigger notifications # - recipients: @@ -2330,7 +3496,7 @@ notifications: # - on-sync-status-unknown # -- The notification template is used to generate the notification content - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/ templates: {} # template.app-deployed: | # email: @@ -2546,11 +3712,8 @@ notifications: # ] # }] - # -- [Tolerations] for use with node taints - tolerations: [] - # -- The trigger defines the condition when the notification should be sent - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/ triggers: {} # trigger.on-deployed: | # - description: Application is synced and healthy. Triggered once per commit. @@ -2584,76 +3747,186 @@ notifications: # - app-sync-succeeded # when: app.status.operationState.phase in ['Succeeded'] # - # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown - ## The optional bot component simplifies managing subscriptions - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/ - bots: - slack: - # -- Enable slack bot - ## You have to set secret.notifiers.slack.signingSecret - enabled: false +commitServer: + # -- Enable commit server + enabled: false - # -- The deployment strategy to use to replace existing pods with new ones - updateStrategy: - type: Recreate + # -- Commit server name + name: commit-server - image: - # -- Repository to use for the Slack bot - # @default -- `""` (defaults to global.image.repository) - repository: "" - # -- Tag to use for the Slack bot - # @default -- `""` (defaults to global.image.tag) - tag: "" - # -- Image pull policy for the Slack bot - # @default -- `""` (defaults to global.image.imagePullPolicy) - imagePullPolicy: "" + # -- Runtime class name for the commit server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" - # -- Secrets with credentials to pull images from a private registry - imagePullSecrets: [] + ## commit server controller image + image: + # -- Repository to use for the commit server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the commit server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the commit server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" - service: - # -- Service annotations for Slack bot - annotations: {} - # -- Service port for Slack bot - port: 80 - # -- Service type for Slack bot - type: LoadBalancer + # -- commit server command line flags + extraArgs: [] - serviceAccount: - # -- Specifies whether a service account should be created - create: true + # -- Environment variables to pass to the commit server + extraEnv: [] + # - name: "MY_VAR" + # value: "value" - # -- The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template - name: argocd-notifications-bot + # -- envFrom to pass to the commit server + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name - # -- Annotations applied to created service account - annotations: {} + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] - # -- Pod Security Context - securityContext: - runAsNonRoot: true + # -- List of extra volumes to add + extraVolumes: [] - # -- Container Security Context - containerSecurityContext: {} + metrics: + # -- Enables prometheus metrics server + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8087 + # -- Metrics service port name + portName: metrics - # -- Resource limits and requests for the Slack bot - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + ## commit server service configuration + service: + # -- commit server service annotations + annotations: {} + # -- commit server service labels + labels: {} - # -- Assign custom [affinity] rules - affinity: {} + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: false - # -- [Tolerations] for use with node taints - tolerations: [] + serviceAccount: + # -- Create commit server service account + create: true + # -- commit server service account name + name: argocd-commit-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true - # -- [Node selector] - nodeSelector: {} + # -- Annotations to be added to commit server Deployment + deploymentAnnotations: {} + + # -- Annotations for the commit server pods + podAnnotations: {} + + # -- Labels for the commit server pods + podLabels: {} + + # -- Resource limits and requests for the commit server pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for commit server pods + dnsPolicy: "ClusterFirst" + + # -- commit server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + + ## Probes for commit server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 30 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 5 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the commit server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the commit server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the commit server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 977749af..a184cb91 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,20 +1,22 @@ apiVersion: v2 -description: A Helm chart to install Argo-Events in k8s Cluster +appVersion: v1.9.5 +description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 1.13.0 +version: 2.4.13 +home: https://github.com/argoproj/argo-helm +icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: + - argoproj - argo-events - - sensor-controller - - eventsource-controller - - eventbus-controller sources: - https://github.com/argoproj/argo-events maintainers: - - name: VaibhavPage - - name: whynowy -appVersion: v1.6.0 -icon: https://argoproj.github.io/argo-events/assets/logo.png -home: https://github.com/argoproj/argo-helm + - name: argoproj + url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - "[Added]: Additional RBAC for leader election" + - kind: changed + description: Bump argo-events to v1.9.5 diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index b6c9a407..7e9f6e37 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -1,29 +1,56 @@ # Argo-Events Chart This is a **community maintained** chart. It installs the [argo-events](https://github.com/argoproj/argo-events) application. This application comes packaged with: + - Sensor Custom Resource Definition (See CRD Notes) - EventSource Custom Resource Definition (See CRD Notes) - EventBus Custom Resource Definition (See CRD Notes) -- Sensor Controller Deployment -- EventSource Controller Deployment -- EventBus Controller Deployment -- Service Account -- Roles -- Role Bindings -- Cluster Roles -- Cluster Role Bindings +- Controller Deployment +- Validation Webhook Deployment +- Service Accounts +- Roles / Cluster Roles +- Role Bindings / Cluster Role Bindings -To regenerate this document, from the root of this chart directory run: +To regenerate this document, please run: ```shell -docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +./scripts/helm-docs.sh ``` -## Notes on CRD Installation +## Installing the Chart -Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. +To install the chart with the release name `my-release`: -You can install the CRDs manually from `crds` folder. +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-events +NAME: my-release +... +``` + +## Upgrading + +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +You can install the CRDs manually from `templates/crds` folder. + +### 2.0.* + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs please use following command: + +```bash +for crd in "eventbus.argoproj.io" "eventsources.argoproj.io" "sensors.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace= + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name= +done +``` ## Values @@ -31,81 +58,185 @@ You can install the CRDs manually from `crds` folder. | Key | Type | Default | Description | |-----|------|---------|-------------| -| additionalSaNamespaces | list | `[]` | Create service accounts in additional namespaces specified The SA will always be created in the release namespaces | -| additionalServiceAccountRules | list | (See [values.yaml]) | Additional rules | -| createAggregateRoles | bool | `true` | Create clusterroles that extend existing clusterroles to interact with argo-events CRDs. Only applies for cluster-wide installation (`singleNamespace: true`) | +| configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) | +| configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) | +| configs.jetstream.streamConfig.discard | int | `0` | 0: DiscardOld, 1: DiscardNew | +| configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment | +| configs.jetstream.streamConfig.maxAge | string | `"72h"` | Maximum age of existing messages, i.e. “72h”, “4h35m” | +| configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | | +| configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message | +| configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 | +| configs.jetstream.streamConfig.retention | int | `0` | 0: Limits, 1: Interest, 2: WorkQueue | +| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | +| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | +| configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | | +| configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[0].version | string | `"latest"` | | +| configs.jetstream.versions[1].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[1].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[1].natsImage | string | `"nats:2.8.1"` | | +| configs.jetstream.versions[1].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[1].version | string | `"2.8.1"` | | +| configs.jetstream.versions[2].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[2].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[2].natsImage | string | `"nats:2.8.1-alpine"` | | +| configs.jetstream.versions[2].startCommand | string | `"nats-server"` | | +| configs.jetstream.versions[2].version | string | `"2.8.1-alpine"` | | +| configs.jetstream.versions[3].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[3].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[3].natsImage | string | `"nats:2.8.2"` | | +| configs.jetstream.versions[3].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[3].version | string | `"2.8.2"` | | +| configs.jetstream.versions[4].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[4].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[4].natsImage | string | `"nats:2.8.2-alpine"` | | +| configs.jetstream.versions[4].startCommand | string | `"nats-server"` | | +| configs.jetstream.versions[4].version | string | `"2.8.2-alpine"` | | +| configs.jetstream.versions[5].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[5].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[5].natsImage | string | `"nats:2.9.1"` | | +| configs.jetstream.versions[5].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[5].version | string | `"2.9.1"` | | +| configs.jetstream.versions[6].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[6].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[6].natsImage | string | `"nats:2.9.12"` | | +| configs.jetstream.versions[6].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[6].version | string | `"2.9.12"` | | +| configs.jetstream.versions[7].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[7].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[7].natsImage | string | `"nats:2.9.16"` | | +| configs.jetstream.versions[7].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[7].version | string | `"2.9.16"` | | +| configs.jetstream.versions[8].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | +| configs.jetstream.versions[8].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | +| configs.jetstream.versions[8].natsImage | string | `"nats:2.10.10"` | | +| configs.jetstream.versions[8].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[8].version | string | `"2.10.10"` | | +| configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus | +| crds.annotations | object | `{}` | Annotations to be added to all CRDs | +| crds.install | bool | `true` | Install and upgrade CRDs | +| crds.keep | bool | `true` | Keep CRDs on chart uninstall | +| createAggregateRoles | bool | `false` | Create clusterroles that extend existing clusterroles to interact with argo-events crds Only applies for cluster-wide installation (`controller.rbac.namespaced: false`) | +| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | | fullnameOverride | string | `""` | String to fully override "argo-events.fullname" template | -| imagePullPolicy | string | `"Always"` | The image pull policy | -| imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | -| nameOverride | string | `""` | String to partially override "argo-events.fullname" template | -| registry | string | `"quay.io"` | docker registry | -| securityContext | object | `{"runAsNonRoot":true,"runAsUser":9731}` | Common PodSecurityContext for all controllers | -| serviceAccount | string | `"argo-events-sa"` | ServiceAccount to use for running controller. | -| serviceAccountAnnotations | object | `{}` | Annotations applied to created service account. Can be used to enable GKE workload identity, or other use-cases | -| singleNamespace | bool | `true` | Whether to run in namespaced scope. Set `singleNamespace` to false to have the controllers listen on all namespaces. Otherwise the controllers will listen on the namespace where the chart is installed in. | +| global.additionalLabels | object | `{}` | Additional labels to add to all resources | +| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | +| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo Events deployments | +| global.image.repository | string | `"quay.io/argoproj/argo-events"` | If defined, a repository applied to all Argo Events deployments | +| global.image.tag | string | `""` | Overrides the global Argo Events image tag whose default is the chart appVersion | +| global.imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository | +| global.podAnnotations | object | `{}` | Annotations for the all deployed pods | +| global.podLabels | object | `{}` | Labels for the all deployed pods | +| global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] | +| nameOverride | string | `"argo-events"` | Provide a name in place of `argo-events` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | +| openshift | bool | `false` | Deploy on OpenShift | -### Event Bus Controller +### Controller | Key | Type | Default | Description | |-----|------|---------|-------------| -| eventbusController.affinity | object | `{}` | Assign custom [affinity] rules to the event bus controller | -| eventbusController.containerSecurityContext | object | `{}` | Event bus controller container-level security context | -| eventbusController.extraEnv | list | `[]` | Additional environment variables to pass to event bus controller | -| eventbusController.image | string | `"argoproj/argo-events"` | Repository to use for the event bus controller | -| eventbusController.name | string | `"eventbus-controller"` | Event bus controller name | -| eventbusController.natsMetricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.8.0"` | NATS metrics exporter container image to use for the event bus | -| eventbusController.natsStreamingImage | string | `"nats-streaming:0.22.1"` | NATS streaming container image to use for the event bus | -| eventbusController.nodeSelector | object | `{}` | [Node selector] | -| eventbusController.podAnnotations | object | `{}` | Annotations to be added to event bus controller pods | -| eventbusController.podLabels | object | `{}` | Labels to be added to event event bus controller pods | -| eventbusController.priorityClassName | string | `""` | Priority class for the event bus controller | -| eventbusController.replicaCount | int | `1` | The number of event bus controller pods to run | -| eventbusController.resources | object | `{}` | Resource limits and requests for the event bus controller pods | -| eventbusController.tag | string | `""` (default is the chart appVersion) | Overrides the image tag | -| eventbusController.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| controller.containerSecurityContext | object | `{}` | Events controller container-level security context | +| controller.env | list | `[]` | Environment variables to pass to events controller | +| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to events controller | +| controller.extraContainers | list | `[]` | Additional containers to be added to the events controller pods | +| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the events controller | +| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the events controller | +| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the events controller | +| controller.initContainers | list | `[]` | Init containers to add to the events controller pods | +| controller.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.labels | object | `{}` | Metrics service labels | +| controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| controller.name | string | `"controller-manager"` | Argo Events controller name string | +| controller.nodeSelector | object | `{}` | [Node selector] | +| controller.pdb.annotations | object | `{}` | Annotations to be added to events controller pdb | +| controller.pdb.enabled | bool | `false` | Deploy a PodDisruptionBudget for the events controller | +| controller.pdb.labels | object | `{}` | Labels to be added to events controller pdb | +| controller.podAnnotations | object | `{}` | Annotations to be added to events controller pods | +| controller.podLabels | object | `{}` | Labels to be added to events controller pods | +| controller.priorityClassName | string | `""` | Priority class for the events controller pods | +| controller.rbac.enabled | bool | `true` | Create events controller RBAC | +| controller.rbac.managedNamespace | string | `""` | Additional namespace to be monitored by the controller | +| controller.rbac.namespaced | bool | `false` | Restrict events controller to operate only in a single namespace instead of cluster-wide scope. | +| controller.rbac.rules | list | `[]` | Additional user rules for event controller's rbac | +| controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.replicas | int | `1` | The number of events controller pods to run. | +| controller.resources | object | `{}` | Resource limits and requests for the events controller pods | +| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| controller.serviceAccount.create | bool | `true` | Create a service account for the events controller | +| controller.serviceAccount.name | string | `""` | Service account name | +| controller.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the events controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to the events controller main container | +| controller.volumes | list | `[]` | Additional volumes to the events controller pod | -### Event Source Controller +### Webhook | Key | Type | Default | Description | |-----|------|---------|-------------| -| eventsourceController.affinity | object | `{}` | Assign custom [affinity] rules to the event source controller | -| eventsourceController.containerSecurityContext | object | `{}` | Event source controller container-level security context | -| eventsourceController.eventsourceImage | string | `"argoproj/argo-events"` | Repository to use for the event source image | -| eventsourceController.extraEnv | list | `[]` | Additional environment variables to pass to event source controller | -| eventsourceController.image | string | `"argoproj/argo-events"` | Repository to use for the event source controller | -| eventsourceController.name | string | `"eventsource-controller"` | Event source controller name | -| eventsourceController.nodeSelector | object | `{}` | [Node selector] | -| eventsourceController.podAnnotations | object | `{}` | Annotations to be added to event source controller pods | -| eventsourceController.podLabels | object | `{}` | Labels to be added to event source controller pods | -| eventsourceController.priorityClassName | string | `""` | Priority class for the event source controller | -| eventsourceController.replicaCount | int | `1` | The number of event source controller pods to run | -| eventsourceController.resources | object | `{}` | Resource limits and requests for the event source controller pods | -| eventsourceController.tag | string | `""` (default is the chart appVersion) | Overrides the image tag | -| eventsourceController.tolerations | list | `[]` | [Tolerations] for use with node taints | - -### Sensor Controller - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| sensorController.affinity | object | `{}` | Assign custom [affinity] rules to the sensor controller | -| sensorController.containerSecurityContext | object | `{}` | Sensor controllers container-level security context | -| sensorController.extraEnv | list | `[]` | Additional environment variables to pass to sensor controller | -| sensorController.image | string | `"argoproj/argo-events"` | Repository to use for the sensor controller | -| sensorController.name | string | `"sensor-controller"` | Sensor controller name | -| sensorController.nodeSelector | object | `{}` | [Node selector] | -| sensorController.podAnnotations | object | `{}` | Annotations to be added to sensor controller pods | -| sensorController.podLabels | object | `{}` | Labels to be added to sensor controller pods | -| sensorController.priorityClassName | string | `""` | Priority class for the sensor controller | -| sensorController.replicaCount | int | `1` | The number of sensor controller pods to run | -| sensorController.resources | object | `{}` | Resource limits and requests for the sensor controller pods | -| sensorController.sensorImage | string | `"argoproj/argo-events"` | Repository to use for the sensor image | -| sensorController.tag | string | `""` (default is the chart appVersion) | Overrides the image tag | -| sensorController.tolerations | list | `[]` | [Tolerations] for use with node taints | +| webhook.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| webhook.containerSecurityContext | object | `{}` | Event controller container-level security context | +| webhook.enabled | bool | `false` | Enable admission webhook. Applies only for cluster-wide installation | +| webhook.env | list | `[]` (See [values.yaml]) | Environment variables to pass to event controller | +| webhook.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to event controller | +| webhook.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the event controller | +| webhook.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the event controller | +| webhook.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the event controller | +| webhook.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| webhook.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| webhook.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| webhook.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| webhook.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| webhook.name | string | `"events-webhook"` | Argo Events admission webhook name string | +| webhook.nodeSelector | object | `{}` | [Node selector] | +| webhook.pdb.annotations | object | `{}` | Annotations to be added to admission webhook pdb | +| webhook.pdb.enabled | bool | `false` | Deploy a PodDisruptionBudget for the admission webhook | +| webhook.pdb.labels | object | `{}` | Labels to be added to admission webhook pdb | +| webhook.podAnnotations | object | `{}` | Annotations to be added to event controller pods | +| webhook.podLabels | object | `{}` | Labels to be added to event controller pods | +| webhook.port | int | `443` | Port to listen on | +| webhook.priorityClassName | string | `""` | Priority class for the event controller pods | +| webhook.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| webhook.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| webhook.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| webhook.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| webhook.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| webhook.replicas | int | `1` | The number of webhook pods to run. | +| webhook.resources | object | `{}` | Resource limits and requests for the event controller pods | +| webhook.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| webhook.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| webhook.serviceAccount.create | bool | `true` | Create a service account for the admission webhook | +| webhook.serviceAccount.name | string | `""` | Service account name | +| webhook.tolerations | list | `[]` | [Tolerations] for use with node taints | +| webhook.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the event controller | +| webhook.volumeMounts | list | `[]` | Additional volumeMounts to the event controller main container | +| webhook.volumes | list | `[]` | Additional volumes to the event controller pod | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/README.md.gotmpl b/charts/argo-events/README.md.gotmpl index 61654981..505217ba 100644 --- a/charts/argo-events/README.md.gotmpl +++ b/charts/argo-events/README.md.gotmpl @@ -1,29 +1,56 @@ # Argo-Events Chart This is a **community maintained** chart. It installs the [argo-events](https://github.com/argoproj/argo-events) application. This application comes packaged with: + - Sensor Custom Resource Definition (See CRD Notes) - EventSource Custom Resource Definition (See CRD Notes) - EventBus Custom Resource Definition (See CRD Notes) -- Sensor Controller Deployment -- EventSource Controller Deployment -- EventBus Controller Deployment -- Service Account -- Roles -- Role Bindings -- Cluster Roles -- Cluster Role Bindings +- Controller Deployment +- Validation Webhook Deployment +- Service Accounts +- Roles / Cluster Roles +- Role Bindings / Cluster Role Bindings -To regenerate this document, from the root of this chart directory run: +To regenerate this document, please run: ```shell -docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +./scripts/helm-docs.sh ``` -## Notes on CRD Installation +## Installing the Chart -Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. +To install the chart with the release name `my-release`: -You can install the CRDs manually from `crds` folder. +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-events +NAME: my-release +... +``` + +## Upgrading + +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +You can install the CRDs manually from `templates/crds` folder. + +### 2.0.* + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs please use following command: + +```bash +for crd in "eventbus.argoproj.io" "eventsources.argoproj.io" "sensors.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace= + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name= +done +``` ## Values @@ -32,46 +59,39 @@ You can install the CRDs manually from `crds` folder. | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if not (or (hasPrefix "eventbusController" .Key) (hasPrefix "eventsourceController" .Key) (hasPrefix "sensorController" .Key) ) }} + {{- if not (or (hasPrefix "controller" .Key) (hasPrefix "webhook" .Key) ) }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} -### Event Bus Controller +### Controller | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if hasPrefix "eventbusController" .Key }} + {{- if hasPrefix "controller" .Key }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} -### Event Source Controller +### Webhook | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if hasPrefix "eventsourceController" .Key }} + {{- if hasPrefix "webhook" .Key }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} -### Sensor Controller - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "sensorController" .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/ci/test-values.yaml b/charts/argo-events/ci/test-values.yaml index a15316ef..122ae333 100644 --- a/charts/argo-events/ci/test-values.yaml +++ b/charts/argo-events/ci/test-values.yaml @@ -1,2 +1 @@ -serviceAccount: argo-events-sa-test singleNamespace: false diff --git a/charts/argo-events/crds/eventbus-crd.yml b/charts/argo-events/crds/eventbus-crd.yml deleted file mode 100644 index 052984c6..00000000 --- a/charts/argo-events/crds/eventbus-crd.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventbus.argoproj.io -spec: - group: argoproj.io - names: - kind: EventBus - listKind: EventBusList - plural: eventbus - shortNames: - - eb - singular: eventbus - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} diff --git a/charts/argo-events/crds/eventsource-crd.yml b/charts/argo-events/crds/eventsource-crd.yml deleted file mode 100644 index ea49a4aa..00000000 --- a/charts/argo-events/crds/eventsource-crd.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventsources.argoproj.io -spec: - group: argoproj.io - scope: Namespaced - names: - kind: EventSource - plural: eventsources - singular: eventsource - listKind: EventSourceList - shortNames: - - es - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} diff --git a/charts/argo-events/crds/sensor-crd.yml b/charts/argo-events/crds/sensor-crd.yml deleted file mode 100644 index d2414bc3..00000000 --- a/charts/argo-events/crds/sensor-crd.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sensors.argoproj.io -spec: - group: argoproj.io - names: - kind: Sensor - listKind: SensorList - plural: sensors - singular: sensor - shortNames: - - sn - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} diff --git a/charts/argo-events/templates/_helpers.tpl b/charts/argo-events/templates/_helpers.tpl index c25f9e5f..79c7051d 100644 --- a/charts/argo-events/templates/_helpers.tpl +++ b/charts/argo-events/templates/_helpers.tpl @@ -24,3 +24,126 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} {{- end }} + +{{/* +Create controller name and version as used by the chart label. +*/}} +{{- define "argo-events.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-events.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-events.controller.serviceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-events.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create webhook name and version as used by the chart label. +*/}} +{{- define "argo-events.webhook.fullname" }} +{{- printf "%s-%s" (include "argo-events.fullname" .) .Values.webhook.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the webhook service account to use +*/}} +{{- define "argo-events.webhook.serviceAccountName" -}} +{{- if .Values.webhook.serviceAccount.create -}} + {{ default (include "argo-events.webhook.fullname" .) .Values.webhook.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.webhook.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-events.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create kubernetes friendly chart version label for the controller. + +Examples: +image.tag = v1.7.3 +output = v1.7.3 + +image.tag = v1.7.3@sha256:a40f4f3ea20d354f00ab469a9f73102668fa545c4d632e1a8e11a206ad3093f3 +output = v1.7.3 +*/}} +{{- define "argo-events.controller_chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-events.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + +{{/* +Create kubernetes friendly chart version label for the events webhook. + +Examples: +image.tag = v1.7.3 +output = v1.7.3 + +image.tag = v1.7.3@sha256:a40f4f3ea20d354f00ab469a9f73102668fa545c4d632e1a8e11a206ad3093f3 +output = v1.7.3 +*/}} +{{- define "argo-events.webhook_chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-events.defaultTag" .) .Values.webhook.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-events.labels" -}} +helm.sh/chart: {{ include "argo-events.chart" .context }} +{{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argo-events +{{- with .context.Values.global.additionalLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-events.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-events.name" .context }}-{{ .name }} +{{- end }} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Return the default Argo Events app version +*/}} +{{- define "argo-events.defaultTag" -}} + {{- default .Chart.AppVersion .Values.global.image.tag }} +{{- end -}} + +{{/* +Define Pdb apiVersion +*/}} +{{- define "argo-events.pdb.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "policy/v1" }} +{{- printf "policy/v1" -}} +{{- else }} +{{- printf "policy/v1beta1" -}} +{{- end }} +{{- end }} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-events.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-events/templates/aggregate-roles.yaml b/charts/argo-events/templates/aggregate-roles.yaml index 6b1fc63a..70802798 100644 --- a/charts/argo-events/templates/aggregate-roles.yaml +++ b/charts/argo-events/templates/aggregate-roles.yaml @@ -1,83 +1,86 @@ -{{- if and .Values.createAggregateRoles (not .Values.singleNamespace) }} +{{- if and .Values.createAggregateRoles (not .Values.controller.rbac.namespaced) }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + name: {{ include "argo-events.fullname" . }}-aggregate-to-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: {{ include "argo-events.fullname" . }}-aggregate-to-admin + {{- include "argo-events.labels" (dict "context" .) | nindent 4 }} rules: - - apiGroups: - - argoproj.io - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + name: {{ include "argo-events.fullname" . }}-aggregate-to-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: {{ include "argo-events.fullname" . }}-aggregate-to-edit + {{- include "argo-events.labels" (dict "context" .) | nindent 4 }} rules: - - apiGroups: - - argoproj.io - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + name: {{ include "argo-events.fullname" . }}-aggregate-to-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - name: {{ include "argo-events.fullname" . }}-aggregate-to-view + {{- include "argo-events.labels" (dict "context" .) | nindent 4 }} rules: - - apiGroups: - - argoproj.io - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - verbs: - - get - - list - - watch +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - get + - list + - watch {{- end }} diff --git a/charts/argo-events/templates/argo-events-cluster-roles.yaml b/charts/argo-events/templates/argo-events-cluster-roles.yaml deleted file mode 100644 index efdd6101..00000000 --- a/charts/argo-events/templates/argo-events-cluster-roles.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if not .Values.singleNamespace }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: argo-events-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: argo-events-role -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} - {{- if .Values.additionalSaNamespaces }} - {{ $sa := .Values.serviceAccount }} - {{- range $namespace := .Values.additionalSaNamespaces }} - - kind: ServiceAccount - name: {{ $sa }} - namespace: {{ $namespace }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: argo-events-role -rules: - {{- with .Values.additionalServiceAccountRules }} - {{- toYaml . | nindent 2 }} - {{- end }} - - apiGroups: - - "" - resources: - - "events" - verbs: - - "create" - - "patch" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - argoproj.io - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - - apiGroups: - - "" - resources: - - pods - - pods/exec - - configmaps - - secrets - - services - - persistentvolumeclaims - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "apps" - resources: - - deployments - - statefulsets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml new file mode 100644 index 00000000..e3047de7 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "argo-events.controller.fullname" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} +data: + controller-config.yaml: | + eventBus: + {{- if .Values.configs.nats.versions }} + nats: + versions: + {{- range .Values.configs.nats.versions }} + - version: {{ .version }} + natsStreamingImage: {{ .natsStreamingImage }} + metricsExporterImage: {{ .metricsExporterImage }} + {{- end }} + {{- end }} + {{- if .Values.configs.jetstream.versions }} + jetstream: + # Default JetStream settings, could be overridden by EventBus JetStream specs + settings: | + # https://docs.nats.io/running-a-nats-service/configuration#jetstream + # Only configure "max_memory_store" or "max_file_store", do not set "store_dir" as it has been hardcoded. + max_memory_store: {{ .Values.configs.jetstream.settings.maxMemoryStore | default -1 }} + max_file_store: {{ .Values.configs.jetstream.settings.maxFileStore | default -1 }} + # The default properties of the streams to be created in this JetStream service + streamConfig: | + maxMsgs: {{ .Values.configs.jetstream.streamConfig.maxMsgs }} + maxAge: {{ .Values.configs.jetstream.streamConfig.maxAge }} + maxBytes: {{ .Values.configs.jetstream.streamConfig.maxBytes }} + replicas: {{ .Values.configs.jetstream.streamConfig.replicas }} + duplicates: {{ .Values.configs.jetstream.streamConfig.duplicates }} + retention: {{ .Values.configs.jetstream.streamConfig.retention }} + discard: {{ .Values.configs.jetstream.streamConfig.discard }} + versions: + {{- range .Values.configs.jetstream.versions }} + - version: {{ .version }} + natsImage: {{ .natsImage }} + metricsExporterImage: {{ .metricsExporterImage }} + configReloaderImage: {{ .configReloaderImage }} + startCommand: {{ .startCommand }} + {{- end }} + {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml new file mode 100644 index 00000000..17bf0a6a --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -0,0 +1,149 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "argo-events.controller.fullname" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }} +spec: + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + revisionHistoryLimit: 5 + replicas: {{ .Values.controller.replicas }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/argo-events-controller/config.yaml") . | sha256sum }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.controller.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.controller.name }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + args: + - controller + {{- if .Values.controller.rbac.namespaced }} + - --namespaced + {{- end }} + {{- if .Values.controller.rbac.managedNamespace }} + - --managed-namespace + - {{ .Values.controller.rbac.managedNamespace }} + {{- end }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + env: + - name: ARGO_EVENTS_IMAGE + value: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag }} + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.controller.env }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeMounts: + - name: config + mountPath: /etc/argo-events + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: metrics + containerPort: 7777 + protocol: TCP + - name: probe + containerPort: 8081 + protocol: TCP + livenessProbe: + httpGet: + port: probe + path: /healthz + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + port: probe + path: /readyz + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- with .Values.controller.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.controller.extraContainers }} + {{- toYaml . | nindent 6 }} + {{- end -}} + {{- with .Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "argo-events.controller.serviceAccountName" . }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "argo-events.controller.fullname" . }} + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/pdb.yaml b/charts/argo-events/templates/argo-events-controller/pdb.yaml new file mode 100644 index 00000000..269e2de4 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/pdb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.controller.pdb.enabled }} +apiVersion: {{ template "argo-events.pdb.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-events.controller.fullname" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.controller.pdb.minAvailable }} + minAvailable: {{ .Values.controller.pdb.minAvailable }} + {{- else if .Values.controller.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/rbac.yaml b/charts/argo-events/templates/argo-events-controller/rbac.yaml new file mode 100644 index 00000000..69a0adcb --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/rbac.yaml @@ -0,0 +1,126 @@ +{{- if .Values.controller.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} +metadata: + name: {{ include "argo-events.controller.fullname" . }} + {{- if .Values.controller.rbac.namespaced }} + namespace: {{ include "argo-events.namespace" . | quote }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +rules: +{{- if .Values.openshift }} +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + {{- if not .Values.controller.rbac.namespaced }} +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - update + {{- end }} +{{- end }} +{{- with .Values.controller.rbac.rules }} + {{- toYaml . | nindent 0 }} +{{- end }} +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - configmaps + - services + - persistentvolumeclaims + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ .Values.controller.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }} +metadata: + name: {{ include "argo-events.controller.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} + name: {{ include "argo-events.controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-events.controller.serviceAccountName" . }} + namespace: {{ include "argo-events.namespace" . | quote }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/service.yaml b/charts/argo-events/templates/argo-events-controller/service.yaml new file mode 100644 index 00000000..55fe9361 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.controller.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-events.controller.fullname" . }}-metrics + namespace: {{ include "argo-events.namespace" . | quote }} + {{- with .Values.controller.metrics.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 4 }} + {{- with .Values.controller.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.controller.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml new file mode 100644 index 00000000..bd697989 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.controller.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-events.controller.serviceAccountName" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + {{- with .Values.controller.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml new file mode 100644 index 00000000..371794ee --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-events.controller.fullname" . }} + namespace: {{ default (include "argo-events.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-events.namespace" . | quote }} + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 6 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-roles.yaml b/charts/argo-events/templates/argo-events-roles.yaml deleted file mode 100644 index b8e81eff..00000000 --- a/charts/argo-events/templates/argo-events-roles.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if .Values.singleNamespace }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-events-binding - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-events-role -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} - {{- if .Values.additionalSaNamespaces }} - {{ $sa := .Values.serviceAccount }} - {{- range $namespace := .Values.additionalSaNamespaces }} - - kind: ServiceAccount - name: {{ $sa }} - namespace: {{ $namespace }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-events-role - namespace: {{ .Release.Namespace }} -rules: - {{- with .Values.additionalServiceAccountRules }} - {{- toYaml . | nindent 2 }} - {{- end }} - - apiGroups: - - "" - resources: - - "events" - verbs: - - "create" - - "patch" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - argoproj.io - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - - apiGroups: - - "" - resources: - - pods - - pods/exec - - configmaps - - secrets - - services - - persistentvolumeclaims - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "apps" - resources: - - deployments - - statefulsets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -{{- end }} diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml deleted file mode 100644 index fec88b4d..00000000 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# All argo-events services are bound to the "argo-events" service account. -# In RBAC enabled setups, this SA is bound to specific roles. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} - {{- with .Values.serviceAccountAnnotations }} - annotations: {{- toYaml . | nindent 4 }} - {{- end }} -{{- if .Values.additionalSaNamespaces }} -{{ $annotations := .Values.serviceAccountAnnotations }} -{{ $sa := .Values.serviceAccount }} -{{- range $namespace := .Values.additionalSaNamespaces }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ $sa }} - namespace: {{ $namespace }} - {{- with $annotations }} - annotations: {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml new file mode 100644 index 00000000..e47f01b0 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml @@ -0,0 +1,79 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-events-webhook + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} +rules: +{{- if .Values.openshift }} +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - update +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update +{{- end }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - argoproj.io + resources: + - eventbus + - eventsources + - sensors + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml new file mode 100644 index 00000000..c701c8d7 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-events.webhook.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-events-webhook +subjects: +- kind: ServiceAccount + name: {{ include "argo-events.webhook.serviceAccountName" . }} + namespace: {{ include "argo-events.namespace" . | quote }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/deployment.yaml b/charts/argo-events/templates/argo-events-webhook/deployment.yaml new file mode 100644 index 00000000..0b995ba2 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml @@ -0,0 +1,126 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: events-webhook + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} + app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }} +spec: + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.webhook.name) | nindent 6 }} + revisionHistoryLimit: 5 + replicas: {{ .Values.webhook.replicas }} + template: + metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.webhook.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 8 }} + app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.webhook.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.webhook.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.webhook.name }} + image: {{ default .Values.global.image.repository .Values.webhook.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.webhook.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.webhook.image.imagePullPolicy }} + args: + - webhook-service + {{- with .Values.webhook.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PORT + value: "{{ .Values.webhook.port }}" + {{- with .Values.webhook.env }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.envFrom }} + envFrom: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: webhook + containerPort: {{ .Values.webhook.port }} + protocol: TCP + livenessProbe: + tcpSocket: + port: webhook + initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.webhook.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.webhook.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.webhook.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.webhook.livenessProbe.failureThreshold }} + readinessProbe: + tcpSocket: + port: webhook + initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.webhook.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.webhook.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.webhook.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.webhook.readinessProbe.failureThreshold }} + {{- with .Values.webhook.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.webhook.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "argo-events.webhook.serviceAccountName" . }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.webhook.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/pdb.yaml b/charts/argo-events/templates/argo-events-webhook/pdb.yaml new file mode 100644 index 00000000..26ee675d --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/pdb.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.webhook.enabled .Values.webhook.pdb.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: {{ template "argo-events.pdb.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-events.webhook.fullname" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} + {{- with .Values.webhook.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.webhook.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.webhook.pdb.minAvailable }} + minAvailable: {{ .Values.webhook.pdb.minAvailable }} + {{- else if .Values.webhook.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.webhook.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.webhook.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml new file mode 100644 index 00000000..797ceb43 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: v1 +kind: Service +metadata: + name: events-webhook + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} +spec: + ports: + - port: {{ int .Values.webhook.port }} + targetPort: webhook + selector: + {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml new file mode 100644 index 00000000..0efad0c2 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.webhook.serviceAccount.create (not .Values.controller.rbac.namespaced) }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-events.webhook.serviceAccountName" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + {{- with .Values.webhook.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/crds/eventbus-crd.yml b/charts/argo-events/templates/crds/eventbus-crd.yml new file mode 100644 index 00000000..f967b9b0 --- /dev/null +++ b/charts/argo-events/templates/crds/eventbus-crd.yml @@ -0,0 +1,48 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventbus.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: EventBus + listKind: EventBusList + plural: eventbus + shortNames: + - eb + singular: eventbus + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-events/templates/crds/eventsource-crd.yml b/charts/argo-events/templates/crds/eventsource-crd.yml new file mode 100644 index 00000000..72fee21c --- /dev/null +++ b/charts/argo-events/templates/crds/eventsource-crd.yml @@ -0,0 +1,48 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventsources.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: EventSource + listKind: EventSourceList + plural: eventsources + shortNames: + - es + singular: eventsource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-events/templates/crds/sensor-crd.yml similarity index 54% rename from charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml rename to charts/argo-events/templates/crds/sensor-crd.yml index 22e2ecf0..3dbf2dc8 100644 --- a/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml +++ b/charts/argo-events/templates/crds/sensor-crd.yml @@ -1,16 +1,24 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: workfloweventbindings.argoproj.io + name: sensors.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: - kind: WorkflowEventBinding - listKind: WorkflowEventBindingList - plural: workfloweventbindings + kind: Sensor + listKind: SensorList + plural: sensors shortNames: - - wfeb - singular: workfloweventbinding + - sn + singular: sensor scope: Namespaced versions: - name: v1alpha1 @@ -25,7 +33,9 @@ spec: type: object spec: type: object - x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object x-kubernetes-preserve-unknown-fields: true required: - metadata @@ -33,3 +43,6 @@ spec: type: object served: true storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-events/templates/eventbus-controller/deployment.yaml b/charts/argo-events/templates/eventbus-controller/deployment.yaml deleted file mode 100644 index 48022cf6..00000000 --- a/charts/argo-events/templates/eventbus-controller/deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.eventbusController.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - release: {{ .Release.Name }} - {{- with .Values.eventbusController.podLabels }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.eventbusController.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.eventbusController.name }} - image: "{{ .Values.registry }}/{{ .Values.eventbusController.image }}:{{ .Values.eventbusController.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - eventbus-controller - {{- if .Values.singleNamespace }} - - --namespaced - {{- end }} - env: - {{- with .Values.eventbusController.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NATS_STREAMING_IMAGE - value: {{ .Values.eventbusController.natsStreamingImage }} - - name: NATS_METRICS_EXPORTER_IMAGE - value: {{ .Values.eventbusController.natsMetricsExporterImage }} - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - resources: {{- toYaml .Values.eventbusController.resources | nindent 12 }} - {{- with .Values.eventbusController.containerSecurityContext }} - securityContext: {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.eventbusController.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.eventbusController.nodeSelector }} - nodeSelector: {{ toYaml .Values.eventbusController.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.eventbusController.tolerations }} - tolerations: {{ toYaml .Values.eventbusController.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.eventbusController.affinity }} - affinity: {{ toYaml .Values.eventbusController.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-events/templates/eventsource-controller/deployment.yaml b/charts/argo-events/templates/eventsource-controller/deployment.yaml deleted file mode 100644 index 9fd55776..00000000 --- a/charts/argo-events/templates/eventsource-controller/deployment.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.eventsourceController.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - release: {{ .Release.Name }} - {{- with .Values.eventsourceController.podLabels }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.eventsourceController.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.eventsourceController.name }} - image: "{{ .Values.registry }}/{{ .Values.eventsourceController.image }}:{{ .Values.eventsourceController.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - eventsource-controller - {{- if .Values.singleNamespace }} - - --namespaced - {{- end }} - env: - {{- with .Values.eventsourceController.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: EVENTSOURCE_IMAGE - value: "{{ .Values.registry }}/{{ .Values.eventsourceController.eventsourceImage }}:{{ .Values.eventsourceController.tag | default .Chart.AppVersion }}" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - resources: {{- toYaml .Values.eventsourceController.resources | nindent 12 }} - {{- with .Values.eventsourceController.containerSecurityContext }} - securityContext: {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.eventsourceController.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.eventsourceController.nodeSelector }} - nodeSelector: {{ toYaml .Values.eventsourceController.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.eventsourceController.tolerations }} - tolerations: {{ toYaml .Values.eventsourceController.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.eventsourceController.affinity }} - affinity: {{ toYaml .Values.eventsourceController.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-events/templates/extra-manifests.yaml b/charts/argo-events/templates/extra-manifests.yaml new file mode 100644 index 00000000..f17b1a93 --- /dev/null +++ b/charts/argo-events/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argo-events/templates/sensor-controller/deployment.yaml b/charts/argo-events/templates/sensor-controller/deployment.yaml deleted file mode 100644 index da678b54..00000000 --- a/charts/argo-events/templates/sensor-controller/deployment.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.sensorController.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-{{ .Values.sensorController.name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.sensorController.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.sensorController.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.sensorController.name }} - release: {{ .Release.Name }} - {{- with .Values.sensorController.podLabels }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.sensorController.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.sensorController.name }} - image: "{{ .Values.registry }}/{{ .Values.sensorController.image }}:{{ .Values.sensorController.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - sensor-controller - {{- if .Values.singleNamespace }} - - --namespaced - {{- end }} - env: - {{- with .Values.sensorController.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SENSOR_IMAGE - value: "{{ .Values.registry }}/{{ .Values.sensorController.sensorImage }}:{{ .Values.sensorController.tag | default .Chart.AppVersion }}" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - resources: {{- toYaml .Values.sensorController.resources | nindent 12 }} - {{- with .Values.sensorController.containerSecurityContext }} - securityContext: {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.sensorController.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.sensorController.nodeSelector }} - nodeSelector: {{ toYaml .Values.sensorController.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.sensorController.tolerations }} - tolerations: {{ toYaml .Values.sensorController.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.sensorController.affinity }} - affinity: {{ toYaml .Values.sensorController.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 074a8fdf..fb9878c9 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -1,163 +1,477 @@ -# -- String to partially override "argo-events.fullname" template -nameOverride: "" +## Argo Events configuration +## Ref: https://github.com/argoproj/argo-events +## +# -- Provide a name in place of `argo-events` +nameOverride: argo-events # -- String to fully override "argo-events.fullname" template fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" -# -- docker registry -registry: quay.io +# -- Deploy on OpenShift +openshift: false -# -- The image pull policy -imagePullPolicy: Always +# -- Create clusterroles that extend existing clusterroles to interact with argo-events crds +# Only applies for cluster-wide installation (`controller.rbac.namespaced: false`) +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: false -# -- Secrets with credentials to pull images from a private registry -imagePullSecrets: [] -# - name: argo-pull-secret +## Custom resource configuration +crds: + # -- Install and upgrade CRDs + install: true + # -- Keep CRDs on chart uninstall + keep: true + # -- Annotations to be added to all CRDs + annotations: {} -# -- ServiceAccount to use for running controller. -serviceAccount: argo-events-sa +global: + image: + # -- If defined, a repository applied to all Argo Events deployments + repository: quay.io/argoproj/argo-events + # -- Overrides the global Argo Events image tag whose default is the chart appVersion + tag: "" + # -- If defined, a imagePullPolicy applied to all Argo Events deployments + imagePullPolicy: IfNotPresent -# -- Annotations applied to created service account. Can be used to enable GKE workload identity, or other use-cases -serviceAccountAnnotations: {} - -# -- Create service accounts in additional namespaces specified -# The SA will always be created in the release namespaces -additionalSaNamespaces: [] - # - argo-prod - -# -- Additional rules -# @default -- (See [values.yaml]) -additionalServiceAccountRules: -- apiGroups: - - apiextensions.k8s.io - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - resources: - - customresourcedefinitions - -# -- Create clusterroles that extend existing clusterroles to interact with argo-events CRDs. -# Only applies for cluster-wide installation (`singleNamespace: true`) -createAggregateRoles: true - -# -- Whether to run in namespaced scope. -# Set `singleNamespace` to false to have the controllers -# listen on all namespaces. Otherwise the controllers will listen -# on the namespace where the chart is installed in. -singleNamespace: true - -# sensor controller -sensorController: - # -- Sensor controller name - name: sensor-controller - # -- Repository to use for the sensor controller - image: argoproj/argo-events - # -- Overrides the image tag - # @default -- `""` (default is the chart appVersion) - tag: "" - # -- The number of sensor controller pods to run - replicaCount: 1 - # -- Additional environment variables to pass to sensor controller - extraEnv: [] - # - name: DEBUG_LOG - # value: "true" - - # -- Repository to use for the sensor image - sensorImage: argoproj/argo-events - # -- Annotations to be added to sensor controller pods + # -- If defined, uses a Secret to pull an image from a private Docker registry or repository + imagePullSecrets: [] + # -- Annotations for the all deployed pods podAnnotations: {} + # -- Labels for the all deployed pods + podLabels: {} + + # -- Additional labels to add to all resources + additionalLabels: {} + # app: argo-events + + # -- Toggle and define securityContext. See [values.yaml] + securityContext: {} + # runAsNonRoot: true + # runAsUser: 9731 + # runAsGroup: 9731 + # fsGroup: 9731 + + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files + hostAliases: [] + # - ip: 10.20.30.40 + # hostnames: + # - git.myhostname + +## Event bus configuration +configs: + ## NATS event bus + nats: + # -- Supported versions of NATS event bus + # @default -- See [values.yaml] + versions: + - version: latest + natsStreamingImage: nats-streaming:latest + metricsExporterImage: natsio/prometheus-nats-exporter:latest + - version: 0.22.1 + natsStreamingImage: nats-streaming:0.22.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.8.0 + + ## JetStream event bus + jetstream: + # Default JetStream settings, could be overridden by EventBus JetStream spec + # Ref: https://docs.nats.io/running-a-nats-service/configuration#jetstream + settings: + # -- Maximum size of the memory storage (e.g. 1G) + maxMemoryStore: -1 + # -- Maximum size of the file storage (e.g. 20G) + maxFileStore: -1 + streamConfig: + # -- Maximum number of messages before expiring oldest message + maxMsgs: 1000000 + # -- Maximum age of existing messages, i.e. “72h”, “4h35m” + maxAge: 72h + # Total size of messages before expiring oldest message, 0 means unlimited. + maxBytes: 1GB + # -- Number of replicas, defaults to 3 and requires minimal 3 + replicas: 3 + # -- Not documented at the moment + duplicates: 300s + # -- 0: Limits, 1: Interest, 2: WorkQueue + retention: 0 + # -- 0: DiscardOld, 1: DiscardNew + discard: 0 + # Supported versions of JetStream eventbus + versions: + - version: latest + natsImage: nats:2.10.10 + metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0 + configReloaderImage: natsio/nats-server-config-reloader:0.14.0 + startCommand: /nats-server + - version: 2.8.1 + natsImage: nats:2.8.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.8.1-alpine + natsImage: nats:2.8.1-alpine + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: nats-server + - version: 2.8.2 + natsImage: nats:2.8.2 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.8.2-alpine + natsImage: nats:2.8.2-alpine + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: nats-server + - version: 2.9.1 + natsImage: nats:2.9.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.9.12 + natsImage: nats:2.9.12 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.9.16 + natsImage: nats:2.9.16 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.10.10 + natsImage: nats:2.10.10 + metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0 + configReloaderImage: natsio/nats-server-config-reloader:0.14.0 + startCommand: /nats-server + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argo-events-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argo-events" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argo-events-secrets-store + # type: Opaque + # labels: + # app.kubernetes.io/part-of: argocd + +## Argo Events controller +controller: + # -- Argo Events controller name string + name: controller-manager + + rbac: + # -- Create events controller RBAC + enabled: true + # -- Restrict events controller to operate only in a single namespace instead of cluster-wide scope. + namespaced: false + # -- Additional namespace to be monitored by the controller + managedNamespace: "" + # -- Additional user rules for event controller's rbac + rules: [] + + image: + # -- Repository to use for the events controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the events controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the events controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- The number of events controller pods to run. + replicas: 1 + + # Pod disruption budget + pdb: + # -- Deploy a PodDisruptionBudget for the events controller + enabled: false + # minAvailable: 1 + # maxUnavailable: 0 + # -- Labels to be added to events controller pdb + labels: {} + # -- Annotations to be added to events controller pdb + annotations: {} + + # -- Environment variables to pass to events controller + env: [] + # - name: DEBUG_LOG + # value: "true" + + # -- envFrom to pass to events controller + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Annotations to be added to events controller pods + podAnnotations: {} + + # -- Labels to be added to events controller pods + podLabels: {} + + # -- Events controller container-level security context + containerSecurityContext: {} + # capabilities: + # drop: + # - all + # readOnlyRootFilesystem: true + # runAsNonRoot: true + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- Additional volumes to the events controller pod + volumes: [] + + # -- Additional volumeMounts to the events controller main container + volumeMounts: [] + # -- [Node selector] nodeSelector: {} - # -- Labels to be added to sensor controller pods - podLabels: {} - # -- Priority class for the sensor controller - priorityClassName: "" # -- [Tolerations] for use with node taints tolerations: [] - # -- Assign custom [affinity] rules to the sensor controller + # -- Assign custom [affinity] rules to the deployment affinity: {} - # -- Resource limits and requests for the sensor controller pods + + # -- Assign custom [TopologySpreadConstraints] rules to the events controller + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Priority class for the events controller pods + priorityClassName: "" + + # -- Resource limits and requests for the events controller pods resources: {} - # -- Sensor controllers container-level security context - containerSecurityContext: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi -eventsourceController: - # -- Event source controller name - name: eventsource-controller - # -- Repository to use for the event source controller - image: argoproj/argo-events - # -- Overrides the image tag - # @default -- `""` (default is the chart appVersion) - tag: "" - # -- The number of event source controller pods to run - replicaCount: 1 - # -- Additional environment variables to pass to event source controller - extraEnv: [] - # - name: DEBUG_LOG - # value: "true" + # -- Additional containers to be added to the events controller pods + extraContainers: [] - # -- Repository to use for the event source image - eventsourceImage: argoproj/argo-events - # -- Annotations to be added to event source controller pods + # -- Init containers to add to the events controller pods + initContainers: [] + + serviceAccount: + # -- Create a service account for the events controller + create: true + # -- Service account name + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + ## Events controller metrics configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8082 + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + +## Argo Events admission webhook +webhook: + # -- Enable admission webhook. Applies only for cluster-wide installation + enabled: false + + # -- Argo Events admission webhook name string + name: events-webhook + + image: + # -- Repository to use for the event controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the event controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the event controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- The number of webhook pods to run. + replicas: 1 + + # Pod disruption budget + pdb: + # -- Deploy a PodDisruptionBudget for the admission webhook + enabled: false + # minAvailable: 1 + # maxUnavailable: 0 + # -- Labels to be added to admission webhook pdb + labels: {} + # -- Annotations to be added to admission webhook pdb + annotations: {} + + # -- Environment variables to pass to event controller + # @default -- `[]` (See [values.yaml]) + env: [] + # - name: DEBUG_LOG + # value: "true" + + # -- envFrom to pass to event controller + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Annotations to be added to event controller pods podAnnotations: {} + + # -- Labels to be added to event controller pods + podLabels: {} + + # -- Port to listen on + port: 443 + + # -- Event controller container-level security context + containerSecurityContext: {} + # capabilities: + # drop: + # - all + # readOnlyRootFilesystem: true + # runAsNonRoot: true + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- Additional volumeMounts to the event controller main container + volumeMounts: [] + + # -- Additional volumes to the event controller pod + volumes: [] + # -- [Node selector] nodeSelector: {} - # -- Labels to be added to event source controller pods - podLabels: {} - # -- Priority class for the event source controller - priorityClassName: "" # -- [Tolerations] for use with node taints tolerations: [] - # -- Assign custom [affinity] rules to the event source controller + # -- Assign custom [affinity] rules to the deployment affinity: {} - # -- Resource limits and requests for the event source controller pods - resources: {} - # -- Event source controller container-level security context - containerSecurityContext: {} -eventbusController: - # -- Event bus controller name - name: eventbus-controller - # -- Repository to use for the event bus controller - image: argoproj/argo-events - # -- Overrides the image tag - # @default -- `""` (default is the chart appVersion) - tag: "" - # -- The number of event bus controller pods to run - replicaCount: 1 - # -- Additional environment variables to pass to event bus controller - extraEnv: [] - # - name: DEBUG_LOG - # value: "true" + # -- Assign custom [TopologySpreadConstraints] rules to the event controller + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule - # -- Annotations to be added to event bus controller pods - podAnnotations: {} - # -- [Node selector] - nodeSelector: {} - # -- Labels to be added to event event bus controller pods - podLabels: {} - # -- Priority class for the event bus controller + # -- Priority class for the event controller pods priorityClassName: "" - # -- [Tolerations] for use with node taints - tolerations: [] - # -- Assign custom [affinity] rules to the event bus controller - affinity: {} - # -- Resource limits and requests for the event bus controller pods - resources: {} - # -- NATS streaming container image to use for the event bus - natsStreamingImage: nats-streaming:0.22.1 - # -- NATS metrics exporter container image to use for the event bus - natsMetricsExporterImage: natsio/prometheus-nats-exporter:0.8.0 - # -- Event bus controller container-level security context - containerSecurityContext: {} -# -- Common PodSecurityContext for all controllers -securityContext: - runAsNonRoot: true - runAsUser: 9731 + # -- Resource limits and requests for the event controller pods + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + serviceAccount: + # -- Create a service account for the admission webhook + create: true + # -- Service account name + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 9cf45863..a9ed74ee 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,14 +1,22 @@ apiVersion: v2 -appVersion: "v1.2.0" +appVersion: v1.8.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.16.0 -icon: https://argoproj.github.io/argo-rollouts/assets/logo.png +version: 2.39.0 home: https://github.com/argoproj/argo-helm +icon: https://argoproj.github.io/argo-rollouts/assets/logo.png +keywords: + - argoproj + - argo-rollouts +sources: + - https://github.com/argoproj/argo-rollouts maintainers: - - name: alexmt - - name: dthomson25 - - name: jessesuen + - name: argoproj + url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - "[Added]: Argo rollouts dashboard cluster role readonly flags" + - kind: changed + description: Bump argo-rollouts to v1.8.0 diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 87a26250..aa09ca14 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -33,6 +33,10 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r |:---------------------------------------------------------------------------| | The chart provides an option to change the service type (`dashboard.service.type`). Also it provides the ability to expose the dashboard via Ingress. Dashboard was never intended to be exposed as an administrative console -- it started out as a local view available via CLI. It should be protected by something (e.g. network access or even better an oauth proxy). | +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + ## Chart Values ### General parameters @@ -42,48 +46,93 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r | apiVersionOverrides.ingress | string | `""` | String to override apiVersion of ingresses rendered by this helm chart | | clusterInstall | bool | `true` | `false` runs controller in namespaced mode (does not require cluster RBAC) | | crdAnnotations | object | `{}` | Annotations to be added to all CRDs | +| createClusterAggregateRoles | bool | `true` | flag to enable creation of cluster aggregate roles (requires cluster RBAC) | +| extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. | | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | +| global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | +| global.deploymentLabels | object | `{}` | Labels for all deployed Deployments | +| global.revisionHistoryLimit | int | `10` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | installCRDs | bool | `true` | Install and upgrade CRDs | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template | +| notifications.configmap.create | bool | `true` | Whether to create notifications configmap | | notifications.notifiers | object | `{}` | Configures notification services | -| notifications.secret.create | bool | `false` | Whether to create notifications secret | +| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | +| notifications.secret.create | bool | `false` | Whether to create notifications secret. | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | +| notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +| providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | +| providerRBAC.enabled | bool | `true` | Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole | +| providerRBAC.providers.ambassador | bool | `true` | Adds RBAC rules for the Ambassador provider | +| providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider | +| providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | +| providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | +| providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` | +| providerRBAC.providers.gatewayAPI | bool | `true` | Adds RBAC rules for the Gateway API provider | +| providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` | +| providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | +| providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | +| providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider | ### Controller | Key | Type | Default | Description | |-----|------|---------|-------------| -| containerSecurityContext | object | `{}` | Security Context to set on container level | +| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context to set on container level | | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | +| controller.containerPorts.healthz | int | `8080` | Healthz container port | +| controller.containerPorts.metrics | int | `8090` | Metrics container port | +| controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | +| controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment | +| controller.deploymentLabels | object | `{}` | Labels to be added to the controller deployment | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | +| controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. | | controller.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | controller.image.registry | string | `"quay.io"` | Registry to use | | controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use | | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | +| controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | +| controller.lifecycle | object | `{}` | Specify lifecycle hooks for the controller | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | +| controller.logging.kloglevel | string | `"0"` | Set the klog logging level | +| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | +| controller.metricProviderPlugins | list | `[]` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.service.annotations | object | `{}` | Service annotations | +| controller.metrics.service.port | int | `8090` | Metrics service port | +| controller.metrics.service.portName | string | `"metrics"` | Metrics service port name | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Namespace to be used for the ServiceMonitor | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping | | controller.nodeSelector | object | `{}` | [Node selector] | | controller.pdb.annotations | object | `{}` | Annotations to be added to controller [Pod Disruption Budget] | | controller.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the controller | | controller.pdb.labels | object | `{}` | Labels to be added to controller [Pod Disruption Budget] | | controller.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | controller.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | +| controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | +| controller.podLabels | object | `{}` | Labels to be added to the application controller pods | | controller.priorityClassName | string | `""` | [priorityClassName] for the controller | | controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller | | controller.replicas | int | `2` | The number of controller pods to run | | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | -| podAnnotations | object | `{}` | Annotations to be added to the Rollout pods | +| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | +| controller.trafficRouterPlugins | list | `[]` | Configures 3rd party traffic router plugins for controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container | +| controller.volumes | list | `[]` | Additional volumes to add to the controller pod | +| podAnnotations | object | `{}` | Annotations for the all deployed pods | | podLabels | object | `{}` | Labels to be added to the Rollout pods | | podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | @@ -98,8 +147,12 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r | dashboard.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` | | dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | +| dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) | +| dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment | +| dashboard.deploymentLabels | object | `{}` | Labels to be added to the dashboard deployment | | dashboard.enabled | bool | `false` | Deploy dashboard server | | dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. | +| dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. | | dashboard.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | dashboard.image.registry | string | `"quay.io"` | Registry to use | | dashboard.image.repository | string | `"argoproj/kubectl-argo-rollouts"` | Repository to use | @@ -113,12 +166,16 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r | dashboard.ingress.pathType | string | `"Prefix"` | Dashboard ingress path type | | dashboard.ingress.paths | list | `["/"]` | Dashboard ingress paths | | dashboard.ingress.tls | list | `[]` | Dashboard ingress tls | +| dashboard.logging.kloglevel | string | `"0"` | Set the klog logging level | +| dashboard.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | dashboard.nodeSelector | object | `{}` | [Node selector] | | dashboard.pdb.annotations | object | `{}` | Annotations to be added to dashboard [Pod Disruption Budget] | | dashboard.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the dashboard | | dashboard.pdb.labels | object | `{}` | Labels to be added to dashboard [Pod Disruption Budget] | | dashboard.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | dashboard.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | +| dashboard.podAnnotations | object | `{}` | Annotations to be added to application dashboard pods | +| dashboard.podLabels | object | `{}` | Labels to be added to the application dashboard pods | | dashboard.podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | | dashboard.priorityClassName | string | `""` | [priorityClassName] for the dashboard server | | dashboard.readonly | bool | `false` | Set cluster role to readonly | @@ -127,6 +184,7 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r | dashboard.service.annotations | object | `{}` | Service annotations | | dashboard.service.externalIPs | list | `[]` | Dashboard service external IPs | | dashboard.service.labels | object | `{}` | Service labels | +| dashboard.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | | dashboard.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | dashboard.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | | dashboard.service.nodePort | int | `nil` | Service nodePort | @@ -138,6 +196,9 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r | dashboard.serviceAccount.create | bool | `true` | Specifies whether a dashboard service account should be created | | dashboard.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | dashboard.tolerations | list | `[]` | [Tolerations] for use with node taints | +| dashboard.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the dashboard server | +| dashboard.volumeMounts | list | `[]` | Additional volumeMounts to add to the dashboard container | +| dashboard.volumes | list | `[]` | Additional volumes to add to the dashboard pod | ## Upgrading @@ -167,6 +228,8 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ [Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets -[values.yaml]: https://github.com/argoproj/argo-helm/blob/argo-rollouts-2.16.0/charts/argo-rollouts/values.yaml +[values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-rollouts?modal=changelog diff --git a/charts/argo-rollouts/README.md.gotmpl b/charts/argo-rollouts/README.md.gotmpl index 6682d168..735dae2c 100644 --- a/charts/argo-rollouts/README.md.gotmpl +++ b/charts/argo-rollouts/README.md.gotmpl @@ -33,6 +33,10 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r |:---------------------------------------------------------------------------| | The chart provides an option to change the service type (`dashboard.service.type`). Also it provides the ability to expose the dashboard via Ingress. Dashboard was never intended to be exposed as an administrative console -- it started out as a local view available via CLI. It should be protected by something (e.g. network access or even better an oauth proxy). | +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + ## Chart Values ### General parameters @@ -96,6 +100,8 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ [Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets -[values.yaml]: https://github.com/argoproj/argo-helm/blob/argo-rollouts-{{ .Version }}/charts/argo-rollouts/values.yaml +[values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-rollouts?modal=changelog diff --git a/charts/argo-rollouts/ci/enable-extra-objects-values.yaml b/charts/argo-rollouts/ci/enable-extra-objects-values.yaml new file mode 100644 index 00000000..8d18ecd3 --- /dev/null +++ b/charts/argo-rollouts/ci/enable-extra-objects-values.yaml @@ -0,0 +1,14 @@ +# Test with extraObjects enabled +# Do not deploy the CRDs as they are already present from the previous test +installCRDs: false + +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: datadog + type: Opaque + data: + address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com + api-key: dGVzdC1hcGkta2V5Cg== # test-api-key + app-key: dGVzdC1hcHAta2V5Cg== # test-app-key diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 94733603..820996a8 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -31,6 +31,20 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create kubernetes friendly chart version label. + +Examples: +image.tag = v1.3.1 +output = v1.3.1 + +image.tag = v1.3.1@sha256:38828e693b02e6f858d89fa22a9d9811d3d7a2430a1d4c7d687b6f509775c6ce +output = v1.3.1 +*/}} +{{- define "argo-rollouts.chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default .Chart.AppVersion $.Values.controller.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + {{/* Common labels */}} @@ -38,7 +52,7 @@ Common labels helm.sh/chart: {{ include "argo-rollouts.chart" . }} {{ include "argo-rollouts.selectorLabels" . }} {{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ default .Chart.AppVersion $.Values.controller.image.tag | quote }} +app.kubernetes.io/version: {{ include "argo-rollouts.chart_version_label" . }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argo-rollouts @@ -95,3 +109,311 @@ Return the appropriate apiVersion for pod disruption budget {{- print "policy/v1" -}} {{- end -}} {{- end -}} + +{{/* +Return the rules for controller's Role and ClusterRole +*/}} +{{- define "argo-rollouts.controller.roleRules" -}} +- apiGroups: + - argoproj.io + resources: + - rollouts + - rollouts/status + - rollouts/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - experiments + - experiments/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - analysistemplates + - clusteranalysistemplates + verbs: + - get + - list + - watch +# replicaset access needed for managing ReplicaSets +- apiGroups: + - apps + resources: + - replicasets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +# deployments and podtemplates read access needed for workload reference support +- apiGroups: + - "" + - apps + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch + - update +# services patch needed to update selector of canary/stable/active/preview services +# services create needed to create and delete services for experiments +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - patch + - create + - delete +# leases create/get/update needed for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +# secret read access to run analysis templates which reference secrets +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} +# pod list/update needed for updating ephemeral data +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - update + - watch +# pods eviction needed for restart +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +# event write needed for emitting events +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch +# ingress patch needed for managing ingress annotations, create needed for nginx canary +- apiGroups: + - networking.k8s.io + - extensions + resources: + - ingresses + verbs: + - create + - get + - list + - watch + - update + - patch +# job access needed for analysis template job metrics +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +{{- if .Values.providerRBAC.enabled }} +{{- if .Values.providerRBAC.providers.istio }} +# virtualservice/destinationrule access needed for using the Istio provider +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - destinationrules + verbs: + - watch + - get + - update + - patch + - list +{{- end }} +{{- if .Values.providerRBAC.providers.smi }} +# trafficsplit access needed for using the SMI provider +- apiGroups: + - split.smi-spec.io + resources: + - trafficsplits + verbs: + - create + - watch + - get + - update + - patch +{{- end }} +{{- if .Values.providerRBAC.providers.ambassador }} +# ambassador access needed for Ambassador provider +- apiGroups: + - getambassador.io + - x.getambassador.io + resources: + - mappings + - ambassadormappings + verbs: + - create + - watch + - get + - update + - list + - delete +{{- end }} +{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} +# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +- apiGroups: + - elbv2.k8s.aws + resources: + - targetgroupbindings + verbs: + - list + - get +{{- end }} +{{- if .Values.providerRBAC.providers.awsAppMesh }} +# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualservices + verbs: + - watch + - get + - list +# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualnodes + - virtualrouters + verbs: + - watch + - get + - list + - update + - patch +{{- end }} +{{- if .Values.providerRBAC.providers.traefik }} +# Traefik access needed when using the Traefik provider +- apiGroups: + - traefik.containo.us + - traefik.io + resources: + - traefikservices + verbs: + - watch + - get + - update +{{- end }} +{{- if .Values.providerRBAC.providers.apisix }} +# Access needed when using the Apisix provider +- apiGroups: + - apisix.apache.org + resources: + - apisixroutes + verbs: + - watch + - get + - update +{{- end }} +{{- if .Values.providerRBAC.providers.contour }} + # Access needed when using the Contour provider +- apiGroups: + - projectcontour.io + resources: + - httpproxies + verbs: + - get + - list + - watch + - update +{{- end }} +{{- if .Values.providerRBAC.providers.glooPlatform }} + # Access needed when using the Gloo Platform provider +- apiGroups: + - networking.gloo.solo.io + resources: + - routetables + verbs: + - '*' +{{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update +{{- end }} +{{- with .Values.providerRBAC.additionalRules }} +{{ toYaml . }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/argo-rollouts/templates/aggregate-roles.yaml b/charts/argo-rollouts/templates/aggregate-roles.yaml index ab3ac6dd..86823903 100644 --- a/charts/argo-rollouts/templates/aggregate-roles.yaml +++ b/charts/argo-rollouts/templates/aggregate-roles.yaml @@ -1,4 +1,4 @@ -{{- if .Values.clusterInstall }} +{{- if and .Values.clusterInstall .Values.createClusterAggregateRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 9581ef96..026f23d7 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.clusterInstall }} +{{- if and .Values.clusterInstall .Values.controller.createClusterRole }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -7,217 +7,5 @@ metadata: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} rules: -- apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/status - - rollouts/finalizers - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch -# replicaset access needed for managing ReplicaSets -- apiGroups: - - apps - resources: - - replicasets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# deployments and podtemplates read access needed for workload reference support -- apiGroups: - - "" - - apps - resources: - - deployments - - podtemplates - verbs: - - get - - list - - watch -# services patch needed to update selector of canary/stable/active/preview services -# services create needed to create and delete services for experiments -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - patch - - create - - delete -# leases create/get/update needed for leader election -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -# secret read access to run analysis templates which reference secrets -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -# pod list/update needed for updating ephemeral data -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - update -# pods eviction needed for restart -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -# event write needed for emitting events -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -# ingress patch needed for managing ingress annotations, create needed for nginx canary -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - patch -# job access needed for analysis template job metrics -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# virtualservice/destinationrule access needed for using the Istio provider -- apiGroups: - - networking.istio.io - resources: - - virtualservices - - destinationrules - verbs: - - watch - - get - - update - - patch - - list -# trafficsplit access needed for using the SMI provider -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - watch - - get - - update - - patch -# ambassador access needed for Ambassador provider -- apiGroups: - - getambassador.io - - x.getambassador.io - resources: - - mappings - - ambassadormappings - verbs: - - create - - watch - - get - - update - - list - - delete -# Endpoints and TargetGroupBindings needed for ALB target group verification -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - list - - get -# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualservices - verbs: - - watch - - get - - list -# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualnodes - - virtualrouters - verbs: - - watch - - get - - list - - update - - patch + {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml b/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml index b48ce5b5..740f8f6b 100644 --- a/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.clusterInstall }} +{{- if and .Values.clusterInstall .Values.controller.createClusterRole }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml new file mode 100644 index 00000000..a1971ab9 --- /dev/null +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argo-rollouts-config + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +data: + {{- with .Values.controller.metricProviderPlugins }} + metricProviderPlugins: |- + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.trafficRouterPlugins }} + trafficRouterPlugins: |- + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index ed0d4ebf..7aea72a4 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -1,8 +1,18 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.controller.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} spec: @@ -11,18 +21,21 @@ spec: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} strategy: - type: Recreate + type: RollingUpdate replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} template: metadata: - {{- with .Values.podAnnotations }} + {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.controller.podAnnotations) }} annotations: - {{- toYaml . | nindent 8 }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.controller.component }} - {{- range $key, $value := .Values.podLabels }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.controller.podLabels) }} {{ $key }}: {{ $value | quote }} {{- end }} spec: @@ -34,21 +47,30 @@ spec: containers: - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}" args: + - --healthzPort={{ .Values.controller.containerPorts.healthz }} + - --metricsport={{ .Values.controller.containerPorts.metrics }} + - "--loglevel={{ .Values.controller.logging.level }}" + - "--logformat={{ .Values.controller.logging.format }}" + - "--kloglevel={{ .Values.controller.logging.kloglevel }}" {{- if not .Values.clusterInstall }} - --namespaced {{- end }} - {{- if gt .Values.controller.replicas 1.0 }} + {{- if gt (int .Values.controller.replicas) 1 }} - --leader-elect {{- end }} {{- with .Values.controller.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controller.extraEnv }} + env: + {{- toYaml . | nindent 8 }} + {{- end }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }} name: argo-rollouts ports: - - containerPort: 8090 + - containerPort: {{ .Values.controller.containerPorts.metrics }} name: metrics - - containerPort: 8080 + - containerPort: {{ .Values.controller.containerPorts.healthz }} name: healthz livenessProbe: {{- toYaml .Values.controller.livenessProbe | nindent 10 }} @@ -56,17 +78,35 @@ spec: {{- toYaml .Values.controller.readinessProbe | nindent 10 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 10 }} + {{- with .Values.controller.lifecycle }} + lifecycle: {{ toYaml . | nindent 10 }} + {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} + volumeMounts: + - name: plugin-bin + mountPath: /home/argo-rollouts/plugin-bin + - name: tmp + mountPath: /tmp + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.controller.extraContainers }} {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.controller.nodeSelector }} nodeSelector: {{- toYaml .Values.controller.nodeSelector | nindent 8 }} {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} {{- if .Values.controller.tolerations }} tolerations: {{- toYaml .Values.controller.tolerations | nindent 8 }} @@ -75,6 +115,26 @@ spec: affinity: {{- toYaml .Values.controller.affinity | nindent 8 }} {{- end }} + {{- with .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + app.kubernetes.io/component: {{ $.Values.controller.component }} + {{- include "argo-rollouts.selectorLabels" $ | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} + volumes: + - name: plugin-bin + emptyDir: {} + - name: tmp + emptyDir: {} + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-rollouts/templates/controller/metrics-service.yaml b/charts/argo-rollouts/templates/controller/metrics-service.yaml index 5e380347..671a0837 100644 --- a/charts/argo-rollouts/templates/controller/metrics-service.yaml +++ b/charts/argo-rollouts/templates/controller/metrics-service.yaml @@ -3,19 +3,23 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-rollouts.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} - {{- with .Values.serviceAnnotations }} annotations: + {{- with .Values.serviceAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.service.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: ports: - - name: metrics + - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP - port: 8090 - targetPort: 8090 + port: {{ .Values.controller.metrics.service.port }} + targetPort: metrics selector: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml similarity index 69% rename from charts/argo-rollouts/templates/controller/notifcations-configmap.yaml rename to charts/argo-rollouts/templates/controller/notifications-configmap.yaml index 3008b327..680f468f 100644 --- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml +++ b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml @@ -1,7 +1,9 @@ +{{ if .Values.notifications.configmap.create }} apiVersion: v1 kind: ConfigMap metadata: name: argo-rollouts-notification-configmap + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -15,3 +17,8 @@ data: {{- with .Values.notifications.triggers }} {{- toYaml . | nindent 2 }} {{- end }} + {{- with .Values.notifications.subscriptions }} + subscriptions: | + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/controller/notifications-secret.yaml b/charts/argo-rollouts/templates/controller/notifications-secret.yaml index 4e9cc64c..f48d895f 100644 --- a/charts/argo-rollouts/templates/controller/notifications-secret.yaml +++ b/charts/argo-rollouts/templates/controller/notifications-secret.yaml @@ -3,6 +3,13 @@ apiVersion: v1 kind: Secret metadata: name: argo-rollouts-notification-secret + namespace: {{ .Release.Namespace | quote }} + {{- with .Values.notifications.secret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml b/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml index 437efab9..7080b55c 100644 --- a/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml +++ b/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "argo-rollouts.podDisruptionBudget.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-rollouts.labels" . | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index 23794c34..6ba0805a 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -3,148 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} rules: -- apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/status - - rollouts/finalizers - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch -# replicaset access needed for managing ReplicaSets -- apiGroups: - - apps - resources: - - replicasets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# services patch needed to update selector of canary/stable/active/preview services -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - patch -# secret read access to run analysis templates which reference secrets -# configmap access to read notification-engine configuration -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -# pod list/update needed for updating ephemeral data -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - update -# pods eviction needed for restart -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -# event write needed for emitting events -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -# ingress patch needed for managing ingress annotations, create needed for nginx canary -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - patch -# job access needed for analysis template job metrics -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# virtualservice access needed for using the Istio provider -- apiGroups: - - networking.istio.io - resources: - - virtualservices - verbs: - - watch - - get - - update - - list -# trafficsplit access needed for using the SMI provider -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - watch - - get - - update - - patch + {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/rolebinding.yaml b/charts/argo-rollouts/templates/controller/rolebinding.yaml index 128df3ab..e76bb194 100644 --- a/charts/argo-rollouts/templates/controller/rolebinding.yaml +++ b/charts/argo-rollouts/templates/controller/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -13,4 +14,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/serviceaccount.yaml b/charts/argo-rollouts/templates/controller/serviceaccount.yaml index 327eb6a5..b0f56633 100644 --- a/charts/argo-rollouts/templates/controller/serviceaccount.yaml +++ b/charts/argo-rollouts/templates/controller/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argo-rollouts.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/servicemonitor.yaml b/charts/argo-rollouts/templates/controller/servicemonitor.yaml index 72d9a691..d7ab901e 100644 --- a/charts/argo-rollouts/templates/controller/servicemonitor.yaml +++ b/charts/argo-rollouts/templates/controller/servicemonitor.yaml @@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -15,7 +16,15 @@ metadata: {{- end }} spec: endpoints: - - port: metrics + - port: {{ .Values.controller.metrics.service.portName }} + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index f5cba997..d723b248 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -108,6 +108,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -188,12 +193,42 @@ spec: type: object datadog: properties: - interval: + aggregator: + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area type: string + apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: + type: string + interval: + default: 5m + type: string + queries: + additionalProperties: + type: string + type: object query: type: string - required: - - query + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object type: object graphite: properties: @@ -202,6 +237,13 @@ spec: query: type: string type: object + influxdb: + properties: + profile: + type: string + query: + type: string + type: object job: properties: metadata: @@ -223,6 +265,9 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer completionMode: type: string completions: @@ -230,9 +275,58 @@ spec: type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -256,6 +350,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic suspend: type: boolean template: @@ -318,6 +413,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -364,10 +460,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -399,6 +497,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -422,6 +531,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -465,6 +575,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -488,6 +609,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -529,6 +651,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -552,6 +685,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -595,6 +729,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -618,6 +763,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -663,6 +809,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -672,6 +819,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -687,6 +835,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -698,6 +847,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -713,6 +863,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -722,6 +873,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -767,6 +919,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -817,6 +977,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1013,13 +1181,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1262,6 +1457,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1271,6 +1467,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1286,6 +1483,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1297,6 +1495,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1312,6 +1511,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1321,6 +1521,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1366,6 +1567,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1416,6 +1625,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1612,13 +1829,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1825,6 +2069,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -1833,6 +2079,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1865,6 +2112,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1874,6 +2122,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1889,6 +2138,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1900,6 +2150,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1915,6 +2166,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1924,6 +2176,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1969,6 +2222,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2019,6 +2280,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2215,13 +2484,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2447,12 +2743,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2572,9 +2899,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2697,13 +3037,79 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: type: string + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean + query: + type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object + timeout: + format: int64 + type: integer + type: object + skywalking: + properties: + address: + type: string + interval: + type: string query: type: string type: object @@ -2716,6 +3122,31 @@ spec: type: object web: properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object body: type: string headers: @@ -2732,6 +3163,9 @@ spec: type: array insecure: type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string method: @@ -2754,11 +3188,26 @@ spec: type: array terminate: type: boolean + ttlStrategy: + properties: + secondsAfterCompletion: + format: int32 + type: integer + secondsAfterFailure: + format: int32 + type: integer + secondsAfterSuccess: + format: int32 + type: integer + type: object required: - metrics type: object status: properties: + completedAt: + format: date-time + type: string dryRunSummary: properties: count: @@ -2785,6 +3234,9 @@ spec: consecutiveError: format: int32 type: integer + consecutiveSuccess: + format: int32 + type: integer count: format: int32 type: integer @@ -2875,5 +3327,4 @@ spec: served: true storage: true subresources: {} - {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 7b23b54d..b0f34229 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -104,6 +104,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -184,12 +189,42 @@ spec: type: object datadog: properties: - interval: + aggregator: + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area type: string + apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: + type: string + interval: + default: 5m + type: string + queries: + additionalProperties: + type: string + type: object query: type: string - required: - - query + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object type: object graphite: properties: @@ -198,6 +233,13 @@ spec: query: type: string type: object + influxdb: + properties: + profile: + type: string + query: + type: string + type: object job: properties: metadata: @@ -219,6 +261,9 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer completionMode: type: string completions: @@ -226,9 +271,58 @@ spec: type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -252,6 +346,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic suspend: type: boolean template: @@ -314,6 +409,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -360,10 +456,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -395,6 +493,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -418,6 +527,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -461,6 +571,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -484,6 +605,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -525,6 +647,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -548,6 +681,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -591,6 +725,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -614,6 +759,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -659,6 +805,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -668,6 +815,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -683,6 +831,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -694,6 +843,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -709,6 +859,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -718,6 +869,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -763,6 +915,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -813,6 +973,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1009,13 +1177,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1258,6 +1453,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1267,6 +1463,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1282,6 +1479,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1293,6 +1491,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1308,6 +1507,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1317,6 +1517,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1362,6 +1563,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1412,6 +1621,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1608,13 +1825,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1821,6 +2065,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -1829,6 +2075,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1861,6 +2108,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1870,6 +2118,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1885,6 +2134,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1896,6 +2146,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1911,6 +2162,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1920,6 +2172,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1965,6 +2218,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2015,6 +2276,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2211,13 +2480,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2443,12 +2739,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2568,9 +2895,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2693,13 +3033,79 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: type: string + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean + query: + type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object + timeout: + format: int64 + type: integer + type: object + skywalking: + properties: + address: + type: string + interval: + type: string query: type: string type: object @@ -2712,6 +3118,31 @@ spec: type: object web: properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object body: type: string headers: @@ -2728,6 +3159,9 @@ spec: type: array insecure: type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string method: @@ -2748,8 +3182,15 @@ spec: - provider type: object type: array - required: - - metrics + templates: + items: + properties: + clusterScope: + type: boolean + templateName: + type: string + type: object + type: array type: object required: - spec diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 8ea109f7..e8a9a6d4 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -104,6 +104,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -184,12 +189,42 @@ spec: type: object datadog: properties: - interval: + aggregator: + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area type: string + apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: + type: string + interval: + default: 5m + type: string + queries: + additionalProperties: + type: string + type: object query: type: string - required: - - query + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object type: object graphite: properties: @@ -198,6 +233,13 @@ spec: query: type: string type: object + influxdb: + properties: + profile: + type: string + query: + type: string + type: object job: properties: metadata: @@ -219,6 +261,9 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer completionMode: type: string completions: @@ -226,9 +271,58 @@ spec: type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -252,6 +346,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic suspend: type: boolean template: @@ -314,6 +409,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -360,10 +456,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -395,6 +493,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -418,6 +527,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -461,6 +571,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -484,6 +605,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -525,6 +647,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -548,6 +681,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -591,6 +725,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -614,6 +759,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -659,6 +805,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -668,6 +815,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -683,6 +831,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -694,6 +843,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -709,6 +859,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -718,6 +869,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -763,6 +915,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -813,6 +973,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1009,13 +1177,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1258,6 +1453,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1267,6 +1463,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1282,6 +1479,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1293,6 +1491,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1308,6 +1507,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1317,6 +1517,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1362,6 +1563,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1412,6 +1621,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1608,13 +1825,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1821,6 +2065,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -1829,6 +2075,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1861,6 +2108,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1870,6 +2118,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1885,6 +2134,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1896,6 +2146,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1911,6 +2162,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1920,6 +2172,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1965,6 +2218,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2015,6 +2276,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2211,13 +2480,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2443,12 +2739,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2568,9 +2895,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2693,13 +3033,79 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: type: string + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean + query: + type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object + timeout: + format: int64 + type: integer + type: object + skywalking: + properties: + address: + type: string + interval: + type: string query: type: string type: object @@ -2712,6 +3118,31 @@ spec: type: object web: properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object body: type: string headers: @@ -2728,6 +3159,9 @@ spec: type: array insecure: type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string method: @@ -2748,8 +3182,15 @@ spec: - provider type: object type: array - required: - - metrics + templates: + items: + properties: + clusterScope: + type: boolean + templateName: + type: string + type: object + type: array type: object required: - spec diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 90b4b499..58c0e72e 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -94,6 +94,17 @@ spec: - templateName type: object type: array + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object dryRun: items: properties: @@ -158,7 +169,11 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic service: + properties: + name: + type: string type: object template: properties: @@ -220,6 +235,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -266,10 +282,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -301,6 +319,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -324,6 +353,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -367,6 +397,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -390,6 +431,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -431,6 +473,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -454,6 +507,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -497,6 +551,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -520,6 +585,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -565,6 +631,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -574,6 +641,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -589,6 +657,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -600,6 +669,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -615,6 +685,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -624,6 +695,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -669,6 +741,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -719,6 +799,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -915,13 +1003,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1164,6 +1279,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1173,6 +1289,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1188,6 +1305,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1199,6 +1317,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1214,6 +1333,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1223,6 +1343,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1268,6 +1389,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1318,6 +1447,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1514,13 +1651,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1727,6 +1891,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -1735,6 +1901,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1767,6 +1934,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1776,6 +1944,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1791,6 +1960,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1802,6 +1972,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1817,6 +1988,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1826,6 +1998,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1871,6 +2044,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1921,6 +2102,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2117,13 +2306,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2349,12 +2565,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2474,9 +2721,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2606,4 +2866,4 @@ spec: served: true storage: true subresources: {} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 596f55ca..a883137d 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -89,6 +89,12 @@ spec: revisionHistoryLimit: format: int32 type: integer + rollbackWindow: + properties: + revisions: + format: int32 + type: integer + type: object selector: properties: matchExpressions: @@ -112,6 +118,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic strategy: properties: blueGreen: @@ -157,6 +164,17 @@ spec: x-kubernetes-int-or-string: true postPromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -214,6 +232,17 @@ spec: type: object prePromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -301,6 +330,17 @@ spec: type: integer analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -397,6 +437,9 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + minPodsPerReplicaSet: + format: int32 + type: integer pingPong: properties: pingService: @@ -431,6 +474,17 @@ spec: properties: analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -527,6 +581,26 @@ spec: - templateName type: object type: array + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array duration: type: string templates: @@ -571,6 +645,12 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + service: + properties: + name: + type: string + type: object specRef: type: string weight: @@ -592,6 +672,16 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + plugin: + properties: + config: + type: object + x-kubernetes-preserve-unknown-fields: true + name: + type: string + required: + - name + type: object setCanaryScale: properties: matchTrafficWeight: @@ -603,6 +693,74 @@ spec: format: int32 type: integer type: object + setHeaderRoute: + properties: + match: + items: + properties: + headerName: + type: string + headerValue: + properties: + exact: + type: string + prefix: + type: string + regex: + type: string + type: object + required: + - headerName + - headerValue + type: object + type: array + name: + type: string + type: object + setMirrorRoute: + properties: + match: + items: + properties: + headers: + additionalProperties: + properties: + exact: + type: string + prefix: + type: string + regex: + type: string + type: object + type: object + method: + properties: + exact: + type: string + prefix: + type: string + regex: + type: string + type: object + path: + properties: + exact: + type: string + prefix: + type: string + regex: + type: string + type: object + type: object + type: array + name: + type: string + percentage: + format: int32 + type: integer + required: + - name + type: object setWeight: format: int32 type: integer @@ -616,6 +774,10 @@ spec: type: string ingress: type: string + ingresses: + items: + type: string + type: array rootService: type: string servicePort: @@ -633,7 +795,6 @@ spec: - enabled type: object required: - - ingress - servicePort type: object ambassador: @@ -645,6 +806,20 @@ spec: required: - mappings type: object + apisix: + properties: + route: + properties: + name: + type: string + rules: + items: + type: string + type: array + required: + - name + type: object + type: object appMesh: properties: virtualNodeGroup: @@ -702,6 +877,14 @@ spec: items: type: string type: array + tcpRoutes: + items: + properties: + port: + format: int64 + type: integer + type: object + type: array tlsRoutes: items: properties: @@ -726,6 +909,14 @@ spec: items: type: string type: array + tcpRoutes: + items: + properties: + port: + format: int64 + type: integer + type: object + type: array tlsRoutes: items: properties: @@ -743,6 +934,18 @@ spec: type: object type: array type: object + managedRoutes: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + maxTrafficWeight: + format: int32 + type: integer nginx: properties: additionalIngressAnnotations: @@ -751,11 +954,20 @@ spec: type: object annotationPrefix: type: string + canaryIngressAnnotations: + additionalProperties: + type: string + type: object stableIngress: type: string - required: - - stableIngress + stableIngresses: + items: + type: string + type: array type: object + plugins: + type: object + x-kubernetes-preserve-unknown-fields: true smi: properties: rootService: @@ -763,6 +975,13 @@ spec: trafficSplitName: type: string type: object + traefik: + properties: + weightedTraefikServiceName: + type: string + required: + - weightedTraefikServiceName + type: object type: object type: object type: object @@ -826,6 +1045,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -872,10 +1092,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -907,6 +1129,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -930,6 +1163,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -973,6 +1207,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -996,6 +1241,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1037,6 +1283,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1060,6 +1317,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1103,6 +1361,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1126,6 +1395,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1171,6 +1441,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1180,6 +1451,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1195,6 +1467,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1206,6 +1479,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1221,6 +1495,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1230,6 +1505,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1275,6 +1551,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1325,6 +1609,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1521,13 +1813,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1770,6 +2089,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1779,6 +2099,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1794,6 +2115,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1805,6 +2127,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1820,6 +2143,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1829,6 +2153,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1874,6 +2199,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1924,6 +2257,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2120,13 +2461,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2333,6 +2701,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2341,6 +2711,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -2373,6 +2744,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -2382,6 +2754,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -2397,6 +2770,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -2408,6 +2782,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -2423,6 +2798,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -2432,6 +2808,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2477,6 +2854,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2527,6 +2912,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2723,13 +3116,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2955,12 +3375,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -3080,9 +3531,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -3113,6 +3577,8 @@ spec: type: string name: type: string + scaleDown: + type: string type: object type: object status: @@ -3131,16 +3597,22 @@ spec: properties: arn: type: string + fullName: + type: string name: type: string required: - arn - name type: object + ingress: + type: string loadBalancer: properties: arn: type: string + fullName: + type: string name: type: string required: @@ -3151,6 +3623,8 @@ spec: properties: arn: type: string + fullName: + type: string name: type: string required: @@ -3158,6 +3632,49 @@ spec: - name type: object type: object + albs: + items: + properties: + canaryTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + ingress: + type: string + loadBalancer: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + stableTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + type: object + type: array availableReplicas: format: int32 type: integer @@ -3224,6 +3741,45 @@ spec: type: object stablePingPong: type: string + stepPluginStatuses: + items: + properties: + backoff: + type: string + disabled: + type: boolean + executions: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + index: + format: int32 + type: integer + message: + type: string + name: + type: string + operation: + type: string + phase: + type: string + startedAt: + format: date-time + type: string + status: + type: object + x-kubernetes-preserve-unknown-fields: true + updatedAt: + format: date-time + type: string + required: + - index + - name + - operation + type: object + type: array weights: properties: additional: diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml index 8dd1ac6b..cb3e457a 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.dashboard.enabled .Values.clusterInstall }} +{{- if and .Values.dashboard.enabled .Values.clusterInstall .Values.dashboard.createClusterRole }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -44,17 +44,18 @@ rules: - get - list - watch - # deployments and podtemplates read access needed for workload reference support - apiGroups: - - "" - apps resources: - deployments - - podtemplates verbs: - get - list - watch + {{- if not .Values.dashboard.readonly }} + - update + - patch + {{- end }} - apiGroups: - apps resources: @@ -70,4 +71,18 @@ rules: verbs: - list - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml index 331fbe4e..2dbf7379 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.dashboard.enabled .Values.clusterInstall }} +{{- if and .Values.dashboard.enabled .Values.clusterInstall .Values.dashboard.createClusterRole }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index 33310ef5..ec0114ba 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -2,8 +2,18 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dashboard.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.dashboard.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} spec: @@ -14,16 +24,19 @@ spec: strategy: type: Recreate replicas: {{ .Values.dashboard.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} template: metadata: - {{- with .Values.podAnnotations }} + {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.dashboard.podAnnotations) }} annotations: - {{- toYaml . | nindent 8 }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.dashboard.component }} - {{- range $key, $value := .Values.podLabels }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.dashboard.podLabels) }} {{ $key }}: {{ $value | quote }} {{- end }} spec: @@ -36,9 +49,16 @@ spec: - image: "{{ .Values.dashboard.image.registry }}/{{ .Values.dashboard.image.repository }}:{{ default .Chart.AppVersion .Values.dashboard.image.tag }}" imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }} args: + - dashboard + - "--loglevel={{ .Values.dashboard.logging.level }}" + - "--kloglevel={{ .Values.dashboard.logging.kloglevel }}" {{- with .Values.dashboard.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.dashboard.extraEnv }} + env: + {{- toYaml . | nindent 8 }} + {{- end }} name: argo-rollouts-dashboard ports: - containerPort: {{ .Values.dashboard.service.targetPort }} @@ -47,6 +67,10 @@ spec: {{- toYaml .Values.dashboard.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.dashboard.resources | nindent 10 }} + {{- with .Values.dashboard.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.dashboard.nodeSelector }} nodeSelector: {{- toYaml .Values.dashboard.nodeSelector | nindent 8 }} @@ -61,7 +85,23 @@ spec: affinity: {{- toYaml .Values.dashboard.affinity | nindent 8 }} {{- end }} + {{- with .Values.dashboard.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-rollouts.selectorLabels" $ | nindent 12 }} + app.kubernetes.io/component: {{ $.Values.dashboard.component }} + {{- end }} + {{- end }} + {{- end }} {{- with .Values.dashboard.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- with .Values.dashboard.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/ingress.yaml b/charts/argo-rollouts/templates/dashboard/ingress.yaml index 0555d1fc..e7f9e41e 100644 --- a/charts/argo-rollouts/templates/dashboard/ingress.yaml +++ b/charts/argo-rollouts/templates/dashboard/ingress.yaml @@ -14,6 +14,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-rollouts.labels" . | nindent 4 }} {{- if .Values.dashboard.ingress.labels }} diff --git a/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml b/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml index 742b149f..d12ba62a 100644 --- a/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml +++ b/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "argo-rollouts.podDisruptionBudget.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-rollouts.labels" . | nindent 4 }} {{- with .Values.dashboard.pdb.labels }} diff --git a/charts/argo-rollouts/templates/dashboard/service.yaml b/charts/argo-rollouts/templates/dashboard/service.yaml index 58978150..b7e553d7 100644 --- a/charts/argo-rollouts/templates/dashboard/service.yaml +++ b/charts/argo-rollouts/templates/dashboard/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -21,6 +22,9 @@ spec: externalIPs: {{- toYaml . | nindent 4 }} {{- end }} {{- if eq .Values.dashboard.service.type "LoadBalancer" }} + {{- with .Values.dashboard.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} {{- with .Values.dashboard.service.loadBalancerIP }} loadBalancerIP: {{ . | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml b/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml index ff0c7300..4b531bd9 100644 --- a/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml +++ b/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/extra-manifests.yaml b/charts/argo-rollouts/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/charts/argo-rollouts/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 99d43d4e..26633455 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -6,6 +6,9 @@ keepCRDs: true # -- `false` runs controller in namespaced mode (does not require cluster RBAC) clusterInstall: true +# -- flag to enable creation of cluster aggregate roles (requires cluster RBAC) +createClusterAggregateRoles: true + # -- String to partially override "argo-rollouts.fullname" template nameOverride: @@ -22,15 +25,64 @@ apiVersionOverrides: # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" +# -- Additional manifests to deploy within the chart. A list of objects. +## Can be used to add secrets for Analysis with 3rd-party monitoring solutions. +extraObjects: [] + # - apiVersion: v1 + # kind: Secret + # metadata: + # name: datadog + # type: Opaque + # data: + # address: https://api.datadoghq.com + # api-key: + # app-key: + +global: + # -- Annotations for all deployed Deployments + deploymentAnnotations: {} + # -- Labels for all deployed Deployments + deploymentLabels: {} + # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected. + revisionHistoryLimit: 10 + controller: # -- Value of label `app.kubernetes.io/component` component: rollouts-controller + # -- Annotations to be added to the controller deployment + deploymentAnnotations: {} + # -- Labels to be added to the controller deployment + deploymentLabels: {} + # -- Annotations to be added to application controller pods + podAnnotations: {} + # -- Labels to be added to the application controller pods + podLabels: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints tolerations: [] # -- Assign custom [affinity] rules to the deployment affinity: {} + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the klog logging level + kloglevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" + + # -- Assign custom [TopologySpreadConstraints] rules to the controller + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Specify lifecycle hooks for the controller + lifecycle: {} # -- [priorityClassName] for the controller priorityClassName: "" # -- The number of controller pods to run @@ -48,30 +100,68 @@ controller: # -- Additional command line arguments to pass to rollouts-controller. A list of flags. extraArgs: [] + # -- Additional environment variables for rollouts-controller. A list of name/value maps. + extraEnv: [] + # - name: AWS_REGION + # value: us-east-1 + # -- Literal yaml for extra containers to be added to controller deployment. ## Additional containers to add to the rollouts controller deployment ## This will be rendered as the literal yaml extraContainers: [] + # -- Init containers to add to the rollouts controller pod + ## This will be rendered as the literal yaml + initContainers: [] + # - name: download-tools + # image: alpine:3.8 + # command: [sh, -c] + # args: + # - ls + # -- Resource limits and requests for the controller pods. resources: {} # limits: # cpu: 100m # memory: 128Mi + # ephemeral-storage: 1Gi # requests: # cpu: 50m # memory: 64Mi + # -- flag to enable creation of cluster controller role (requires cluster RBAC) + createClusterRole: true + + # Controller container ports + containerPorts: + # -- Metrics container port + metrics: 8090 + # -- Healthz container port + healthz: 8080 + metrics: # -- Deploy metrics service enabled: false + service: + # -- Metrics service port name + portName: metrics + # -- Metrics service port + port: 8090 + # -- Service annotations + annotations: {} serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false + # -- Namespace to be used for the ServiceMonitor + namespace: "" # -- Labels to be added to the ServiceMonitor additionalLabels: {} # -- Annotations to be added to the ServiceMonitor additionalAnnotations: {} + # -- RelabelConfigs to apply to samples before scraping + relabelings: [] + # -- MetricRelabelConfigs to apply to samples before ingestion + metricRelabelings: [] # -- Configure liveness [probe] for the controller # @default -- See [values.yaml] @@ -110,6 +200,29 @@ controller: # -- Maximum number / percentage of pods that may be made unavailable maxUnavailable: # 0 + # -- Additional volumes to add to the controller pod + volumes: [] + # - configMap: + # name: my-certs-cm + # name: my-certs + + # -- Additional volumeMounts to add to the controller container + volumeMounts: [] + # - mountPath: /etc/ssl/certs + # name: my-certs + + # -- Configures 3rd party metric providers for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/ + metricProviderPlugins: [] + # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + + # -- Configures 3rd party traffic router plugins for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/ + trafficRouterPlugins: [] + # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + serviceAccount: # -- Specifies whether a service account should be created create: true @@ -122,7 +235,7 @@ serviceAccount: # -- Annotations to be added to all CRDs crdAnnotations: {} -# -- Annotations to be added to the Rollout pods +# -- Annotations for the all deployed pods podAnnotations: {} # -- Security Context to set on pod level @@ -130,13 +243,14 @@ podSecurityContext: runAsNonRoot: true # -- Security Context to set on container level -containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault # -- Annotations to be added to the Rollout service serviceAnnotations: {} @@ -148,6 +262,34 @@ podLabels: {} imagePullSecrets: [] # - name: argo-pull-secret +providerRBAC: + # -- Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole + enabled: true + # providerRBAC.enabled must be true in order to toggle the individual providers + providers: + # -- Adds RBAC rules for the Istio provider + istio: true + # -- Adds RBAC rules for the SMI provider + smi: true + # -- Adds RBAC rules for the Ambassador provider + ambassador: true + # -- Adds RBAC rules for the AWS Load Balancer Controller provider + awsLoadBalancerController: true + # -- Adds RBAC rules for the AWS App Mesh provider + awsAppMesh: true + # -- Adds RBAC rules for the Traefik provider + traefik: true + # -- Adds RBAC rules for the Apisix provider + apisix: true + # -- Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` + contour: true + # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` + glooPlatform: true + # -- Adds RBAC rules for the Gateway API provider + gatewayAPI: true + # -- Additional RBAC rules for others providers + additionalRules: [] + dashboard: # -- Deploy dashboard server enabled: false @@ -155,14 +297,40 @@ dashboard: readonly: false # -- Value of label `app.kubernetes.io/component` component: rollouts-dashboard + # -- Annotations to be added to the dashboard deployment + deploymentAnnotations: {} + # -- Labels to be added to the dashboard deployment + deploymentLabels: {} + # -- Annotations to be added to application dashboard pods + podAnnotations: {} + # -- Labels to be added to the application dashboard pods + podLabels: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints tolerations: [] # -- Assign custom [affinity] rules to the deployment affinity: {} + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the klog logging level + kloglevel: "0" + + # -- Assign custom [TopologySpreadConstraints] rules to the dashboard server + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # -- [priorityClassName] for the dashboard server priorityClassName: "" + + # -- flag to enable creation of dashbord cluster role (requires cluster RBAC) + createClusterRole: true + # -- The number of dashboard pods to run replicas: 1 image: @@ -176,6 +344,10 @@ dashboard: pullPolicy: IfNotPresent # -- Additional command line arguments to pass to rollouts-dashboard. A list of flags. extraArgs: [] + # -- Additional environment variables for rollouts-dashboard. A list of name/value maps. + extraEnv: [] + # - name: FOO + # value: bar # -- Resource limits and requests for the dashboard pods. resources: {} # -- Security Context to set on pod level @@ -186,6 +358,8 @@ dashboard: service: # -- Sets the type of the Service type: ClusterIP + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from @@ -227,7 +401,7 @@ dashboard: maxUnavailable: # 0 ## Ingress configuration. - ## ref: https://kubernetes.io/docs/user-guide/ingress/ + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: # -- Enable dashboard ingress support @@ -272,13 +446,26 @@ dashboard: # hosts: # - argorollouts.example.com + # -- Additional volumes to add to the dashboard pod + volumes: [] + + # -- Additional volumeMounts to add to the dashboard container + volumeMounts: [] + notifications: + configmap: + # -- Whether to create notifications configmap + create: true + secret: - # -- Whether to create notifications secret + # -- Whether to create notifications secret. + ## If you want to manually create secret, do not forget to add proper label to it: "app.kubernetes.io/component: {{ .Values.controller.component }}". create: false # -- Generic key:value pairs to be inserted into the notifications secret items: {} # slack-token: + # -- Annotations to be added to the notifications secret + annotations: {} # -- Configures notification services notifiers: {} @@ -302,3 +489,11 @@ notifications: # trigger.on-purple: | # - send: [my-purple-template] # when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple' + + # -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts + subscriptions: [] + # - recipients: + # - slack: + # triggers: + # - on-rollout-completed + # - on-rollout-aborted diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 7c690002..c1f8df1a 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,18 +1,20 @@ apiVersion: v2 +appVersion: v3.6.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.16.2 -appVersion: v3.3.6 -icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png +version: 0.45.7 +icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: - https://github.com/argoproj/argo-workflows maintainers: - - name: alexec - - name: alexmt - - name: jessesuen - - name: benjaminws + - name: argoproj + url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - "[Fixed]: Remove unsupported value" + - kind: fixed + description: Update the SSO configuration instructions to reflect the correct field name diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 233af32e..6e400596 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -6,22 +6,90 @@ If you want your deployment of this helm chart to most closely match the [argo C ## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to create these. +### Custom resource definitions -A few options are: +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. -- Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 3.4.0 (chart version 0.19.0), the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo Workflows chart version prior to 3.4.0 (chart version 0.19.0) or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=" + +# Eg. version v3.3.9 +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" +``` + +### ServiceAccount for Workflow Spec +In order for each Workflow run, you create ServiceAccount via `values.yaml` like below. + +```yaml +workflow: + serviceAccount: + create: true + name: "argo-workflow" + rbac: + create: true +controller: + workflowNamespaces: + - default + - foo + - bar +``` + +Set ServiceAccount on Workflow. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: hello-world- +spec: + entrypoint: whalesay + serviceAccountName: argo-workflow # Set ServiceAccount + templates: + - name: whalesay + container: + image: docker/whalesay + command: [ cowsay ] + args: [ "hello world" ] +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-workflows +NAME: my-release +... +``` + +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. ## Usage Notes +### High Availability + +This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. +Please see the upstream [Operator Manual's High Availability page](https://argo-workflows.readthedocs.io/en/stable/high-availability/) to understand how to scale Argo Workflows in depth. + ### Workflow controller This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. -### Workflow server authentication +### Argo Workflows server authentication -By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting. +Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means. +Please refer to [Argo Server Auth Mode] for more details. + +Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details. ## Values @@ -41,12 +109,23 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | +| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| apiVersionOverrides.monitoring | string | `""` | String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart | +| commonLabels | object | `{}` | Labels to set on all resources | +| crds.annotations | object | `{}` | Annotations to be added to all CRDs | +| crds.install | bool | `true` | Install and upgrade CRDs | +| crds.keep | bool | `true` | Keep CRDs on chart uninstall | | createAggregateRoles | bool | `true` | Create clusterroles that extend existing clusterroles to interact with argo-cd crds | +| emissary.images | list | `[]` | The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. | +| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | | fullnameOverride | string | `nil` | String to fully override "argo-workflows.fullname" template | | images.pullPolicy | string | `"Always"` | imagePullPolicy to apply to all containers | | images.pullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | +| images.tag | string | `""` | Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. | ### Workflow @@ -54,10 +133,15 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| | workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. | +| workflow.rbac.agentPermissions | bool | `false` | Allows permissions for the Argo Agent. Only required if using http/plugin templates | +| workflow.rbac.artifactGC | bool | `false` | Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc | | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) | +| workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding | | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created | +| workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account | | workflow.serviceAccount.name | string | `"argo-workflow"` | Service account which is used to run workflows | +| workflow.serviceAccount.pullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` | ### Workflow Controller @@ -65,48 +149,75 @@ Fields to note: |-----|------|---------|-------------| | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | -| controller.containerRuntimeExecutor | string | `"emissary"` | Specifies the container runtime interface to use (one of: `docker`, `kubelet`, `k8sapi`, `pns`, `emissary`) | -| controller.containerRuntimeExecutors | list | `[]` | Specifies the executor to use. This has precedence over `controller.containerRuntimeExecutor`. | +| controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding | +| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | +| controller.configMap.annotations | object | `{}` | ConfigMap annotations | +| controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | +| controller.configMap.name | string | `""` | ConfigMap name | +| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ | | controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | | controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment | | controller.extraEnv | list | `[]` | Extra environment variables to provide to the controller container | +| controller.extraInitContainers | list | `[]` | Enables init containers to be added to the controller deployment | | controller.image.registry | string | `"quay.io"` | Registry to use for the controller | | controller.image.repository | string | `"argoproj/workflow-controller"` | Registry to use for the controller | -| controller.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| controller.image.tag | string | `""` | Image tag for the workflow controller. Defaults to `.Values.images.tag`. | | controller.initialDelay | string | `nil` | Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224 | | controller.instanceID.enabled | bool | `false` | Configures the controller to filter workflow submissions to only those which have a matching instanceID attribute. | | controller.instanceID.explicitID | string | `""` | Use a custom instanceID | | controller.instanceID.useReleaseName | bool | `false` | Use ReleaseName as instanceID | +| controller.kubeConfig | object | `{}` (See [values.yaml]) | Configure when workflow controller runs in a different k8s cluster with the workflow workloads, or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. | | controller.links | list | `[]` | Configure Argo Server to show custom [links] | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.loadBalancerClass | string | `""` | The class of the load balancer implementation | | controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | +| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.globallevel | string | `"0"` | Set the glog logging level | | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | +| controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | +| controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.metricsConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes metrics | +| controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | +| controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". | | controller.metricsConfig.port | int | `9090` | Port is the port where metrics are emitted | | controller.metricsConfig.portName | string | `"metrics"` | Container metrics port name | +| controller.metricsConfig.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping | +| controller.metricsConfig.secure | bool | `false` | Flag that use a self-signed cert for TLS | | controller.metricsConfig.servicePort | int | `8080` | Service metrics port | | controller.metricsConfig.servicePortName | string | `"metrics"` | Service metrics port name | +| controller.metricsConfig.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric | | controller.name | string | `"workflow-controller"` | Workflow controller name string | | controller.namespaceParallelism | string | `nil` | Limits the maximum number of incomplete workflows in a namespace | | controller.navColor | string | `""` | Set ui navigation bar background color | +| controller.nodeEvents.enabled | bool | `true` | Enable to emit events on node completion. | | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] | | controller.parallelism | string | `nil` | parallelism dictates how many workflows can be running at the same time | | controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods | -| controller.persistence | object | `{}` | enable persistence using postgres | +| controller.persistence | object | `{}` | enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. | | controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods | +| controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers | +| controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. | +| controller.podGCGracePeriodSeconds | string | `30` seconds (Kubernetes default) | Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. | | controller.podLabels | object | `{}` | Optional labels to add to the controller pods | | controller.podSecurityContext | object | `{}` | SecurityContext to set on the controller pods | | controller.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages. | +| controller.rbac.accessAllSecrets | bool | `false` | Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. | | controller.rbac.create | bool | `true` | Adds Role and RoleBinding for the controller. | +| controller.rbac.secretWhitelist | list | `[]` | Allows controller to get, list, and watch certain k8s secrets | +| controller.rbac.writeConfigMaps | bool | `false` | Allows controller to create and update ConfigMaps. Enables memoization feature | | controller.replicas | int | `1` | The number of controller pods to run | | controller.resourceRateLimit | object | `{}` | Globally limits the rate at which pods are created. This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of parallel nodes. | | controller.resources | object | `{}` | Resource limits and requests for the controller | +| controller.retentionPolicy | object | `{}` | Workflow retention by number of workflows | +| controller.revisionHistoryLimit | int | `10` | The number of revisions to keep. | | controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.create | bool | `true` | Create a service account for the controller | +| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account | | controller.serviceAccount.name | string | `""` | Service account name | | controller.serviceAnnotations | object | `{}` | Annotations to be applied to the controller Service | | controller.serviceLabels | object | `{}` | Optional labels to add to the controller Service | @@ -115,26 +226,45 @@ Fields to note: | controller.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service | | controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server | +| controller.telemetryConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.telemetryConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes telemetry data | +| controller.telemetryConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path | | controller.telemetryConfig.port | int | `8081` | telemetry container port | +| controller.telemetryConfig.secure | bool | `false` | Flag that use a self-signed cert for TLS | | controller.telemetryConfig.servicePort | int | `8081` | telemetry service port | | controller.telemetryConfig.servicePortName | string | `"telemetry"` | telemetry service port name | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the workflow controller | | controller.volumeMounts | list | `[]` | Additional volume mounts to the controller main container | | controller.volumes | list | `[]` | Additional volumes to the controller pod | | controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ | +| controller.workflowEvents.enabled | bool | `true` | Enable to emit events on workflow status changes. | | controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. | | controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ | +| controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers | | controller.workflowWorkers | string | `nil` | Number of workflow workers | +### Workflow Main Container + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| mainContainer.env | list | `[]` | Adds environment variables for the Workflow main container | +| mainContainer.envFrom | list | `[]` | Adds reference environment variables for the Workflow main container | +| mainContainer.imagePullPolicy | string | `""` | imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`. | +| mainContainer.resources | object | `{}` | Resource limits and requests for the Workflow main container | +| mainContainer.securityContext | object | `{}` | sets security context for the Workflow main container | + ### Workflow Executor | Key | Type | Default | Description | |-----|------|---------|-------------| -| executor.env | object | `{}` | Adds environment variables for the executor. | +| executor.args | list | `[]` | Passes arguments to the executor processes | +| executor.env | list | `[]` | Adds environment variables for the executor. | +| executor.image.pullPolicy | string | `""` | Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`. | | executor.image.registry | string | `"quay.io"` | Registry to use for the Workflow Executors | | executor.image.repository | string | `"argoproj/argoexec"` | Repository to use for the Workflow Executors | -| executor.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| executor.image.tag | string | `""` | Image tag for the workflow executor. Defaults to `.Values.images.tag`. | | executor.resources | object | `{}` | Resource limits and requests for the Workflow Executors | | executor.securityContext | object | `{}` | sets security context for the executor container | @@ -142,18 +272,34 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | +| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | +| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine | +| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | +| server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | +| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` | Assign custom [affinity] rules | +| server.authMode | string | `""` | Deprecated; use server.authModes instead. | +| server.authModes | list | `[]` | A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. | +| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | +| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | +| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] | +| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo Server [HPA] | +| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo Server [HPA] | +| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo Server [HPA] | | server.baseHref | string | `"/"` | Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. | | server.clusterWorkflowTemplates.enableEditing | bool | `true` | Give the server permissions to edit ClusterWorkflowTemplates. | | server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. | | server.deploymentAnnotations | object | `{}` | optional map of annotations to be applied to the ui Deployment | | server.enabled | bool | `true` | Deploy the Argo Server | -| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary, such as for disabling authentication. | +| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary. | | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | +| server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment | +| server.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | server.image.registry | string | `"quay.io"` | Registry to use for the server | | server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server | -| server.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| server.image.tag | string | `""` | Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. | | server.ingress.annotations | object | `{}` | Additional ingress annotations | | server.ingress.enabled | bool | `false` | Enable an ingress resource | | server.ingress.extraPaths | list | `[]` | Additional ingress paths | @@ -163,8 +309,13 @@ Fields to note: | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | | server.ingress.paths | list | `["/"]` | List of ingress paths | | server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for server container | +| server.loadBalancerClass | string | `""` | The class of the load balancer implementation | | server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` | | server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | +| server.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | +| server.logging.globallevel | string | `"0"` | Set the glog logging level | +| server.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | server.name | string | `"server"` | Server name string | | server.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] | | server.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the server pods | @@ -175,10 +326,12 @@ Fields to note: | server.rbac.create | bool | `true` | Adds Role and RoleBinding for the server. | | server.replicas | int | `1` | The number of server pods to run | | server.resources | object | `{}` | Resource limits and requests for the server | +| server.revisionHistoryLimit | int | `10` | The number of revisions to keep. | | server.secure | bool | `false` | Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. | | server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context | | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | server.serviceAccount.create | bool | `true` | Create a service account for the server | +| server.serviceAccount.labels | object | `{}` | Labels applied to created service account | | server.serviceAccount.name | string | `""` | Service account name | | server.serviceAnnotations | object | `{}` | Annotations to be applied to the UI Service | | server.serviceLabels | object | `{}` | Optional labels to add to the UI Service | @@ -186,8 +339,26 @@ Fields to note: | server.servicePort | int | `2746` | Service port for server | | server.servicePortName | string | `""` | Service port name | | server.serviceType | string | `"ClusterIP"` | Service type for server pods | -| server.sso | object | `{}` | SSO configuration when SSO is specified as a server auth mode. | +| server.sso.clientId.key | string | `"client-id"` | Key of secret to retrieve the app OIDC client ID | +| server.sso.clientId.name | string | `"argo-server-sso"` | Name of secret to retrieve the app OIDC client ID | +| server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | +| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | +| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | +| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authModes` as `sso`. | +| server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider | +| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | +| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | +| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | +| server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | +| server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | +| server.sso.redirectUrl | string | `""` | The OIDC redirect URL. Should be in the form /oauth2/callback. | +| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | +| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | +| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. | | server.tolerations | list | `[]` | [Tolerations] for use with node taints | +| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | | server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. | | server.volumes | list | `[]` | Additional volumes to the server pod. | @@ -196,9 +367,11 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| | artifactRepository.archiveLogs | bool | `false` | Archive the main container logs as an artifact | +| artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage | | artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store | | artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store | -| useDefaultArtifactRepo | bool | `false` | Influences the creation of the ConfigMap for the workflow-controller itself. | +| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). Each map key is the name of configmap | +| customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) | | useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) | ## Breaking changes from the deprecated `argo` chart @@ -222,9 +395,16 @@ Fields to note: 1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[links]: https://argoproj.github.io/argo-workflows/links/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[links]: https://argo-workflows.readthedocs.io/en/stable/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/stable/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 4f5fe410..69838b5a 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -6,22 +6,91 @@ If you want your deployment of this helm chart to most closely match the [argo C ## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to create these. +### Custom resource definitions -A few options are: +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. -- Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 3.4.0 (chart version 0.19.0), the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo Workflows chart version prior to 3.4.0 (chart version 0.19.0) or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=" + +# Eg. version v3.3.9 +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" +``` + +### ServiceAccount for Workflow Spec +In order for each Workflow run, you create ServiceAccount via `values.yaml` like below. + +```yaml +workflow: + serviceAccount: + create: true + name: "argo-workflow" + rbac: + create: true +controller: + workflowNamespaces: + - default + - foo + - bar +``` + +Set ServiceAccount on Workflow. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: hello-world- +spec: + entrypoint: whalesay + serviceAccountName: argo-workflow # Set ServiceAccount + templates: + - name: whalesay + container: + image: docker/whalesay + command: [ cowsay ] + args: [ "hello world" ] +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-workflows +NAME: my-release +... +``` + +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. ## Usage Notes +### High Availability + +This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. +Please see the upstream [Operator Manual's High Availability page](https://argo-workflows.readthedocs.io/en/stable/high-availability/) to understand how to scale Argo Workflows in depth. + ### Workflow controller This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. -### Workflow server authentication +### Argo Workflows server authentication + +Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means. +Please refer to [Argo Server Auth Mode] for more details. + +Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details. -By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting. ## Values @@ -42,7 +111,7 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if not (or (hasPrefix "workflow" .Key) (hasPrefix "controller" .Key) (hasPrefix "executor" .Key) (hasPrefix "server" .Key) (hasPrefix "artifactRepository" .Key) (hasPrefix "use" .Key) ) }} + {{- if not (or (hasPrefix "workflow" .Key) (hasPrefix "controller" .Key) (hasPrefix "executor" .Key) (hasPrefix "server" .Key) (hasPrefix "artifactRepository" .Key) (hasPrefix "customArtifact" .Key) (hasPrefix "use" .Key) (hasPrefix "mainContainer" .Key) ) }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} @@ -67,6 +136,16 @@ Fields to note: {{- end }} {{- end }} +### Workflow Main Container + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "mainContainer" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + ### Workflow Executor | Key | Type | Default | Description | @@ -92,7 +171,7 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if or (hasPrefix "artifactRepository" .Key) (hasPrefix "use" .Key) }} + {{- if or (hasPrefix "artifactRepository" .Key) (hasPrefix "use" .Key) (hasPrefix "customArtifact" .Key) }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} @@ -118,9 +197,16 @@ Fields to note: 1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[links]: https://argoproj.github.io/argo-workflows/links/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[links]: https://argo-workflows.readthedocs.io/en/stable/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/stable/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ diff --git a/charts/argo-workflows/ci/default-values.yaml b/charts/argo-workflows/ci/default-values.yaml index 507f1e54..ffc41c8a 100644 --- a/charts/argo-workflows/ci/default-values.yaml +++ b/charts/argo-workflows/ci/default-values.yaml @@ -1 +1,3 @@ # Test with default values +crds: + keep: false diff --git a/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml new file mode 100644 index 00000000..54c6c523 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml @@ -0,0 +1,41 @@ +artifactRepositoryRef: + # 1st ConfigMap + artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # 1st data + default-v1-s3-artifact-repository: + archiveLogs: true + s3: + bucket: my-bucket + endpoint: minio:9000 + insecure: true + accessKeySecret: + name: my-minio-cred + key: accesskey + secretKeySecret: + name: my-minio-cred + key: secretkey + # 2nd data + oss-artifact-repository: + archiveLogs: false + oss: + endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + bucket: $mybucket + accessKeySecret: + name: $mybucket-credentials + key: accessKey + secretKeySecret: + name: $mybucket-credentials + key: secretKey + # 2nd ConfigMap + another-artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: gcs + gcs: + archiveLogs: false + bucket: my-bucket + keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey diff --git a/charts/argo-workflows/ci/enable-artifact-repo-values.yaml b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml new file mode 100644 index 00000000..c20a5775 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml @@ -0,0 +1,46 @@ +# Test with artifact repository +crds: + keep: false + +useStaticCredentials: true +artifactRepository: + archiveLogs: false + s3: + accessKeySecret: + name: "{{ .Release.Name }}-minio" + key: accesskey + secretKeySecret: + name: "{{ .Release.Name }}-minio" + key: secretkey + insecure: false + bucket: + endpoint: + region: + roleARN: + useSDKCreds: true + encryptionOptions: + enableEncryption: true + gcs: + bucket: project-argo + keyFormat: "{{ `{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}` }}" + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey + azure: + endpoint: https://mystorageaccountname.blob.core.windows.net + container: my-container-name + blobNameFormat: path/in/container + useSDKCreds: true + accountKeySecret: + name: my-azure-storage-credentials + key: account-access-key + +customArtifactRepository: + artifactory: + repoUrl: https://artifactory.example.com/raw + usernameSecret: + name: artifactory-creds + key: username + passwordSecret: + name: artifactory-creds + key: password diff --git a/charts/argo-workflows/ci/enable-ingress-values.yaml b/charts/argo-workflows/ci/enable-ingress-values.yaml index d3485603..bfcc37c3 100644 --- a/charts/argo-workflows/ci/enable-ingress-values.yaml +++ b/charts/argo-workflows/ci/enable-ingress-values.yaml @@ -1,5 +1,8 @@ +crds: + keep: false + server: ingress: enabled: true hosts: - - argo-workflows.127.0.0.1.xip.io + - argo-workflows.example.com diff --git a/charts/argo-workflows/ci/enable-metrics-values.yaml b/charts/argo-workflows/ci/enable-metrics-values.yaml index 64c56cc1..32c007be 100644 --- a/charts/argo-workflows/ci/enable-metrics-values.yaml +++ b/charts/argo-workflows/ci/enable-metrics-values.yaml @@ -1,3 +1,6 @@ +crds: + keep: false + controller: serviceMonitor: enabled: false diff --git a/charts/argo-workflows/ci/enable-rbac-values.yaml b/charts/argo-workflows/ci/enable-rbac-values.yaml index 10f717ac..70924084 100644 --- a/charts/argo-workflows/ci/enable-rbac-values.yaml +++ b/charts/argo-workflows/ci/enable-rbac-values.yaml @@ -1,3 +1,6 @@ +crds: + keep: false + workflow: serviceAccount: create: true # Specifies whether a service account should be created diff --git a/charts/argo-workflows/ci/ha-values.yaml b/charts/argo-workflows/ci/ha-values.yaml new file mode 100644 index 00000000..2f495169 --- /dev/null +++ b/charts/argo-workflows/ci/ha-values.yaml @@ -0,0 +1,23 @@ +# Sample values for High Availability configuration, following https://argo-workflows.readthedocs.io/en/stable/high-availability/ + +controller: + # in v3.0+, a second controller can be ran as a hot-standby: https://argo-workflows.readthedocs.io/en/stable/high-availability/#workflow-controller + replicas: 2 # should be strictly greater than PDB minAvailable + # enable PDB with at least one Pod + pdb: + # -- Configure [Pod Disruption Budget] for the controller pods + enabled: true + minAvailable: 1 + +server: + # enable HPA with at least two Pods + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server + enabled: true + # -- Minimum number of replicas for the Argo Server [HPA] + minReplicas: 2 # should be strictly greater than PDB minAvailable + # enable PDB with at least one Pod + pdb: + # -- Configure [Pod Disruption Budget] for the controller pods + enabled: true + minAvailable: 1 diff --git a/charts/argo-workflows/templates/NOTES.txt b/charts/argo-workflows/templates/NOTES.txt index b4933a7d..43c1c8f8 100644 --- a/charts/argo-workflows/templates/NOTES.txt +++ b/charts/argo-workflows/templates/NOTES.txt @@ -1,3 +1,7 @@ +{{- if .Values.server.authMode }} +DEPRECATED option server.authMode - Use server.authModes +{{- end }} + 1. Get Argo Server external IP/domain by running: kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }} diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 2289951d..ebbba978 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -45,6 +45,32 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create kubernetes friendly chart version label for the controller. +Examples: +image.tag = v3.4.4 +output = v3.4.4 + +image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696 +output = v3.4.4 +*/}} +{{- define "argo-workflows.controller_chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + +{{/* +Create kubernetes friendly chart version label for the server. +Examples: +image.tag = v3.4.4 +output = v3.4.4 + +image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696 +output = v3.4.4 +*/}} +{{- define "argo-workflows.server_chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.server.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + {{/* Common labels */}} @@ -53,6 +79,9 @@ helm.sh/chart: {{ include "argo-workflows.chart" .context }} {{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argo-workflows +{{- with .context.Values.commonLabels }} +{{ toYaml .}} +{{- end }} {{- end }} {{/* @@ -65,9 +94,17 @@ app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }} app.kubernetes.io/instance: {{ .context.Release.Name }} {{- if .component }} app.kubernetes.io/component: {{ .component }} +app: {{ .component }} {{- end }} {{- end }} +{{/* +Create the name of the controller configMap +*/}} +{{- define "argo-workflows.controller.config-map.name" -}} +{{- .Values.controller.configMap.name | default (printf "%s-%s" (include "argo-workflows.controller.fullname" .) "configmap") | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the server service account to use */}} @@ -103,20 +140,72 @@ Return the appropriate apiVersion for ingress {{- end -}} {{- end -}} -{{/* -Return the appropriate apiVersion for pod disruption budget -*/}} -{{- define "argo-workflows.podDisruptionBudget.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "argo-workflows.kubeVersion" $) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - {{/* Return the target Kubernetes version */}} {{- define "argo-workflows.kubeVersion" -}} {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} {{- end -}} + +{{/* +Return the default Argo Workflows app version +*/}} +{{- define "argo-workflows.defaultTag" -}} + {{- default .Chart.AppVersion .Values.images.tag }} +{{- end -}} + +{{/* +Return full image name including or excluding registry based on existence +*/}} +{{- define "argo-workflows.image" -}} +{{- if and .image.registry .image.repository -}} + {{ .image.registry }}/{{ .image.repository }} +{{- else -}} + {{ .image.repository }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for autoscaling +*/}} +{{- define "argo-workflows.apiVersion.autoscaling" -}} +{{- if .Values.apiVersionOverrides.autoscaling -}} +{{- print .Values.apiVersionOverrides.autoscaling -}} +{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}} +{{- print "autoscaling/v2beta1" -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for GKE resources +*/}} +{{- define "argo-workflows.apiVersions.cloudgoogle" -}} +{{- if .Values.apiVersionOverrides.cloudgoogle -}} +{{- print .Values.apiVersionOverrides.cloudgoogle -}} +{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}} +{{- print "cloud.google.com/v1" -}} +{{- else -}} +{{- print "cloud.google.com/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for monitoring CRDs +*/}} +{{- define "argo-workflows.apiVersions.monitoring" -}} +{{- if .Values.apiVersionOverrides.monitoring -}} +{{- print .Values.apiVersionOverrides.monitoring -}} +{{- else -}} +{{- print "monitoring.coreos.com/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-workflows.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/agent-rb.yaml b/charts/argo-workflows/templates/controller/agent-rb.yaml new file mode 100644 index 00000000..67e49955 --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/agent-role.yaml b/charts/argo-workflows/templates/controller/agent-role.yaml new file mode 100644 index 00000000..577567b2 --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtasksets + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowtasksets/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml new file mode 100644 index 00000000..279b2c50 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-role.yaml b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml new file mode 100644 index 00000000..48218b83 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml new file mode 100644 index 00000000..81c1d0a7 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml @@ -0,0 +1,19 @@ +{{- range $cm_name, $cm_val := .Values.artifactRepositoryRef }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $cm_name }} + namespace: {{ include "argo-workflows.namespace" $ | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }} + {{- with $cm_val.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{- range $data_key, $data_val := (omit $cm_val "annotations") }} + {{- $data_key | nindent 2 }}: | + {{- toYaml $data_val | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml index 5a89fe75..2a407b1b 100644 --- a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -4,6 +4,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.fullname" . }}-view labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: @@ -19,6 +20,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - get - list @@ -29,6 +36,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.fullname" . }}-edit labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: - apiGroups: @@ -44,6 +52,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - create - delete @@ -59,6 +73,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.fullname" . }}-admin labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: - apiGroups: @@ -68,14 +83,18 @@ rules: - workflows/finalizers - workfloweventbindings - workfloweventbindings/finalizers - - workflowtasksets - - workflowtasksets/finalizers - workflowtemplates - workflowtemplates/finalizers - cronworkflows - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - create - delete diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index a726dd4b..1e8f764c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -7,6 +7,9 @@ kind: ClusterRole {{- end }} metadata: name: {{ template "argo-workflows.controller.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: @@ -14,7 +17,6 @@ rules: - "" resources: - pods - - pods/exec verbs: - create - get @@ -23,6 +25,12 @@ rules: - update - patch - delete +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create - apiGroups: - "" resources: @@ -31,6 +39,10 @@ rules: - get - watch - list + {{- if .Values.controller.rbac.writeConfigMaps }} + - create + - update + {{- end}} - apiGroups: - "" resources: @@ -48,6 +60,7 @@ rules: - workflows/finalizers - workflowtasksets - workflowtasksets/finalizers + - workflowartifactgctasks verbs: - get - list @@ -154,13 +167,45 @@ rules: - update - patch - delete +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + resourceNames: + {{/* for HTTP templates */}} + - argo-workflows-agent-ca-certificates +{{- with .Values.controller.rbac.secretWhitelist }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + resourceNames: {{- toYaml . | nindent 4 }} +{{- end }} +{{- if and (not .Values.controller.rbac.secretWhitelist) (.Values.controller.rbac.accessAllSecrets) }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +{{- end }} -{{- if .Values.controller.clusterWorkflowTemplates.enabled }} +{{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: - apiGroups: - argoproj.io diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 5cdb7f50..49616768 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -1,9 +1,15 @@ +{{- if .Values.controller.configMap.create }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "argo-workflows.controller.fullname" . }}-configmap + name: {{ template "argo-workflows.controller.config-map.name" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} + {{- with .Values.controller.configMap.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} data: config: | {{- if .Values.controller.instanceID.enabled }} @@ -13,16 +19,11 @@ data: instanceID: {{ .Values.controller.instanceID.explicitID }} {{- end }} {{- end }} - containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} - {{- with .Values.controller.containerRuntimeExecutors }} - containerRuntimeExecutors: - {{- toYaml . | nindent 6 }} - {{- end }} {{- if .Values.controller.parallelism }} parallelism: {{ .Values.controller.parallelism }} {{- end }} {{- if .Values.controller.resourceRateLimit }} - resourceRateLimit: {{ toYaml .Values.controller.resourceRateLimit | nindent 6 }} + resourceRateLimit: {{- toYaml .Values.controller.resourceRateLimit | nindent 6 }} {{- end }} {{- with .Values.controller.namespaceParallelism }} namespaceParallelism: {{ . }} @@ -30,12 +31,31 @@ data: {{- with .Values.controller.initialDelay }} initialDelay: {{ . }} {{- end }} - {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} + {{- if or .Values.mainContainer.resources .Values.mainContainer.env .Values.mainContainer.envFrom .Values.mainContainer.securityContext}} + mainContainer: + imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.mainContainer.imagePullPolicy }} + {{- with .Values.mainContainer.resources }} + resources: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mainContainer.env }} + env: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mainContainer.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mainContainer.securityContext }} + securityContext: {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- if or .Values.executor.resources .Values.executor.env .Values.executor.args .Values.executor.securityContext}} executor: - imagePullPolicy: {{ .Values.images.pullPolicy }} + imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.executor.image.pullPolicy }} {{- with .Values.executor.resources }} resources: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.executor.args }} + args: {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.executor.env }} env: {{- toYaml . | nindent 8 }} {{- end }} @@ -43,32 +63,45 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if .Values.useDefaultArtifactRepo }} + {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }} artifactRepository: {{- if .Values.artifactRepository.archiveLogs }} archiveLogs: {{ .Values.artifactRepository.archiveLogs }} {{- end }} - {{- if .Values.artifactRepository.gcs }} - gcs: -{{ toYaml .Values.artifactRepository.gcs | indent 8}} - {{- else }} + {{- with .Values.artifactRepository.gcs }} + gcs: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.artifactRepository.azure }} + azure: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- if .Values.artifactRepository.s3 }} s3: {{- if .Values.useStaticCredentials }} accessKeySecret: - key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} - name: {{ .Values.artifactRepository.s3.accessKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }} secretKeySecret: - key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} - name: {{ .Values.artifactRepository.s3.secretKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }} + {{- if .Values.artifactRepository.s3.sessionTokenSecret }} + sessionTokenSecret: + key: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.name . }} {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket }} - endpoint: {{ .Values.artifactRepository.s3.endpoint }} + {{- end }} + bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} + endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} insecure: {{ .Values.artifactRepository.s3.insecure }} + {{- if .Values.artifactRepository.s3.caSecret }} + caSecret: + name: {{ tpl .Values.artifactRepository.s3.caSecret.name . }} + key: {{ tpl .Values.artifactRepository.s3.caSecret.key . }} + {{- end }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} {{- end }} {{- if .Values.artifactRepository.s3.region }} - region: {{ .Values.artifactRepository.s3.region }} + region: {{ tpl .Values.artifactRepository.s3.region $ }} {{- end }} {{- if .Values.artifactRepository.s3.roleARN }} roleARN: {{ .Values.artifactRepository.s3.roleARN }} @@ -81,21 +114,71 @@ data: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - {{- end}} + {{- if .Values.customArtifactRepository }} + {{- toYaml .Values.customArtifactRepository | nindent 6 }} + {{- end }} + {{- end }} {{- if .Values.controller.metricsConfig.enabled }} metricsConfig: -{{ toYaml .Values.controller.metricsConfig | indent 6}}{{- end }} + enabled: {{ .Values.controller.metricsConfig.enabled }} + path: {{ .Values.controller.metricsConfig.path }} + port: {{ .Values.controller.metricsConfig.port }} + {{- if .Values.controller.metricsConfig.metricsTTL }} + metricsTTL: {{ .Values.controller.metricsConfig.metricsTTL }} + {{- end }} + ignoreErrors: {{ .Values.controller.metricsConfig.ignoreErrors }} + secure: {{ .Values.controller.metricsConfig.secure }} + {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} telemetryConfig: -{{ toYaml .Values.controller.telemetryConfig | indent 6}}{{- end }} + enabled: {{ .Values.controller.telemetryConfig.enabled }} + path: {{ .Values.controller.telemetryConfig.path }} + port: {{ .Values.controller.telemetryConfig.port }} + {{- if .Values.controller.telemetryConfig.metricsTTL }} + metricsTTL: {{ .Values.controller.telemetryConfig.metricsTTL }} + {{- end }} + ignoreErrors: {{ .Values.controller.telemetryConfig.ignoreErrors }} + secure: {{ .Values.controller.telemetryConfig.secure }} + {{- end }} {{- if .Values.controller.persistence }} persistence: {{ toYaml .Values.controller.persistence | indent 6 }}{{- end }} {{- if .Values.controller.workflowDefaults }} workflowDefaults: {{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} - {{- with .Values.server.sso }} - sso: {{- toYaml . | nindent 6 }} + {{- if .Values.server.sso.enabled }} + sso: + issuer: {{ .Values.server.sso.issuer }} + clientId: + name: {{ .Values.server.sso.clientId.name }} + key: {{ .Values.server.sso.clientId.key }} + clientSecret: + name: {{ .Values.server.sso.clientSecret.name }} + key: {{ .Values.server.sso.clientSecret.key }} + redirectUrl: {{ .Values.server.sso.redirectUrl | quote }} + rbac: + enabled: {{ .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.scopes }} + scopes: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.sso.issuerAlias }} + issuerAlias: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.sessionExpiry }} + sessionExpiry: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.customGroupClaimName }} + customGroupClaimName: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.userInfoPath }} + userInfoPath: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.insecureSkipVerify }} + insecureSkipVerify: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.filterGroupsRegex }} + filterGroupsRegex: {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- with .Values.controller.workflowRestrictions }} workflowRestrictions: {{- toYaml . | nindent 6 }} @@ -103,6 +186,29 @@ data: {{- with .Values.controller.links }} links: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.controller.columns }} + columns: {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.controller.navColor }} navColor: {{ . }} {{- end }} + {{- with .Values.controller.retentionPolicy }} + retentionPolicy: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.emissary.images }} + images: {{- toYaml . | nindent 6 }} + {{- end }} + nodeEvents: + enabled: {{ .Values.controller.nodeEvents.enabled }} + workflowEvents: + enabled: {{ .Values.controller.workflowEvents.enabled }} + {{- with .Values.controller.kubeConfig }} + kubeConfig: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.podGCGracePeriodSeconds }} + podGCGracePeriodSeconds: {{ . }} + {{- end }} + {{- with .Values.controller.podGCDeleteDelayDuration }} + podGCDeleteDelayDuration: {{ . }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index c630bac6..93e0557b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -7,6 +7,9 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ template "argo-workflows.controller.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: @@ -20,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- @@ -37,6 +40,11 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} +{{- range .Values.controller.clusterWorkflowTemplates.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index deef3de1..bee7c199 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -1,8 +1,9 @@ {{- if .Values.controller.pdb.enabled }} -apiVersion: {{ include "argo-workflows.podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 9f53a2e4..b3db5f4e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -2,15 +2,17 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | trunc 63 | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} {{- with .Values.controller.deploymentAnnotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} @@ -18,7 +20,7 @@ spec: metadata: labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | trunc 63 | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} {{- with.Values.controller.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -32,20 +34,26 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controller.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} containers: - name: controller - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}" + image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} command: [ "workflow-controller" ] args: - "--configmap" - - "{{ template "argo-workflows.controller.fullname" . }}-configmap" + - "{{ template "argo-workflows.controller.config-map.name" . }}" - "--executor-image" - - "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ .Values.executor.image.tag | default .Chart.AppVersion }}" + - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}" - "--loglevel" - "{{ .Values.controller.logging.level }}" - "--gloglevel" - "{{ .Values.controller.logging.globallevel }}" + - "--log-format" + - "{{ .Values.controller.logging.format }}" {{- if .Values.singleNamespace }} - "--namespaced" {{- end }} @@ -53,6 +61,18 @@ spec: - "--workflow-workers" - {{ . | quote }} {{- end }} + {{- with .Values.controller.workflowTTLWorkers }} + - "--workflow-ttl-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.podCleanupWorkers }} + - "--pod-cleanup-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.cronWorkflowWorkers }} + - "--cron-workflow-workers" + - {{ . | quote }} + {{- end }} {{- with .Values.controller.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} @@ -69,6 +89,10 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.name + {{- if eq (int .Values.controller.replicas) 1 }} + - name: LEADER_ELECTION_DISABLE + value: "true" + {{- end }} {{- with .Values.controller.extraEnv }} {{- toYaml . | nindent 12 }} {{- end }} @@ -106,6 +130,17 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml index f5e10857..fd1db89f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -3,6 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.controllerServiceAccountName" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{ with .Values.controller.serviceAccount.annotations }} annotations: {{- toYaml .| nindent 4 }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 37d4658d..4a1290ba 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -3,9 +3,10 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | trunc 63 | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} {{- with .Values.controller.serviceLabels }} {{ toYaml . | nindent 4 }} {{- end }} @@ -31,8 +32,16 @@ spec: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.controller.serviceType }} - {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + {{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }} + clusterIP: None + {{- end }} + {{- if eq .Values.controller.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- if .Values.controller.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index f71d3507..46fd18dd 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -1,11 +1,10 @@ -{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 +{{- $apiVersion := include "argo-workflows.apiVersions.monitoring" . }} +{{- if and (.Capabilities.APIVersions.Has $apiVersion) (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} +apiVersion: {{ $apiVersion }} kind: ServiceMonitor metadata: name: {{ template "argo-workflows.controller.fullname" . }} - {{- with .Values.controller.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceMonitor.additionalLabels }} @@ -14,18 +13,40 @@ metadata: spec: endpoints: {{- if .Values.controller.metricsConfig.enabled }} - - port: metrics + - port: {{ .Values.controller.metricsConfig.servicePortName }} path: {{ .Values.controller.metricsConfig.path }} - interval: 30s + interval: {{ .Values.controller.metricsConfig.interval }} + {{- with .Values.controller.metricsConfig.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metricsConfig.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry path: {{ .Values.controller.telemetryConfig.path }} - interval: 30s + interval: {{ .Values.controller.telemetryConfig.interval }} + {{- with .Values.controller.metricsConfig.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metricsConfig.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} + {{- end }} + {{- with .Values.controller.metricsConfig.targetLabels }} + targetLabels: + {{- toYaml . | nindent 8 }} {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-workflows.namespace" . | quote }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index 41809c7c..d1d0e329 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -1,10 +1,12 @@ {{- if .Values.workflow.rbac.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-workflows.fullname" $ }}-workflow + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} {{- with $namespace }} namespace: {{ . }} {{- end }} @@ -18,5 +20,10 @@ subjects: {{- with $namespace }} namespace: {{ . }} {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 75913b90..81c20048 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -1,55 +1,22 @@ {{- if .Values.workflow.rbac.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-workflows.fullname" $ }}-workflow + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} {{- with $namespace }} namespace: {{ . }} {{- end }} rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - apiGroups: - argoproj.io resources: - workflowtaskresults verbs: - create - - apiGroups: - - argoproj.io - resources: - - workflowtasksets - verbs: - - list - - watch - - apiGroups: - - argoproj.io - resources: - - workflowtasksets/status - {{/* TODO: This resource is for app version <= v3.2, so please remove it when app version v3.2 is no more used. */}} - - workflowtasksets - verbs: - patch {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml index 7c76585a..c6fff691 100644 --- a/charts/argo-workflows/templates/controller/workflow-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -1,10 +1,15 @@ {{- if .Values.workflow.serviceAccount.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ $.Values.workflow.serviceAccount.name }} + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $.Values.workflow.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with $namespace }} namespace: {{ . }} {{- end }} @@ -12,5 +17,9 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with $.Values.workflow.serviceAccount.pullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml similarity index 70% rename from charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml index 889dfe2f..9264eaba 100644 --- a/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -1,7 +1,16 @@ +{{- if .Values.crds.install }} +{{- if or (.Values.server.clusterWorkflowTemplates.enabled) (.Values.controller.clusterWorkflowTemplates.enabled) }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterworkflowtemplates.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -34,3 +43,5 @@ spec: type: object served: true storage: true +{{- end }} +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml b/charts/argo-workflows/templates/crds/argoproj.io_cronworkflows.yaml similarity index 79% rename from charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_cronworkflows.yaml index 812cf114..7b932d8f 100644 --- a/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_cronworkflows.yaml @@ -1,7 +1,15 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: cronworkflows.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -38,3 +46,4 @@ spec: type: object served: true storage: true +{{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml new file mode 100644 index 00000000..6a474715 --- /dev/null +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml @@ -0,0 +1,1146 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowartifactgctasks.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: WorkflowArtifactGCTask + listKind: WorkflowArtifactGCTaskList + plural: workflowartifactgctasks + shortNames: + - wfat + singular: workflowartifactgctask + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + artifactsByNode: + additionalProperties: + properties: + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + type: object + artifacts: + additionalProperties: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: object + type: object + type: object + type: object + status: + properties: + artifactResultsByNode: + additionalProperties: + properties: + artifactResults: + additionalProperties: + properties: + error: + type: string + name: + type: string + success: + type: boolean + required: + - name + type: object + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml new file mode 100644 index 00000000..f11df956 --- /dev/null +++ b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml @@ -0,0 +1,690 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + event: + properties: + selector: + type: string + required: + - selector + type: object + submit: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + metadata: + type: object + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + required: + - workflowTemplateRef + type: object + required: + - event + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_workflows.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflows.yaml similarity index 74% rename from charts/argo-workflows/crds/argoproj.io_workflows.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_workflows.yaml index 6e646adc..85b71f91 100644 --- a/charts/argo-workflows/crds/argoproj.io_workflows.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflows.yaml @@ -1,7 +1,15 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: workflows.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -23,6 +31,11 @@ spec: jsonPath: .status.startedAt name: Age type: date + - description: Human readable message indicating details about why the workflow + is in this condition. + jsonPath: .status.message + name: Message + type: string name: v1alpha1 schema: openAPIV3Schema: @@ -48,3 +61,4 @@ spec: served: true storage: true subresources: {} +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_workflowtaskresults.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml similarity index 58% rename from charts/argo-workflows/crds/argoproj.io_workflowtaskresults.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml index 84d60f3e..02f3f08b 100644 --- a/charts/argo-workflows/crds/argoproj.io_workflowtaskresults.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml @@ -1,7 +1,15 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: workflowtaskresults.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -43,6 +51,29 @@ spec: type: object archiveLogs: type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object artifactory: properties: passwordSecret: @@ -50,12 +81,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic url: type: string usernameSecret: @@ -63,15 +96,47 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - url type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean from: type: string fromExpression: @@ -87,17 +152,21 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - key type: object git: properties: + branch: + type: string depth: format: int64 type: integer @@ -109,43 +178,53 @@ spec: type: array insecureIgnoreHostKey: type: boolean + insecureSkipTLS: + type: boolean passwordSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic repo: type: string revision: type: string + singleBranch: + type: boolean sshPrivateKeySecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic usernameSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - repo type: object @@ -157,6 +236,8 @@ spec: items: type: string type: array + dataTransferProtection: + type: string force: type: boolean hdfsUser: @@ -166,34 +247,40 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbConfigConfigMap: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbKeytabSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbRealm: type: string krbServicePrincipalName: @@ -207,6 +294,124 @@ spec: type: object http: properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object headers: items: properties: @@ -238,12 +443,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic bucket: type: string createBucketIfNotPresent: @@ -266,14 +473,18 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic securityToken: type: string + useSDKCreds: + type: boolean required: - key type: object @@ -295,14 +506,29 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic bucket: type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic createBucketIfNotPresent: properties: objectLocking: @@ -321,12 +547,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object endpoint: type: string @@ -343,12 +571,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic useSDKCreds: type: boolean type: object @@ -384,12 +627,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic default: type: string event: @@ -423,3 +668,4 @@ spec: type: object served: true storage: true +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_workflowtasksets.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtasksets.yaml similarity index 80% rename from charts/argo-workflows/crds/argoproj.io_workflowtasksets.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_workflowtasksets.yaml index 22cf52b1..74692941 100644 --- a/charts/argo-workflows/crds/argoproj.io_workflowtasksets.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtasksets.yaml @@ -1,7 +1,15 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: workflowtasksets.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -39,3 +47,4 @@ spec: storage: true subresources: status: {} +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtemplates.yaml similarity index 77% rename from charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_workflowtemplates.yaml index 8165ec25..810e6f51 100644 --- a/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtemplates.yaml @@ -1,7 +1,15 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: workflowtemplates.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -33,3 +41,4 @@ spec: type: object served: true storage: true +{{- end }} diff --git a/charts/argo-workflows/templates/extra-manifests.yaml b/charts/argo-workflows/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/charts/argo-workflows/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argo-workflows/templates/server/gke/backendconfig.yaml b/charts/argo-workflows/templates/server/gke/backendconfig.yaml new file mode 100644 index 00000000..0d439b62 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/backendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEbackendConfig.enabled }} +apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }} +kind: BackendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml new file mode 100644 index 00000000..32cfc3a1 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEfrontendConfig.enabled }} +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/managedCertificate.yaml b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml similarity index 67% rename from charts/argo-cd/templates/argocd-server/managedCertificate.yaml rename to charts/argo-workflows/templates/server/gke/managedcertificate.yaml index 81e1e710..4d1f840e 100644 --- a/charts/argo-cd/templates/argocd-server/managedCertificate.yaml +++ b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml @@ -2,7 +2,8 @@ apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} spec: domains: {{- with .Values.server.GKEmanagedCertificate.domains }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 66944647..f0953099 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -7,6 +7,9 @@ kind: ClusterRole {{- end }} metadata: name: {{ template "argo-workflows.server.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: @@ -23,14 +26,19 @@ rules: - "" resources: - pods - - pods/exec - - pods/log verbs: - get - list - watch - delete - {{- if .Values.server.sso }} +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list +{{- if .Values.server.sso.enabled }} - apiGroups: - "" resources: @@ -39,14 +47,13 @@ rules: - sso verbs: - get - - update - apiGroups: - "" resources: - secrets verbs: - create - {{- if .Values.server.sso.rbac }} + {{- if .Values.server.sso.rbac.enabled }} - apiGroups: - "" resources: @@ -55,21 +62,17 @@ rules: - get - list - watch - {{- end }} {{- end }} +{{- end }} - apiGroups: - "" resources: - secrets verbs: - get - - list - - watch -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} - {{- with .Values.server.sso.rbac.secretWhitelist }} +{{- if and .Values.server.sso.enabled .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.rbac.secretWhitelist }} resourceNames: {{- toYaml . | nindent 4 }} - {{- end }} {{- end }} {{- end }} - apiGroups: @@ -115,7 +118,7 @@ rules: - patch - delete -{{- if .Values.server.clusterWorkflowTemplates.enabled }} +{{- if and .Values.server.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index 6ac17aef..4ffb9107 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.server.enabled .Values.server.serviceAccount.create .Values.server.rbac.create -}} +{{- if and .Values.server.enabled .Values.server.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 {{- if .Values.singleNamespace }} kind: RoleBinding @@ -7,6 +7,9 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ template "argo-workflows.server.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: @@ -20,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.server.clusterWorkflowTemplates.enabled }} --- @@ -37,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end -}} {{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml new file mode 100644 index 00000000..142bc31b --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.server.enabled .Values.server.autoscaling.enabled }} +apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "argo-workflows.server.fullname" . }} + minReplicas: {{ .Values.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + metrics: + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ . }} + {{- else }} + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ . }} + {{- else }} + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml index 47be0dd1..47f8394d 100644 --- a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -1,8 +1,9 @@ {{- if and .Values.server.enabled .Values.server.pdb.enabled -}} -apiVersion: {{ include "argo-workflows.podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index f80ff838..b9a2541b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -3,15 +3,19 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | trunc 63 | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} {{- with .Values.server.deploymentAnnotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- if not .Values.server.autoscaling.enabled }} replicas: {{ .Values.server.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.server.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} @@ -19,7 +23,7 @@ spec: metadata: labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | trunc 63 | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} {{- with .Values.server.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -33,22 +37,42 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} containers: - name: argo-server - image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" + image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} securityContext: {{- toYaml .Values.server.securityContext | nindent 12 }} args: - server - - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap + - --configmap={{ template "argo-workflows.controller.config-map.name" . }} {{- with .Values.server.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} + {{- if .Values.server.authMode }} + - "--auth-mode={{ .Values.server.authMode }}" + {{- end }} + {{- range .Values.server.authModes }} + - "--auth-mode={{ . }}" + {{- end }} - "--secure={{ .Values.server.secure }}" {{- if .Values.singleNamespace }} - "--namespaced" {{- end }} + - "--loglevel" + - "{{ .Values.server.logging.level }}" + - "--gloglevel" + - "{{ .Values.server.logging.globallevel }}" + - "--log-format" + - "{{ .Values.server.logging.format }}" ports: - name: web containerPort: 2746 @@ -71,7 +95,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: BASE_HREF + - name: ARGO_BASE_HREF value: {{ .Values.server.baseHref | quote }} {{- with .Values.server.extraEnv }} {{- toYaml . | nindent 12 }} @@ -84,16 +108,23 @@ spec: {{- with .Values.server.volumeMounts }} {{- toYaml . | nindent 10}} {{- end }} + {{- with .Values.server.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.server.extraContainers }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} {{- with .Values.images.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: tmp - emptyDir: {} + {{- toYaml .Values.server.tmpVolume | nindent 8 }} {{- with .Values.server.volumes }} {{- toYaml . | nindent 6}} {{- end }} @@ -109,6 +140,17 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} {{- with .Values.server.priorityClassName }} priorityClassName: {{ . }} {{- end }} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index 969676e1..db69b012 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -14,6 +14,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- if .Values.server.ingress.labels }} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml index adcf7b48..d2c9c535 100644 --- a/charts/argo-workflows/templates/server/server-sa.yaml +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -3,6 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.server.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index 9161aaef..39c37792 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -3,9 +3,13 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | trunc 63 | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} + {{- with .Values.server.serviceLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} {{- with .Values.server.serviceAnnotations }} annotations: {{- toYaml . | nindent 4 }} @@ -24,11 +28,16 @@ spec: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.server.serviceType }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} + {{- if eq .Values.server.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} {{- end }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} + {{- with .Values.server.loadBalancerIP }} + loadBalancerIP: {{ . | quote }} + {{- end }} + {{- if .Values.server.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 5131be6b..0c044454 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -1,10 +1,21 @@ images: + # -- Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. + tag: "" # -- imagePullPolicy to apply to all containers pullPolicy: Always # -- Secrets with credentials to pull images from a private registry pullSecrets: [] # - name: argo-pull-secret +## Custom resource configuration +crds: + # -- Install and upgrade CRDs + install: true + # -- Keep CRDs on chart uninstall + keep: true + # -- Annotations to be added to all CRDs + annotations: {} + # -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles createAggregateRoles: true @@ -15,9 +26,25 @@ nameOverride: # -- String to fully override "argo-workflows.fullname" template fullnameOverride: +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" + +# -- Labels to set on all resources +commonLabels: {} + # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" +# Override APIVersions +apiVersionOverrides: + # -- String to override apiVersion of autoscaling rendered by this helm chart + autoscaling: "" # autoscaling/v2 + # -- String to override apiVersion of GKE resources rendered by this helm chart + cloudgoogle: "" # cloud.google.com/v1 + # -- String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart + monitoring: "" # monitoring.coreos.com/v1 + # -- Restrict Argo to operate only in a single namespace (the namespace of the # Helm release) by apply Roles and RoleBindings instead of the Cluster # equivalents, and start workflow-controller with the --namespaced flag. Use it @@ -30,14 +57,26 @@ workflow: serviceAccount: # -- Specifies whether a service account should be created create: false + # -- Labels applied to created service account + labels: {} # -- Annotations applied to created service account annotations: {} # -- Service account which is used to run workflows name: "argo-workflow" + # -- Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` + pullSecrets: [] rbac: # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) create: true + # -- Allows permissions for the Argo Agent. Only required if using http/plugin templates + agentPermissions: false + # -- Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc + artifactGC: false + # -- Extra service accounts to be added to the RoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace controller: image: @@ -45,7 +84,7 @@ controller: registry: quay.io # -- Registry to use for the controller repository: argoproj/workflow-controller - # -- Overrides the image tag whose default is the chart appVersion. + # -- Image tag for the workflow controller. Defaults to `.Values.images.tag`. tag: "" # -- parallelism dictates how many workflows can be running at the same time parallelism: @@ -59,6 +98,20 @@ controller: rbac: # -- Adds Role and RoleBinding for the controller. create: true + # -- Allows controller to get, list, and watch certain k8s secrets + secretWhitelist: [] + # -- Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. + accessAllSecrets: false + # -- Allows controller to create and update ConfigMaps. Enables memoization feature + writeConfigMaps: false + + configMap: + # -- Create a ConfigMap for the controller + create: true + # -- ConfigMap name + name: "" + # -- ConfigMap annotations + annotations: {} # -- Limits the maximum number of incomplete workflows in a namespace namespaceParallelism: @@ -78,14 +131,36 @@ controller: enabled: false # -- Path is the path where metrics are emitted. Must start with a "/". path: /metrics + # -- Frequency at which prometheus scrapes metrics + interval: 30s # -- Port is the port where metrics are emitted port: 9090 + # -- How often custom metrics are cleared from memory + metricsTTL: "" + # -- Flag that instructs prometheus to ignore metric emission errors. + ignoreErrors: false + # -- Flag that use a self-signed cert for TLS + secure: false # -- Container metrics port name portName: metrics # -- Service metrics port servicePort: 8080 # -- Service metrics port name servicePortName: metrics + # -- Flag to enable headless service + headlessService: false + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#honorlabels + honorLabels: false + # -- ServiceMonitor relabel configs to apply to samples before scraping + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + relabelings: [] + # -- ServiceMonitor metric relabel configs to apply to samples before ingestion + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint + metricRelabelings: [] + # -- ServiceMonitor will add labels from the service to the Prometheus metric + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec + targetLabels: [] # -- the controller container's securityContext securityContext: readOnlyRootFilesystem: true @@ -94,7 +169,8 @@ controller: capabilities: drop: - ALL - # -- enable persistence using postgres + # -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. + ## Ref: https://argo-workflows.readthedocs.io/en/stable/workflow-archive/ persistence: {} # connectionPool: # maxIdleConns: 100 @@ -115,17 +191,43 @@ controller: # passwordSecret: # name: argo-postgres-config # key: password + # ssl: true + # # sslMode must be one of: disable, require, verify-ca, verify-full + # # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq + # sslMode: require + # mysql: + # host: localhost + # port: 3306 + # database: argo + # tableName: argo_workflows + # userNameSecret: + # name: argo-mysql-config + # key: username + # passwordSecret: + # name: argo-mysql-config + # key: password # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. # Only valid for 2.7+ - ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/ + ## See more: https://argo-workflows.readthedocs.io/en/stable/default-workflow-specs/ workflowDefaults: {} - # spec: - # ttlStrategy: - # secondsAfterCompletion: 84600 + # spec: + # ttlStrategy: + # secondsAfterCompletion: 86400 + # # Ref: https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/ + # artifactRepositoryRef: + # configMap: my-artifact-repository # default is "artifact-repositories" + # key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map. # -- Number of workflow workers workflowWorkers: # 32 + # -- Number of workflow TTL workers + workflowTTLWorkers: # 4 + # -- Number of pod cleanup workers + podCleanupWorkers: # 4 + # -- Number of cron workflow workers + # Only valid for 3.5+ + cronWorkflowWorkers: # 8 # -- Restricts the Workflows that the controller will process. # Only valid for 2.9+ workflowRestrictions: {} @@ -138,8 +240,16 @@ controller: enabled: false # -- telemetry path path: /telemetry + # -- Frequency at which prometheus scrapes telemetry data + interval: 30s # -- telemetry container port port: 8081 + # -- How often custom metrics are cleared from memory + metricsTTL: "" + # -- Flag that instructs prometheus to ignore metric emission errors. + ignoreErrors: false + # -- Flag that use a self-signed cert for TLS + secure: false # -- telemetry service port servicePort: 8081 # -- telemetry service port name @@ -156,6 +266,8 @@ controller: create: true # -- Service account name name: "" + # -- Labels applied to created service account + labels: {} # -- Annotations applied to created service account annotations: {} @@ -168,15 +280,6 @@ controller: workflowNamespaces: - default - # -- Specifies the container runtime interface to use (one of: `docker`, `kubelet`, `k8sapi`, `pns`, `emissary`) - ## Ref: https://argoproj.github.io/argo-workflows/workflow-executors/ - containerRuntimeExecutor: emissary - # -- Specifies the executor to use. This has precedence over `controller.containerRuntimeExecutor`. - containerRuntimeExecutors: [] - # - name: emissary - # selector: - # matchLabels: - # workflows.argoproj.io/container-runtime-executor: emissary instanceID: # -- Configures the controller to filter workflow submissions # to only those which have a matching instanceID attribute. @@ -196,6 +299,8 @@ controller: level: info # -- Set the glog logging level globallevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" # -- Service type of the controller Service serviceType: ClusterIP @@ -203,6 +308,8 @@ controller: serviceAnnotations: {} # -- Optional labels to add to the controller Service serviceLabels: {} + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` loadBalancerSourceRanges: [] @@ -233,6 +340,8 @@ controller: volumes: [] # -- The number of controller pods to run replicas: 1 + # -- The number of revisions to keep. + revisionHistoryLimit: 10 pdb: # -- Configure [Pod Disruption Budget] for the controller pods @@ -247,21 +356,92 @@ controller: tolerations: [] # -- Assign custom [affinity] rules affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the workflow controller + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # -- Leverage a PriorityClass to ensure your pods survive resource shortages. ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ priorityClassName: "" # -- Configure Argo Server to show custom [links] - ## Ref: https://argoproj.github.io/argo-workflows/links/ + ## Ref: https://argo-workflows.readthedocs.io/en/stable/links/ links: [] + # -- Configure Argo Server to show custom [columns] + ## Ref: https://github.com/argoproj/argo-workflows/pull/10693 + columns: [] # -- Set ui navigation bar background color navColor: "" clusterWorkflowTemplates: # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. enabled: true + # -- Extra service accounts to be added to the ClusterRoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace # -- Extra containers to be added to the controller deployment extraContainers: [] + # -- Enables init containers to be added to the controller deployment + extraInitContainers: [] + + # -- Workflow retention by number of workflows + retentionPolicy: {} + # completed: 10 + # failed: 3 + # errored: 3 + + nodeEvents: + # -- Enable to emit events on node completion. + ## This can take up a lot of space in k8s (typically etcd) resulting in errors when trying to create new events: + ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" + enabled: true + + workflowEvents: + # -- Enable to emit events on workflow status changes. + ## This can take up a lot of space in k8s (typically etcd), resulting in errors when trying to create new events: + ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" + enabled: true + + # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads, + # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. + # @default -- `{}` (See [values.yaml]) + kubeConfig: {} + # # name of the kubeconfig secret, may not be empty when kubeConfig specified + # secretName: kubeconfig-secret + # # key of the kubeconfig secret, may not be empty when kubeConfig specified + # secretKey: kubeconfig + # # mounting path of the kubeconfig secret, default to /kube/config + # mountPath: /kubeconfig/mount/path + # # volume name when mounting the secret, default to kubeconfig + # volumeName: kube-config-volume + + # -- Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. + # @default -- `30` seconds (Kubernetes default) + podGCGracePeriodSeconds: + + # -- The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. + # @default -- `5s` (Argo Workflows default) + podGCDeleteDelayDuration: "" + +# mainContainer adds default config for main container that could be overriden in workflows template +mainContainer: + # -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`. + imagePullPolicy: "" + # -- Resource limits and requests for the Workflow main container + resources: {} + # -- Adds environment variables for the Workflow main container + env: [] + # -- Adds reference environment variables for the Workflow main container + envFrom: [] + # -- sets security context for the Workflow main container + securityContext: {} + # executor controls how the init and wait container should be customized executor: image: @@ -269,12 +449,16 @@ executor: registry: quay.io # -- Repository to use for the Workflow Executors repository: argoproj/argoexec - # -- Overrides the image tag whose default is the chart appVersion. + # -- Image tag for the workflow executor. Defaults to `.Values.images.tag`. tag: "" + # -- Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`. + pullPolicy: "" # -- Resource limits and requests for the Workflow Executors resources: {} + # -- Passes arguments to the executor processes + args: [] # -- Adds environment variables for the executor. - env: {} + env: [] # -- sets security context for the executor container securityContext: {} @@ -291,7 +475,7 @@ server: registry: quay.io # -- Repository to use for the server repository: argoproj/argocli - # -- Overrides the image tag whose default is the chart appVersion. + # -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. tag: "" # -- optional map of annotations to be applied to the ui Deployment deploymentAnnotations: {} @@ -323,11 +507,19 @@ server: # -- Service port name servicePortName: "" # http + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files + hostAliases: [] + # - ip: 10.20.30.40 + # hostnames: + # - git.myhostname + serviceAccount: # -- Create a service account for the server create: true # -- Service account name name: "" + # -- Labels applied to created service account + labels: {} # -- Annotations applied to created service account annotations: {} @@ -335,6 +527,8 @@ server: serviceAnnotations: {} # -- Optional labels to add to the UI Service serviceLabels: {} + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- Static IP address to assign to loadBalancer service type `LoadBalancer` loadBalancerIP: "" # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` @@ -343,6 +537,34 @@ server: resources: {} # -- The number of server pods to run replicas: 1 + # -- The number of revisions to keep. + revisionHistoryLimit: 10 + ## Argo Server Horizontal Pod Autoscaler + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server + enabled: false + # -- Minimum number of replicas for the Argo Server [HPA] + minReplicas: 1 + # -- Maximum number of replicas for the Argo Server [HPA] + maxReplicas: 5 + # -- Average CPU utilization percentage for the Argo Server [HPA] + targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the Argo Server [HPA] + targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 pdb: # -- Configure [Pod Disruption Budget] for the server pods enabled: false @@ -359,13 +581,21 @@ server: # -- Assign custom [affinity] rules affinity: {} + # -- Assign custom [TopologySpreadConstraints] rules to the argo server + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # -- Leverage a PriorityClass to ensure your pods survive resource shortages ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ priorityClassName: "" # -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. ## See the following documentation for more details on secure mode: - ## https://argoproj.github.io/argo-workflows/tls/ + ## https://argo-workflows.readthedocs.io/en/stable/tls/ secure: false # -- Extra environment variables to provide to the argo-server container @@ -373,22 +603,35 @@ server: # - name: FOO # value: "bar" - # -- Extra arguments to provide to the Argo server binary, such as for disabling authentication. - extraArgs: [] - # If you want to disable authentication for purposes such as: - # - local dev-mode without authentication - # - gateway authentication through some other service such as KeyCloak - # uncomment the lines below and comment out the default empty list `extraArgs: []` above: - # extraArgs: - # - --auth-mode=server + # -- Deprecated; use server.authModes instead. + authMode: "" + # -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. + ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ + authModes: [] + + # -- Extra arguments to provide to the Argo server binary. + ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server/#options + extraArgs: [] + + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the glog logging level + globallevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" + + # -- Volume to be mounted in Pods for temporary files. + tmpVolume: + emptyDir: {} # -- Additional volume mounts to the server main container. volumeMounts: [] # -- Additional volumes to the server pod. volumes: [] ## Ingress configuration. - # ref: https://kubernetes.io/docs/user-guide/ingress/ + # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: # -- Enable an ingress resource enabled: false @@ -432,47 +675,133 @@ server: # hosts: # - argoworkflows.example.com + ## Create a Google Backendconfig for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters + GKEbackendConfig: + # -- Enable BackendConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [BackendConfigSpec] + spec: {} + # spec: + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argoworkflows-secret + + ## Create a Google Managed Certificate for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + GKEmanagedCertificate: + # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. + enabled: false + # -- Domains for the Google Managed Certificate + domains: + - argoworkflows.example.com + + ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + GKEfrontendConfig: + # -- Enable FrontConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [FrontendConfigSpec] + spec: {} + # spec: + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + clusterWorkflowTemplates: # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. enabled: true # -- Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true - # -- SSO configuration when SSO is specified as a server auth mode. - sso: {} - ## All the values are required. SSO is activated by adding --auth-mode=sso - ## to the server command line. - # - ## The root URL of the OIDC identity provider. - # issuer: https://accounts.google.com - ## Name of a secret and a key in it to retrieve the app OIDC client ID from. - # clientId: - # name: argo-server-sso - # key: client-id - ## Name of a secret and a key in it to retrieve the app OIDC client secret from. - # clientSecret: - # name: argo-server-sso - # key: client-secret - ## The OIDC redirect URL. Should be in the form /oauth2/callback. - # redirectUrl: https://argo/oauth2/callback - # rbac: - # enabled: true + # SSO configuration when SSO is specified as a server auth mode. + sso: + # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authModes` as `sso`. + enabled: false + # -- The root URL of the OIDC identity provider + issuer: https://accounts.google.com + clientId: + # -- Name of secret to retrieve the app OIDC client ID + name: argo-server-sso + # -- Key of secret to retrieve the app OIDC client ID + key: client-id + clientSecret: + # -- Name of a secret to retrieve the app OIDC client secret + name: argo-server-sso + # -- Key of a secret to retrieve the app OIDC client secret + key: client-secret + # -- The OIDC redirect URL. Should be in the form /oauth2/callback. + redirectUrl: "" + rbac: + # -- Adds ServiceAccount Policy to server (Cluster)Role. + enabled: true + # -- Whitelist to allow server to fetch Secrets ## When present, restricts secrets the server can read to a given list. ## You can use it to restrict the server to only be able to access the ## service account token secrets that are associated with service accounts ## used for authorization. - # secretWhitelist: [] - ## Scopes requested from the SSO ID provider. The 'groups' scope requests - ## group membership information, which is usually used for authorization - ## decisions. - # scopes: - # - groups + secretWhitelist: [] + # -- Scopes requested from the SSO ID provider + ## The 'groups' scope requests group membership information, which is usually used for authorization decisions. + scopes: [] + # - groups + # -- Define how long your login is valid for (in hours) + ## If omitted, defaults to 10h. + sessionExpiry: "" + # -- Alternate root URLs that can be included for some OIDC providers + issuerAlias: "" + # -- Override claim name for OIDC groups + customGroupClaimName: "" + # -- Specify the user info endpoint that contains the groups claim + ## Configure this if your OIDC provider provides groups information only using the user-info endpoint (e.g. Okta) + userInfoPath: "" + # -- Skip TLS verification for the HTTP client + insecureSkipVerify: false + # -- Filter the groups returned by the OIDC provider + ## A logical "OR" is used between each regex in the list + filterGroupsRegex: [] + # - ".*argo-wf.*" + # - ".*argo-workflow.*" # -- Extra containers to be added to the server deployment extraContainers: [] -# -- Influences the creation of the ConfigMap for the workflow-controller itself. -useDefaultArtifactRepo: false + # -- Enables init containers to be added to the server deployment + extraInitContainers: [] + + # -- Specify postStart and preStop lifecycle hooks for server container + lifecycle: {} + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + +# -- Array of extra K8s manifests to deploy +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argo-server-sso + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argo/server/sso" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argo-server-sso-secrets-store + # type: Opaque + # -- Use static credentials for S3 (eg. when not using AWS IRSA) useStaticCredentials: true artifactRepository: @@ -480,36 +809,135 @@ artifactRepository: archiveLogs: false # -- Store artifact in a S3-compliant object store # @default -- See [values.yaml] - s3: - # Note the `key` attribute is not the actual secret, it's the PATH to - # the contents in the associated secret, as defined by the `name` attribute. - accessKeySecret: - # name: -minio - key: accesskey - secretKeySecret: - # name: -minio - key: secretkey - insecure: true + s3: {} + # # Note the `key` attribute is not the actual secret, it's the PATH to + # # the contents in the associated secret, as defined by the `name` attribute. + # accessKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: accesskey + # secretKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: secretkey + # sessionTokenSecret: + # name: "{{ .Release.Name }}-minio" + # key: sessionToken + # # insecure will disable TLS. Primarily used for minio installs not configured with TLS + # insecure: false + # caSecret: + # name: ca-root + # key: cert.pem # bucket: # endpoint: # region: # roleARN: # useSDKCreds: true # encryptionOptions: - # enableEncryption: true + # enableEncryption: true # -- Store artifact in a GCS object store # @default -- `{}` (See [values.yaml]) gcs: {} - # bucket: -argo - # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}" - # serviceAccountKeySecret is a secret selector. - # It references the k8s secret named 'my-gcs-credentials'. - # This secret is expected to have have the key 'serviceAccountKey', - # containing the base64 encoded credentials - # to the bucket. - # - # If it's running on GKE and Workload Identity is used, - # serviceAccountKeySecret is not needed. - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey + # bucket: -argo + # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" + # # serviceAccountKeySecret is a secret selector. + # # It references the k8s secret named 'my-gcs-credentials'. + # # This secret is expected to have have the key 'serviceAccountKey', + # # containing the base64 encoded credentials + # # to the bucket. + # # + # # If it's running on GKE and Workload Identity is used, + # # serviceAccountKeySecret is not needed. + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey + # -- Store artifact in Azure Blob Storage + # @default -- `{}` (See [values.yaml]) + azure: {} + # endpoint: https://mystorageaccountname.blob.core.windows.net + # container: my-container-name + # blobNameFormat: path/in/container + # # accountKeySecret is a secret selector. + # # It references the k8s secret named 'my-azure-storage-credentials'. + # # This secret is expected to have have the key 'account-access-key', + # # containing the base64 encoded credentials to the storage account. + # # If a managed identity has been assigned to the machines running the + # # workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity) + # # then accountKeySecret is not needed, and useSDKCreds should be + # # set to true instead: + # useSDKCreds: true + # accountKeySecret: + # name: my-azure-storage-credentials + # key: account-access-key + +# -- The section of custom artifact repository. +# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) +customArtifactRepository: {} +# artifactory: +# repoUrl: https://artifactory.example.com/raw +# usernameSecret: +# name: artifactory-creds +# key: username +# passwordSecret: +# name: artifactory-creds +# key: password + +# -- The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). +# Each map key is the name of configmap +# @default -- `{}` (See [values.yaml]) +artifactRepositoryRef: {} + # # -- 1st ConfigMap + # # If you want to use this config map by default, name it "artifact-repositories". + # # Otherwise, you can provide a reference to a + # # different config map in `artifactRepositoryRef.configMap`. + # artifact-repositories: + # # -- v3.0 and after - if you want to use a specific key, put that key into this annotation. + # annotations: + # workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # # 1st data of configmap. See above artifactRepository or customArtifactRepository. + # default-v1-s3-artifact-repository: + # archiveLogs: false + # s3: + # bucket: my-bucket + # endpoint: minio:9000 + # insecure: true + # accessKeySecret: + # name: my-minio-cred + # key: accesskey + # secretKeySecret: + # name: my-minio-cred + # key: secretkey + # # 2nd data + # oss-artifact-repository: + # archiveLogs: false + # oss: + # endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + # bucket: $mybucket + # # accessKeySecret and secretKeySecret are secret selectors. + # # It references the k8s secret named 'bucket-workflow-artifect-credentials'. + # # This secret is expected to have have the keys 'accessKey' + # # and 'secretKey', containing the base64 encoded credentials + # # to the bucket. + # accessKeySecret: + # name: $mybucket-credentials + # key: accessKey + # secretKeySecret: + # name: $mybucket-credentials + # key: secretKey + # # 2nd ConfigMap + # another-artifact-repositories: + # annotations: + # workflows.argoproj.io/default-artifact-repository: gcs + # gcs: + # bucket: my-bucket + # keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey + +emissary: + # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. + ## See more: https://argo-workflows.readthedocs.io/en/stable/workflow-executors/#emissary-emissary + images: [] + # argoproj/argosay:v2: + # cmd: [/argosay] + # docker/whalesay:latest: + # cmd: [/bin/bash] diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml new file mode 100644 index 00000000..c4433fa4 --- /dev/null +++ b/charts/argocd-apps/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: argocd-apps +description: A Helm chart for managing additional Argo CD Applications and Projects +type: application +version: 2.0.2 +home: https://github.com/argoproj/argo-helm +icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png +keywords: + - argoproj + - argocd + - gitops +maintainers: + - name: argoproj + url: https://argoproj.github.io/ +annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + artifacthub.io/changes: | + - kind: added + description: allow setting applicationset finalizers diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md new file mode 100644 index 00000000..447df733 --- /dev/null +++ b/charts/argocd-apps/README.md @@ -0,0 +1,40 @@ +# argocd-apps + +A Helm chart for managing additional Argo CD Applications and Projects + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Prerequisites + +- Helm v3.0.0+ +- CRDs (Application and AppProject) + - You need to install them via [argo-cd Helm chart](../argo-cd) or upstream. + +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. + +## Installation + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +$ helm install my-release argo/argocd-apps +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| applications | object | `{}` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | +| applicationsets | object | `{}` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | +| extensions | object | `{}` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | +| itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | +| projects | object | `{}` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[changelog]: https://artifacthub.io/packages/helm/argo/argocd-apps?modal=changelog diff --git a/charts/argocd-apps/README.md.gotmpl b/charts/argocd-apps/README.md.gotmpl new file mode 100644 index 00000000..e8cb1c17 --- /dev/null +++ b/charts/argocd-apps/README.md.gotmpl @@ -0,0 +1,32 @@ +{{ template "chart.header" . }} + +{{ template "chart.description" . }} + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Prerequisites + +- Helm v3.0.0+ +- CRDs (Application and AppProject) + - You need to install them via [argo-cd Helm chart](../argo-cd) or upstream. + +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. + +## Installation + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +$ helm install my-release argo/argocd-apps +``` + +{{ template "chart.valuesSection" . }} + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[changelog]: https://artifacthub.io/packages/helm/argo/argocd-apps?modal=changelog diff --git a/charts/argocd-apps/ci/applications-multiple-sources-values.yaml b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml new file mode 100644 index 00000000..f1023424 --- /dev/null +++ b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml @@ -0,0 +1,28 @@ +# Test with multi-source applications + +applications: + argocd-application-multiple-sources: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas diff --git a/charts/argocd-apps/ci/applications-values.yaml b/charts/argocd-apps/ci/applications-values.yaml new file mode 100644 index 00000000..4f742748 --- /dev/null +++ b/charts/argocd-apps/ci/applications-values.yaml @@ -0,0 +1,33 @@ +# Test with applications + +applications: + argocd-application: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + syncOptions: + - ApplyOutOfSyncOnly=true + revisionHistoryLimit: null + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ diff --git a/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml new file mode 100644 index 00000000..d8fe500c --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml @@ -0,0 +1,24 @@ +# Test with multi-source applicationsets + +applicationsets: + applicationset-multiple-sources: + generators: + - list: + elements: + - cluster: default-cluster + url: https://kubernetes.default.svc + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: '{{url}}' + namespace: default diff --git a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml new file mode 100644 index 00000000..a225e7c5 --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml @@ -0,0 +1,41 @@ +# Test applicationsets with Progressive Syncs + +applicationsets: + applicationset-progressive-syncs: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + env: env-dev + - cluster: engineering-prod + url: https://9.8.7.6/ + env: env-prod + strategy: + type: RollingSync + rollingSync: + steps: + - matchExpressions: + - key: envLabel + operator: In + values: + - env-dev + - matchExpressions: + - key: envLabel + operator: In + values: + - env-prod + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + envLabel: '{{.env}}' + spec: + project: my-project + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml new file mode 100644 index 00000000..394e2c88 --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -0,0 +1,92 @@ +# Test with applicationsets + +applicationsets: + applicationset: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + # See PR #10026 (ArgoCD v2.5 or later) + # goTemplate: false + generators: + - git: + repoURL: https://github.com/argoproj/argocd-example-apps.git + revision: HEAD + directories: + - path: guestbook + - path: kustomize-* + # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync + ignoreApplicationDifferences: + - jsonPointers: + - /spec/syncPolicy + template: + metadata: + name: '{{path.basename}}' + labels: {} + annotations: {} + spec: + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: '{{path}}' + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ + syncPolicy: + # Set Application finalizer + preserveResourcesOnDeletion: false + templatePatch: | + spec: + source: + helm: + valueFiles: + {{- range $valueFile := .valueFiles }} + - {{ $valueFile }} + {{- end }} + {{- if .autoSync }} + syncPolicy: + automated: + prune: {{ .prune }} + {{- end }} + applicationset-list-generator: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + template: + metadata: {} + spec: + project: '{{cluster}}' + source: + targetRevision: HEAD + repoURL: https://github.com/argoproj/argo-cd.git + # New path value is generated here: + path: 'applicationset/examples/template-override/{{cluster}}-override' + destination: {} + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: '{{cluster}}' + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + # This 'default' value is not used: it is is replaced by the generator's template path, above + path: applicationset/examples/template-override/default + destination: + server: '{{url}}' + namespace: guestbook diff --git a/charts/argocd-apps/ci/default-values.yaml b/charts/argocd-apps/ci/default-values.yaml new file mode 100644 index 00000000..507f1e54 --- /dev/null +++ b/charts/argocd-apps/ci/default-values.yaml @@ -0,0 +1 @@ +# Test with default values diff --git a/charts/argocd-apps/ci/item-templates.yaml b/charts/argocd-apps/ci/item-templates.yaml new file mode 100644 index 00000000..8a08c684 --- /dev/null +++ b/charts/argocd-apps/ci/item-templates.yaml @@ -0,0 +1,61 @@ +itemTemplates: + - items: + - name: my-appset + generators: &generators + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: "{{ .name }}" + spec: + generators: *generators + template: + metadata: + name: "{{`{{cluster}}`}}-guestbook" + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: "{{`{{cluster}}`}}" + namespace: guestbook + - items: + - name: my-appset + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: |- + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: {{ .name }} + spec: + generators: {{ toYaml .generators | nindent 4 }} + template: + metadata: + name: '{{`{{cluster}}`}}-guestbook' + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: '{{`{{cluster}}`}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml new file mode 100644 index 00000000..b26b6684 --- /dev/null +++ b/charts/argocd-apps/templates/applications.yaml @@ -0,0 +1,51 @@ +{{- range $appName, $appData:= .Values.applications }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + {{- with $appData.additionalAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with $appData.additionalLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ $appName }} + {{- with $appData.namespace }} + namespace: {{ . }} + {{- end }} + {{- with $appData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + project: {{ tpl $appData.project $ }} + {{- with $appData.source }} + source: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appData.sources }} + sources: + {{- toYaml . | nindent 4 }} + {{- end }} + destination: + {{- toYaml $appData.destination | nindent 4 }} + {{- with $appData.syncPolicy }} + syncPolicy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appData.revisionHistoryLimit }} + revisionHistoryLimit: {{ . }} + {{- end }} + {{- with $appData.ignoreDifferences }} + ignoreDifferences: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appData.info }} + info: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml new file mode 100644 index 00000000..606d6078 --- /dev/null +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -0,0 +1,94 @@ +{{- range $appSetName, $appSetData:= .Values.applicationsets }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + {{- with $appSetData.additionalAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with $appSetData.additionalLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ $appSetName }} + {{- with $appSetData.namespace }} + namespace: {{ . }} + {{- end }} + {{- with $appSetData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if hasKey $appSetData "goTemplate" }} + goTemplate: {{ $appSetData.goTemplate }} + {{- end }} + {{- with $appSetData.generators }} + generators: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appSetData.ignoreApplicationDifferences }} + ignoreApplicationDifferences: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appSetData.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appSetData.syncPolicy }} + syncPolicy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appSetData.template }} + template: + {{- with .metadata }} + metadata: + {{- with .annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | squote }} + {{- end }} + {{- end }} + {{- with .labels }} + labels: + {{- toYaml . | nindent 8 }} + {{- end }} + name: {{ .name | squote }} + {{- with .namespace }} + namespace: {{ . | squote }} + {{- end }} + {{- end }} + {{- with .spec }} + spec: + project: {{ .project | squote }} + {{- with .source }} + source: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .sources }} + sources: + {{- toYaml . | nindent 8 }} + {{- end }} + destination: + {{- toYaml .destination | nindent 8 }} + {{- with .syncPolicy }} + syncPolicy: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .ignoreDifferences }} + ignoreDifferences: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .info }} + info: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end -}} + {{- end }} + {{- with $appSetData.templatePatch }} + templatePatch: | + {{- . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argocd-apps/templates/extensions.yaml b/charts/argocd-apps/templates/extensions.yaml new file mode 100644 index 00000000..8a19e3a5 --- /dev/null +++ b/charts/argocd-apps/templates/extensions.yaml @@ -0,0 +1,27 @@ +{{- range $extensionName, $extensionData:= .Values.extensions }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: ArgoCDExtension +metadata: + name: {{ $extensionName }} + {{- with $extensionData.namespace }} + namespace: {{ . }} + {{- end }} + finalizers: + - extensions-finalizer.argocd.argoproj.io + {{- with $extensionData.additionalLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $extensionData.additionalAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- with $extensionData.sources }} +spec: + sources: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/argocd-apps/templates/item-templates.yaml b/charts/argocd-apps/templates/item-templates.yaml new file mode 100644 index 00000000..a209cc2a --- /dev/null +++ b/charts/argocd-apps/templates/item-templates.yaml @@ -0,0 +1,15 @@ +{{- range .Values.itemTemplates }} +{{- if kindIs "string" .template }} +{{- $template := .template -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- else }} +{{- $template := .template | toYaml -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml new file mode 100644 index 00000000..d6032636 --- /dev/null +++ b/charts/argocd-apps/templates/projects.yaml @@ -0,0 +1,75 @@ +{{- range $projectName, $projectData := .Values.projects }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + {{- with $projectData.additionalAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with $projectData.additionalLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ $projectName }} + {{- with $projectData.namespace }} + namespace: {{ . }} + {{- end }} + {{- with $projectData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with $projectData.permitOnlyProjectScopedClusters }} + permitOnlyProjectScopedClusters: {{ . }} + {{- end }} + {{- with $projectData.description }} + description: {{ . }} + {{- end }} + {{- with $projectData.sourceRepos }} + sourceRepos: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.destinations }} + destinations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.clusterResourceWhitelist }} + clusterResourceWhitelist: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.clusterResourceBlacklist }} + clusterResourceBlacklist: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.namespaceResourceBlacklist }} + namespaceResourceBlacklist: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.namespaceResourceWhitelist }} + namespaceResourceWhitelist: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.orphanedResources }} + orphanedResources: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.roles }} + roles: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.syncWindows }} + syncWindows: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.signatureKeys }} + signatureKeys: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.sourceNamespaces }} + sourceNamespaces: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml new file mode 100644 index 00000000..127dc6a9 --- /dev/null +++ b/charts/argocd-apps/values.yaml @@ -0,0 +1,255 @@ +# -- Deploy Argo CD Applications within this helm release +# @default -- `{}` (See [values.yaml]) +## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ +applications: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# project: guestbook +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: guestbook +# directory: +# recurse: true +# # ArgoCD v2.6 or later +# sources: +# - chart: elasticsearch +# repoURL: https://helm.elastic.co +# targetRevision: 8.5.1 +# - repoURL: https://github.com/argoproj/argocd-example-apps.git +# path: guestbook +# targetRevision: HEAD +# destination: +# server: https://kubernetes.default.svc +# namespace: guestbook +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# syncOptions: +# - CreateNamespace=true +# revisionHistoryLimit: null +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ + +# -- Deploy Argo CD Projects within this helm release +# @default -- `{}` (See [values.yaml]) +## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ +projects: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# permitOnlyProjectScopedClusters: false +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# description: Example Project +# sourceRepos: +# - '*' +# destinations: +# - namespace: guestbook +# server: https://kubernetes.default.svc +# clusterResourceWhitelist: [] +# clusterResourceBlacklist: [] +# namespaceResourceBlacklist: +# - group: '' +# kind: ResourceQuota +# - group: '' +# kind: LimitRange +# - group: '' +# kind: NetworkPolicy +# orphanedResources: {} +# roles: [] +# namespaceResourceWhitelist: +# - group: 'apps' +# kind: Deployment +# - group: 'apps' +# kind: StatefulSet +# orphanedResources: {} +# roles: [] +# syncWindows: +# - kind: allow +# schedule: '10 1 * * *' +# duration: 1h +# applications: +# - '*-prod' +# manualSync: true +# signatureKeys: +# - keyID: ABCDEF1234567890 +# sourceNamespaces: +# - argocd + +# -- Deploy Argo CD ApplicationSets within this helm release +# @default -- `{}` (See [values.yaml]) +## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ +applicationsets: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# # See PR #10026 (ArgoCD v2.5 or later) +# # goTemplate: false +# generators: +# - git: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# revision: HEAD +# directories: +# - path: guestbook +# - path: kustomize-* +# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync +# ignoreApplicationDifferences: +# - jsonPointers: +# - /spec/syncPolicy +# # Progressive Syncs is an experimental feature and it must be explicitly enabled +# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs +# strategy: +# type: RollingSync +# rollingSync: +# steps: +# - matchExpressions: +# - key: project +# operator: In +# values: +# - guestbook +# - matchExpressions: +# - key: project +# operator: In +# values: +# - kustomize-foo +# - kustomize-bar +# template: +# metadata: +# name: '{{path.basename}}' +# labels: +# project: '{{path.basename}}' +# annotations: {} +# spec: +# project: default +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: '{{path}}' +# destination: +# server: https://kubernetes.default.svc +# namespace: default +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ +# syncPolicy: +# # Set Application finalizer +# preserveResourcesOnDeletion: false +# # Templating is only available on string type +# templatePatch: | +# spec: +# source: +# helm: +# valueFiles: +# {{- range $valueFile := .valueFiles }} +# - {{ $valueFile }} +# {{- end }} +# {{- if .autoSync }} +# syncPolicy: +# automated: +# prune: {{ .prune }} +# {{- end }} + +# -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release +# @default -- `[]` (See [values.yaml]) +## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ +itemTemplates: [] +# - items: +# - name: my-appset +# generators: &generators +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: "{{ .name }}" +# spec: +# generators: *generators +# template: +# metadata: +# name: "{{`{{cluster}}`}}-guestbook" +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: "{{`{{cluster}}`}}" +# namespace: guestbook +# - items: +# - name: my-appset +# generators: +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: |- +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: {{ .name }} +# spec: +# generators: {{ toYaml .generators | nindent 4 }} +# template: +# metadata: +# name: '{{`{{cluster}}`}}-guestbook' +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: '{{`{{cluster}}`}}' +# namespace: guestbook + +# -- DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. +# @default -- `{}` (See [values.yaml]) +## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. +## Ref: https://github.com/argoproj-labs/argocd-extensions +extensions: {} +# example: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# sources: +# - git: +# url: https://github.com/argoproj-labs/argocd-example-extension.git +# - web: +# url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index a5b2ecd7..02438363 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.8.0 -appVersion: v0.12.0 +version: 0.12.0 +appVersion: v0.15.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -14,5 +14,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - "[Changed]: Update to argocd-image-updater v0.12" + - kind: changed + description: ConfigMap and Secret names are now configurable diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 7d80daac..d77ee710 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm helm install argocd-image-updater argo/argocd-image-updater ``` -You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). +You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart). ## Prerequisites @@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc ## Configuration options -In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). +In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page]. -All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance: ```yaml config: @@ -35,12 +35,12 @@ config: plaintext: true ``` -Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. +Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so. -### ArgoCD API key +### Argo CD API key If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation. -Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/). +Please also read [Configuration of Container Registries]. ```yaml config: @@ -52,7 +52,7 @@ If you specify a token value the secret will be created. ### Registries -ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): +Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]): - Docker Hub - Google Container Registry @@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in - GitHub Container Registry - GitHub Docker Packages -If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. +If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. @@ -70,27 +70,38 @@ The `config.registries` value can be used exactly as it looks in the documentati |-----|------|---------|-------------| | affinity | object | `{}` | Kubernetes affinity settings for the deployment | | authScripts.enabled | bool | `false` | Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` | +| authScripts.name | string | `"argocd-image-updater-authscripts"` | Name of the authentication scripts ConfigMap | | authScripts.scripts | object | `{}` | Map of key-value pairs where the key consists of the name of the script and the value the contents | | config.applicationsAPIKind | string | `""` | API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) | | config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | | config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. | -| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. | +| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. | | config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address | -| config.argocd.token | string | `""` | If specified, the secret with ArgoCD API key will be created. | +| config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | +| config.argocd.tokenSecretName | string | `"argocd-image-updater-secret"` | Name of the Secret containing the token | | config.disableKubeEvents | bool | `false` | Disable kubernetes events | | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | +| config.gitCommitSignOff | bool | `false` | Enables sign off on commits | +| config.gitCommitSigningKey | string | `""` | Path to public SSH key mounted in container, or GPG key ID used to sign commits | +| config.gitCommitSigningMethod | string | `""` | Method used to sign Git commits. `openpgp` or `ssh` | | config.gitCommitTemplate | string | `""` | Changing the Git commit message | | config.gitCommitUser | string | `""` | Username to use for Git commits | -| config.logLevel | string | `"info"` | ArgoCD Image Update log level | -| config.registries | list | `[]` | ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | -| config.sshConfig | object | `{}` | ArgoCD Image Updater ssh client parameter configuration. | +| config.logLevel | string | `"info"` | Argo CD Image Update log level | +| config.name | string | `"argocd-image-updater-config"` | Name of the ConfigMap | +| config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | +| config.sshConfig.config | string | `""` | Argo CD Image Updater ssh client parameter configuration. | +| config.sshConfig.name | string | `"argocd-image-updater-ssh-config"` | Name of the sshConfig ConfigMap | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | +| extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | +| extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater | | fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | | image.pullPolicy | string | `"Always"` | Default image pull policy | | image.repository | string | `"quay.io/argoprojlabs/argocd-image-updater"` | Default image repository | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | | imagePullSecrets | list | `[]` | ImagePullSecrets for the image updater deployment | +| initContainers | list | `[]` | Init containers to add to the image updater pod | | metrics.enabled | bool | `false` | Deploy metrics service | | metrics.service.annotations | object | `{}` | Metrics service annotations | | metrics.service.labels | object | `{}` | Metrics service labels | @@ -103,21 +114,30 @@ The `config.registries` value can be used exactly as it looks in the documentati | metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override | +| namespaceOverride | string | `""` | Global namespace (argocd-image-updater.namespace in _helpers.tpl) override | | nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment | | podAnnotations | object | `{}` | Pod Annotations for the deployment | +| podLabels | object | `{}` | Pod Labels for the deployment | | podSecurityContext | object | `{}` | Pod security context settings for the deployment | | rbac.enabled | bool | `true` | Enable RBAC creation | | replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. | | resources | object | `{}` | Pod memory and cpu resource settings for the deployment | -| securityContext | object | `{}` | Security context settings for the deployment | +| securityContext | object | See [values.yaml] | Security context settings for the deployment | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.labels | object | `{}` | Labels to add to the service account | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Kubernetes toleration settings for the deployment | | updateStrategy | object | `{"type":"Recreate"}` | The deployment strategy to use to replace existing pods with new ones | +| volumeMounts | list | `[]` | Additional volumeMounts to the image updater main container | +| volumes | list | `[]` | Additional volumes to the image updater pod | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server +[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags +[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/ +[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112 diff --git a/charts/argocd-image-updater/README.md.gotmpl b/charts/argocd-image-updater/README.md.gotmpl index bbd2e1b5..68ddd814 100644 --- a/charts/argocd-image-updater/README.md.gotmpl +++ b/charts/argocd-image-updater/README.md.gotmpl @@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm helm install argocd-image-updater argo/argocd-image-updater ``` -You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). +You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart). ## Prerequisites @@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc ## Configuration options -In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). +In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page]. -All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance: ```yaml config: @@ -35,12 +35,12 @@ config: plaintext: true ``` -Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. +Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so. -### ArgoCD API key +### Argo CD API key If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation. -Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/). +Please also read [Configuration of Container Registries]. ```yaml config: @@ -52,7 +52,7 @@ If you specify a token value the secret will be created. ### Registries -ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): +Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]): - Docker Hub - Google Container Registry @@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in - GitHub Container Registry - GitHub Docker Packages -If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. +If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. @@ -71,3 +71,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server +[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags +[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/ +[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112 diff --git a/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml b/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml new file mode 100644 index 00000000..8d18ecd3 --- /dev/null +++ b/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml @@ -0,0 +1,14 @@ +# Test with extraObjects enabled +# Do not deploy the CRDs as they are already present from the previous test +installCRDs: false + +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: datadog + type: Opaque + data: + address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com + api-key: dGVzdC1hcGkta2V5Cg== # test-api-key + app-key: dGVzdC1hcHAta2V5Cg== # test-app-key diff --git a/charts/argocd-image-updater/templates/_helpers.tpl b/charts/argocd-image-updater/templates/_helpers.tpl index 5c0be1da..abfba11e 100644 --- a/charts/argocd-image-updater/templates/_helpers.tpl +++ b/charts/argocd-image-updater/templates/_helpers.tpl @@ -24,6 +24,13 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* +Override .Release.Namespace +*/}} +{{- define "argocd-image-updater.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} @@ -38,7 +45,7 @@ Common labels helm.sh/chart: {{ include "argocd-image-updater.chart" . }} {{ include "argocd-image-updater.selectorLabels" . }} {{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Chart.AppVersion | trunc 63 | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml index fe834149..259054f6 100644 --- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -4,7 +4,8 @@ kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-authscripts + name: {{ .Values.authScripts.name }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- toYaml .Values.authScripts.scripts | nindent 2}} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 548f3100..9ff9ba61 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -1,10 +1,17 @@ +{{- $sshConfig := omit .Values.config.sshConfig "name" }} +{{- range $key, $val := $sshConfig }} + {{- if not $val }} + {{ $_ := unset $sshConfig $key }} + {{- end }} +{{- end }} apiVersion: v1 kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-ssh-config + name: {{ .Values.config.sshConfig.name }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- with $sshConfig }} data: - {{- with .Values.config.sshConfig }} {{- toYaml . | nindent 2 }} - {{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 0e0b6cfc..8eb0e704 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -4,33 +4,45 @@ kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-config + name: {{ .Values.config.name }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} - applications_api: {{ . }} + applications_api: {{ . | quote }} + {{- if eq . "argocd" }} + argocd.grpc_web: {{ $.Values.config.argocd.grpcWeb | quote }} + {{- with $.Values.config.argocd.serverAddress }} + argocd.server_addr: {{ . | quote }} {{- end }} - argocd.grpc_web: {{ .Values.config.argocd.grpcWeb | quote }} - {{- with .Values.config.argocd.serverAddress }} - argocd.server_addr: {{ . }} + argocd.insecure: {{ $.Values.config.argocd.insecure | quote }} + argocd.plaintext: {{ $.Values.config.argocd.plaintext | quote }} + {{- end -}} {{- end }} - argocd.insecure: {{ .Values.config.argocd.insecure | quote }} - argocd.plaintext: {{ .Values.config.argocd.plaintext | quote }} {{- with .Values.config.logLevel }} - log.level: {{ . }} + log.level: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitUser }} - git.user: {{ . }} + git.user: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitMail }} - git.email: {{ . }} + git.email: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitTemplate }} git.commit-message-template: | {{- nindent 4 . }} {{- end }} + {{- with .Values.config.gitCommitSigningKey }} + git.commit-signing-key: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitSignOff }} + git.commit-sign-off: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitSigningMethod }} + git.commit-signing-method: {{ . | quote }} + {{- end }} kube.events: {{ .Values.config.disableKubeEvents | quote }} + {{- with .Values.config.registries }} registries.conf: | - {{- with .Values.config.registries }} - registries: - {{- toYaml . | nindent 6 }} - {{- end }} + registries: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index a80d26be..87f1fbf4 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} spec: @@ -19,6 +20,9 @@ spec: {{- end }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} labels: + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- include "argocd-image-updater.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} @@ -30,8 +34,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} - command: - - /usr/local/bin/argocd-image-updater + args: - run {{- with .Values.extraArgs }} {{- toYaml . | nindent 12 }} @@ -41,65 +44,87 @@ spec: valueFrom: configMapKeyRef: key: applications_api - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_GRPC_WEB valueFrom: configMapKeyRef: key: argocd.grpc_web - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_SERVER valueFrom: configMapKeyRef: key: argocd.server_addr - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_INSECURE valueFrom: configMapKeyRef: key: argocd.insecure - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_PLAINTEXT valueFrom: configMapKeyRef: key: argocd.plaintext - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_TOKEN valueFrom: secretKeyRef: key: argocd.token - name: argocd-image-updater-secret + name: {{ .Values.config.argocd.tokenSecretName }} optional: true - name: IMAGE_UPDATER_LOGLEVEL valueFrom: configMapKeyRef: key: log.level - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_USER valueFrom: configMapKeyRef: key: git.user - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_EMAIL valueFrom: configMapKeyRef: key: git.email - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: IMAGE_UPDATER_KUBE_EVENTS valueFrom: configMapKeyRef: key: kube.events - name: argocd-image-updater-config + name: {{ .Values.config.name }} + optional: true + - name: GIT_COMMIT_SIGNING_KEY + valueFrom: + configMapKeyRef: + key: git.commit-signing-key + name: {{ .Values.config.name }} + optional: true + - name: GIT_COMMIT_SIGNING_METHOD + valueFrom: + configMapKeyRef: + key: git.commit-signing-method + name: {{ .Values.config.name }} + optional: true + - name: GIT_COMMIT_SIGN_OFF + valueFrom: + configMapKeyRef: + key: git.commit-sign-off + name: {{ .Values.config.name }} optional: true {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -128,16 +153,23 @@ spec: volumeMounts: - mountPath: /app/config name: image-updater-conf - - mountPath: /tmp - name: tmp-dir - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/.ssh name: ssh-config + - mountPath: /tmp + name: tmp + - name: ssh-signing-key + mountPath: /app/ssh-keys/id_rsa + readOnly: true + subPath: sshPrivateKey {{- if .Values.authScripts.enabled }} - mountPath: /scripts name: authscripts {{- end }} + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 10}} + {{- end }} volumes: - configMap: items: @@ -145,25 +177,32 @@ spec: path: registries.conf - key: git.commit-message-template path: commit.template - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true name: image-updater-conf {{- if .Values.authScripts.enabled }} - configMap: defaultMode: 0777 - name: argocd-image-updater-authscripts + name: {{ .Values.authScripts.name }} name: authscripts {{- end }} - - emptyDir: {} - name: tmp-dir - configMap: name: argocd-ssh-known-hosts-cm optional: true name: ssh-known-hosts - configMap: - name: argocd-image-updater-ssh-config + name: {{ .Values.config.sshConfig.name }} optional: true name: ssh-config + - name: ssh-signing-key + secret: + secretName: ssh-git-creds + optional: true + - emptyDir: {} + name: tmp + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -176,3 +215,7 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/extra-manifests.yaml b/charts/argocd-image-updater/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/charts/argocd-image-updater/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argocd-image-updater/templates/metrics-service.yaml b/charts/argocd-image-updater/templates/metrics-service.yaml index 5d1232ae..8ca83b53 100644 --- a/charts/argocd-image-updater/templates/metrics-service.yaml +++ b/charts/argocd-image-updater/templates/metrics-service.yaml @@ -14,6 +14,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "argocd-image-updater.fullname" . }}-metrics + namespace: {{ include "argocd-image-updater.namespace" . | quote }} spec: ports: - name: metrics diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index cb508a43..867d5b59 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -4,8 +4,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} - name: {{ include "argocd-image-updater.fullname" . }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} rules: - apiGroups: - '' @@ -16,6 +17,13 @@ rules: - get - list - watch + {{- if not .Values.createClusterRoles }} + - apiGroups: + - "" + resources: + - events + verbs: + - create - apiGroups: - argoproj.io resources: @@ -25,19 +33,15 @@ rules: - list - update - patch - - apiGroups: - - "" - resources: - - events - verbs: - - create + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -45,4 +49,47 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- end }} +--- +{{- if and .Values.rbac.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} {{- end }} diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml index d0e7bb24..171add82 100644 --- a/charts/argocd-image-updater/templates/secret.yaml +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -2,10 +2,11 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-image-updater-secret + name: {{ .Values.config.argocd.tokenSecretName }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} type: Opaque -data: +data: argocd.token: {{ .Values.config.argocd.token | b64enc }} {{- end }} diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml index c208ee69..a676f6fb 100644 --- a/charts/argocd-image-updater/templates/serviceaccount.yaml +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -3,8 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-image-updater/templates/servicemonitor.yaml b/charts/argocd-image-updater/templates/servicemonitor.yaml index fa0b26a6..de9bcd52 100644 --- a/charts/argocd-image-updater/templates/servicemonitor.yaml +++ b/charts/argocd-image-updater/templates/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argocd-image-updater.fullname" . }}-metrics - {{- with .Values.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default (include "argocd-image-updater.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.metrics.serviceMonitor.selector }} @@ -31,7 +29,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argocd-image-updater.namespace" . | quote }} selector: matchLabels: {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index d6ebd232..15832520 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -17,6 +17,13 @@ imagePullSecrets: [] nameOverride: "" # -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override fullnameOverride: "" +# -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override +namespaceOverride: "" + +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD Image Updater runs. +## If you want to use this, please set `.Values.rbac.enabled` true as well. +createClusterRoles: true # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. # If a flag contains both key and value, they need to be split to a new entry @@ -42,11 +49,73 @@ extraEnv: [] # - name: AWS_REGION # value: "us-west-1" +# -- Extra envFrom to pass to argocd-image-updater +extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + +# -- Extra K8s manifests to deploy for argocd-image-updater +## Note: Supports use of custom Helm templates +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argocd-image-updater-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argocd-image-updater" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argocd-image-updater-secrets-store + # type: Opaque + # labels: + # app.kubernetes.io/part-of: argocd + +# -- Init containers to add to the image updater pod +initContainers: [] + # - name: download-tools + # image: alpine:3.8 + # command: [sh, -c] + # args: + # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && + # mv linux-amd64/helm /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + +# -- Additional volumeMounts to the image updater main container +volumeMounts: [] + +# -- Additional volumes to the image updater pod +volumes: [] + ## Use init containers to configure custom tooling + ## https://argo-cd.readthedocs.io/en/stable/operator-manual/custom_tools/ + ## When using the volumes & volumeMounts section bellow, please comment out those above. + # - name: custom-tools + # emptyDir: {} + config: + # -- Name of the ConfigMap + name: argocd-image-updater-config # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) applicationsAPIKind: "" - # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags + # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags + # Note: this is only relevant if config.applicationsAPIKind == 'argocd' argocd: # -- Use the gRPC-web protocol to connect to the Argo CD API grpcWeb: true @@ -54,10 +123,12 @@ config: serverAddress: "" # -- If specified, the certificate of the Argo CD API server is not verified. insecure: false - # -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. + # -- If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. plaintext: false - # -- If specified, the secret with ArgoCD API key will be created. + # -- If specified, the secret with Argo CD API key will be created. token: "" + # -- Name of the Secret containing the token + tokenSecretName: "argocd-image-updater-secret" # -- Disable kubernetes events disableKubeEvents: false @@ -71,10 +142,19 @@ config: # -- Changing the Git commit message gitCommitTemplate: "" - # -- ArgoCD Image Update log level + # -- Path to public SSH key mounted in container, or GPG key ID used to sign commits + gitCommitSigningKey: "" + + # -- Enables sign off on commits + gitCommitSignOff: false + + # -- Method used to sign Git commits. `openpgp` or `ssh` + gitCommitSigningMethod: "" + + # -- Argo CD Image Update log level logLevel: "info" - # -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) + # -- Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) registries: [] # - name: Docker Hub # api_url: https://registry-1.docker.io @@ -99,9 +179,11 @@ config: # credentials: ext:/scripts/auth1.sh # credsexpire: 10h - # -- ArgoCD Image Updater ssh client parameter configuration. sshConfig: - {} + # -- Name of the sshConfig ConfigMap + name: argocd-image-updater-ssh-config + # -- Argo CD Image Updater ssh client parameter configuration. + config: "" # config: | # Host * # PubkeyAcceptedAlgorithms +ssh-rsa @@ -112,6 +194,8 @@ config: authScripts: # -- Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` enabled: false + # -- Name of the authentication scripts ConfigMap + name: argocd-image-updater-authscripts # -- Map of key-value pairs where the key consists of the name of the script and the value the contents scripts: {} # auth1.sh: | @@ -126,6 +210,8 @@ serviceAccount: create: true # -- Annotations to add to the service account annotations: {} + # -- Labels to add to the service account + labels: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" @@ -133,18 +219,24 @@ serviceAccount: # -- Pod Annotations for the deployment podAnnotations: {} +# -- Pod Labels for the deployment +podLabels: {} + # -- Pod security context settings for the deployment podSecurityContext: {} # fsGroup: 2000 # -- Security context settings for the deployment -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +# @default -- See [values.yaml] +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault rbac: # -- Enable RBAC creation diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..1ee051f5 --- /dev/null +++ b/renovate.json @@ -0,0 +1,109 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "kubernetes": { + "fileMatch": ["\\.yaml$", "\\.yml$"] + }, + "extends": [ + "config:recommended", + "docker:enableMajor", + ":gitSignOff" + ], + "labels": ["renovate"], + "includePaths": [ + "**/charts/argo-workflows/Chart.yaml", + "**/charts/argo-cd/Chart.yaml", + "**/charts/argo-cd/values.yaml", + "**/charts/argo-events/Chart.yaml", + "**/charts/argo-rollouts/Chart.yaml", + "**/charts/argocd-image-updater/Chart.yaml", + "**/.github/workflows/renovate.yaml" + ], + "customManagers": [ + { + "customType": "regex", + "fileMatch": ["charts/argo-workflows/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-workflows", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["charts/argo-cd/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-cd", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["charts/argo-events/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-events", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["charts/argo-rollouts/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-rollouts", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["charts/argocd-image-updater/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj-labs/argocd-image-updater", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)\\s+.+version: (?.*)" + ] + } + ], + "packageRules": [ + { + "matchPackagePatterns": [ + "argoproj/argo-workflows", + "argoproj/argo-cd", + "argoproj/argo-events", + "argoproj/argo-rollouts", + "argoproj-labs/argocd-image-updater", + "argoprojlabs/argocd-extension-installer", + "public.ecr.aws/bitnami/redis-exporter", + "public.ecr.aws/docker/library/redis" + ], + "commitMessagePrefix": "chore({{parentDir}}):", + "postUpgradeTasks": { + "commands": [ + "./scripts/renovate-bump-version.sh -c {{parentDir}} -d {{depName}} -v {{newVersion}}", + "./scripts/helm-docs.sh" + ] + } + }, + { + "matchPackagePatterns": ["redis-ha"], + "enabled": false + }, + { + "matchPackageNames": ["ghcr.io/renovatebot/renovate"], + "extends": ["schedule:monthly"] + } + ] +} diff --git a/scripts/helm-docs.sh b/scripts/helm-docs.sh index e8ade437..5669f91c 100755 --- a/scripts/helm-docs.sh +++ b/scripts/helm-docs.sh @@ -1,11 +1,11 @@ #!/bin/bash ## Reference: https://github.com/norwoodj/helm-docs set -eux -CHART_DIR="$(cd "$(dirname "$0")/.." && pwd)" -echo "$CHART_DIR" +REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" +echo "$REPO_ROOT" echo "Running Helm-Docs" docker run \ - -v "$CHART_DIR:/helm-docs" \ + -v "$REPO_ROOT:/helm-docs" \ -u $(id -u) \ jnorwood/helm-docs:v1.9.1 diff --git a/scripts/lint.sh b/scripts/lint.sh index 2a4e8c9f..6061adb5 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -9,7 +9,7 @@ echo -e "\n-- Linting all Helm Charts --\n" docker run \ -v "$SRCROOT:/workdir" \ --entrypoint /bin/sh \ - quay.io/helmpack/chart-testing:v3.3.1 \ + quay.io/helmpack/chart-testing:v3.10.0 \ -c cd /workdir \ ct lint \ --config .github/configs/ct-lint.yaml \ diff --git a/scripts/release-analysis/.mega-linter.yaml b/scripts/release-analysis/.mega-linter.yaml new file mode 100644 index 00000000..024abb2b --- /dev/null +++ b/scripts/release-analysis/.mega-linter.yaml @@ -0,0 +1,21 @@ +# Configuration file for MegaLinter +# Run megalinter locally with: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v8` +ENABLE: + - DOCKERFILE + - PYTHON + +DISABLE_LINTERS: + - PYTHON_FLAKE8 + - PYTHON_PYRIGHT + - PYTHON_RUFF + - PYTHON_BANDIT + +CLEAR_REPORT_FOLDER: true +PYTHON_PYLINT_PRE_COMMANDS: + - command: pip install -r /tmp/lint/requirements.txt + venv: pylint +REPORT_OUTPUT_FOLDER: none + + +# You might want to enable this locally to fix some stuff without guessing what you need to change. Check before committing to git. +#APPLY_FIXES: all diff --git a/scripts/release-analysis/Dockerfile b/scripts/release-analysis/Dockerfile new file mode 100644 index 00000000..17674252 --- /dev/null +++ b/scripts/release-analysis/Dockerfile @@ -0,0 +1,8 @@ +FROM python:3.13-slim +WORKDIR /app +COPY requirements.txt ./ +RUN pip install --no-cache-dir -r requirements.txt + +COPY main.py fetch_releases.py fetch_helmet_releases.py merge_csvs.py plot_graph.py ./ +RUN chmod +x main.py fetch_releases.py fetch_helmet_releases.py merge_csvs.py plot_graph.py +CMD [ "python", "-u", "./main.py" ] diff --git a/scripts/release-analysis/README.md b/scripts/release-analysis/README.md new file mode 100644 index 00000000..ab746cee --- /dev/null +++ b/scripts/release-analysis/README.md @@ -0,0 +1,27 @@ +# argo-helm release analysis + +Compare the time of the upstream release to the time of the equivalent Helm Chart release to determine the time it takes for a new release to be available in argo-helm. + + +## How to run +This is quite github-api-intensive, so you'll need a github PAT + +```bash +# Build the container +docker build . -t team-helm-analysis + +# Delete any existing data +rm -f argo_helm_releases.csv argo_releases.csv merged_releases.csv time_difference_plot_argo*.png + +# Run the container +GITHUB_TOKEN=your_token_here +docker run --rm -e GITHUB_TOKEN=$GITHUB_TOKEN -v ${PWD}:/app team-helm-analysis +``` + +You should get 3 csvs and 4 graphs once this completes. It takes around 5 mins to run. + + +## Linting +I ran megalinter against this just to give some confidence that it's not completely broken. It's not perfect, but it's something. + +Run megalinter locally against this directory with: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v8` diff --git a/scripts/release-analysis/argo_helm_releases.csv b/scripts/release-analysis/argo_helm_releases.csv new file mode 100644 index 00000000..58046fc1 --- /dev/null +++ b/scripts/release-analysis/argo_helm_releases.csv @@ -0,0 +1,1019 @@ +Release Name,Release Date,Release Time,App Version +argo-cd-7.7.16,2025-01-14,10:17:50,v2.13.3 +argo-events-2.4.13,2025-01-11,10:22:47,v1.9.5 +argo-workflows-0.45.4,2025-01-10,10:23:52,v3.6.2 +argo-cd-7.7.15,2025-01-10,07:18:13,v2.13.3 +argo-events-2.4.12,2025-01-08,08:37:01,v1.9.4 +argocd-image-updater-0.11.4,2025-01-07,07:04:30,v0.15.2 +argo-cd-7.7.14,2025-01-07,12:02:49,v2.13.3 +argo-events-2.4.11,2025-01-04,14:02:19,v1.9.3 +argo-cd-7.7.13,2025-01-04,00:07:55,v2.13.3 +argo-workflows-0.45.3,2025-01-03,15:16:16,v3.6.2 +argo-rollouts-2.38.2,2025-01-03,14:07:45,v1.7.2 +argo-cd-7.7.12,2025-01-02,06:18:17,v2.13.2 +argo-events-2.4.10,2024-12-31,12:18:02,v1.9.3 +argo-rollouts-2.38.1,2024-12-30,17:19:34,v1.7.2 +argo-cd-7.7.11,2024-12-21,12:06:50,v2.13.2 +argo-workflows-0.45.2,2024-12-16,21:31:29,v3.6.2 +argocd-image-updater-0.11.3,2024-12-13,11:27:43,v0.15.1 +argo-cd-7.7.10,2024-12-12,05:33:28,v2.13.2 +argo-cd-7.7.9,2024-12-11,15:36:30,v2.13.1 +argo-cd-7.7.8,2024-12-09,09:17:31,v2.13.1 +argo-workflows-0.45.1,2024-12-02,17:39:46,v3.6.2 +argo-cd-7.7.7,2024-12-02,14:20:02,v2.13.1 +argo-cd-7.7.6,2024-11-28,00:42:14,v2.13.1 +argo-events-2.4.9,2024-11-27,20:44:06,v1.9.3 +argo-workflows-0.45.0,2024-11-22,15:20:08,v3.6.0 +argo-workflows-0.44.1,2024-11-22,11:40:45,v3.6.0 +argo-workflows-0.44.0,2024-11-21,08:59:15,v3.6.0 +argo-workflows-0.43.0,2024-11-21,08:27:21,v3.6.0 +argo-rollouts-2.38.0,2024-11-21,13:03:08,v1.7.2 +argo-cd-7.7.5,2024-11-21,12:43:12,v2.13.1 +argo-cd-7.7.4,2024-11-20,20:48:11,v2.13.1 +argo-cd-7.7.3,2024-11-13,10:57:32,v2.13.0 +argo-cd-7.7.2,2024-11-12,16:28:52,v2.13.0 +argo-cd-7.7.1,2024-11-10,01:42:21,v2.13.0 +argocd-image-updater-0.11.2,2024-11-09,03:44:12,v0.15.1 +argo-rollouts-2.37.8,2024-11-07,23:17:48,v1.7.2 +argo-cd-7.7.0,2024-11-05,00:00:06,v2.13.0 +argo-workflows-0.42.7,2024-11-01,23:24:01,v3.5.12 +argocd-image-updater-0.11.1,2024-10-30,10:40:35,v0.15.0 +argo-workflows-0.42.6,2024-10-30,13:24:53,v3.5.12 +argo-cd-7.6.12,2024-10-18,19:27:20,v2.12.6 +argo-cd-7.6.11,2024-10-18,07:16:30,v2.12.5 +argo-cd-7.6.10,2024-10-16,12:00:46,v2.12.4 +argo-cd-7.6.9,2024-10-15,20:16:09,v2.12.4 +argo-cd-7.6.8,2024-10-03,13:53:23,v2.12.4 +argo-workflows-0.42.5,2024-10-02,00:47:02,v3.5.11 +argocd-apps-2.0.2,2024-10-01,06:03:45, +argo-cd-7.6.7,2024-09-30,18:24:52,v2.12.4 +argo-cd-7.6.6,2024-09-30,12:25:12,v2.12.4 +argo-workflows-0.42.4,2024-09-27,09:57:14,v3.5.11 +argo-cd-7.6.5,2024-09-26,07:42:42,v2.12.4 +argo-cd-7.6.4,2024-09-25,22:05:12,v2.12.3 +argo-cd-7.6.3,2024-09-25,15:18:12,v2.12.3 +argo-cd-7.6.2,2024-09-23,17:27:28,v2.12.3 +argo-workflows-0.42.3,2024-09-20,15:08:40,v3.5.11 +argo-events-2.4.8,2024-09-20,00:10:14,v1.9.2 +argo-cd-7.6.1,2024-09-20,11:24:11,v2.12.3 +argo-cd-7.6.0,2024-09-20,07:59:20,v2.12.3 +argo-rollouts-2.37.7,2024-09-16,13:38:21,v1.7.2 +argo-workflows-0.42.2,2024-09-13,14:02:16,v3.5.10 +argocd-apps-2.0.1,2024-09-10,21:55:59, +argo-cd-7.5.2,2024-09-02,15:33:28,v2.12.3 +argo-cd-7.5.1,2024-09-02,08:59:12,v2.12.3 +argo-workflows-0.42.1,2024-09-01,15:06:01,v3.5.10 +argo-rollouts-2.37.6,2024-08-31,10:13:12,v1.7.2 +argo-cd-7.5.0,2024-08-28,15:27:35,v2.12.3 +argo-cd-7.4.7,2024-08-27,13:30:34,v2.12.3 +argo-cd-7.4.6,2024-08-27,08:49:06,v2.12.2 +argo-cd-7.4.5,2024-08-23,08:51:19,v2.12.2 +argo-workflows-0.42.0,2024-08-20,19:07:24,v3.5.10 +argo-cd-7.4.4,2024-08-16,21:36:53,v2.12.1 +argo-rollouts-2.37.5,2024-08-14,08:31:31,v1.7.2 +argo-rollouts-2.37.4,2024-08-12,09:08:55,v1.7.1 +argo-cd-7.4.3,2024-08-12,15:29:49,v2.12.0 +argo-cd-7.4.2,2024-08-08,15:02:24,v2.12.0 +argo-cd-7.4.1,2024-08-06,10:14:35,v2.12.0 +argo-cd-7.4.0,2024-08-05,15:22:06,v2.12.0 +argo-workflows-0.41.14,2024-08-02,10:42:56,v3.5.10 +argo-workflows-0.41.13,2024-08-01,07:19:01,v3.5.10 +argo-workflows-0.41.12,2024-07-30,07:39:23,v3.5.9 +argo-rollouts-2.37.3,2024-07-29,07:25:40,v1.7.1 +argo-cd-7.3.11,2024-07-24,11:44:52,v2.11.7 +argo-cd-7.3.10,2024-07-22,17:14:41,v2.11.6 +argo-cd-7.3.9,2024-07-19,10:23:10,v2.11.5 +argo-cd-7.3.8,2024-07-17,23:52:54,v2.11.5 +argo-cd-7.3.7,2024-07-16,01:17:05,v2.11.5 +argo-cd-7.3.6,2024-07-11,23:05:06,v2.11.4 +argo-cd-7.3.5,2024-07-10,21:01:22,v2.11.4 +argocd-image-updater-0.11.0,2024-07-09,21:31:56,v0.14.0 +argo-cd-7.3.4,2024-07-02,20:43:46,v2.11.4 +argo-rollouts-2.37.2,2024-07-01,10:02:31,v1.7.1 +argo-cd-7.3.3,2024-06-28,21:52:33,v2.11.3 +argo-rollouts-2.37.1,2024-06-26,10:39:20,v1.7.1 +argo-rollouts-2.37.0,2024-06-26,09:10:19,v1.7.1 +argo-events-2.4.7,2024-06-26,05:28:07,v1.9.2 +argo-cd-7.3.2,2024-06-26,11:29:01,v2.11.3 +argo-rollouts-2.36.2,2024-06-25,13:04:55,v1.7.0 +argo-cd-7.3.1,2024-06-25,12:26:06,v2.11.3 +argo-cd-7.3.0,2024-06-25,03:48:21,v2.11.3 +argo-rollouts-2.36.1,2024-06-22,10:11:43,v1.7.0 +argo-cd-7.2.1,2024-06-21,21:01:50,v2.11.3 +argo-cd-7.2.0,2024-06-20,10:25:45,v2.11.3 +argo-workflows-0.41.11,2024-06-19,07:01:05,v3.5.8 +argo-cd-7.1.5,2024-06-19,14:04:21,v2.11.3 +argo-workflows-0.41.10,2024-06-18,07:47:04,v3.5.8 +argo-cd-7.1.4,2024-06-18,01:13:46,v2.11.3 +argo-workflows-0.41.9,2024-06-17,18:59:46,v3.5.7 +argocd-image-updater-0.10.2,2024-06-14,07:54:15,v0.13.1 +argo-rollouts-2.36.0,2024-06-14,09:00:46,v1.7.0 +argo-events-2.4.6,2024-06-14,05:09:08,v1.9.2 +argo-workflows-0.41.8,2024-06-09,22:18:37,v3.5.7 +argo-cd-7.1.3,2024-06-09,05:23:01,v2.11.3 +argo-cd-7.1.2,2024-06-06,10:51:51,v2.11.3 +argo-cd-7.1.1,2024-06-01,23:45:19,v2.11.2 +argo-cd-7.1.0,2024-05-31,12:05:08,v2.11.2 +argocd-image-updater-0.10.1,2024-05-28,05:32:50,v0.13.1 +argo-cd-7.0.0,2024-05-28,13:38:40,v2.11.2 +argo-workflows-0.41.7,2024-05-27,08:09:42,v3.5.7 +argo-events-2.4.5,2024-05-24,03:05:11,v1.9.1 +argo-rollouts-2.35.3,2024-05-23,07:30:12,v1.6.6 +argo-cd-6.11.1,2024-05-23,15:37:21,v2.11.2 +argo-cd-6.11.0,2024-05-23,12:37:05,v2.11.1 +argo-cd-6.10.2,2024-05-22,11:21:15,v2.11.1 +argo-cd-6.10.1,2024-05-22,07:17:23,v2.11.1 +argo-cd-6.10.0,2024-05-21,16:36:49,v2.11.1 +argo-workflows-0.41.6,2024-05-19,10:22:36,v3.5.6 +argo-workflows-0.41.5,2024-05-19,07:34:43,v3.5.6 +argo-cd-6.9.3,2024-05-17,15:18:31,v2.11.0 +argocd-image-updater-0.10.0,2024-05-16,11:07:10,v0.13.0 +argo-cd-6.9.2,2024-05-14,15:17:50,v2.11.0 +argo-cd-6.9.1,2024-05-13,22:59:29,v2.11.0 +argo-cd-6.9.0,2024-05-13,04:32:05,v2.11.0 +argo-cd-6.8.1,2024-05-10,08:32:52,v2.11.0 +argo-cd-6.8.0,2024-05-08,06:21:31,v2.11.0 +argo-rollouts-2.35.2,2024-05-06,00:24:30,v1.6.6 +argo-workflows-0.41.4,2024-05-01,13:37:43,v3.5.6 +argo-cd-6.7.18,2024-04-30,17:14:22,v2.10.9 +argo-workflows-0.41.3,2024-04-29,20:30:08,v3.5.6 +argo-cd-6.7.17,2024-04-26,19:36:10,v2.10.8 +argo-cd-6.7.16,2024-04-26,14:21:35,v2.10.8 +argo-cd-6.7.15,2024-04-24,07:08:13,v2.10.7 +argo-cd-6.7.14,2024-04-21,20:54:29,v2.10.7 +argo-workflows-0.41.2,2024-04-20,04:55:21,v3.5.6 +argo-cd-6.7.13,2024-04-19,14:07:44,v2.10.7 +argocd-image-updater-0.9.7,2024-04-18,21:41:42,v0.12.2 +argo-cd-6.7.12,2024-04-15,10:43:13,v2.10.7 +argo-cd-6.7.11,2024-04-10,20:06:04,v2.10.6 +argo-cd-6.7.10,2024-04-05,05:00:08,v2.10.6 +argo-cd-6.7.9,2024-04-04,18:47:39,v2.10.5 +argo-workflows-0.41.1,2024-04-02,17:26:26,v3.5.5 +argo-cd-6.7.8,2024-04-02,13:36:54,v2.10.5 +argo-cd-6.7.7,2024-04-02,05:03:54,v2.10.5 +argo-cd-6.7.6,2024-03-29,16:13:47,v2.10.5 +argo-cd-6.7.5,2024-03-29,08:13:55,v2.10.5 +argo-cd-6.7.4,2024-03-28,17:30:11,v2.10.5 +argo-rollouts-2.35.1,2024-03-26,08:36:07,v1.6.6 +argo-workflows-0.41.0,2024-03-24,20:27:11,v3.5.5 +argocd-apps-2.0.0,2024-03-23,15:39:16, +argo-rollouts-2.35.0,2024-03-23,20:47:25,v1.6.6 +argo-events-2.4.4,2024-03-23,11:07:16,v1.9.1 +argo-rollouts-2.34.4,2024-03-22,16:10:10,v1.6.6 +argocd-image-updater-0.9.6,2024-03-20,23:53:18,v0.12.2 +argo-cd-6.7.3,2024-03-18,09:36:58,v2.10.4 +argo-cd-6.7.2,2024-03-13,20:46:14,v2.10.3 +argo-cd-6.7.1,2024-03-11,23:08:40,v2.10.2 +argo-cd-6.7.0,2024-03-11,18:26:24,v2.10.2 +argo-workflows-0.40.14,2024-03-03,19:13:02,v3.5.5 +argo-cd-6.6.0,2024-03-02,11:20:32,v2.10.2 +argocd-image-updater-0.9.5,2024-03-01,08:41:39,v0.12.2 +argo-workflows-0.40.13,2024-03-01,17:17:28,v3.5.5 +argo-workflows-0.40.12,2024-03-01,00:03:01,v3.5.5 +argo-cd-6.5.1,2024-03-01,22:33:17,v2.10.2 +argo-cd-6.5.0,2024-02-29,19:46:25,v2.10.1 +argo-cd-6.4.1,2024-02-28,06:28:55,v2.10.1 +argocd-apps-1.6.2,2024-02-25,13:11:58, +argo-cd-6.4.0,2024-02-25,12:47:16,v2.10.1 +argo-cd-6.3.1,2024-02-23,18:05:37,v2.10.1 +argo-cd-6.3.0,2024-02-23,14:18:18,v2.10.1 +argo-cd-6.2.5,2024-02-23,13:58:38,v2.10.1 +argo-cd-6.2.4,2024-02-23,12:16:07,v2.10.1 +argo-cd-6.2.3,2024-02-20,12:05:21,v2.10.1 +argo-cd-6.2.2,2024-02-20,11:41:51,v2.10.1 +argo-cd-6.2.1,2024-02-19,08:37:59,v2.10.1 +argocd-image-updater-0.9.4,2024-02-18,18:44:43,v0.12.2 +argo-cd-6.2.0,2024-02-18,22:06:45,v2.10.1 +argo-workflows-0.40.11,2024-02-17,09:14:52,v3.5.4 +argo-cd-6.1.0,2024-02-16,14:45:12,v2.10.1 +argo-rollouts-2.34.3,2024-02-14,08:50:21,v1.6.6 +argo-events-2.4.3,2024-02-14,08:53:00,v1.9.1 +argo-cd-6.0.14,2024-02-14,21:04:43,v2.10.1 +argo-cd-6.0.13,2024-02-14,10:52:49,v2.10.0 +argo-cd-6.0.9,2024-02-13,11:14:02,v2.10.0 +argo-cd-6.0.8,2024-02-13,08:23:55,v2.10.0 +argo-cd-6.0.12,2024-02-13,15:26:57,v2.10.0 +argo-cd-6.0.11,2024-02-13,11:42:46,v2.10.0 +argo-cd-6.0.10,2024-02-13,11:27:29,v2.10.0 +argo-cd-6.0.7,2024-02-12,18:36:55,v2.10.0 +argo-cd-6.0.6,2024-02-11,14:52:39,v2.10.0 +argo-cd-6.0.5,2024-02-09,12:14:21,v2.10.0 +argo-cd-6.0.4,2024-02-09,11:46:10,v2.10.0 +argo-cd-6.0.3,2024-02-08,17:47:08,v2.10.0 +argo-cd-6.0.2,2024-02-08,14:26:38,v2.10.0 +argo-cd-6.0.1,2024-02-08,10:59:10,v2.10.0 +argo-cd-6.0.0,2024-02-07,21:40:22,v2.10.0 +argo-cd-5.55.0,2024-02-07,07:10:30,v2.10.0 +argo-cd-5.54.0,2024-02-06,13:11:44,v2.9.6 +argo-cd-5.53.14,2024-02-05,06:25:59,v2.9.6 +argo-workflows-0.40.10,2024-02-03,00:45:13,v3.5.4 +argocd-apps-1.6.1,2024-02-02,09:37:44, +argo-cd-5.53.13,2024-02-02,22:50:34,v2.9.6 +argocd-apps-1.6.0,2024-01-30,00:34:21, +argo-cd-5.53.12,2024-01-30,16:58:22,v2.9.5 +argo-cd-5.53.11,2024-01-30,10:46:50,v2.9.5 +argo-cd-5.53.10,2024-01-29,13:58:51,v2.9.5 +argo-workflows-0.40.9,2024-01-26,21:35:38,v3.5.4 +argo-rollouts-2.34.2,2024-01-26,06:31:27,v1.6.5 +argo-cd-5.53.9,2024-01-26,07:36:02,v2.9.5 +argocd-apps-1.5.0,2024-01-25,07:07:46, +argo-workflows-0.40.8,2024-01-24,23:58:13,v3.5.4 +argo-cd-5.53.8,2024-01-23,01:07:46,v2.9.5 +argo-cd-5.53.7,2024-01-22,23:55:07,v2.9.5 +argo-cd-5.53.6,2024-01-22,13:09:31,v2.9.5 +argo-cd-5.53.5,2024-01-22,10:14:54,v2.9.5 +argo-cd-5.53.4,2024-01-21,13:36:02,v2.9.5 +argo-cd-5.53.3,2024-01-20,12:21:38,v2.9.5 +argo-cd-5.53.2,2024-01-19,20:20:14,v2.9.5 +argo-cd-5.53.1,2024-01-19,05:48:47,v2.9.4 +argocd-image-updater-0.9.3,2024-01-18,06:21:59,v0.12.2 +argo-cd-5.53.0,2024-01-18,13:56:51,v2.9.3 +argo-workflows-0.40.7,2024-01-17,07:56:36,v3.5.4 +argo-cd-5.52.2,2024-01-15,09:13:02,v2.9.3 +argo-workflows-0.40.6,2024-01-14,08:11:19,v3.5.4 +argo-workflows-0.40.5,2024-01-11,07:20:47,v3.5.3 +argo-events-2.4.2,2024-01-09,10:14:30,v1.9.0 +argo-rollouts-2.34.1,2024-01-07,04:31:05,v1.6.4 +argo-workflows-0.40.4,2024-01-06,04:17:52,v3.5.2 +argocd-image-updater-0.9.2,2024-01-05,15:29:00,v0.12.2 +argo-cd-5.52.1,2024-01-05,12:57:15,v2.9.3 +argo-cd-5.52.0,2023-12-30,17:02:29,v2.9.3 +argo-workflows-0.40.3,2023-12-24,06:14:14,v3.5.2 +argo-workflows-0.40.2,2023-12-24,00:29:03,v3.5.2 +argo-rollouts-2.34.0,2023-12-22,12:07:26,v1.6.4 +argo-workflows-0.40.1,2023-12-15,07:45:38,v3.5.2 +argo-workflows-0.40.0,2023-12-14,07:56:49,v3.5.2 +argo-rollouts-2.33.0,2023-12-14,08:39:41,v1.6.4 +argo-rollouts-2.32.8,2023-12-13,06:59:39,v1.6.4 +argo-workflows-0.39.9,2023-12-12,06:27:57,v3.5.2 +argo-workflows-0.39.8,2023-12-08,22:45:23,v3.5.2 +argo-rollouts-2.32.7,2023-12-08,15:06:58,v1.6.3 +argo-workflows-0.39.7,2023-12-07,07:23:32,v3.5.2 +argo-rollouts-2.32.6,2023-12-07,17:50:17,v1.6.2 +argo-workflows-0.39.6,2023-12-05,05:55:41,v3.5.2 +argo-cd-5.51.6,2023-12-02,11:03:49,v2.9.3 +argo-rollouts-2.32.5,2023-11-29,13:34:59,v1.6.2 +argo-cd-5.51.5,2023-11-29,18:40:17,v2.9.2 +argo-workflows-0.39.5,2023-11-27,21:13:09,v3.5.2 +argo-workflows-0.39.4,2023-11-27,17:45:21,v3.5.1 +argo-cd-5.51.4,2023-11-20,18:50:04,v2.9.2 +argo-cd-5.51.3,2023-11-19,22:19:14,v2.9.1 +argo-workflows-0.39.3,2023-11-16,12:32:11,v3.5.1 +argo-workflows-0.39.2,2023-11-15,13:33:12,v3.5.1 +argo-workflows-0.39.1,2023-11-15,13:17:27,v3.5.1 +argo-rollouts-2.32.4,2023-11-15,13:09:53,v1.6.2 +argo-rollouts-2.32.3,2023-11-15,10:00:45,v1.6.1 +argo-cd-5.51.2,2023-11-15,05:59:33,v2.9.1 +argo-cd-5.51.1,2023-11-10,12:41:27,v2.9.0 +argo-workflows-0.39.0,2023-11-08,16:05:21,v3.5.1 +argo-cd-5.51.0,2023-11-06,12:54:52,v2.9.0 +argo-workflows-0.38.0,2023-11-04,05:58:06,v3.5.1 +argo-workflows-0.37.1,2023-11-03,20:39:25,v3.5.0 +argo-cd-5.50.1,2023-11-02,09:44:09,v2.8.6 +argo-cd-5.50.0,2023-10-31,18:12:30,v2.8.6 +argo-rollouts-2.32.2,2023-10-30,17:43:02,v1.6.0 +argo-cd-5.49.0,2023-10-30,14:42:51,v2.8.5 +argo-cd-5.48.1,2023-10-30,08:52:14,v2.8.5 +argo-cd-5.48.0,2023-10-28,07:29:05,v2.8.5 +argo-cd-5.47.0,2023-10-27,09:44:15,v2.8.4 +argo-workflows-0.37.0,2023-10-24,12:35:14,v3.5.0 +argo-workflows-0.36.2,2023-10-24,10:06:53,v3.5.0 +argo-rollouts-2.32.1,2023-10-24,12:40:04,v1.6.0 +argo-workflows-0.36.1,2023-10-17,23:53:35,v3.5.0 +argo-workflows-0.36.0,2023-10-17,15:41:00,v3.5.0 +argo-workflows-0.35.0,2023-10-13,22:07:38,v3.5.0 +argo-workflows-0.34.0,2023-10-12,14:15:08,v3.4.11 +argo-cd-5.46.8,2023-10-12,09:51:17,v2.8.4 +argo-cd-5.46.7,2023-09-22,15:50:57,v2.8.4 +argo-cd-5.46.6,2023-09-19,09:02:08,v2.8.4 +argo-cd-5.46.5,2023-09-18,13:26:16,v2.8.4 +argo-cd-5.46.4,2023-09-15,10:48:20,v2.8.4 +argo-cd-5.46.3,2023-09-14,04:56:22,v2.8.4 +argo-cd-5.46.2,2023-09-11,23:33:17,v2.8.3 +argo-cd-5.46.1,2023-09-11,13:24:46,v2.8.3 +argo-workflows-0.33.3,2023-09-10,01:57:47,v3.4.11 +argo-cd-5.46.0,2023-09-09,08:59:25,v2.8.3 +argo-workflows-0.33.2,2023-09-08,04:20:30,v3.4.11 +argo-cd-5.45.5,2023-09-08,14:58:30,v2.8.3 +argo-cd-5.45.4,2023-09-08,14:02:48,v2.8.3 +argo-cd-5.45.3,2023-09-08,00:13:52,v2.8.3 +argo-rollouts-2.32.0,2023-09-07,12:23:50,v1.6.0 +argo-cd-5.45.2,2023-09-07,14:01:34,v2.8.2 +argo-events-2.4.1,2023-09-04,01:15:35,v1.8.1 +argo-cd-5.45.1,2023-09-04,11:01:56,v2.8.2 +argo-cd-5.45.0,2023-08-28,08:12:52,v2.8.2 +argo-cd-5.44.0,2023-08-27,19:07:41,v2.8.2 +argo-cd-5.43.8,2023-08-27,02:21:03,v2.8.2 +argo-cd-5.43.7,2023-08-25,10:52:23,v2.8.2 +argo-cd-5.43.6,2023-08-25,08:46:11,v2.8.2 +argo-cd-5.43.5,2023-08-23,03:57:35,v2.8.1 +argo-workflows-0.33.1,2023-08-19,06:00:08,v3.4.10 +argo-workflows-0.33.0,2023-08-17,12:08:23,v3.4.10 +argo-workflows-0.32.3,2023-08-16,11:00:55,v3.4.10 +argo-rollouts-2.31.6,2023-08-16,07:02:05,v1.5.1 +argo-cd-5.43.4,2023-08-15,08:58:54,v2.8.0 +argo-workflows-0.32.2,2023-08-11,01:15:12,v3.4.9 +argo-rollouts-2.31.5,2023-08-09,00:04:20,v1.5.1 +argo-cd-5.43.3,2023-08-09,22:18:57,v2.8.0 +argo-cd-5.43.2,2023-08-09,08:36:10,v2.8.0 +argo-cd-5.43.1,2023-08-09,08:20:17,v2.8.0 +argo-cd-5.43.0,2023-08-08,14:36:04,v2.8.0 +argo-cd-5.42.3,2023-08-08,06:11:54,v2.7.11 +argo-rollouts-2.31.4,2023-08-05,10:27:42,v1.5.1 +argo-cd-5.42.2,2023-08-05,10:18:36,v2.7.10 +argo-rollouts-2.31.3,2023-08-01,09:07:36,v1.5.1 +argo-cd-5.42.1,2023-08-01,05:57:37,v2.7.10 +argo-workflows-0.32.1,2023-07-27,13:58:12,v3.4.9 +argo-cd-5.42.0,2023-07-27,22:05:30,v2.7.9 +argo-rollouts-2.31.2,2023-07-25,00:23:11,v1.5.1 +argo-cd-5.41.2,2023-07-25,02:10:03,v2.7.9 +argocd-apps-1.4.1,2023-07-23,04:26:08, +argocd-apps-1.4.0,2023-07-22,13:46:54, +argo-workflows-0.32.0,2023-07-20,23:20:17,v3.4.9 +argo-rollouts-2.31.1,2023-07-20,17:26:45,v1.5.1 +argo-cd-5.41.1,2023-07-19,22:26:30,v2.7.8 +argo-cd-5.41.0,2023-07-18,06:51:38,v2.7.7 +argo-cd-5.40.0,2023-07-17,12:21:05,v2.7.7 +argo-cd-5.39.1,2023-07-17,09:56:36,v2.7.7 +argo-cd-5.39.0,2023-07-13,14:07:28,v2.7.7 +argocd-apps-1.3.0,2023-07-11,16:16:56, +argo-workflows-0.31.0,2023-07-11,12:07:29,v3.4.8 +argo-cd-5.38.1,2023-07-11,13:01:22,v2.7.7 +argo-cd-5.38.0,2023-07-10,08:14:40,v2.7.7 +argo-cd-5.37.1,2023-07-06,08:26:09,v2.7.7 +argo-cd-5.37.0,2023-07-04,14:07:24,v2.7.6 +argo-cd-5.36.15,2023-07-04,09:22:40,v2.7.6 +argo-cd-5.36.14,2023-07-03,17:55:22,v2.7.6 +argo-cd-5.36.13,2023-07-02,08:07:38,v2.7.6 +argo-cd-5.36.12,2023-07-02,03:16:49,v2.7.6 +argo-cd-5.36.11,2023-06-29,16:02:41,v2.7.6 +argo-cd-5.36.9,2023-06-26,14:41:11,v2.7.6 +argo-cd-5.36.10,2023-06-26,14:55:27,v2.7.6 +argo-workflows-0.30.0,2023-06-24,22:29:03,v3.4.8 +argo-workflows-0.29.3,2023-06-23,16:35:23,v3.4.8 +argo-cd-5.36.7,2023-06-23,13:59:34,v2.7.6 +argo-events-2.4.0,2023-06-21,12:41:55,v1.8.0 +argo-cd-5.36.6,2023-06-21,14:54:37,v2.7.6 +argo-cd-5.36.5,2023-06-21,04:27:57,v2.7.6 +argo-cd-5.36.4,2023-06-20,13:07:45,v2.7.5 +argo-cd-5.36.3,2023-06-20,00:05:45,v2.7.5 +argo-cd-5.36.2,2023-06-17,04:55:38,v2.7.5 +argo-workflows-0.29.2,2023-06-08,03:48:28,v3.4.8 +argo-cd-5.36.1,2023-06-08,22:52:40,v2.7.4 +argo-cd-5.36.0,2023-06-07,08:52:24,v2.7.4 +argo-cd-5.35.1,2023-06-06,04:53:38,v2.7.4 +argo-workflows-0.29.1,2023-06-05,14:15:25,v3.4.8 +argo-cd-5.35.0,2023-06-05,14:31:31,v2.7.3 +argo-rollouts-2.31.0,2023-06-04,11:08:02,v1.5.0 +argo-workflows-0.29.0,2023-06-03,14:41:13,v3.4.8 +argo-cd-5.34.6,2023-05-29,04:32:37,v2.7.3 +argo-rollouts-2.30.1,2023-05-27,14:52:04,v1.5.0 +argo-workflows-0.28.2,2023-05-26,04:19:27,v3.4.8 +argo-workflows-0.28.1,2023-05-25,12:31:09,v3.4.7 +argo-cd-5.34.5,2023-05-24,23:23:36,v2.7.3 +argo-rollouts-2.30.0,2023-05-23,07:07:55,v1.5.0 +argo-cd-5.34.4,2023-05-23,20:29:47,v2.7.2 +argo-cd-5.34.3,2023-05-23,02:47:12,v2.7.2 +argo-cd-5.34.2,2023-05-22,17:07:33,v2.7.2 +argocd-apps-1.2.0,2023-05-21,07:19:50, +argo-rollouts-2.29.0,2023-05-20,15:39:35,v1.5.0 +argocd-apps-1.1.0,2023-05-19,09:35:18, +argo-workflows-0.28.0,2023-05-19,10:35:50,v3.4.7 +argo-cd-5.34.1,2023-05-17,14:25:05,v2.7.2 +argo-cd-5.34.0,2023-05-17,13:40:41,v2.7.2 +argo-cd-5.33.4,2023-05-16,09:24:22,v2.7.2 +argo-cd-5.33.3,2023-05-13,11:01:42,v2.7.2 +argo-cd-5.33.2,2023-05-12,15:19:23,v2.7.2 +argo-workflows-0.27.0,2023-05-11,06:39:40,v3.4.7 +argo-workflows-0.26.6,2023-05-11,00:09:56,v3.4.7 +argo-cd-5.33.1,2023-05-11,14:07:07,v2.7.1 +argo-cd-5.33.0,2023-05-11,00:40:17,v2.7.1 +argocd-image-updater-0.9.1,2023-05-10,16:46:54,v0.12.2 +argocd-apps-1.0.1,2023-05-10,16:59:38, +argo-workflows-0.26.5,2023-05-10,14:21:35,v3.4.7 +argo-workflows-0.26.4,2023-05-10,10:16:35,v3.4.7 +argo-rollouts-2.28.0,2023-05-10,15:37:42,v1.5.0 +argo-events-2.3.3,2023-05-10,15:49:04,v1.7.6 +argo-cd-5.32.2,2023-05-10,13:50:04,v2.7.1 +argo-workflows-0.26.3,2023-05-09,03:42:14,v3.4.7 +argo-events-2.3.2,2023-05-09,00:38:41,v1.7.6 +argo-workflows-0.26.2,2023-05-08,20:03:24,v3.4.7 +argo-cd-5.32.1,2023-05-08,11:23:13,v2.7.1 +argo-events-2.3.1,2023-05-07,14:18:59,v1.7.6 +argo-workflows-0.26.1,2023-05-06,16:20:35,v3.4.7 +argo-rollouts-2.27.0,2023-05-06,11:32:12,v1.4.1 +argo-events-2.3.0,2023-05-06,11:18:40,v1.7.6 +argo-workflows-0.26.0,2023-05-05,14:31:11,v3.4.7 +argo-workflows-0.25.2,2023-05-05,14:14:01,v3.4.7 +argo-cd-5.32.0,2023-05-05,20:19:39,v2.7.1 +argo-cd-5.31.1,2023-05-03,09:48:25,v2.7.1 +argo-cd-5.31.0,2023-05-02,12:29:53,v2.7.0 +argo-cd-5.30.1,2023-05-02,10:28:37,v2.7.0 +argo-cd-5.30.0,2023-05-02,07:29:11,v2.7.0 +argo-rollouts-2.26.1,2023-04-28,07:54:50,v1.4.1 +argocd-apps-1.0.0,2023-04-27,12:49:28, +argo-workflows-0.25.1,2023-04-24,16:57:53,v3.4.7 +argo-workflows-0.25.0,2023-04-24,05:47:37,v3.4.7 +argo-rollouts-2.26.0,2023-04-24,14:41:03,v1.4.1 +argocd-image-updater-0.9.0,2023-04-16,08:13:22,v0.12.2 +argo-workflows-0.24.1,2023-04-14,13:55:07,v3.4.7 +argo-workflows-0.24.0,2023-04-13,09:25:33,v3.4.7 +argo-rollouts-2.25.0,2023-04-13,23:59:09,v1.4.1 +argo-rollouts-2.24.0,2023-04-13,18:16:41,v1.4.1 +argo-events-2.2.0,2023-04-13,18:38:28,v1.7.6 +argo-cd-5.29.1,2023-04-13,23:44:42,v2.6.7 +argo-cd-5.29.0,2023-04-13,14:09:40,v2.6.7 +argo-workflows-0.23.2,2023-04-12,04:52:48,v3.4.7 +argo-workflows-0.23.1,2023-04-11,13:50:51,v3.4.6 +argo-cd-5.28.2,2023-04-11,13:34:12,v2.6.7 +argo-events-2.1.6,2023-04-07,12:46:03,v1.7.6 +argocd-image-updater-0.8.5,2023-04-06,13:52:44,v0.12.2 +argo-workflows-0.23.0,2023-04-06,23:43:19,v3.4.6 +argo-cd-5.28.1,2023-04-06,16:17:02,v2.6.7 +argo-workflows-0.22.16,2023-04-04,11:10:35,v3.4.6 +argo-cd-5.28.0,2023-04-03,09:59:17,v2.6.7 +argo-events-2.1.5,2023-04-01,20:40:27,v1.7.6 +argo-cd-5.27.5,2023-03-30,16:33:34,v2.6.7 +argo-rollouts-2.23.0,2023-03-29,09:16:56,v1.4.1 +argo-cd-5.27.4,2023-03-28,13:49:13,v2.6.7 +argo-cd-5.27.3,2023-03-24,09:57:20,v2.6.7 +argo-cd-5.27.2,2023-03-24,00:09:05,v2.6.7 +argo-workflows-0.22.15,2023-03-23,07:09:27,v3.4.5 +argo-cd-5.27.1,2023-03-17,08:25:05,v2.6.6 +argo-workflows-0.22.14,2023-03-16,11:05:16,v3.4.5 +argo-cd-5.27.0,2023-03-16,00:09:12,v2.6.5 +argo-events-2.1.4,2023-03-15,17:34:46,v1.7.6 +argo-cd-5.26.3,2023-03-15,19:28:01,v2.6.5 +argo-cd-5.26.2,2023-03-15,14:00:41,v2.6.5 +argo-cd-5.26.1,2023-03-14,18:42:39,v2.6.5 +argo-cd-5.26.0,2023-03-12,14:00:47,v2.6.4 +argo-cd-5.25.0,2023-03-09,12:05:22,v2.6.4 +argo-cd-5.24.4,2023-03-09,10:48:48,v2.6.4 +argo-cd-5.24.3,2023-03-08,07:46:54,v2.6.4 +argo-cd-5.24.2,2023-03-08,07:13:22,v2.6.4 +argo-cd-5.24.1,2023-03-03,17:53:36,v2.6.3 +argocd-apps-0.0.9,2023-03-02,14:59:22, +argo-rollouts-2.22.3,2023-03-02,15:08:16,v1.4.1 +argo-cd-5.24.0,2023-03-02,14:29:29,v2.6.3 +argo-cd-5.23.5,2023-02-28,23:30:25,v2.6.3 +argo-cd-5.23.4,2023-02-28,21:53:42,v2.6.3 +argo-cd-5.23.3,2023-02-28,08:32:15,v2.6.3 +argo-cd-5.23.2,2023-02-26,16:34:21,v2.6.2 +argo-workflows-0.22.13,2023-02-24,21:57:04,v3.4.5 +argo-workflows-0.22.12,2023-02-23,17:44:23,v3.4.5 +argo-cd-5.23.1,2023-02-23,18:12:14,v2.6.2 +argo-cd-5.23.0,2023-02-23,16:57:40,v2.6.2 +argo-events-2.1.3,2023-02-21,01:14:54,v1.7.6 +argo-cd-5.22.1,2023-02-19,12:38:23,v2.6.2 +argo-cd-5.22.0,2023-02-17,16:38:41,v2.6.2 +argo-cd-5.21.1,2023-02-17,08:23:54,v2.6.2 +argo-cd-5.21.0,2023-02-15,00:11:41,v2.6.1 +argo-cd-5.20.5,2023-02-14,12:21:52,v2.6.1 +argo-cd-5.20.4,2023-02-13,11:22:38,v2.6.1 +argo-workflows-0.22.11,2023-02-10,05:32:10,v3.4.5 +argocd-apps-0.0.8,2023-02-09,22:44:40, +argo-cd-5.20.3,2023-02-08,20:15:43,v2.6.1 +argo-cd-5.20.2,2023-02-08,16:42:35,v2.6.0 +argo-cd-5.20.1,2023-02-08,01:10:02,v2.6.0 +argo-workflows-0.22.10,2023-02-07,15:11:29,v3.4.5 +argo-cd-5.20.0,2023-02-07,15:02:47,v2.6.0 +argo-cd-5.19.15,2023-02-06,04:40:38,v2.5.10 +argo-cd-5.19.14,2023-02-02,21:56:38,v2.5.10 +argo-cd-5.19.13,2023-02-02,04:11:31,v2.5.9 +argocd-image-updater-0.8.4,2023-02-01,21:07:41,v0.12.2 +argocd-image-updater-0.8.3,2023-01-29,18:59:51,v0.12.0 +argocd-apps-0.0.7,2023-01-29,19:17:57, +argo-workflows-0.22.9,2023-01-29,18:48:45,v3.4.4 +argo-rollouts-2.22.2,2023-01-29,19:14:29,v1.4.0 +argo-events-2.1.2,2023-01-29,19:07:55,v1.7.5 +argo-events-2.1.1,2023-01-29,12:16:37,v1.7.5 +argo-cd-5.19.12,2023-01-29,15:23:26,v2.5.9 +argo-cd-5.19.11,2023-01-28,13:41:15,v2.5.9 +argo-cd-5.19.9,2023-01-27,14:47:36,v2.5.8 +argo-cd-5.19.10,2023-01-27,23:20:39,v2.5.8 +argo-cd-5.19.8,2023-01-26,12:06:45,v2.5.8 +argo-cd-5.19.7,2023-01-26,08:23:02,v2.5.8 +argo-events-2.1.0,2023-01-25,21:46:36,v1.7.4 +argo-cd-5.19.6,2023-01-24,00:18:44,v2.5.7 +argo-cd-5.19.5,2023-01-22,19:22:59,v2.5.7 +argo-cd-5.19.4,2023-01-22,17:20:54,v2.5.7 +argocd-image-updater-0.8.2,2023-01-21,11:38:12,v0.12.0 +argo-cd-5.19.3,2023-01-21,19:11:20,v2.5.7 +argo-cd-5.19.2,2023-01-21,12:19:10,v2.5.7 +argo-cd-5.19.1,2023-01-21,12:08:16,v2.5.7 +argo-cd-5.19.0,2023-01-21,09:25:14,v2.5.7 +argo-rollouts-2.22.1,2023-01-20,16:42:17,v1.4.0 +argo-cd-5.18.1,2023-01-20,14:34:15,v2.5.7 +argo-rollouts-2.22.0,2023-01-19,21:14:27,v1.4.0 +argo-rollouts-2.21.3,2023-01-19,10:37:43,v1.3.1 +argo-cd-5.18.0,2023-01-19,22:15:14,v2.5.7 +argo-rollouts-2.21.2,2023-01-18,02:39:11,v1.3.1 +argo-cd-5.17.4,2023-01-18,13:01:18,v2.5.7 +argo-cd-5.17.2,2023-01-18,06:44:45,v2.5.7 +argo-cd-5.17.1,2023-01-11,06:33:59,v2.5.6 +argo-workflows-0.22.8,2023-01-10,00:03:48,v3.4.4 +argo-cd-5.17.0,2023-01-10,12:32:17,v2.5.5 +argo-cd-5.16.15,2023-01-10,08:59:08,v2.5.5 +argo-cd-5.16.14,2023-01-04,09:49:57,v2.5.5 +argo-workflows-0.22.7,2023-01-03,01:46:24,v3.4.4 +argo-workflows-0.22.6,2022-12-30,05:21:07,v3.4.4 +argo-workflows-0.22.5,2022-12-29,16:31:57,v3.4.4 +argo-events-2.0.11,2022-12-29,17:55:54,v1.7.4 +argo-cd-5.16.13,2022-12-29,16:26:56,v2.5.5 +argo-cd-5.16.12,2022-12-29,15:47:53,v2.5.5 +argo-cd-5.16.11,2022-12-29,11:49:31,v2.5.5 +argo-cd-5.16.10,2022-12-27,12:12:26,v2.5.5 +argocd-apps-0.0.6,2022-12-25,13:56:50, +argo-events-2.0.10,2022-12-24,19:41:24,v1.7.4 +argo-workflows-0.22.4,2022-12-22,13:00:59,v3.4.4 +argo-cd-5.16.9,2022-12-20,13:18:36,v2.5.5 +argo-cd-5.16.8,2022-12-20,11:54:14,v2.5.5 +argo-workflows-0.22.3,2022-12-19,09:08:04,v3.4.4 +argo-workflows-0.22.2,2022-12-18,23:42:17,v3.4.4 +argo-events-2.0.9,2022-12-17,00:45:45,v1.7.3 +argo-cd-5.16.7,2022-12-17,11:36:17,v2.5.5 +argo-events-2.0.8,2022-12-15,08:33:57,v1.7.3 +argo-cd-5.16.6,2022-12-15,06:03:36,v2.5.4 +argo-cd-5.16.5,2022-12-14,21:13:18,v2.5.4 +argo-cd-5.16.4,2022-12-13,21:31:30,v2.5.4 +argo-cd-5.16.3,2022-12-13,06:19:38,v2.5.4 +argocd-apps-0.0.5,2022-12-10,14:50:54, +argo-workflows-0.22.1,2022-12-09,06:50:29,v3.4.4 +argo-events-2.0.7,2022-12-09,13:08:09,v1.7.3 +argo-cd-5.16.2,2022-12-07,07:41:56,v2.5.4 +argocd-apps-0.0.4,2022-12-02,13:26:38, +argo-workflows-0.22.0,2022-12-02,13:51:34,v3.4.4 +argo-workflows-0.21.0,2022-12-02,10:29:52,v3.4.4 +argo-cd-5.16.1,2022-12-02,14:48:40,v2.5.3 +argo-workflows-0.20.12,2022-11-30,15:26:09,v3.4.4 +argo-cd-5.16.0,2022-11-30,23:28:36,v2.5.3 +argo-cd-5.15.2,2022-11-30,21:58:12,v2.5.3 +argo-cd-5.15.1,2022-11-30,21:38:35,v2.5.3 +argo-cd-5.15.0,2022-11-29,21:15:00,v2.5.3 +argo-cd-5.14.3,2022-11-28,22:10:18,v2.5.3 +argo-workflows-0.20.11,2022-11-26,01:08:34,v3.4.3 +argo-workflows-0.20.10,2022-11-25,00:36:01,v3.4.3 +argo-cd-5.14.2,2022-11-25,17:40:10,v2.5.2 +argo-workflows-0.20.9,2022-11-23,07:18:21,v3.4.3 +argo-cd-5.14.1,2022-11-21,10:39:57,v2.5.2 +argo-cd-5.14.0,2022-11-20,13:30:05,v2.5.2 +argo-cd-5.13.9,2022-11-17,15:26:43,v2.5.2 +argo-workflows-0.20.8,2022-11-14,11:20:39,v3.4.3 +argo-cd-5.13.8,2022-11-11,02:11:52,v2.5.2 +argo-workflows-0.20.7,2022-11-10,00:36:36,v3.4.3 +argo-cd-5.13.7,2022-11-10,01:56:07,v2.5.2 +argo-cd-5.13.6,2022-11-08,16:04:52,v2.5.2 +argo-cd-5.13.5,2022-11-07,21:55:16,v2.5.1 +argo-cd-5.13.4,2022-11-06,21:13:41,v2.5.1 +argo-cd-5.13.3,2022-11-06,04:19:47,v2.5.1 +argo-cd-5.13.2,2022-11-03,08:37:01,v2.5.1 +argo-cd-5.13.1,2022-11-02,07:31:33,v2.5.1 +argo-workflows-0.20.6,2022-11-01,09:26:43,v3.4.3 +argo-cd-5.13.0,2022-11-01,19:27:19,v2.5.0 +argo-cd-5.12.3,2022-11-01,14:57:44,v2.5.0 +argo-cd-5.12.2,2022-10-31,17:38:56,v2.5.0 +argo-cd-5.9.1,2022-10-30,17:48:16,v2.5.0 +argo-cd-5.9.0,2022-10-30,15:38:31,v2.5.0 +argo-cd-5.12.1,2022-10-30,23:48:29,v2.5.0 +argo-cd-5.12.0,2022-10-30,22:03:51,v2.5.0 +argo-cd-5.11.0,2022-10-30,20:44:31,v2.5.0 +argo-cd-5.10.0,2022-10-30,19:13:05,v2.5.0 +argo-cd-5.8.7,2022-10-29,19:08:37,v2.5.0 +argo-cd-5.8.6,2022-10-29,09:24:01,v2.5.0 +argo-cd-5.8.5,2022-10-28,10:18:33,v2.5.0 +argo-cd-5.8.4,2022-10-28,08:50:11,v2.5.0 +argo-workflows-0.20.5,2022-10-27,01:05:01,v3.4.2 +argo-cd-5.8.3,2022-10-27,12:18:27,v2.5.0 +argo-cd-5.8.2,2022-10-26,13:19:29,v2.5.0 +argo-cd-5.8.1,2022-10-26,11:11:40,v2.5.0 +argo-workflows-0.20.4,2022-10-25,06:19:19,v3.4.2 +argo-cd-5.8.0,2022-10-25,21:22:42,v2.5.0 +argo-cd-5.7.0,2022-10-25,17:05:58,v2.4.15 +argo-cd-5.6.8,2022-10-25,14:09:11,v2.4.15 +argo-cd-5.6.7,2022-10-25,13:30:20,v2.4.15 +argo-cd-5.6.6,2022-10-25,06:42:17,v2.4.15 +argo-workflows-0.20.3,2022-10-24,05:53:54,v3.4.2 +argo-cd-5.6.5,2022-10-24,21:48:21,v2.4.15 +argo-cd-5.6.4,2022-10-24,17:06:09,v2.4.15 +argo-workflows-0.20.2,2022-10-22,07:37:48,v3.4.1 +argo-cd-5.6.3,2022-10-22,12:59:43,v2.4.15 +argo-cd-5.6.2,2022-10-21,08:11:20,v2.4.15 +argo-cd-5.6.1,2022-10-20,11:23:48,v2.4.15 +argocd-apps-0.0.3,2022-10-13,22:07:34, +argo-cd-5.6.0,2022-10-13,22:30:23,v2.4.14 +argo-cd-5.5.25,2022-10-13,16:17:41,v2.4.14 +argocd-apps-0.0.2,2022-10-12,08:34:02, +argo-cd-5.5.24,2022-10-12,12:55:54,v2.4.14 +argo-cd-5.5.23,2022-10-12,11:46:40,v2.4.14 +argo-cd-5.5.22,2022-10-12,08:04:42,v2.4.14 +argocd-image-updater-0.8.1,2022-10-11,22:21:29,v0.12.0 +argo-cd-5.5.21,2022-10-11,14:12:05,v2.4.14 +argo-cd-5.5.20,2022-10-11,14:00:11,v2.4.14 +argo-cd-5.5.19,2022-10-11,12:29:07,v2.4.14 +argo-cd-5.5.18,2022-10-10,20:46:29,v2.4.14 +argo-cd-5.5.17,2022-10-10,19:09:27,v2.4.14 +argo-cd-5.5.16,2022-10-09,13:23:27,v2.4.14 +argo-cd-5.5.15,2022-10-09,08:34:22,v2.4.14 +argo-cd-5.5.14,2022-10-08,22:23:13,v2.4.14 +argo-cd-5.5.13,2022-10-08,11:28:42,v2.4.14 +argo-cd-5.5.12,2022-10-07,10:52:38,v2.4.14 +argo-cd-5.5.9,2022-10-06,14:32:23,v2.4.13 +argo-cd-5.5.11,2022-10-06,22:23:50,v2.4.14 +argo-cd-5.5.10,2022-10-06,21:05:05,v2.4.14 +argo-cd-5.5.8,2022-10-04,00:58:31,v2.4.13 +argo-workflows-0.20.1,2022-10-02,09:28:15,v3.4.1 +argo-rollouts-2.21.1,2022-09-30,22:29:28,v1.3.1 +argo-cd-5.5.7,2022-09-30,13:26:36,v2.4.12 +argo-rollouts-2.21.0,2022-09-29,06:43:50,v1.3.0 +argo-events-2.0.6,2022-09-29,15:55:01,v1.7.3 +argo-workflows-0.20.0,2022-09-28,13:51:07,v3.4.0 +argo-cd-5.5.6,2022-09-28,11:06:18,v2.4.12 +argo-workflows-0.19.6,2022-09-27,12:44:09,v3.4.0 +argo-workflows-0.19.5,2022-09-27,09:53:23,v3.4.0 +argo-workflows-0.19.4,2022-09-26,04:11:17,v3.4.0 +argo-workflows-0.19.3,2022-09-26,01:49:55,v3.4.0 +argo-cd-5.5.5,2022-09-25,17:03:01,v2.4.12 +argo-workflows-0.19.2,2022-09-24,00:03:59,v3.4.0 +argo-cd-5.5.4,2022-09-22,17:20:47,v2.4.12 +argo-cd-5.5.3,2022-09-22,08:53:07,v2.4.12 +argo-workflows-0.19.1,2022-09-21,12:51:22,v3.4.0 +argo-workflows-0.19.0,2022-09-21,10:35:00,v3.4.0 +argo-cd-5.5.2,2022-09-21,19:06:26,v2.4.12 +argo-cd-5.5.1,2022-09-21,18:21:31,v2.4.12 +argo-cd-5.5.0,2022-09-21,11:48:56,v2.4.12 +argo-cd-5.4.8,2022-09-21,07:32:29,v2.4.12 +argo-events-2.0.5,2022-09-20,11:55:01,v1.7.2 +argo-workflows-0.18.0,2022-09-19,16:10:42,v3.4.0 +argo-cd-5.4.7,2022-09-19,21:37:54,v2.4.12 +argo-cd-5.4.6,2022-09-19,12:57:09,v2.4.12 +argo-cd-5.4.5,2022-09-19,11:44:57,v2.4.12 +argo-cd-5.4.4,2022-09-16,08:58:43,v2.4.12 +argo-cd-5.4.3,2022-09-08,17:00:01,v2.4.11 +argo-cd-5.4.2,2022-09-06,10:13:54,v2.4.11 +argo-cd-5.4.1,2022-09-04,08:48:29,v2.4.11 +argo-cd-5.4.0,2022-08-30,15:30:53,v2.4.11 +argo-workflows-0.17.1,2022-08-26,09:03:18,v3.3.9 +argo-rollouts-2.20.0,2022-08-26,16:40:20,v1.2.2 +argo-rollouts-2.19.2,2022-08-26,09:03:17,v1.2.2 +argo-events-2.0.4,2022-08-26,09:03:16,v1.7.1 +argo-cd-5.3.6,2022-08-26,16:15:52,v2.4.11 +argo-cd-5.3.5,2022-08-26,13:38:01,v2.4.11 +argo-cd-5.3.4,2022-08-26,09:03:15,v2.4.11 +argo-cd-5.3.3,2022-08-25,22:09:36,v2.4.11 +argo-cd-5.3.2,2022-08-25,21:39:21,v2.4.11 +argo-cd-5.3.1,2022-08-25,11:35:35,v2.4.11 +argo-cd-5.3.0,2022-08-25,10:42:01,v2.4.11 +argo-cd-5.2.2,2022-08-25,10:13:10,v2.4.11 +argo-cd-5.2.1,2022-08-25,09:08:04,v2.4.11 +argo-cd-5.2.0,2022-08-25,08:43:06,v2.4.11 +argo-cd-5.1.0,2022-08-25,06:41:11,v2.4.11 +argo-cd-5.0.0,2022-08-24,15:12:21,v2.4.11 +argo-rollouts-2.19.0,2022-08-23,02:43:29,v1.2.0 +argocd-apps-0.0.1,2022-08-22,12:32:28, +argo-cd-4.10.9,2022-08-22,14:04:30,v2.4.11 +argo-cd-4.10.8,2022-08-19,19:37:44,v2.4.10 +argo-cd-4.10.7,2022-08-18,00:28:21,v2.4.10 +argo-workflows-0.17.0,2022-08-17,00:07:26,v3.3.9 +argo-cd-4.10.6,2022-08-11,20:43:51,v2.4.9 +argo-workflows-0.16.9,2022-08-10,11:43:41,v3.3.9 +argo-cd-4.10.5,2022-08-02,10:02:11,v2.4.8 +argo-cd-4.10.4,2022-08-01,13:49:17,v2.4.8 +argo-cd-4.10.3,2022-07-31,12:20:12,v2.4.7 +argo-cd-4.10.2,2022-07-29,18:15:36,v2.4.7 +argo-cd-4.10.1,2022-07-29,14:40:58,v2.4.7 +argo-workflows-0.16.8,2022-07-27,00:51:07,v3.3.8 +argo-cd-4.10.0,2022-07-21,09:53:44,v2.4.7 +argo-cd-4.9.16,2022-07-19,12:48:08,v2.4.7 +argo-cd-4.9.15,2022-07-19,06:25:53,v2.4.7 +argo-rollouts-2.18.0,2022-07-15,11:43:33,v1.2.0 +argo-cd-4.9.14,2022-07-14,13:03:20,v2.4.6 +argo-workflows-0.16.7,2022-07-13,00:10:56,v3.3.8 +argo-cd-4.9.13,2022-07-13,20:43:07,v2.4.6 +argo-cd-4.9.12,2022-07-07,16:46:25,v2.4.4 +argo-events-2.0.3,2022-07-06,12:39:16,v1.7.1 +argo-events-2.0.2,2022-07-04,09:50:24,v1.7.1 +argo-cd-4.9.11,2022-06-29,13:10:22,v2.4.3 +argo-cd-4.9.9,2022-06-28,13:20:49,v2.4.3 +argo-cd-4.9.10,2022-06-28,15:14:22,v2.4.3 +argo-events-2.0.1,2022-06-27,21:35:46,v1.7.0 +argo-cd-4.9.8,2022-06-27,17:45:36,v2.4.2 +argo-workflows-0.16.6,2022-06-24,05:47:50,v3.3.8 +argo-workflows-0.16.5,2022-06-23,16:01:09,v3.3.7 +argo-workflows-0.16.4,2022-06-23,09:30:17,v3.3.6 +argo-cd-4.9.7,2022-06-23,14:43:59,v2.4.2 +argo-cd-4.9.6,2022-06-23,06:34:16,v2.4.2 +argo-cd-4.9.5,2022-06-23,05:50:20,v2.4.2 +argo-rollouts-2.17.0,2022-06-17,08:13:21,v1.2.0 +argo-cd-4.9.4,2022-06-17,07:01:22,v2.4.0 +argo-cd-4.9.3,2022-06-16,11:24:09,v2.4.0 +argo-cd-4.9.2,2022-06-15,13:16:32,v2.4.0 +argo-events-2.0.0,2022-06-14,15:38:27,v1.7.0 +argo-cd-4.9.1,2022-06-14,12:32:16,v2.4.0 +argo-cd-4.9.0,2022-06-14,10:10:37,v2.4.0 +argo-workflows-0.16.3,2022-06-10,16:50:21,v3.3.6 +argo-cd-4.8.3,2022-06-08,06:04:29,v2.3.4 +argo-cd-4.8.2,2022-06-02,12:26:38,v2.3.4 +argo-cd-4.8.1,2022-06-02,12:06:47,v2.3.4 +argo-workflows-0.16.2,2022-06-01,17:56:41,v3.3.6 +argo-rollouts-2.16.0,2022-06-01,17:10:16,v1.2.0 +argo-cd-4.8.0,2022-05-30,16:20:13,v2.3.4 +argo-workflows-0.16.1,2022-05-26,11:20:50,v3.3.6 +argo-rollouts-2.15.0,2022-05-26,12:00:18,v1.2.0 +argo-workflows-0.16.0,2022-05-25,09:30:37,v3.3.5 +argo-workflows-0.15.4,2022-05-25,08:52:21,v3.3.5 +argo-cd-4.7.0,2022-05-25,11:07:09,v2.3.4 +argo-rollouts-2.14.1,2022-05-23,05:05:29,v1.2.0 +argo-cd-4.6.5,2022-05-23,04:47:27,v2.3.4 +argo-workflows-0.15.3,2022-05-22,07:43:33,v3.3.5 +argo-cd-4.6.4,2022-05-22,11:52:08,v2.3.4 +argo-workflows-0.15.2,2022-05-20,21:14:27,v3.3.5 +argo-workflows-0.15.1,2022-05-20,19:19:26,v3.3.2 +argo-cd-4.6.3,2022-05-20,18:11:16,v2.3.4 +argo-cd-4.6.2,2022-05-19,17:54:21,v2.3.4 +argo-cd-4.6.1,2022-05-19,11:51:31,v2.3.3 +argo-cd-4.6.0,2022-05-10,07:41:16,v2.3.3 +argo-workflows-0.15.0,2022-05-09,20:45:52,v3.3.2 +argo-workflows-0.14.5,2022-05-09,20:36:39,v3.3.2 +argo-workflows-0.14.4,2022-05-09,20:24:35,v3.3.2 +argo-workflows-0.14.3,2022-05-09,19:51:22,v3.3.2 +argo-workflows-0.14.2,2022-05-09,19:37:38,v3.3.2 +argo-cd-4.5.12,2022-05-09,19:18:36,v2.3.3 +argo-cd-4.5.11,2022-05-07,20:58:56,v2.3.3 +argo-cd-4.5.10,2022-05-05,21:59:44,v2.3.3 +argo-cd-4.5.9,2022-05-04,16:40:52,v2.3.3 +argo-workflows-0.14.1,2022-05-01,11:44:50,v3.3.2 +argo-cd-4.5.8,2022-04-30,12:31:18,v2.3.3 +argo-events-1.13.0,2022-04-23,07:25:52,v1.6.0 +argocd-notifications-1.8.1,2022-04-22,09:42:54,v1.2.1 +argocd-applicationset-1.12.1,2022-04-22,09:42:52,v0.4.1 +argocd-applicationset-1.12.0,2022-04-22,07:23:43,v0.4.1 +argo-workflows-0.14.0,2022-04-22,07:09:42,v3.3.2 +argo-cd-4.5.7,2022-04-22,09:55:26,v2.3.3 +argo-cd-4.5.6,2022-04-22,08:34:16,v2.3.3 +argo-cd-4.5.5,2022-04-21,22:02:41,v2.3.3 +argo-cd-4.5.4,2022-04-19,11:02:10,v2.3.3 +argo-cd-4.5.3,2022-04-12,14:28:36,v2.3.3 +argo-cd-4.5.2,2022-04-12,12:32:08,v2.3.3 +argo-cd-4.5.1,2022-04-11,14:33:48,v2.3.3 +argo-rollouts-2.14.0,2022-04-05,11:38:27,v1.2.0 +argo-cd-4.5.0,2022-04-03,09:14:25,v2.3.3 +argo-cd-4.4.1,2022-04-02,18:45:18,v2.3.3 +argo-rollouts-2.13.0,2022-03-31,17:32:03,v1.2.0 +argo-cd-4.4.0,2022-03-31,12:20:18,v2.3.3 +argo-cd-4.3.2,2022-03-31,11:59:31,v2.3.3 +argo-cd-4.3.1,2022-03-30,13:40:17,v2.3.3 +argo-cd-4.3.0,2022-03-29,11:24:34,v2.3.2 +argo-cd-4.2.4,2022-03-28,21:02:42,v2.3.2 +argo-cd-4.2.3,2022-03-28,13:18:14,v2.3.2 +argo-workflows-0.13.1,2022-03-23,13:18:49,v3.2.9 +argo-rollouts-2.12.0,2022-03-23,21:12:12,v1.2.0 +argo-cd-4.2.2,2022-03-23,09:53:45,v2.3.2 +argo-cd-4.2.1,2022-03-18,21:25:50,v2.3.1 +argo-cd-4.2.0,2022-03-18,16:42:44,v2.3.1 +argocd-image-updater-0.8.0,2022-03-17,19:34:59,v0.12.0 +argo-cd-4.1.0,2022-03-17,17:16:25,v2.3.1 +argo-cd-4.0.1,2022-03-17,12:54:21,v2.3.1 +argo-cd-4.0.0,2022-03-16,21:02:33,v2.3.1 +argo-rollouts-2.11.0,2022-03-14,21:13:07,v1.1.1 +argo-workflows-0.13.0,2022-03-12,17:55:49,v3.2.9 +argo-workflows-0.12.0,2022-03-12,17:14:00,v3.2.9 +argo-cd-3.35.4,2022-03-12,18:59:29,v2.2.5 +argo-cd-3.35.3,2022-03-10,10:45:45,v2.2.5 +argo-cd-3.35.2,2022-03-06,15:54:11,v2.2.5 +argo-cd-3.35.1,2022-03-06,12:08:36,v2.2.5 +argo-workflows-0.11.2,2022-03-05,08:51:50,v3.2.9 +argo-workflows-0.11.1,2022-03-03,14:02:23,v3.2.7 +argocd-image-updater-0.7.0,2022-03-01,10:26:52,v0.11.3 +argo-workflows-0.11.0,2022-03-01,09:53:15,v3.2.7 +argo-cd-3.35.0,2022-03-01,21:58:21,v2.2.5 +argo-cd-3.34.0,2022-03-01,17:37:13,v2.2.5 +argo-cd-3.33.8,2022-02-26,20:07:35,v2.2.5 +argo-cd-3.33.7,2022-02-23,11:02:53,v2.2.5 +argocd-image-updater-0.6.3,2022-02-20,17:56:33,v0.11.3 +argo-rollouts-2.10.0,2022-02-20,23:01:55,v1.1.1 +argo-events-1.12.0,2022-02-20,20:57:50,v1.6.0 +argo-events-1.11.0,2022-02-20,18:31:57,v1.6.0 +argocd-applicationset-1.11.0,2022-02-17,08:19:49,v0.3.0 +argo-cd-3.33.6,2022-02-17,11:37:47,v2.2.5 +argocd-applicationset-1.10.0,2022-02-16,18:44:07,v0.3.0 +argo-workflows-0.10.1,2022-02-09,23:06:55,v3.2.7 +argo-cd-3.33.5,2022-02-05,16:32:53,v2.2.5 +argo-cd-3.33.4,2022-02-05,12:55:15,v2.2.5 +argo-cd-3.33.3,2022-02-04,09:19:44,v2.2.4 +argo-cd-3.33.2,2022-02-03,09:36:59,v2.2.3 +argocd-notifications-1.8.0,2022-02-01,21:49:11,v1.2.1 +argo-cd-3.33.1,2022-01-31,19:26:33,v2.2.3 +argo-cd-3.33.0,2022-01-31,15:37:35,v2.2.3 +argo-workflows-0.10.0,2022-01-28,13:45:09,v3.2.6 +argo-cd-3.32.1,2022-01-27,10:15:36,v2.2.3 +argo-cd-3.32.0,2022-01-26,15:14:35,v2.2.3 +argo-rollouts-2.9.3,2022-01-25,12:43:34,v1.1.1 +argocd-notifications-1.7.1,2022-01-24,19:19:34,v1.2.1 +argocd-image-updater-0.6.2,2022-01-24,19:19:33,v0.11.2 +argocd-applicationset-1.9.1,2022-01-24,19:19:32,v0.3.0 +argo-workflows-0.9.5,2022-01-24,19:19:30,v3.2.6 +argo-rollouts-2.9.2,2022-01-24,19:19:29,v1.1.1 +argo-events-1.10.2,2022-01-24,19:19:28,v1.5.6 +argo-cd-3.31.1,2022-01-24,19:19:26,v2.2.2 +argo-cd-3.31.0,2022-01-20,10:52:27,v2.2.2 +argo-cd-3.30.1,2022-01-19,19:26:25,v2.2.2 +argo-events-1.10.1,2022-01-18,22:20:08,v1.5.6 +argo-events-1.10.0,2022-01-17,14:02:09,v1.5.0 +argo-cd-3.30.0,2022-01-16,05:24:18,v2.2.2 +argocd-image-updater-0.6.1,2022-01-11,22:07:52,v0.11.2 +argo-rollouts-2.9.1,2022-01-11,22:35:51,v1.1.1 +argo-rollouts-2.9.0,2022-01-10,20:46:21,v1.1.1 +argo-rollouts-2.8.1,2022-01-10,18:21:14,v1.1.1 +argo-events-1.9.0,2022-01-10,19:56:43,v1.5.0 +argocd-applicationset-1.9.0,2022-01-09,18:08:02,v0.3.0 +argocd-applicationset-1.8.0,2022-01-06,18:36:05,v0.3.0 +argo-rollouts-2.8.0,2022-01-05,12:32:16,v1.1.0 +argo-cd-3.29.5,2022-01-04,10:16:28,v2.2.2 +argocd-notifications-1.7.0,2021-12-20,18:18:19,v1.2.1 +argo-workflows-0.9.4,2021-12-20,11:00:00,v3.2.6 +argo-rollouts-2.7.0,2021-12-20,19:13:47,v1.1.0 +argo-cd-3.29.4,2021-12-20,17:27:35,v2.2.1 +argo-cd-3.29.3,2021-12-18,22:09:23,v2.2.1 +argo-cd-3.29.2,2021-12-17,18:39:32,v2.2.1 +argo-cd-3.29.1,2021-12-17,10:06:18,v2.2.1 +argocd-notifications-1.6.1,2021-12-16,09:58:40,v1.2.1 +argo-cd-3.29.0,2021-12-15,10:15:30,v2.2.0 +argo-cd-3.28.1,2021-12-11,19:32:10,v2.1.7 +argo-cd-3.28.0,2021-12-10,15:23:06,v2.1.7 +argocd-applicationset-1.7.0,2021-12-09,14:56:54,v0.2.0 +argo-rollouts-2.6.0,2021-12-09,15:13:24,v1.1.0 +argocd-image-updater-0.6.0,2021-12-07,06:40:34,v0.11.0 +argo-workflows-0.9.3,2021-12-06,10:02:15,v3.2.4 +argo-cd-3.27.1,2021-12-03,22:41:42,v2.1.7 +argo-cd-3.27.0,2021-12-03,22:19:58,v2.1.7 +argo-cd-3.26.12,2021-11-29,10:51:49,v2.1.7 +argocd-notifications-1.6.0,2021-11-25,17:39:42,v1.2.0 +argocd-image-updater-0.5.0,2021-11-24,20:47:21,v0.11.0 +argo-cd-3.26.11,2021-11-24,16:30:38,v2.1.7 +argo-workflows-0.9.2,2021-11-23,10:12:37,v3.2.4 +argocd-image-updater-0.4.2,2021-11-22,07:18:47,v0.10.3 +argo-workflows-0.9.1,2021-11-22,09:41:06,v3.2.4 +argo-workflows-0.9.0,2021-11-22,09:33:03,v3.2.4 +argo-workflows-0.8.3,2021-11-21,18:59:21,v3.2.4 +argo-cd-3.26.10,2021-11-21,12:48:45,v2.1.7 +argo-workflows-0.8.2,2021-11-19,21:36:02,v3.2.0 +argocd-image-updater-0.4.1,2021-11-17,09:50:53,v0.10.3 +argo-cd-3.26.9,2021-11-17,07:43:03,v2.1.6 +argocd-image-updater-0.4.0,2021-11-15,23:19:27,v0.10.1 +argo-rollouts-2.5.0,2021-11-15,07:02:31,v1.1.0 +argocd-notifications-1.5.2,2021-11-12,09:25:30,v1.1.1 +argo-cd-3.26.8,2021-11-11,15:00:04,v2.1.6 +argo-cd-3.26.7,2021-11-10,17:18:47,v2.1.6 +argocd-image-updater-0.3.0,2021-11-09,21:14:43,v0.10.1 +argo-rollouts-2.4.0,2021-11-09,20:50:12,v1.1.0 +argo-cd-3.26.6,2021-11-06,08:23:57,v2.1.6 +argo-workflows-0.8.1,2021-11-01,18:13:26,v3.2.0 +argo-cd-3.26.5,2021-10-31,19:32:18,v2.1.6 +argo-cd-3.26.4,2021-10-31,11:57:25,v2.1.6 +argo-events-1.8.0,2021-10-27,15:13:58,v1.5.0 +argo-cd-3.26.3,2021-10-21,20:56:35,v2.1.5 +argo-cd-3.26.2,2021-10-21,11:34:14,2.1.4 +argo-cd-3.26.1,2021-10-20,06:32:59,2.1.4 +argo-workflows-0.8.0,2021-10-19,15:37:06,v3.2.0 +argo-cd-3.26.0,2021-10-19,17:02:52,2.1.3 +argo-cd-3.25.3,2021-10-19,15:51:33,2.1.3 +argo-rollouts-2.3.0,2021-10-18,12:29:40,v1.1.0 +argocd-applicationset-1.6.0,2021-10-17,18:30:56,v0.2.0 +argo-rollouts-2.2.1,2021-10-17,12:08:48,v1.1.0 +argo-cd-3.25.2,2021-10-17,10:33:22,2.1.3 +argo-workflows-0.7.3,2021-10-15,10:22:13,v3.2.0 +argo-workflows-0.7.2,2021-10-15,09:42:17,v3.1.8 +argo-rollouts-2.2.0,2021-10-14,14:58:28,v1.1.0 +argo-cd-3.25.1,2021-10-14,12:40:36,2.1.3 +argo-cd-3.25.0,2021-10-12,18:49:49,2.1.3 +argo-cd-3.24.0,2021-10-06,22:13:09,2.1.3 +argo-cd-3.23.1,2021-10-06,15:28:20,2.1.3 +argo-cd-3.23.0,2021-10-04,22:20:00,2.1.2 +argocd-notifications-1.5.1,2021-09-29,15:15:42,1.1.1 +argo-cd-3.22.1,2021-09-29,09:07:29,2.1.2 +argocd-applicationset-1.5.1,2021-09-27,13:58:05,v0.2.0 +argocd-applicationset-1.5.0,2021-09-27,12:06:48,v0.2.0 +argo-workflows-0.7.1,2021-09-27,15:18:14,v3.1.8 +argo-workflows-0.7.0,2021-09-27,07:14:58,v3.1.8 +argo-rollouts-2.1.1,2021-09-27,15:10:06,v1.0.2 +argo-cd-3.22.0,2021-09-27,19:32:54,2.1.2 +argo-cd-3.21.1,2021-09-27,10:04:46,2.1.2 +argocd-image-updater-0.2.1,2021-09-20,14:43:20,v0.10.1 +argo-workflows-0.6.0,2021-09-17,19:51:33,v3.1.8 +argo-rollouts-2.1.0,2021-09-17,16:39:27,v1.0.2 +argo-cd-3.21.0,2021-09-17,20:14:56,2.1.2 +argo-cd-3.20.0,2021-09-17,17:47:39,2.1.2 +argo-cd-3.19.0,2021-09-17,13:57:58,2.1.2 +argocd-image-updater-0.2.0,2021-09-16,18:59:58,v0.10.1 +argocd-image-updater-0.1.1,2021-09-16,17:30:59,v0.10.1 +argo-rollouts-2.0.2,2021-09-16,19:06:11,v1.0.2 +argo-cd-3.18.0,2021-09-16,17:59:45,2.1.2 +argo-workflows-0.5.2,2021-09-15,22:27:25,v3.1.8 +argo-cd-3.17.7,2021-09-15,10:31:26,2.1.2 +argo-workflows-0.5.1,2021-09-13,16:21:35,v3.1.8 +argo-cd-3.17.6,2021-09-02,21:59:12,2.1.2 +argo-rollouts-2.0.1,2021-08-30,06:46:48,v1.0.2 +argocd-notifications-1.5.0,2021-08-27,13:12:54,1.1.1 +argocd-applicationset-1.4.0,2021-08-27,12:33:43,v0.2.0 +argo-workflows-0.5.0,2021-08-27,12:59:50,v3.1.8 +argo-cd-3.17.5,2021-08-27,13:47:25,2.1.1 +argo-cd-3.17.4,2021-08-27,10:06:21,2.1.1 +argo-cd-3.17.3,2021-08-26,15:11:19,2.1.1 +argo-cd-3.17.2,2021-08-26,14:22:27,2.1.1 +argo-cd-3.17.1,2021-08-26,13:55:36,2.1.0 +argo-cd-3.17.0,2021-08-26,13:43:13,2.1.0 +argocd-notifications-1.4.4,2021-08-25,12:14:37,1.1.1 +argocd-applicationset-1.3.1,2021-08-25,07:05:41,v0.2.0 +argo-cd-3.16.0,2021-08-25,15:05:03,2.1.0 +argo-cd-3.15.0,2021-08-24,12:48:33,2.1.0 +argo-cd-3.14.0,2021-08-24,12:38:02,2.1.0 +argocd-applicationset-1.3.0,2021-08-23,13:05:32,v0.2.0 +argocd-applicationset-1.2.0,2021-08-23,12:23:43,v0.2.0 +argo-workflows-0.4.2,2021-08-23,11:13:42,v3.1.8 +argo-cd-3.13.2,2021-08-23,17:23:36,2.1.0 +argo-cd-3.13.1,2021-08-23,13:01:57,2.1.0 +argo-cd-3.13.0,2021-08-23,12:14:11,2.1.0 +argo-workflows-0.4.1,2021-08-20,16:24:43,v3.1.5 +argocd-notifications-1.4.3,2021-08-18,10:02:11,1.1.1 +argocd-notifications-1.4.2,2021-08-17,09:13:14,1.1.1 +argo-workflows-0.4.0,2021-08-17,07:31:04,v3.1.5 +argocd-image-updater-0.1.0,2021-08-16,15:23:23,v0.10.1 +argo-rollouts-2.0.0,2021-08-16,15:27:43,v1.0.2 +argo-cd-3.12.1,2021-08-14,11:03:56,2.0.5 +argocd-applicationset-1.1.0,2021-08-13,16:37:25,v0.1.0 +argo-cd-3.12.0,2021-08-13,20:15:28,2.0.5 +argo-workflows-0.3.0,2021-08-11,07:32:31,v3.0.7 +argo-cd-3.11.5,2021-08-11,15:44:45,2.0.5 +argo-cd-3.11.4,2021-08-11,07:14:57,2.0.5 +argo-workflows-0.2.13,2021-08-10,13:45:31,v3.0.7 +argo-rollouts-1.0.4,2021-08-10,06:39:57,v1.0.2 +argo-cd-3.11.3,2021-08-09,08:58:30,2.0.5 +argo-events-1.7.0,2021-08-07,22:43:47,1.3.1 +argo-cd-3.11.2,2021-08-07,13:08:09,2.0.5 +argo-cd-3.11.1,2021-07-28,15:42:38,2.0.5 +argo-cd-3.11.0,2021-07-28,14:37:27,2.0.5 +argo-cd-3.10.2,2021-07-27,11:07:30,2.0.5 +argo-cd-3.10.1,2021-07-27,01:33:24,2.0.5 +argo-workflows-0.2.12,2021-07-21,16:02:29,v3.0.7 +argo-workflows-0.2.9,2021-07-20,18:18:54,v3.0.7 +argo-workflows-0.2.8,2021-07-20,18:10:55,v3.0.7 +argo-workflows-0.2.11,2021-07-20,21:51:21,v3.0.7 +argo-workflows-0.2.10,2021-07-20,18:25:05,v3.0.7 +argo-cd-3.10.0,2021-07-20,11:41:23,2.0.4 +argo-cd-3.9.0,2021-07-13,06:35:52,2.0.4 +argo-cd-3.8.2,2021-07-13,06:26:07,2.0.4 +argocd-applicationset-1.0.0,2021-07-12,10:54:40,v0.1.0 +argo-cd-3.8.1,2021-07-12,11:07:21,2.0.4 +argocd-notifications-1.4.1,2021-07-09,11:09:14,1.1.1 +argocd-applicationset-0.1.7,2021-07-09,11:09:13,v0.1.0 +argo-workflows-0.2.7,2021-07-09,11:09:12,v3.0.7 +argo-rollouts-1.0.3,2021-07-09,11:09:12,v1.0.2 +argo-events-1.6.4,2021-07-09,11:09:11,1.3.1 +argo-cd-3.8.0,2021-07-09,12:34:38,2.0.4 +argo-cd-3.7.2,2021-07-09,11:09:10,2.0.4 +argo-rollouts-1.0.2,2021-07-07,15:18:22,v1.0.2 +argo-cd-3.7.1,2021-07-05,09:53:30,2.0.4 +argo-cd-3.7.0,2021-07-05,09:42:21,2.0.4 +argo-cd-3.6.11,2021-06-29,08:49:22,2.0.4 +argo-cd-3.6.10,2021-06-26,15:05:26,2.0.3 +argo-workflows-0.2.6,2021-06-25,06:16:05,v3.0.7 +argo-cd-3.6.9,2021-06-25,06:07:25,2.0.3 +argo-workflows-0.2.5,2021-06-08,13:15:23,v3.0.2 +argo-events-1.6.2,2021-06-07,08:36:00,1.3.1 +argo-cd-3.6.8,2021-06-07,09:40:13,2.0.3 +argo-cd-3.6.7,2021-06-07,08:52:24,2.0.3 +argocd-notifications-1.4.0,2021-06-03,10:08:10,1.1.1 +argocd-applicationset-0.1.6,2021-06-03,17:50:44,v0.1.0 +argo-workflows-0.2.4,2021-06-03,17:11:17,v3.0.2 +argo-workflows-0.2.3,2021-06-03,11:08:38,v3.0.2 +argo-cd-3.6.6,2021-06-02,17:55:17,2.0.3 +argo-workflows-0.2.2,2021-05-31,20:15:38,v3.0.2 +argo-workflows-0.2.1,2021-05-31,16:32:09,v3.0.2 +argo-workflows-0.2.0,2021-05-31,16:18:32,v3.0.2 +argo-rollouts-1.0.1,2021-05-31,21:23:24,v1.0.1 +argo-rollouts-1.0.0,2021-05-31,16:06:49,v1.0.1 +argo-events-1.6.1,2021-05-31,16:09:51,1.3.1 +argo-cd-3.6.5,2021-05-31,20:15:37,2.0.3 +argo-events-1.6.0,2021-05-29,10:30:24,1.3.1 +argo-cd-3.6.4,2021-05-29,14:37:41,2.0.3 +argo-cd-3.6.3,2021-05-29,08:42:00,2.0.3 +argo-workflows-0.1.5,2021-05-27,16:33:49,v3.0.2 +argocd-notifications-1.3.2,2021-05-26,21:41:54,1.1.1 +argo-workflows-0.1.4,2021-05-26,10:00:42,v3.0.2 +argo-rollouts-0.5.5,2021-05-26,09:44:42,0.10.2 +argo-events-1.5.0,2021-05-26,21:27:33,1.3.1 +argo-events-1.4.3,2021-05-26,21:13:44,1.3.1 +argo-cd-3.6.2,2021-05-26,10:35:46,2.0.1 +argo-workflows-0.1.3,2021-05-25,06:06:50,v3.0.2 +argo-rollouts-0.5.4,2021-05-24,21:34:19,0.10.2 +argo-cd-3.6.1,2021-05-24,19:21:16,2.0.1 +argo-cd-3.6.0,2021-05-23,12:25:54,2.0.1 +argocd-notifications-1.3.1,2021-05-21,16:00:09,1.1.1 +argocd-applicationset-0.1.5,2021-05-21,16:00:08,v0.1.0 +argo-workflows-0.1.2,2021-05-21,16:50:29,v3.0.2 +argo-workflows-0.1.1,2021-05-21,16:00:07,v3.0.2 +argo-rollouts-0.5.3,2021-05-21,16:00:06,0.10.2 +argo-events-1.4.2,2021-05-21,16:00:05,1.3.1 +argo-cd-3.5.0,2021-05-21,16:43:57,2.0.1 +argo-cd-3.4.1,2021-05-21,16:00:04,2.0.1 +argo-1.0.0,2021-05-21,16:00:03,v2.12.5 diff --git a/scripts/release-analysis/argo_releases.csv b/scripts/release-analysis/argo_releases.csv new file mode 100644 index 00000000..f630abe7 --- /dev/null +++ b/scripts/release-analysis/argo_releases.csv @@ -0,0 +1,877 @@ +Repository,Release Tag,Release Date,Release Time +argo-cd,v2.14.0-rc6,2025-01-21,21:40:31 +argo-cd,v2.14.0-rc5,2025-01-08,20:16:38 +argo-cd,v2.13.3,2025-01-03,19:23:42 +argo-cd,v2.12.9,2025-01-03,19:21:15 +argo-cd,v2.14.0-rc4,2025-01-02,22:36:35 +argo-cd,v2.14.0-rc3,2024-12-18,19:22:51 +argo-cd,v2.14.0-rc2,2024-12-17,18:43:53 +argo-cd,v2.13.2,2024-12-11,19:18:46 +argo-cd,v2.12.8,2024-12-11,19:17:57 +argo-cd,v2.13.1,2024-11-20,17:11:22 +argo-cd,v2.12.7,2024-11-05,16:08:15 +argo-cd,v2.11.12,2024-11-05,16:09:52 +argo-cd,v2.13.0,2024-11-04,12:46:49 +argo-cd,v2.13.0-rc5,2024-10-18,21:56:52 +argo-cd,v2.12.6,2024-10-18,19:07:18 +argo-cd,v2.11.11,2024-10-18,19:10:03 +argo-cd,v2.13.0-rc4,2024-10-17,22:20:25 +argo-cd,v2.12.5,2024-10-17,22:03:45 +argo-cd,v2.11.10,2024-10-17,22:04:22 +argo-cd,v2.10.18,2024-10-17,22:02:48 +argo-cd,v2.13.0-rc3,2024-10-07,14:11:10 +argo-cd,v2.12.4,2024-09-26,07:14:39 +argo-cd,v2.11.9,2024-09-26,07:39:46 +argo-cd,v2.10.17,2024-09-26,07:39:53 +argo-cd,v2.13.0-rc2,2024-09-20,12:16:17 +argo-cd,v2.13.0-rc1,2024-09-16,09:07:32 +argo-cd,v2.11.8,2024-09-11,07:18:22 +argo-cd,v2.12.3,2024-08-27,12:33:34 +argo-cd,v2.12.2,2024-08-23,04:05:09 +argo-cd,v2.9.22,2024-08-22,18:09:07 +argo-cd,v2.8.21,2024-08-22,00:15:46 +argo-cd,v2.12.1,2024-08-16,17:16:36 +argo-cd,v2.12.0,2024-08-05,14:02:15 +argo-cd,v2.12.0-rc5,2024-08-02,00:02:42 +argo-cd,v2.11.7,2024-07-24,10:27:18 +argo-cd,v2.10.16,2024-07-24,10:27:30 +argo-cd,v2.9.21,2024-07-24,10:27:35 +argo-cd,v2.11.6,2024-07-22,15:19:04 +argo-cd,v2.10.15,2024-07-22,15:28:11 +argo-cd,v2.9.20,2024-07-22,15:26:01 +argo-cd,v2.12.0-rc4,2024-07-15,18:31:03 +argo-cd,v2.11.5,2024-07-15,18:32:15 +argo-cd,v2.10.14,2024-07-15,18:43:13 +argo-cd,v2.9.19,2024-07-15,19:10:33 +argo-cd,v2.12.0-rc3,2024-07-02,19:11:39 +argo-cd,v2.11.4,2024-07-02,19:52:42 +argo-cd,v2.10.13,2024-07-02,19:16:33 +argo-cd,v2.9.18,2024-07-02,20:06:18 +argo-cd,v2.12.0-rc2,2024-06-24,21:07:03 +argo-cd,v2.12.0-rc1,2024-06-18,13:46:04 +argo-cd,v2.11.3,2024-06-06,09:43:29 +argo-cd,v2.10.12,2024-06-06,09:44:03 +argo-cd,v2.9.17,2024-06-06,09:47:39 +argo-cd,v2.11.2,2024-05-23,14:14:51 +argo-cd,v2.10.11,2024-05-23,14:20:08 +argo-cd,v2.9.16,2024-05-23,14:28:35 +argo-cd,v2.8.20,2024-05-23,14:22:46 +argo-cd,v2.11.1,2024-05-21,15:03:58 +argo-cd,v2.10.10,2024-05-21,15:04:04 +argo-cd,v2.9.15,2024-05-21,15:03:15 +argo-cd,v2.8.19,2024-05-21,15:02:42 +argo-cd,v2.11.0,2024-05-07,16:37:25 +argo-cd,v2.10.9,2024-04-30,16:55:10 +argo-cd,v2.9.14,2024-04-30,17:52:42 +argo-cd,v2.8.18,2024-04-30,18:11:05 +argo-cd,v2.11.0-rc3,2024-04-29,20:34:30 +argo-cd,v2.10.8,2024-04-26,14:04:02 +argo-cd,v2.9.13,2024-04-26,13:54:31 +argo-cd,v2.8.17,2024-04-26,13:32:45 +argo-cd,v2.11.0-rc2,2024-04-15,20:21:25 +argo-cd,v2.10.7,2024-04-15,09:21:23 +argo-cd,v2.9.12,2024-04-15,09:23:39 +argo-cd,v2.8.16,2024-04-15,09:24:55 +argo-cd,v2.11.0-rc1,2024-04-05,12:48:47 +argo-cd,v2.10.6,2024-04-05,01:04:01 +argo-cd,v2.9.11,2024-04-05,00:33:21 +argo-cd,v2.8.15,2024-04-05,00:08:33 +argo-cd,v2.7.18,2024-04-04,23:10:16 +argo-cd,v2.10.5,2024-03-28,16:29:02 +argo-cd,v2.9.10,2024-03-28,17:14:04 +argo-cd,v2.8.14,2024-03-28,17:14:13 +argo-cd,v2.10.4,2024-03-18,08:44:51 +argo-cd,v2.9.9,2024-03-18,08:44:29 +argo-cd,v2.8.13,2024-03-18,08:43:03 +argo-cd,v2.10.3,2024-03-13,19:53:05 +argo-cd,v2.9.8,2024-03-13,19:50:14 +argo-cd,v2.8.12,2024-03-13,19:49:30 +argo-cd,v2.8.11,2024-03-08,15:35:57 +argo-cd,v2.10.2,2024-03-01,22:03:43 +argo-cd,v2.9.7,2024-03-01,23:28:36 +argo-cd,v2.10.1,2024-02-14,18:12:43 +argo-cd,v2.10.0,2024-02-06,15:03:51 +argo-cd,v2.9.6,2024-02-02,19:51:46 +argo-cd,v2.8.10,2024-02-02,19:01:36 +argo-cd,v2.7.17,2024-02-02,19:00:32 +argo-cd,v2.10.0-rc4,2024-01-25,21:50:37 +argo-cd,v2.10.0-rc3,2024-01-19,18:33:17 +argo-cd,v2.9.5,2024-01-19,18:32:02 +argo-cd,v2.8.9,2024-01-19,18:47:44 +argo-cd,v2.8.8,2024-01-19,15:17:36 +argo-cd,v2.7.16,2024-01-19,19:38:49 +argo-cd,v2.10.0-rc2,2024-01-18,21:14:40 +argo-cd,v2.9.4,2024-01-18,21:24:02 +argo-cd,v2.10.0-rc1,2023-12-18,21:20:13 +argo-cd,v2.7.15,2023-12-06,15:59:27 +argo-cd,v2.9.3,2023-12-01,23:39:19 +argo-cd,v2.9.2,2023-11-20,17:52:41 +argo-cd,v2.8.7,2023-11-20,17:52:04 +argo-cd,v2.9.1,2023-11-14,15:55:51 +argo-cd,v2.9.0,2023-11-06,05:27:12 +argo-cd,v2.8.6,2023-11-01,17:29:59 +argo-cd,v2.9.0-rc4,2023-10-31,22:28:01 +argo-cd,v2.8.5,2023-10-31,19:30:03 +argo-cd,v2.9.0-rc3,2023-10-25,19:54:22 +argo-cd,v2.9.0-rc2,2023-10-03,16:24:24 +argo-cd,v2.9.0-rc1,2023-09-27,01:06:19 +argo-cd,v2.8.4,2023-09-13,20:08:07 +argo-cd,v2.8.3,2023-09-07,18:06:07 +argo-cd,v2.7.14,2023-09-07,18:05:20 +argo-cd,v2.6.15,2023-09-07,18:32:42 +argo-cd,v2.5.22,2023-08-25,15:21:48 +argo-cd,v2.8.2,2023-08-24,21:05:33 +argo-cd,v2.7.13,2023-08-24,20:58:11 +argo-cd,v2.6.14,2023-08-24,22:01:58 +argo-cd,v2.8.1,2023-08-22,21:19:28 +argo-cd,v2.7.12,2023-08-23,15:02:27 +argo-cd,v2.8.0,2023-08-07,20:03:46 +argo-cd,v2.7.11,2023-08-07,20:07:16 +argo-cd,v2.8.0-rc7,2023-08-03,16:20:46 +argo-cd,v2.7.10,2023-07-31,22:51:19 +argo-cd,v2.8.0-rc6,2023-07-28,14:47:33 +argo-cd,v2.7.9,2023-07-24,18:50:30 +argo-cd,v2.8.0-rc5,2023-07-19,18:28:18 +argo-cd,v2.7.8,2023-07-19,15:58:13 +argo-cd,v2.6.13,2023-07-19,18:32:25 +argo-cd,v2.5.21,2023-07-19,16:18:16 +argo-cd,v2.8.0-rc4,2023-07-19,01:04:24 +argo-cd,v2.8.0-rc3,2023-07-12,21:02:10 +argo-cd,v2.8.0-rc2,2023-07-05,20:16:20 +argo-cd,v2.7.7,2023-07-05,20:25:54 +argo-cd,v2.6.12,2023-07-05,20:26:58 +argo-cd,v2.5.20,2023-07-05,20:21:44 +argo-cd,v2.8.0-rc1,2023-06-27,14:35:51 +argo-cd,v2.7.6,2023-06-20,21:46:46 +argo-cd,v2.6.11,2023-06-20,21:40:36 +argo-cd,v2.7.5,2023-06-16,15:24:00 +argo-cd,v2.6.10,2023-06-16,15:30:18 +argo-cd,v2.5.19,2023-06-16,15:14:25 +argo-cd,v2.7.4,2023-06-05,19:40:08 +argo-cd,v2.6.9,2023-06-05,20:00:21 +argo-cd,v2.5.18,2023-06-05,19:37:35 +argo-cd,v2.6.8,2023-05-25,16:35:40 +argo-cd,v2.5.17,2023-05-25,16:37:48 +argo-cd,v2.7.3,2023-05-24,16:14:02 +argo-cd,v2.7.2,2023-05-12,14:41:07 +argo-cd,v2.7.1,2023-05-02,17:24:44 +argo-cd,v2.7.0,2023-05-02,00:51:25 +argo-cd,v2.7.0-rc2,2023-04-11,16:29:33 +argo-cd,v2.7.0-rc1,2023-03-27,14:42:25 +argo-cd,v2.6.7,2023-03-23,15:45:09 +argo-cd,v2.5.16,2023-03-23,15:34:49 +argo-cd,v2.4.28,2023-03-23,15:35:38 +argo-cd,v2.6.6,2023-03-16,23:07:31 +argo-cd,v2.5.15,2023-03-16,23:35:35 +argo-cd,v2.4.27,2023-03-16,23:05:14 +argo-cd,v2.6.5,2023-03-14,14:59:49 +argo-cd,v2.5.14,2023-03-14,15:03:12 +argo-cd,v2.4.26,2023-03-14,15:01:43 +argo-cd,v2.6.4,2023-03-07,23:29:08 +argo-cd,v2.5.13,2023-03-07,23:28:04 +argo-cd,v2.4.25,2023-03-07,22:29:10 +argo-cd,v2.6.3,2023-02-27,15:20:04 +argo-cd,v2.5.12,2023-02-27,15:21:29 +argo-cd,v2.4.24,2023-02-27,15:22:21 +argo-cd,v2.6.2,2023-02-16,15:43:42 +argo-cd,v2.5.11,2023-02-16,15:46:31 +argo-cd,v2.4.23,2023-02-16,15:41:44 +argo-cd,v2.3.17,2023-02-16,16:01:23 +argo-cd,v2.6.1,2023-02-08,19:39:04 +argo-cd,v2.6.0,2023-02-06,22:04:33 +argo-cd,v2.6.0-rc7,2023-02-02,16:04:58 +argo-cd,v2.5.10,2023-02-02,15:48:00 +argo-cd,v2.4.22,2023-02-02,16:06:04 +argo-cd,v2.3.16,2023-02-02,16:20:13 +argo-cd,v2.6.0-rc6,2023-01-28,00:07:50 +argo-cd,v2.5.9,2023-01-28,00:04:28 +argo-cd,v2.4.21,2023-01-28,00:07:25 +argo-cd,v2.3.15,2023-01-28,01:20:18 +argo-cd,v2.6.0-rc5,2023-01-25,18:35:37 +argo-cd,v2.5.8,2023-01-25,17:05:03 +argo-cd,v2.4.20,2023-01-25,16:19:24 +argo-cd,v2.3.14,2023-01-25,17:07:36 +argo-cd,v2.6.0-rc4,2023-01-18,03:00:03 +argo-cd,v2.5.7,2023-01-18,03:00:02 +argo-cd,v2.4.19,2023-01-18,02:59:01 +argo-cd,v2.3.13,2023-01-18,04:02:17 +argo-cd,v2.6.0-rc3,2023-01-13,20:36:52 +argo-cd,v2.5.6,2023-01-10,20:14:18 +argo-cd,v2.6.0-rc2,2023-01-05,16:02:06 +argo-cd,v2.6.0-rc1,2022-12-19,17:27:17 +argo-cd,v2.5.5,2022-12-16,16:53:08 +argo-cd,v2.4.18,2022-12-16,16:47:09 +argo-cd,v2.3.12,2022-12-16,17:40:00 +argo-cd,v2.5.4,2022-12-06,20:26:51 +argo-cd,v2.5.3,2022-11-28,17:28:00 +argo-cd,v2.5.2,2022-11-07,17:23:44 +argo-cd,v2.4.17,2022-11-07,17:05:27 +argo-cd,v2.5.1,2022-11-01,21:53:59 +argo-cd,v2.4.16,2022-11-01,22:03:02 +argo-cd,v2.3.11,2022-11-01,22:39:18 +argo-cd,v2.2.16,2022-11-01,20:44:20 +argo-cd,v2.5.0,2022-10-25,15:32:28 +argo-cd,v2.2.15,2022-10-18,22:08:59 +argo-cd,v2.5.0-rc3,2022-10-17,18:39:09 +argo-cd,v2.4.15,2022-10-17,21:17:43 +argo-cd,v2.3.10,2022-10-18,01:09:30 +argo-cd,v2.5.0-rc2,2022-10-11,19:55:49 +argo-cd,v2.5.0-rc1,2022-10-05,18:00:34 +argo-cd,v2.4.14,2022-10-05,17:53:31 +argo-cd,v2.3.9,2022-10-05,18:24:18 +argo-cd,v2.2.14,2022-10-05,17:17:02 +argo-cd,v2.4.13,2022-10-03,21:38:39 +argo-cd,v2.3.8,2022-10-03,22:36:32 +argo-cd,v2.2.13,2022-10-03,21:05:16 +argo-cd,v2.4.12,2022-09-16,01:33:23 +argo-cd,v2.4.11,2022-08-22,09:52:10 +argo-cd,v2.4.10,2022-08-17,21:44:09 +argo-cd,v2.4.9,2022-08-11,15:59:47 +argo-cd,v2.4.8,2022-07-29,17:38:38 +argo-cd,v2.3.7,2022-07-29,16:11:01 +argo-cd,v2.2.12,2022-07-29,14:58:00 +argo-cd,v2.4.7,2022-07-18,21:54:21 +argo-cd,v2.4.6,2022-07-12,23:14:34 +argo-cd,v2.4.5,2022-07-12,17:05:35 +argo-cd,v2.3.6,2022-07-12,17:56:53 +argo-cd,v2.2.11,2022-07-12,16:23:51 +argo-cd,v2.4.4,2022-07-07,07:59:34 +argo-cd,v2.4.3,2022-06-27,21:39:15 +argo-cd,v2.4.2,2022-06-21,21:19:40 +argo-cd,v2.4.1,2022-06-21,17:18:01 +argo-cd,v2.3.5,2022-06-21,18:28:28 +argo-cd,v2.2.10,2022-06-21,16:42:53 +argo-cd,v2.1.16,2022-06-21,16:34:29 +argo-cd,v2.4.0,2022-06-10,17:59:33 +argo-cd,v2.4.0-rc5,2022-06-06,19:57:45 +argo-cd,v2.4.0-rc4,2022-06-01,23:51:49 +argo-cd,v2.4.0-rc3,2022-05-31,20:14:43 +argo-cd,v2.4.0-rc2,2022-05-18,13:20:52 +argo-cd,v2.3.4,2022-05-18,13:14:17 +argo-cd,v2.2.9,2022-05-18,12:11:30 +argo-cd,v2.1.15,2022-05-18,12:48:12 +argo-cd,v2.4.0-rc1,2022-05-06,23:59:23 +argo-cd,v2.3.3,2022-03-30,01:55:37 +argo-cd,v2.3.2,2022-03-23,02:12:12 +argo-cd,v2.2.8,2022-03-23,00:38:55 +argo-cd,v2.1.14,2022-03-23,00:25:37 +argo-cd,v2.3.1,2022-03-11,00:07:41 +argo-cd,v2.2.7,2022-03-09,01:16:04 +argo-cd,v2.1.12,2022-03-09,01:06:39 +argo-cd,v2.3.0,2022-03-06,07:59:28 +argo-cd,v2.2.6,2022-03-06,06:08:26 +argo-cd,v2.1.11,2022-03-06,05:44:19 +argo-cd,v2.2.5,2022-02-05,01:42:13 +argo-cd,v2.1.10,2022-02-05,01:27:00 +argo-cd,v2.3.0-rc5,2022-02-05,00:52:33 +argo-cd,v2.3.0-rc4,2022-02-03,23:22:13 +argo-cd,v2.2.4,2022-02-03,20:50:43 +argo-cd,v2.1.9,2022-02-03,20:38:47 +argo-cd,v2.3.0-rc2,2022-02-02,23:59:42 +argo-cd,v2.3.0-rc1,2022-01-30,23:19:12 +argo-cd,v2.2.3,2022-01-18,18:03:37 +argo-cd,v2.2.2,2022-01-01,06:38:42 +argo-cd,v2.2.1,2021-12-17,01:41:25 +argo-cd,v2.2.0,2021-12-14,18:19:23 +argo-cd,v2.1.8,2021-12-13,23:26:15 +argo-cd,v2.1.7,2021-11-17,22:18:58 +argo-cd,v2.2.0-rc1,2021-11-12,16:44:39 +argo-cd,v2.1.6,2021-10-28,20:08:23 +argo-cd,v2.1.5,2021-10-20,15:25:12 +argo-cd,v2.1.4,2021-10-20,00:47:38 +argo-cd,v2.1.3,2021-09-29,21:59:28 +argo-cd,v2.1.2,2021-09-02,18:13:57 +argo-cd,v2.1.1,2021-08-25,15:20:05 +argo-cd,v2.1.0,2021-08-20,05:40:42 +argo-cd,v2.1.0-rc3,2021-08-11,19:54:48 +argo-cd,v2.1.0-rc2,2021-08-03,17:17:22 +argo-cd,v2.1.0-rc1,2021-07-28,22:39:33 +argo-cd,v2.0.5,2021-07-22,21:00:58 +argo-cd,v2.0.4,2021-06-23,01:36:22 +argo-cd,v2.0.3,2021-05-27,17:47:33 +argo-cd,v2.0.2,2021-05-20,19:38:10 +argo-cd,v2.0.1,2021-04-15,22:40:37 +argo-cd,v2.0.0,2021-04-07,06:07:51 +argo-cd,v2.0.0-rc4,2021-04-05,23:22:38 +argo-cd,v2.0.0-rc3,2021-04-02,17:59:51 +argo-cd,v2.0.0-rc2,2021-03-29,21:39:06 +argo-cd,v2.0.0-rc1,2021-03-19,21:37:41 +argo-cd,v1.8.7,2021-03-03,07:20:14 +argo-cd,v1.7.14,2021-03-03,18:45:51 +argo-cd,v1.8.6,2021-02-26,21:29:08 +argo-cd,v1.7.13,2021-02-26,17:29:32 +argo-cd,v1.8.5,2021-02-20,05:47:09 +argo-cd,v1.8.4,2021-02-05,18:02:18 +argo-cd,v1.7.12,2021-02-05,20:29:49 +argo-cd,v1.8.3,2021-01-21,22:26:34 +argo-cd,v1.8.2,2021-01-10,05:47:08 +argo-cd,v1.8.1,2020-12-10,03:05:37 +argo-cd,v1.7.11,2020-12-10,02:47:15 +argo-cd,v1.8.0,2020-12-09,18:35:24 +argo-cd,v1.8.0-rc2,2020-12-03,05:15:48 +argo-cd,v1.8.0-rc1,2020-11-25,18:21:18 +argo-cd,v1.7.10,2020-11-20,19:57:30 +argo-cd,v1.7.9,2020-11-17,23:26:31 +argo-cd,v1.7.8,2020-10-15,22:39:54 +argo-cd,v1.7.7,2020-09-29,05:02:51 +argo-cd,v1.7.6,2020-09-19,00:58:10 +argo-cd,v1.7.5,2020-09-15,23:10:12 +argo-cd,v1.7.4,2020-09-05,02:51:36 +argo-cd,v1.7.3,2020-09-01,23:25:39 +argo-cd,v1.7.2,2020-08-27,23:40:37 +argo-cd,v1.7.1,2020-08-26,21:17:44 +argo-cd,v1.7.0,2020-08-25,19:05:00 +argo-cd,v1.7.0-rc1,2020-08-15,19:37:04 +argo-cd,v1.6.2,2020-07-31,23:51:10 +argo-cd,v1.6.1,2020-06-19,00:47:03 +argo-cd,v1.6.0,2020-06-16,22:46:48 +argo-cd,v1.5.8,2020-06-16,20:05:59 +argo-cd,v1.6.0-rc2,2020-06-09,22:29:03 +argo-cd,v1.5.7,2020-06-09,18:46:23 +argo-cd,v1.6.0-rc1,2020-06-03,04:11:50 +argo-cd,v1.5.6,2020-06-02,19:13:17 +argo-cd,v1.5.5,2020-05-16,15:22:14 +argo-cd,v1.5.4,2020-05-05,19:25:30 +argo-cd,v1.5.3,2020-05-02,04:58:47 +argo-cd,v1.5.2,2020-04-15,19:05:41 +argo-cd,v1.4.3,2020-04-15,19:09:30 +argo-cd,v1.5.1,2020-04-06,16:35:44 +argo-cd,v1.5.0,2020-04-02,18:49:53 +argo-cd,v1.5.0-rc3,2020-03-30,22:42:52 +argo-cd,v1.5.0-rc2,2020-03-26,06:12:25 +argo-cd,v1.5.0-rc1,2020-03-20,23:02:28 +argo-cd,v1.4.2,2020-01-24,01:18:02 +argo-cd,v1.4.1,2020-01-22,23:10:57 +argo-cd,v1.4.0,2020-01-18,06:12:51 +argo-cd,v1.4.0-rc1,2020-01-13,20:48:09 +argo-cd,v1.3.6,2019-12-10,22:54:07 +argo-cd,v1.3.5,2019-12-09,21:25:22 +argo-cd,v1.3.4,2019-12-05,23:31:46 +argo-cd,v1.3.3,2019-12-05,22:55:32 +argo-cd,v1.3.2,2019-12-03,21:40:15 +argo-cd,v1.3.1,2019-12-02,22:35:57 +argo-cd,v1.3.0,2019-11-13,02:17:35 +argo-cd,v1.3.0-rc5,2019-11-11,21:34:47 +argo-cd,v1.3.0-rc4,2019-11-04,06:53:16 +argo-cd,v1.3.0-rc3,2019-10-29,20:19:18 +argo-cd,v1.2.5,2019-10-29,00:14:59 +argo-cd,v1.3.0-rc2,2019-10-23,01:36:08 +argo-cd,v1.2.4,2019-10-23,20:11:59 +argo-cd,v1.3.0-rc1,2019-10-16,21:46:33 +argo-cd,v1.2.3,2019-10-01,21:10:16 +argo-cd,v1.2.2,2019-09-24,19:34:55 +argo-cd,v1.2.1,2019-09-12,17:31:17 +argo-cd,v1.2.0,2019-09-04,21:39:00 +argo-cd,v1.2.0-rc2,2019-08-21,16:04:14 +argo-cd,v1.2.0-rc1,2019-08-06,20:26:20 +argo-cd,v1.1.2,2019-07-30,18:02:46 +argo-cd,v1.1.1,2019-07-24,17:44:23 +argo-cd,v1.1.0,2019-07-24,17:22:37 +argo-cd,v1.1.0-rc8,2019-07-19,22:33:59 +argo-cd,v1.1.0-rc7,2019-07-17,23:30:42 +argo-cd,v1.1.0-rc6,2019-07-16,16:43:32 +argo-cd,v1.1.0-rc5,2019-07-09,21:43:03 +argo-cd,v1.1.0-rc4,2019-07-03,21:23:36 +argo-cd,v1.1.0-rc3,2019-06-28,21:09:41 +argo-cd,v1.1.0-rc2,2019-06-21,23:41:40 +argo-cd,v1.1.0-rc1,2019-06-14,18:42:47 +argo-cd,v1.0.2,2019-06-14,17:23:08 +argo-cd,v1.0.1,2019-05-28,17:32:09 +argo-cd,v1.0.0,2019-05-16,22:13:10 +argo-cd,v1.0.0-rc3,2019-05-09,17:28:45 +argo-cd,v1.0.0-rc2,2019-04-30,21:30:50 +argo-cd,v0.12.3,2019-04-30,06:17:03 +argo-cd,v1.0.0-rc1,2019-04-24,18:21:02 +argo-cd,v0.12.2,2019-04-22,21:50:44 +argo-cd,v0.12.1,2019-04-09,21:28:28 +argo-cd,v0.12.0,2019-03-23,01:35:42 +argo-cd,v0.12.0-rc6,2019-03-20,22:50:14 +argo-cd,v0.12.0-rc5,2019-03-19,08:07:36 +argo-cd,v0.12.0-rc4,2019-03-12,21:55:07 +argo-cd,v0.12.0-rc3,2019-03-07,02:51:44 +argo-cd,v0.12.0-rc2,2019-03-06,11:20:06 +argo-cd,v0.12.0-rc1,2019-03-06,03:04:20 +argo-cd,v0.11.2,2019-02-19,18:00:25 +argo-cd,v0.11.1,2019-01-18,21:14:24 +argo-cd,v0.11.0,2019-01-11,02:13:53 +argo-cd,v0.11.0-rc6,2019-01-10,00:42:34 +argo-cd,v0.11.0-rc5,2019-01-09,00:13:56 +argo-cd,v0.11.0-rc4,2019-01-04,21:48:23 +argo-cd,v0.11.0-rc3,2019-01-03,23:58:08 +argo-cd,v0.11.0-rc2,2018-12-28,01:33:08 +argo-cd,v0.11.0-rc1,2018-12-10,17:50:56 +argo-cd,v0.10.6,2018-11-15,03:01:53 +argo-cd,v0.10.5,2018-11-14,02:40:13 +argo-cd,v0.10.4,2018-11-08,02:06:57 +argo-cd,v0.10.3,2018-10-29,07:03:10 +argo-cd,v0.10.2,2018-10-25,20:12:36 +argo-cd,v0.10.1,2018-10-24,20:28:59 +argo-cd,v0.10.0,2018-10-19,22:01:34 +argo-cd,v0.9.2,2018-09-28,16:59:16 +argo-cd,v0.9.1,2018-09-24,21:46:35 +argo-cd,v0.9.0,2018-09-24,20:41:50 +argo-cd,v0.8.2,2018-09-12,08:55:44 +argo-cd,v0.8.1,2018-09-11,01:34:30 +argo-cd,v0.8.0,2018-09-05,01:10:25 +argo-cd,v0.7.2,2018-08-21,08:22:07 +argo-cd,v0.7.1,2018-08-03,20:45:14 +argo-cd,v0.7.0,2018-07-28,01:30:19 +argo-cd,v0.6.2,2018-07-24,10:04:03 +argo-cd,v0.6.1,2018-07-18,07:44:11 +argo-cd,v0.6.0,2018-07-17,09:42:25 +argo-cd,v0.5.4,2018-06-27,23:25:33 +argo-cd,v0.5.3,2018-06-21,00:09:10 +argo-cd,v0.5.2,2018-06-14,20:19:39 +argo-cd,v0.5.1,2018-06-13,21:46:40 +argo-cd,v0.5.0,2018-06-12,20:39:05 +argo-cd,v0.4.7,2018-06-07,18:37:20 +argo-cd,v0.4.6,2018-06-06,18:12:48 +argo-cd,v0.4.5,2018-05-31,10:29:26 +argo-cd,v0.4.4,2018-05-30,23:40:52 +argo-cd,v0.4.3,2018-05-21,22:38:11 +argo-cd,v0.4.2,2018-05-21,08:25:50 +argo-cd,v0.4.1,2018-05-18,20:40:11 +argo-cd,v0.4.0,2018-05-17,09:55:08 +argo-cd,v0.4.0-alpha1,2018-05-11,23:59:31 +argo-cd,v0.3.2,2018-05-03,18:25:30 +argo-cd,v0.3.1,2018-04-24,23:32:12 +argo-cd,v0.3.0,2018-04-23,08:29:14 +argo-cd,v0.2.0,2018-04-03,18:19:24 +argo-cd,v0.1.0,2018-03-13,00:38:20 +argo-workflows,v3.6.2,2024-12-02,14:12:44 +argo-workflows,v3.5.13,2024-12-02,13:09:39 +argo-workflows,v3.6.0,2024-11-14,19:02:01 +argo-workflows,v3.6.0-rc4,2024-10-31,11:56:16 +argo-workflows,v3.5.12,2024-10-30,11:49:27 +argo-workflows,v3.6.0-rc3,2024-10-24,10:51:47 +argo-workflows,v3.4.18,2024-12-16,09:03:37 +argo-workflows,v3.6.0-rc2,2024-10-03,07:48:59 +argo-workflows,v3.5.11,2024-09-20,14:08:00 +argo-workflows,v3.6.0-rc1,2024-09-18,10:03:03 +argo-workflows,v3.5.10,2024-08-01,06:03:16 +argo-workflows,v3.5.9,2024-07-30,06:58:49 +argo-workflows,v3.5.8,2024-06-18,04:52:31 +argo-workflows,v3.5.7,2024-05-27,07:13:30 +argo-workflows,v3.4.17,2024-05-13,02:47:39 +argo-workflows,v3.5.6,2024-04-19,21:43:07 +argo-workflows,v3.5.5,2024-02-29,21:47:50 +argo-workflows,v3.5.4,2024-01-14,06:19:09 +argo-workflows,v3.4.16,2024-01-14,06:17:57 +argo-workflows,v3.4.15,2024-01-13,23:29:40 +argo-workflows,v3.5.3,2024-01-11,03:12:46 +argo-workflows,v3.5.2,2023-11-27,19:16:42 +argo-workflows,v3.4.14,2023-11-27,18:56:22 +argo-workflows,v3.5.1,2023-11-03,19:57:45 +argo-workflows,v3.4.13,2023-11-03,21:07:31 +argo-workflows,v3.4.12,2023-10-20,13:00:24 +argo-workflows,v3.5.0,2023-10-13,15:00:44 +argo-workflows,v3.5.0-rc2,2023-09-20,19:20:10 +argo-workflows,v3.4.11,2023-09-08,01:14:16 +argo-workflows,v3.5.0-rc1,2023-08-15,20:01:35 +argo-workflows,v3.4.10,2023-08-15,18:59:38 +argo-workflows,v3.4.9,2023-07-20,15:28:41 +argo-workflows,v3.4.8,2023-05-25,23:37:40 +argo-workflows,v3.4.7,2023-04-11,17:26:32 +argo-workflows,v3.4.6,2023-03-31,20:16:18 +argo-workflows,v3.4.5,2023-02-07,13:26:29 +argo-workflows,v3.4.4,2022-11-29,21:15:21 +argo-workflows,v3.3.10,2022-11-29,21:24:54 +argo-workflows,v3.4.3,2022-10-31,09:17:41 +argo-workflows,v3.4.2,2022-10-23,07:36:55 +argo-workflows,v3.4.1,2022-10-01,16:09:34 +argo-workflows,v3.4.0,2022-09-19,05:23:46 +argo-workflows,v3.4.0-rc4,2022-09-10,19:34:15 +argo-workflows,v3.4.0-rc3,2022-09-01,01:28:29 +argo-workflows,v3.4.0-rc2,2022-08-19,14:51:26 +argo-workflows,v3.4.0-rc1,2022-08-10,07:13:17 +argo-workflows,v3.3.9,2022-08-10,01:08:09 +argo-workflows,v3.3.8,2022-06-24,01:18:03 +argo-workflows,v3.3.7,2022-06-21,00:41:49 +argo-workflows,v3.3.6,2022-05-26,01:22:39 +argo-workflows,v3.3.5,2022-05-04,01:13:34 +argo-workflows,v3.2.11,2022-05-03,22:59:55 +argo-workflows,v3.3.4,2022-04-29,19:54:39 +argo-workflows,v3.3.3,2022-04-25,23:19:39 +argo-workflows,v3.3.2,2022-04-20,23:16:10 +argo-workflows,v3.3.1,2022-03-18,19:45:27 +argo-workflows,v3.3.0,2022-03-14,23:06:47 +argo-workflows,v3.3.0-rc10,2022-03-07,23:50:34 +argo-workflows,v3.3.0-rc9,2022-03-05,19:01:28 +argo-workflows,v3.2.9,2022-03-02,23:04:35 +argo-workflows,v3.3.0-rc8,2022-03-01,02:52:15 +argo-workflows,v3.3.0-rc7,2022-02-25,21:14:31 +argo-workflows,v3.3.0-rc6,2022-02-21,20:27:19 +argo-workflows,v3.3.0-rc5,2022-02-21,20:07:56 +argo-workflows,v3.3.0-rc4,2022-02-08,20:05:39 +argo-workflows,v3.2.8,2022-02-04,20:19:52 +argo-workflows,v3.3.0-rc3,2022-02-03,20:31:05 +argo-workflows,v0.0.0-dev-bom-1,2022-02-02,21:21:47 +argo-workflows,v3.3.0-rc2,2022-01-30,01:45:04 +argo-workflows,v3.3.0-rc1,2022-01-29,01:08:13 +argo-workflows,v3.2.7,2022-01-28,02:28:31 +argo-workflows,v3.2.6,2021-12-17,21:12:28 +argo-workflows,v3.2.5,2021-12-16,00:34:48 +argo-workflows,v0.0.0-dev-kc-7,2021-11-19,01:36:27 +argo-workflows,v3.2.4,2021-11-18,00:41:27 +argo-workflows,v3.1.15,2021-11-17,18:46:01 +argo-workflows,v0.0.0-dev-kc-6,2021-11-18,00:10:06 +argo-workflows,v0.0.0-dev-kc-5,2021-11-16,20:03:24 +argo-workflows,v0.0.0-dev-kc-4,2021-11-16,18:38:30 +argo-workflows,v0.0.0-dev-kc-3,2021-11-15,21:54:04 +argo-workflows,v0.0.0-dev-kc-2,2021-11-15,21:36:23 +argo-workflows,v0.0.0-dev-kc-1,2021-11-09,21:24:30 +argo-workflows,v0.0.0-dev-kc-0,2021-11-09,17:10:14 +argo-workflows,v3.2.3,2021-10-27,02:22:57 +argo-workflows,v3.2.2,2021-10-21,18:24:56 +argo-workflows,v3.1.14,2021-10-20,02:52:43 +argo-workflows,v3.2.1,2021-10-19,22:11:39 +argo-workflows,v3.2.0,2021-10-12,16:28:36 +argo-workflows,v3.2.0-rc6,2021-10-06,02:26:30 +argo-workflows,v3.2.0-rc5,2021-09-29,18:09:20 +argo-workflows,v3.1.13,2021-09-28,20:07:21 +argo-workflows,v3.2.0-rc4,2021-09-21,21:03:56 +argo-workflows,v3.1.12,2021-09-16,14:12:07 +argo-workflows,v3.2.0-rc3,2021-09-14,19:40:01 +argo-workflows,v3.1.11,2021-09-14,07:41:28 +argo-workflows,v3.1.10,2021-09-10,18:58:55 +argo-workflows,v3.1.9,2021-09-03,22:39:13 +argo-workflows,v3.2.0-rc2,2021-09-01,23:45:48 +argo-workflows,v0.0.0-dev-mc-4,2021-08-31,18:10:35 +argo-workflows,v0.0.0-dev-mc-3,2021-08-30,17:45:10 +argo-workflows,v0.0.0-dev-mc-2,2021-08-30,17:40:57 +argo-workflows,v0.0.0-dev-mc-1,2021-08-30,00:26:16 +argo-workflows,v0.0.0-dev-mc-0,2021-08-28,02:06:29 +argo-workflows,v3.2.0-rc1,2021-08-20,02:49:34 +argo-workflows,v3.1.8,2021-08-19,00:19:56 +argo-workflows,v3.1.7,2021-08-18,18:21:43 +argo-workflows,v3.0.10,2021-08-18,23:53:38 +argo-workflows,v3.0.9,2021-08-18,17:03:34 +argo-workflows,v2.12.13,2021-08-18,23:42:45 +argo-workflows,v2.12.12,2021-08-18,17:57:06 +argo-workflows,v3.1.6,2021-08-13,00:39:51 +argo-workflows,v0.0.0-dev-dataflow-41,2021-08-11,04:28:21 +argo-workflows,v3.1.5,2021-08-04,07:14:30 +argo-workflows,v0.0.0-dev-dataflow-40,2021-08-04,02:06:40 +argo-workflows,v3.1.4,2021-08-04,01:06:06 +argo-workflows,v0.0.0-dev-dataflow-39,2021-07-30,20:53:39 +argo-workflows,v3.1.3,2021-07-28,05:38:36 +argo-workflows,v0.0.0-dev-dataflow-37,2021-07-23,23:23:18 +argo-workflows,v0.0.0-dev-dataflow-36,2021-07-22,01:29:29 +argo-workflows,v0.0.0-dev-dataflow-34,2021-07-20,18:17:04 +argo-workflows,v0.0.0-dev-dataflow-33,2021-07-16,23:18:16 +argo-workflows,v3.1.2,2021-07-15,22:04:54 +argo-workflows,v0.0.0-dev-dataflow-31,2021-07-14,16:55:52 +argo-workflows,v0.0.0-dev-dataflow-30,2021-07-12,18:40:24 +argo-workflows,v3.1.1,2021-06-28,21:31:33 +argo-workflows,v0.0.0-dev-dataflow-29,2021-06-28,18:51:44 +argo-workflows,v0.0.0-dev-dataflow-28,2021-06-25,03:44:24 +argo-workflows,v3.1.0,2021-06-21,23:35:00 +argo-workflows,v3.0.8,2021-06-21,23:52:48 +argo-workflows,v0.0.0-dev-dataflow-27,2021-06-21,23:00:03 +argo-workflows,v0.0.0-dev-dataflow-26,2021-06-16,00:01:26 +argo-workflows,v0.0.0-dev-dataflow-25,2021-06-16,00:01:43 +argo-workflows,v3.1.0-rc14,2021-06-10,19:18:50 +argo-workflows,v0.0.0-dev-dataflow-24,2021-06-10,17:34:10 +argo-workflows,v0.0.0-dev-dataflow-23,2021-06-10,02:31:42 +argo-workflows,v3.1.0-rc13,2021-06-08,16:45:35 +argo-workflows,v0.0.0-dev-dataflow-22,2021-06-09,20:38:24 +argo-workflows,v0.0.0-dev-dataflow-20,2021-06-08,02:42:49 +argo-workflows,v0.0.0-dev-dataflow-19,2021-06-06,20:41:36 +argo-workflows,v0.0.0-dev-docker-0,2021-06-06,19:00:54 +argo-workflows,v0.0.0-dev-dataflow-18,2021-06-05,00:59:50 +argo-workflows,v0.0.0-dev-dataflow-17,2021-06-04,01:23:11 +argo-workflows,v0.0.0-dev-dataflow-16,2021-06-04,01:03:00 +argo-workflows,v3.1.0-rc12,2021-06-03,01:40:44 +argo-workflows,v3.1.0-rc11,2021-06-01,19:02:58 +argo-workflows,v0.0.0-dev-dataflow-15,2021-06-01,22:31:59 +argo-workflows,v0.0.0-dev-dataflow-14,2021-06-01,20:34:22 +argo-workflows,v0.0.0-dev-dataflow-13,2021-06-01,19:06:07 +argo-workflows,v3.1.0-rc10,2021-05-28,00:00:15 +argo-workflows,v0.0.0-dev-dataflow-11,2021-05-27,02:01:59 +argo-workflows,v3.1.0-rc8,2021-05-25,18:06:14 +argo-workflows,v3.0.7,2021-05-25,19:08:55 +argo-workflows,v0.0.0-dev-dataflow-10,2021-05-25,18:22:42 +argo-workflows,v3.1.0-rc7,2021-05-24,20:15:18 +argo-workflows,v3.0.6,2021-05-24,22:03:27 +argo-workflows,v3.0.5,2021-05-24,20:16:47 +argo-workflows,v3.1.0-rc6,2021-05-21,16:46:01 +argo-workflows,v0.0.0-dev-dataflow-9,2021-05-21,20:56:00 +argo-workflows,v0.0.0-dev-dataflow-8,2021-05-21,06:32:47 +argo-workflows,v0.0.0-dev-dataflow-7,2021-05-21,03:02:41 +argo-workflows,v0.0.0-dev-dataflow-6,2021-05-20,23:34:42 +argo-workflows,v0.0.0-dev-dataflow-5,2021-05-19,23:23:04 +argo-workflows,v0.0.0-dev-dataflow-4,2021-05-19,00:02:40 +argo-workflows,v3.1.0-rc5,2021-05-17,22:42:30 +argo-workflows,v3.1.0-rc4,2021-05-14,21:20:57 +argo-workflows,v3.0.4,2021-05-14,06:52:02 +argo-workflows,v3.1.0-rc3,2021-05-13,21:46:01 +argo-workflows,v3.1.0-rc2,2021-05-13,00:17:44 +argo-workflows,v3.1.0-rc1,2021-05-12,21:19:04 +argo-workflows,v3.0.3,2021-05-11,22:31:06 +argo-workflows,v3.0.2,2021-04-20,15:37:15 +argo-workflows,v2.12.11,2021-04-06,18:10:38 +argo-workflows,v3.0.1,2021-04-01,19:52:20 +argo-workflows,v3.0.0,2021-03-30,20:25:33 +argo-workflows,v3.0.0-rc9,2021-03-23,19:04:46 +argo-workflows,v3.0.0-rc8,2021-03-17,19:30:33 +argo-workflows,v3.0.0-rc7,2021-03-16,23:25:22 +argo-workflows,v3.0.0-rc6,2021-03-10,01:08:31 +argo-workflows,v3.0.0-rc5,2021-03-09,19:50:05 +argo-workflows,v2.12.10,2021-03-08,22:57:52 +argo-workflows,v3.0.0-rc4,2021-03-02,22:26:56 +argo-workflows,v3.0.0-rc3,2021-02-23,21:38:38 +argo-workflows,v3.0.0-rc2,2021-02-16,18:09:12 +argo-workflows,v2.12.9,2021-02-17,01:28:49 +argo-workflows,v3.0.0-rc1,2021-02-09,00:36:27 +argo-workflows,v2.12.8,2021-02-09,00:36:17 +argo-workflows,v2.12.7,2021-02-01,22:21:36 +argo-workflows,v2.12.6,2021-01-25,20:24:13 +argo-workflows,v2.12.5,2021-01-19,22:49:21 +argo-workflows,v2.12.4,2021-01-12,20:53:35 +argo-workflows,v2.12.3,2021-01-05,02:00:00 +argo-workflows,v2.12.2,2020-12-18,18:17:19 +argo-workflows,v2.12.1,2020-12-18,01:11:16 +argo-workflows,v2.12.0,2020-12-17,19:35:41 +argo-workflows,v2.12.0-rc6,2020-12-15,19:00:45 +argo-workflows,v2.12.0-rc5,2020-12-10,13:50:01 +argo-workflows,v2.12.0-rc4,2020-12-03,00:55:16 +argo-workflows,v2.12.0-rc3,2020-11-23,13:35:50 +argo-workflows,v2.11.8,2020-11-21,16:36:24 +argo-workflows,v2.12.0-rc2,2020-11-12,16:23:14 +argo-workflows,v2.12.0-rc1,2020-11-06,19:14:19 +argo-workflows,v2.11.7,2020-11-02,21:50:13 +argo-workflows,v2.11.6,2020-10-19,20:51:22 +argo-workflows,v2.11.5,2020-10-15,23:14:34 +argo-workflows,v2.11.4,2020-10-14,22:30:23 +argo-workflows,v2.11.3,2020-10-07,23:20:10 +argo-workflows,v2.11.2,2020-10-06,00:19:46 +argo-workflows,v2.11.1,2020-09-29,17:55:55 +argo-workflows,v2.11.0,2020-09-17,23:09:05 +argo-workflows,v2.11.0-rc3,2020-09-15,16:50:33 +argo-workflows,v2.10.2,2020-09-14,17:45:20 +argo-workflows,v2.11.0-rc2,2020-09-09,17:43:25 +argo-workflows,v2.10.1,2020-09-03,00:02:01 +argo-workflows,v2.11.0-rc1,2020-09-01,20:17:41 +argo-workflows,v2.10.0,2020-08-18,23:15:58 +argo-workflows,v2.10.0-rc7,2020-08-14,15:48:45 +argo-workflows,v2.10.0-rc6,2020-08-06,23:31:38 +argo-workflows,v2.9.5,2020-08-06,22:45:49 +argo-workflows,v2.10.0-rc5,2020-08-03,23:21:27 +argo-workflows,v2.10.0-rc4,2020-07-29,00:15:54 +argo-workflows,v2.9.4,2020-07-24,21:59:33 +argo-workflows,v2.10.0-rc3,2020-07-23,23:04:45 +argo-workflows,v2.10.0-rc1,2020-07-17,20:10:06 +argo-workflows,v2.9.3,2020-07-15,01:33:15 +argo-workflows,v2.9.2,2020-07-09,00:21:41 +argo-workflows,v2.9.1,2020-07-03,15:28:51 +argo-workflows,v2.9.0,2020-07-02,01:43:01 +argo-workflows,v2.9.0-rc4,2020-06-26,23:05:54 +argo-workflows,v2.9.0-rc3,2020-06-23,19:15:20 +argo-workflows,v2.8.2,2020-06-22,22:28:02 +argo-workflows,v2.9.0-rc2,2020-06-17,04:36:44 +argo-workflows,v2.9.0-rc1,2020-06-11,00:19:33 +argo-workflows,v2.8.1,2020-05-29,00:31:04 +argo-workflows,v2.8.0,2020-05-11,23:50:27 +argo-workflows,v2.8.0-rc4,2020-05-06,23:58:00 +argo-workflows,v2.7.7,2020-05-06,23:32:46 +argo-workflows,v2.8.0-rc3,2020-04-28,16:46:57 +argo-workflows,v2.7.6,2020-04-28,17:31:48 +argo-workflows,v2.8.0-rc2,2020-04-23,23:29:50 +argo-workflows,v2.8.0-rc1,2020-04-21,15:36:43 +argo-workflows,v2.7.5,2020-04-21,01:35:36 +argo-workflows,v2.7.4,2020-04-16,18:20:58 +argo-workflows,v2.6.4,2020-04-16,03:02:24 +argo-workflows,v2.7.3,2020-04-16,02:03:38 +argo-workflows,v2.7.2,2020-04-10,20:29:17 +argo-workflows,v2.7.1,2020-04-07,17:16:19 +argo-workflows,v2.7.0,2020-04-01,03:13:14 +argo-workflows,v2.7.0-rc4,2020-03-30,22:13:50 +argo-workflows,v2.7.0-rc3,2020-03-25,20:18:44 +argo-workflows,v2.7.0-rc2,2020-03-23,18:38:05 +argo-workflows,v2.7.0-rc1,2020-03-19,02:11:45 +argo-workflows,v2.6.3,2020-03-16,18:24:24 +argo-workflows,v2.6.2,2020-03-12,16:23:45 +argo-workflows,v2.6.1,2020-03-04,21:33:38 +argo-workflows,v2.6.0,2020-02-28,23:39:10 +argo-workflows,v2.6.0-rc3,2020-02-25,17:32:04 +argo-workflows,v2.5.2,2020-02-24,23:10:36 +argo-workflows,v2.6.0-rc2,2020-02-22,00:36:29 +argo-workflows,v2.5.1,2020-02-20,18:30:07 +argo-workflows,v2.6.0-rc1,2020-02-19,18:48:23 +argo-workflows,v2.5.0,2020-02-19,02:54:07 +argo-workflows,v2.5.0-rc12,2020-02-14,00:08:36 +argo-workflows,v2.5.0-rc11,2020-02-11,22:25:57 +argo-workflows,v2.5.0-rc10,2020-02-08,00:23:39 +argo-workflows,v2.5.0-rc9,2020-02-07,00:40:24 +argo-workflows,v2.5.0-rc8,2020-02-04,01:25:11 +argo-workflows,v2.5.0-rc7,2020-01-31,22:43:09 +argo-workflows,v2.5.0-rc6,2020-01-30,22:14:51 +argo-workflows,v2.5.0-rc5,2020-01-30,03:13:49 +argo-workflows,v2.5.0-rc4,2020-01-27,21:08:05 +argo-workflows,v2.5.0-rc3,2020-01-27,19:37:31 +argo-workflows,v2.5.0-rc2,2020-01-24,21:43:45 +argo-workflows,v2.5.0-rc1,2020-01-24,20:59:49 +argo-workflows,v2.4.3,2019-12-06,05:53:42 +argo-workflows,v2.4.2,2019-10-21,19:06:52 +argo-workflows,v2.4.1,2019-10-09,00:01:23 +argo-workflows,v2.4.0,2019-10-07,20:35:32 +argo-workflows,v2.4.0-rc1,2019-08-08,22:12:22 +argo-workflows,v2.3.0,2019-05-20,22:34:35 +argo-workflows,v2.3.0-rc3,2019-05-08,00:11:00 +argo-workflows,v2.3.0-rc2,2019-04-21,08:32:04 +argo-workflows,v2.3.0-rc1,2019-04-10,16:08:39 +argo-workflows,v2.2.1,2018-10-11,16:44:01 +argo-workflows,v2.2.0,2018-08-30,09:00:24 +argo-workflows,v2.1.1,2018-05-29,20:52:07 +argo-workflows,v2.1.0,2018-05-01,20:33:03 +argo-workflows,v2.1.0-beta2,2018-03-29,20:55:26 +argo-workflows,v2.1.0-beta1,2018-03-29,15:35:56 +argo-workflows,v2.1.0-alpha1,2018-02-21,22:54:53 +argo-workflows,v2.0.0,2018-02-06,21:55:25 +argo-workflows,v2.0.0-beta1,2018-01-18,22:58:14 +argo-workflows,v2.0.0-alpha3,2018-01-02,21:32:11 +argo-workflows,v2.0.0-alpha2,2017-12-05,05:13:12 +argo-workflows,v2.0.0-alpha1,2017-11-16,22:10:07 +argo-events,v1.9.5,2025-01-10,18:11:20 +argo-events,v1.9.4,2025-01-08,07:48:18 +argo-events,v1.9.3,2024-11-27,06:51:10 +argo-events,v1.9.2,2024-06-14,00:38:39 +argo-events,v1.9.1,2024-02-13,21:21:44 +argo-events,v1.9.0,2024-01-09,08:31:10 +argo-events,v1.8.1,2023-08-31,23:49:47 +argo-events,v1.8.0,2023-05-08,05:54:59 +argo-events,v1.7.6,2023-02-10,07:30:54 +argo-events,v1.7.5,2023-01-23,08:23:36 +argo-events,v1.7.4,2022-12-12,07:45:11 +argo-events,v1.7.3,2022-09-28,22:10:34 +argo-events,v1.7.2,2022-09-12,23:46:11 +argo-events,v1.7.1,2022-06-09,06:27:31 +argo-events,v1.7.0,2022-05-04,22:47:01 +argo-events,v1.7.0-rc1,2022-04-23,07:22:52 +argo-events,v1.6.3,2022-03-03,20:56:12 +argo-events,v1.6.2,2022-03-02,05:39:57 +argo-events,v1.6.1,2022-02-27,08:51:59 +argo-events,v1.6.0,2022-02-13,06:42:27 +argo-events,v1.5.6,2022-01-12,05:18:08 +argo-events,v1.5.5,2021-12-19,03:32:55 +argo-events,v1.5.4,2021-12-10,08:49:46 +argo-events,v1.5.3,2021-11-22,18:36:36 +argo-events,v1.5.2,2021-11-09,20:01:58 +argo-events,v1.5.1,2021-11-08,07:35:38 +argo-events,v1.5.0,2021-10-12,18:48:33 +argo-events,v1.4.3,2021-09-30,15:49:41 +argo-events,v1.4.2,2021-09-21,18:29:51 +argo-events,v1.4.1,2021-09-01,00:37:05 +argo-events,v1.4.0,2021-07-12,16:33:29 +argo-events,v1.3.1,2021-05-04,17:40:52 +argo-events,v1.3.0,2021-04-12,18:14:51 +argo-events,v1.3.0-rc4,2021-04-08,06:37:06 +argo-events,v1.3.0-rc3,2021-04-05,20:42:52 +argo-events,v1.3.0-rc2,2021-03-31,21:34:56 +argo-events,v1.3.0-rc1,2021-03-23,18:05:01 +argo-events,v1.2.3,2021-02-18,17:52:54 +argo-events,v1.2.2,2021-01-27,17:40:28 +argo-events,v1.2.1,2021-01-26,08:22:50 +argo-events,v1.2.0,2021-01-08,08:30:04 +argo-events,v1.1.0,2020-11-16,20:07:55 +argo-events,v1.1.0-rc1,2020-11-05,06:36:21 +argo-events,v1.0.0,2020-09-04,20:57:04 +argo-events,v1.0.0-rc3,2020-08-26,04:36:48 +argo-events,v1.0.0-rc2,2020-08-16,21:20:09 +argo-events,v1.0.0-rc1,2020-08-10,18:25:28 +argo-events,v0.17.0,2020-07-24,12:40:33 +argo-events,v0.16.0,2020-06-14,23:52:44 +argo-events,v0.15.0,2020-05-08,13:42:18 +argo-events,v0.14.0,2020-04-12,23:34:58 +argo-events,v0.13.0,2020-03-21,01:21:15 +argo-events,v0.13.0-rc,2020-02-26,01:33:31 +argo-events,v0.12,2020-01-17,04:51:55 +argo-events,v0.12-rc,2019-12-12,04:52:49 +argo-events,v0.11,2019-11-11,17:11:35 +argo-events,v0.10,2019-10-07,12:51:38 +argo-events,v0.9.3,2019-07-15,12:16:22 +argo-events,v0.9.2,2019-04-26,01:11:53 +argo-events,v0.9.1,2019-04-26,00:33:03 +argo-events,v.0.9,2019-03-30,13:07:25 +argo-events,v0.8.3,2019-03-18,21:09:05 +argo-events,v0.8.2,2019-03-14,10:32:46 +argo-events,v0.8.1,2019-03-11,13:42:08 +argo-events,v0.8,2019-02-27,18:08:21 +argo-events,v0.7,2019-01-30,04:12:58 +argo-events,v0.6,2018-11-27,11:46:02 +argo-events,v0.5,2018-10-18,19:51:19 +argo-events,v0.5-beta1,2018-07-27,15:00:03 +argo-events,v0.5-alpha1,2018-06-20,19:23:36 +argo-rollouts,v1.8.0-rc2,2025-01-16,19:43:44 +argo-rollouts,v1.8.0-rc1,2024-12-09,14:28:35 +argo-rollouts,v1.7.2,2024-08-13,18:42:47 +argo-rollouts,v1.7.1,2024-06-25,01:38:31 +argo-rollouts,v1.7.0,2024-06-13,20:23:14 +argo-rollouts,v1.7.0-rc1,2024-04-05,18:24:00 +argo-rollouts,v1.6.6,2024-02-13,15:56:59 +argo-rollouts,v1.6.5,2024-01-25,20:19:53 +argo-rollouts,v1.6.4,2023-12-11,21:54:30 +argo-rollouts,v1.6.3,2023-12-05,14:36:31 +argo-rollouts,v1.6.2,2023-11-02,19:58:08 +argo-rollouts,v1.6.1,2023-11-01,21:19:43 +argo-rollouts,v1.6.0,2023-09-06,19:00:06 +argo-rollouts,v1.6.0-rc1,2023-08-11,14:22:24 +argo-rollouts,v1.5.1,2023-05-24,19:26:51 +argo-rollouts,v1.5.0,2023-05-08,15:34:06 +argo-rollouts,v1.5.0-rc1,2023-03-27,20:09:25 +argo-rollouts,v1.4.1,2023-02-25,15:23:34 +argo-rollouts,v1.3.3,2023-02-25,04:38:57 +argo-rollouts,v1.4.0,2023-01-09,21:43:34 +argo-rollouts,v1.4.0-rc1,2022-12-20,02:07:55 +argo-rollouts,v1.3.2,2022-12-15,17:05:26 +argo-rollouts,v1.3.1,2022-09-29,17:43:19 +argo-rollouts,v1.3.0,2022-09-19,03:29:00 +argo-rollouts,v1.3.0-rc3,2022-09-15,16:00:07 +argo-rollouts,v1.3.0-rc2,2022-08-25,20:49:49 +argo-rollouts,v1.3.0-rc1,2022-07-29,19:54:34 +argo-rollouts,v1.2.2,2022-07-26,17:49:31 +argo-rollouts,v1.2.1,2022-05-13,20:57:34 +argo-rollouts,v1.2.0,2022-03-22,17:16:13 +argo-rollouts,v1.2.0-rc2,2022-02-25,16:54:46 +argo-rollouts,v1.2.0-rc1,2022-02-07,20:00:22 +argo-rollouts,v1.1.1,2021-11-29,21:44:13 +argo-rollouts,v1.1.0,2021-10-12,17:02:30 +argo-rollouts,v1.1.0-rc2,2021-10-05,23:41:25 +argo-rollouts,v1.0.7,2021-09-29,18:02:01 +argo-rollouts,v1.1.0-rc1,2021-09-21,23:23:21 +argo-rollouts,v1.0.6,2021-08-26,18:13:19 +argo-rollouts,v1.0.4,2021-08-03,04:38:07 +argo-rollouts,v1.0.3,2021-08-03,04:36:59 +argo-rollouts,v1.0.2,2021-06-15,22:33:04 +argo-rollouts,v1.0.1,2021-05-26,08:43:12 +argo-rollouts,v1.0.0,2021-05-20,04:11:28 +argo-rollouts,v1.0.0-rc1,2021-04-29,20:29:41 +argo-rollouts,v0.10.2,2020-12-17,21:20:44 +argo-rollouts,v0.10.1,2020-12-05,01:23:44 +argo-rollouts,v0.10.0,2020-11-14,00:21:31 +argo-rollouts,v0.9.3,2020-11-05,23:24:15 +argo-rollouts,v0.9.2,2020-10-17,04:41:56 +argo-rollouts,v0.9.1,2020-09-28,22:52:01 +argo-rollouts,v0.9.0,2020-08-17,22:17:04 +argo-rollouts,v0.8.3,2020-06-04,00:49:11 +argo-rollouts,v0.8.2,2020-05-06,20:40:16 +argo-rollouts,v0.8.1,2020-04-20,23:55:07 +argo-rollouts,v0.8.0,2020-04-13,16:40:32 +argo-rollouts,v0.7.2,2020-02-25,19:46:06 +argo-rollouts,v0.7.1,2020-02-10,18:01:08 +argo-rollouts,v0.7.0,2020-01-22,05:09:28 +argo-rollouts,v0.6.3,2020-01-22,04:40:30 +argo-rollouts,v0.6.2,2019-12-16,17:14:42 +argo-rollouts,v0.6.1,2019-12-06,00:25:57 +argo-rollouts,v0.6.0,2019-11-17,21:16:29 +argo-rollouts,v0.5.0,2019-09-23,17:59:31 +argo-rollouts,v0.4.2,2019-08-19,20:21:15 +argo-rollouts,v0.4.1,2019-06-26,16:07:32 +argo-rollouts,v0.4.0,2019-06-21,17:48:41 +argo-rollouts,v0.3.2,2019-06-13,17:58:53 +argo-rollouts,v0.3.1,2019-05-18,21:27:51 +argo-rollouts,v0.3.0,2019-05-01,06:36:28 +argo-rollouts,v0.2.2,2019-04-16,23:10:01 +argo-rollouts,v0.2.1,2019-04-04,21:43:44 +argo-rollouts,v0.2.0,2019-03-04,22:30:55 +argo-rollouts,v0.1.0,2019-02-01,19:03:49 diff --git a/scripts/release-analysis/fetch_helmet_releases.py b/scripts/release-analysis/fetch_helmet_releases.py new file mode 100644 index 00000000..77e2fcb3 --- /dev/null +++ b/scripts/release-analysis/fetch_helmet_releases.py @@ -0,0 +1,90 @@ +import csv +import os +from datetime import datetime + +import requests + +# GitHub repository URL +repo_url = "https://api.github.com/repos/argoproj/argo-helm/releases" + +# Get the GitHub token from environment variables +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + + +# Function to fetch all releases with pagination +def fetch_all_releases(url): + releases = [] + headers = {"Authorization": f"token {github_token}"} + while url: + response = requests.get(url, headers=headers) + response.raise_for_status() + releases.extend(response.json()) + url = response.links.get("next", {}).get("url") + return releases + + +# Function to get the content of Chart.yaml in a release +def get_chart_yaml(repo, tag, chart_path): + url = f"https://raw.githubusercontent.com/{repo}/refs/tags/{tag}/charts/{chart_path}/Chart.yaml" + headers = {"Authorization": f"token {github_token}"} + response = requests.get(url, headers=headers) + if response.status_code == 200: + return response.text + return None + + +# Function to extract appVersion from Chart.yaml content +def extract_app_version(chart_yaml): + for line in chart_yaml.splitlines(): + if line.startswith("appVersion:"): + return line.split(":")[1].strip() + return None + + +# Function to fetch releases and write to a CSV file +def fetch_and_write_helmet_releases(csv_file): + # Fetch all releases + releases = fetch_all_releases(repo_url) + + # Write the release data to the CSV file + with open(csv_file, mode="w", newline="") as file: + writer = csv.writer(file, quoting=csv.QUOTE_NONE, escapechar="\\") + writer.writerow(["Release Name", "Release Date", "Release Time", "App Version"]) + + for release in releases: + tag_name = release["tag_name"] + published_at = release["published_at"] + release_date = datetime.strptime(published_at, "%Y-%m-%dT%H:%M:%SZ").date() + release_time = datetime.strptime(published_at, "%Y-%m-%dT%H:%M:%SZ").time() + + # Extract chart path from the release name + chart_path = "-".join(tag_name.split("-")[:-1]) + current_chart_yaml = get_chart_yaml( + "argoproj/argo-helm", tag_name, chart_path + ) + + if current_chart_yaml: + current_app_version = extract_app_version(current_chart_yaml) + writer.writerow( + [tag_name, release_date, release_time, current_app_version] + ) + + # Read the CSV file, remove any instances of `\"`, and write back the cleaned content + with open(csv_file, mode="r") as file: + content = file.read() + + cleaned_content = content.replace('\\"', "") + + with open(csv_file, mode="w", newline="") as file: + file.write(cleaned_content) + + print( + f'Release data has been written to {csv_file} and cleaned of any instances of \\"' + ) + + +# Example usage +if __name__ == "__main__": + fetch_and_write_helmet_releases("argo_helm_releases.csv") diff --git a/scripts/release-analysis/fetch_releases.py b/scripts/release-analysis/fetch_releases.py new file mode 100644 index 00000000..6d27faee --- /dev/null +++ b/scripts/release-analysis/fetch_releases.py @@ -0,0 +1,57 @@ +import csv +import os +from datetime import datetime + +import requests + +# List of GitHub repository URLs we care about +repos = [ + ("argo-cd", "https://api.github.com/repos/argoproj/argo-cd/releases"), + ("argo-workflows", "https://api.github.com/repos/argoproj/argo-workflows/releases"), + ("argo-events", "https://api.github.com/repos/argoproj/argo-events/releases"), + ("argo-rollouts", "https://api.github.com/repos/argoproj/argo-rollouts/releases"), +] + +# Get the GitHub token from environment variables +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + + +# Fetch all releases with pagination +def fetch_all_releases(url): + releases = [] + headers = {"Authorization": f"token {github_token}"} + while url: + response = requests.get(url, headers=headers) + response.raise_for_status() + releases.extend(response.json()) + url = response.links.get("next", {}).get("url") + return releases + + +# Fetch releases and write to a CSV file +def fetch_and_write_releases(csv_file): + with open(csv_file, mode="w", newline="") as file: + writer = csv.writer(file) + writer.writerow(["Repository", "Release Tag", "Release Date", "Release Time"]) + + for repo_name, repo_url in repos: + releases = fetch_all_releases(repo_url) + for release in releases: + tag_name = release["tag_name"] + published_at = release["published_at"] + release_date = datetime.strptime( + published_at, "%Y-%m-%dT%H:%M:%SZ" + ).date() + release_time = datetime.strptime( + published_at, "%Y-%m-%dT%H:%M:%SZ" + ).time() + writer.writerow([repo_name, tag_name, release_date, release_time]) + + print(f"Release data has been written to {csv_file}") + + +# Example usage +if __name__ == "__main__": + fetch_and_write_releases("argo_releases.csv") diff --git a/scripts/release-analysis/main.py b/scripts/release-analysis/main.py new file mode 100644 index 00000000..3fcf21ed --- /dev/null +++ b/scripts/release-analysis/main.py @@ -0,0 +1,31 @@ +import os + +from fetch_helmet_releases import fetch_and_write_helmet_releases +from fetch_releases import fetch_and_write_releases +from merge_csvs import merge_csv_files +from plot_graph import plot_time_difference + +# Check there is a github token +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + +# Do the thing +print("Fetching releases...") +fetch_and_write_releases("argo_releases.csv") +print("Done") + +print("Fetching Team Helmet releases...") +fetch_and_write_helmet_releases("argo_helm_releases.csv") +print("Done") + +print("Merging release info...") +merge_csv_files("argo_releases.csv", "argo_helm_releases.csv", "merged_releases.csv") +print("Done") + +print("Plotting time difference graphs...") +plot_time_difference("merged_releases.csv") +print("Done") + +# Delete __pycache__ directories +os.system("rm -rf __pycache__") diff --git a/scripts/release-analysis/merge_csvs.py b/scripts/release-analysis/merge_csvs.py new file mode 100644 index 00000000..72b6917b --- /dev/null +++ b/scripts/release-analysis/merge_csvs.py @@ -0,0 +1,108 @@ +import csv +from datetime import datetime + + +def merge_csv_files(csv_file_1, csv_file_2, output_csv_file): + # Read the first CSV file into a dictionary + releases_1 = {} + with open(csv_file_1, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + key = (row["Repository"], row["Release Tag"]) + releases_1[key] = row + + # Read the second CSV file and find the oldest release for each appVersion + oldest_releases = {} + valid_repos = {"argo-cd", "argo-events", "argo-workflows", "argo-rollouts"} + with open(csv_file_2, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + release_name = row["Release Name"] + repo_name = "-".join(release_name.split("-")[:-1]) + if repo_name in valid_repos: + app_version = row["App Version"] + release_datetime = datetime.strptime( + f"{row['Release Date']} {row['Release Time']}", "%Y-%m-%d %H:%M:%S" + ) + if ( + repo_name, + app_version, + ) not in oldest_releases or release_datetime < oldest_releases[ + (repo_name, app_version) + ][ + "datetime" + ]: + oldest_releases[(repo_name, app_version)] = { + "row": row, + "datetime": release_datetime, + } + + # Merge the oldest releases with the first CSV file + merged_releases = [] + for (repo_name, app_version), data in oldest_releases.items(): + row = data["row"] + for key, release in releases_1.items(): + if ( + repo_name == release["Repository"] + and app_version == release["Release Tag"] + ): + time_difference = data["datetime"] - datetime.strptime( + f"{release['Release Date']} {release['Release Time']}", + "%Y-%m-%d %H:%M:%S", + ) + time_difference_hours = ( + time_difference.total_seconds() / 3600 + ) # Convert to hours + merged_row = { + "Repository": release["Repository"], + "Release Tag": release["Release Tag"], + "Release Date": release["Release Date"], + "Release Time": release["Release Time"], + "App Version": app_version, + "Release Name": row["Release Name"], + "Release Date 2": row["Release Date"], + "Release Time 2": row["Release Time"], + "Time Difference": time_difference_hours, + } + merged_releases.append(merged_row) + break + else: + merged_row = { + "Repository": repo_name, + "Release Tag": "", + "Release Date": "", + "Release Time": "", + "App Version": app_version, + "Release Name": row["Release Name"], + "Release Date 2": row["Release Date"], + "Release Time 2": row["Release Time"], + "Time Difference": "", + } + merged_releases.append(merged_row) + + # Write the merged data to a new CSV file + with open(output_csv_file, mode="w", newline="") as file: + fieldnames = [ + "Repository", + "Release Tag", + "Release Date", + "Release Time", + "App Version", + "Release Name", + "Release Date 2", + "Release Time 2", + "Time Difference", + ] + writer = csv.DictWriter(file, fieldnames=fieldnames) + writer.writeheader() + for row in merged_releases: + writer.writerow(row) + + print(f"Merged data has been written to {output_csv_file}") + + +# Example usage +if __name__ == "__main__": + merge_csv_files( + "argo_releases.csv", "argo_helm_releases.csv", "merged_releases.csv" + ) diff --git a/scripts/release-analysis/merged_releases.csv b/scripts/release-analysis/merged_releases.csv new file mode 100644 index 00000000..a4c13445 --- /dev/null +++ b/scripts/release-analysis/merged_releases.csv @@ -0,0 +1,195 @@ +Repository,Release Tag,Release Date,Release Time,App Version,Release Name,Release Date 2,Release Time 2,Time Difference +argo-cd,v2.13.3,2025-01-03,19:23:42,v2.13.3,argo-cd-7.7.13,2025-01-04,00:07:55,4.736944444444444 +argo-events,v1.9.5,2025-01-10,18:11:20,v1.9.5,argo-events-2.4.13,2025-01-11,10:22:47,16.190833333333334 +argo-workflows,v3.6.2,2024-12-02,14:12:44,v3.6.2,argo-workflows-0.45.1,2024-12-02,17:39:46,3.4505555555555554 +argo-events,v1.9.4,2025-01-08,07:48:18,v1.9.4,argo-events-2.4.12,2025-01-08,08:37:01,0.8119444444444445 +argo-events,v1.9.3,2024-11-27,06:51:10,v1.9.3,argo-events-2.4.9,2024-11-27,20:44:06,13.882222222222222 +argo-rollouts,v1.7.2,2024-08-13,18:42:47,v1.7.2,argo-rollouts-2.37.5,2024-08-14,08:31:31,13.812222222222223 +argo-cd,v2.13.2,2024-12-11,19:18:46,v2.13.2,argo-cd-7.7.10,2024-12-12,05:33:28,10.245 +argo-cd,v2.13.1,2024-11-20,17:11:22,v2.13.1,argo-cd-7.7.4,2024-11-20,20:48:11,3.613611111111111 +argo-workflows,v3.6.0,2024-11-14,19:02:01,v3.6.0,argo-workflows-0.43.0,2024-11-21,08:27:21,157.42222222222222 +argo-cd,v2.13.0,2024-11-04,12:46:49,v2.13.0,argo-cd-7.7.0,2024-11-05,00:00:06,11.221388888888889 +argo-workflows,v3.5.12,2024-10-30,11:49:27,v3.5.12,argo-workflows-0.42.6,2024-10-30,13:24:53,1.5905555555555555 +argo-cd,v2.12.6,2024-10-18,19:07:18,v2.12.6,argo-cd-7.6.12,2024-10-18,19:27:20,0.3338888888888889 +argo-cd,v2.12.5,2024-10-17,22:03:45,v2.12.5,argo-cd-7.6.11,2024-10-18,07:16:30,9.2125 +argo-cd,v2.12.4,2024-09-26,07:14:39,v2.12.4,argo-cd-7.6.5,2024-09-26,07:42:42,0.4675 +argo-workflows,v3.5.11,2024-09-20,14:08:00,v3.5.11,argo-workflows-0.42.3,2024-09-20,15:08:40,1.011111111111111 +argo-cd,v2.12.3,2024-08-27,12:33:34,v2.12.3,argo-cd-7.4.7,2024-08-27,13:30:34,0.95 +argo-events,v1.9.2,2024-06-14,00:38:39,v1.9.2,argo-events-2.4.6,2024-06-14,05:09:08,4.508055555555556 +argo-workflows,v3.5.10,2024-08-01,06:03:16,v3.5.10,argo-workflows-0.41.13,2024-08-01,07:19:01,1.2625 +argo-cd,v2.12.2,2024-08-23,04:05:09,v2.12.2,argo-cd-7.4.5,2024-08-23,08:51:19,4.769444444444445 +argo-cd,v2.12.1,2024-08-16,17:16:36,v2.12.1,argo-cd-7.4.4,2024-08-16,21:36:53,4.338055555555556 +argo-rollouts,v1.7.1,2024-06-25,01:38:31,v1.7.1,argo-rollouts-2.37.0,2024-06-26,09:10:19,31.53 +argo-cd,v2.12.0,2024-08-05,14:02:15,v2.12.0,argo-cd-7.4.0,2024-08-05,15:22:06,1.3308333333333333 +argo-workflows,v3.5.9,2024-07-30,06:58:49,v3.5.9,argo-workflows-0.41.12,2024-07-30,07:39:23,0.6761111111111111 +argo-cd,v2.11.7,2024-07-24,10:27:18,v2.11.7,argo-cd-7.3.11,2024-07-24,11:44:52,1.2927777777777778 +argo-cd,v2.11.6,2024-07-22,15:19:04,v2.11.6,argo-cd-7.3.10,2024-07-22,17:14:41,1.9269444444444443 +argo-cd,v2.11.5,2024-07-15,18:32:15,v2.11.5,argo-cd-7.3.7,2024-07-16,01:17:05,6.747222222222222 +argo-cd,v2.11.4,2024-07-02,19:52:42,v2.11.4,argo-cd-7.3.4,2024-07-02,20:43:46,0.8511111111111112 +argo-cd,v2.11.3,2024-06-06,09:43:29,v2.11.3,argo-cd-7.1.2,2024-06-06,10:51:51,1.1394444444444445 +argo-rollouts,v1.7.0,2024-06-13,20:23:14,v1.7.0,argo-rollouts-2.36.0,2024-06-14,09:00:46,12.625555555555556 +argo-workflows,v3.5.8,2024-06-18,04:52:31,v3.5.8,argo-workflows-0.41.10,2024-06-18,07:47:04,2.9091666666666667 +argo-workflows,v3.5.7,2024-05-27,07:13:30,v3.5.7,argo-workflows-0.41.7,2024-05-27,08:09:42,0.9366666666666666 +argo-cd,v2.11.2,2024-05-23,14:14:51,v2.11.2,argo-cd-6.11.1,2024-05-23,15:37:21,1.375 +argo-events,v1.9.1,2024-02-13,21:21:44,v1.9.1,argo-events-2.4.3,2024-02-14,08:53:00,11.52111111111111 +argo-rollouts,v1.6.6,2024-02-13,15:56:59,v1.6.6,argo-rollouts-2.34.3,2024-02-14,08:50:21,16.889444444444443 +argo-cd,v2.11.1,2024-05-21,15:03:58,v2.11.1,argo-cd-6.10.0,2024-05-21,16:36:49,1.5475 +argo-workflows,v3.5.6,2024-04-19,21:43:07,v3.5.6,argo-workflows-0.41.2,2024-04-20,04:55:21,7.203888888888889 +argo-cd,v2.11.0,2024-05-07,16:37:25,v2.11.0,argo-cd-6.8.0,2024-05-08,06:21:31,13.735 +argo-cd,v2.10.9,2024-04-30,16:55:10,v2.10.9,argo-cd-6.7.18,2024-04-30,17:14:22,0.32 +argo-cd,v2.10.8,2024-04-26,14:04:02,v2.10.8,argo-cd-6.7.16,2024-04-26,14:21:35,0.2925 +argo-cd,v2.10.7,2024-04-15,09:21:23,v2.10.7,argo-cd-6.7.12,2024-04-15,10:43:13,1.363888888888889 +argo-cd,v2.10.6,2024-04-05,01:04:01,v2.10.6,argo-cd-6.7.10,2024-04-05,05:00:08,3.935277777777778 +argo-cd,v2.10.5,2024-03-28,16:29:02,v2.10.5,argo-cd-6.7.4,2024-03-28,17:30:11,1.0191666666666668 +argo-workflows,v3.5.5,2024-02-29,21:47:50,v3.5.5,argo-workflows-0.40.12,2024-03-01,00:03:01,2.2530555555555556 +argo-cd,v2.10.4,2024-03-18,08:44:51,v2.10.4,argo-cd-6.7.3,2024-03-18,09:36:58,0.8686111111111111 +argo-cd,v2.10.3,2024-03-13,19:53:05,v2.10.3,argo-cd-6.7.2,2024-03-13,20:46:14,0.8858333333333334 +argo-cd,v2.10.2,2024-03-01,22:03:43,v2.10.2,argo-cd-6.5.1,2024-03-01,22:33:17,0.49277777777777776 +argo-cd,v2.10.1,2024-02-14,18:12:43,v2.10.1,argo-cd-6.0.14,2024-02-14,21:04:43,2.8666666666666667 +argo-workflows,v3.5.4,2024-01-14,06:19:09,v3.5.4,argo-workflows-0.40.6,2024-01-14,08:11:19,1.8694444444444445 +argo-cd,v2.10.0,2024-02-06,15:03:51,v2.10.0,argo-cd-5.55.0,2024-02-07,07:10:30,16.110833333333332 +argo-cd,v2.9.6,2024-02-02,19:51:46,v2.9.6,argo-cd-5.53.13,2024-02-02,22:50:34,2.98 +argo-cd,v2.9.5,2024-01-19,18:32:02,v2.9.5,argo-cd-5.53.2,2024-01-19,20:20:14,1.8033333333333332 +argo-rollouts,v1.6.5,2024-01-25,20:19:53,v1.6.5,argo-rollouts-2.34.2,2024-01-26,06:31:27,10.192777777777778 +argo-cd,v2.9.4,2024-01-18,21:24:02,v2.9.4,argo-cd-5.53.1,2024-01-19,05:48:47,8.4125 +argo-cd,v2.9.3,2023-12-01,23:39:19,v2.9.3,argo-cd-5.51.6,2023-12-02,11:03:49,11.408333333333333 +argo-workflows,v3.5.3,2024-01-11,03:12:46,v3.5.3,argo-workflows-0.40.5,2024-01-11,07:20:47,4.133611111111111 +argo-events,v1.9.0,2024-01-09,08:31:10,v1.9.0,argo-events-2.4.2,2024-01-09,10:14:30,1.7222222222222223 +argo-rollouts,v1.6.4,2023-12-11,21:54:30,v1.6.4,argo-rollouts-2.32.8,2023-12-13,06:59:39,33.08583333333333 +argo-workflows,v3.5.2,2023-11-27,19:16:42,v3.5.2,argo-workflows-0.39.5,2023-11-27,21:13:09,1.9408333333333334 +argo-rollouts,v1.6.3,2023-12-05,14:36:31,v1.6.3,argo-rollouts-2.32.7,2023-12-08,15:06:58,72.5075 +argo-rollouts,v1.6.2,2023-11-02,19:58:08,v1.6.2,argo-rollouts-2.32.4,2023-11-15,13:09:53,305.1958333333333 +argo-cd,v2.9.2,2023-11-20,17:52:41,v2.9.2,argo-cd-5.51.4,2023-11-20,18:50:04,0.9563888888888888 +argo-workflows,v3.5.1,2023-11-03,19:57:45,v3.5.1,argo-workflows-0.38.0,2023-11-04,05:58:06,10.005833333333333 +argo-cd,v2.9.1,2023-11-14,15:55:51,v2.9.1,argo-cd-5.51.2,2023-11-15,05:59:33,14.061666666666667 +argo-rollouts,v1.6.1,2023-11-01,21:19:43,v1.6.1,argo-rollouts-2.32.3,2023-11-15,10:00:45,324.6838888888889 +argo-cd,v2.9.0,2023-11-06,05:27:12,v2.9.0,argo-cd-5.51.0,2023-11-06,12:54:52,7.461111111111111 +argo-workflows,v3.5.0,2023-10-13,15:00:44,v3.5.0,argo-workflows-0.35.0,2023-10-13,22:07:38,7.115 +argo-cd,v2.8.6,2023-11-01,17:29:59,v2.8.6,argo-cd-5.50.0,2023-10-31,18:12:30,-23.29138888888889 +argo-rollouts,v1.6.0,2023-09-06,19:00:06,v1.6.0,argo-rollouts-2.32.0,2023-09-07,12:23:50,17.395555555555557 +argo-cd,v2.8.5,2023-10-31,19:30:03,v2.8.5,argo-cd-5.48.0,2023-10-28,07:29:05,-84.01611111111112 +argo-cd,v2.8.4,2023-09-13,20:08:07,v2.8.4,argo-cd-5.46.3,2023-09-14,04:56:22,8.804166666666667 +argo-workflows,v3.4.11,2023-09-08,01:14:16,v3.4.11,argo-workflows-0.33.2,2023-09-08,04:20:30,3.1038888888888887 +argo-cd,v2.8.3,2023-09-07,18:06:07,v2.8.3,argo-cd-5.45.3,2023-09-08,00:13:52,6.129166666666666 +argo-cd,v2.8.2,2023-08-24,21:05:33,v2.8.2,argo-cd-5.43.6,2023-08-25,08:46:11,11.677222222222222 +argo-events,v1.8.1,2023-08-31,23:49:47,v1.8.1,argo-events-2.4.1,2023-09-04,01:15:35,73.43 +argo-cd,v2.8.1,2023-08-22,21:19:28,v2.8.1,argo-cd-5.43.5,2023-08-23,03:57:35,6.635277777777778 +argo-workflows,v3.4.10,2023-08-15,18:59:38,v3.4.10,argo-workflows-0.32.3,2023-08-16,11:00:55,16.02138888888889 +argo-rollouts,v1.5.1,2023-05-24,19:26:51,v1.5.1,argo-rollouts-2.31.1,2023-07-20,17:26:45,1365.9983333333332 +argo-cd,v2.8.0,2023-08-07,20:03:46,v2.8.0,argo-cd-5.43.0,2023-08-08,14:36:04,18.538333333333334 +argo-workflows,v3.4.9,2023-07-20,15:28:41,v3.4.9,argo-workflows-0.32.0,2023-07-20,23:20:17,7.86 +argo-cd,v2.7.11,2023-08-07,20:07:16,v2.7.11,argo-cd-5.42.3,2023-08-08,06:11:54,10.077222222222222 +argo-cd,v2.7.10,2023-07-31,22:51:19,v2.7.10,argo-cd-5.42.1,2023-08-01,05:57:37,7.105 +argo-cd,v2.7.9,2023-07-24,18:50:30,v2.7.9,argo-cd-5.41.2,2023-07-25,02:10:03,7.325833333333334 +argo-cd,v2.7.8,2023-07-19,15:58:13,v2.7.8,argo-cd-5.41.1,2023-07-19,22:26:30,6.471388888888889 +argo-cd,v2.7.7,2023-07-05,20:25:54,v2.7.7,argo-cd-5.37.1,2023-07-06,08:26:09,12.004166666666666 +argo-workflows,v3.4.8,2023-05-25,23:37:40,v3.4.8,argo-workflows-0.28.2,2023-05-26,04:19:27,4.6963888888888885 +argo-cd,v2.7.6,2023-06-20,21:46:46,v2.7.6,argo-cd-5.36.5,2023-06-21,04:27:57,6.686388888888889 +argo-events,v1.8.0,2023-05-08,05:54:59,v1.8.0,argo-events-2.4.0,2023-06-21,12:41:55,1062.7822222222221 +argo-cd,v2.7.5,2023-06-16,15:24:00,v2.7.5,argo-cd-5.36.2,2023-06-17,04:55:38,13.527222222222223 +argo-cd,v2.7.4,2023-06-05,19:40:08,v2.7.4,argo-cd-5.35.1,2023-06-06,04:53:38,9.225 +argo-cd,v2.7.3,2023-05-24,16:14:02,v2.7.3,argo-cd-5.34.5,2023-05-24,23:23:36,7.1594444444444445 +argo-rollouts,v1.5.0,2023-05-08,15:34:06,v1.5.0,argo-rollouts-2.28.0,2023-05-10,15:37:42,48.06 +argo-workflows,v3.4.7,2023-04-11,17:26:32,v3.4.7,argo-workflows-0.23.2,2023-04-12,04:52:48,11.437777777777777 +argo-cd,v2.7.2,2023-05-12,14:41:07,v2.7.2,argo-cd-5.33.2,2023-05-12,15:19:23,0.6377777777777778 +argo-cd,v2.7.1,2023-05-02,17:24:44,v2.7.1,argo-cd-5.31.1,2023-05-03,09:48:25,16.39472222222222 +argo-events,v1.7.6,2023-02-10,07:30:54,v1.7.6,argo-events-2.1.3,2023-02-21,01:14:54,257.73333333333335 +argo-rollouts,v1.4.1,2023-02-25,15:23:34,v1.4.1,argo-rollouts-2.22.3,2023-03-02,15:08:16,119.745 +argo-cd,v2.7.0,2023-05-02,00:51:25,v2.7.0,argo-cd-5.30.0,2023-05-02,07:29:11,6.629444444444444 +argo-cd,v2.6.7,2023-03-23,15:45:09,v2.6.7,argo-cd-5.27.2,2023-03-24,00:09:05,8.398888888888889 +argo-workflows,v3.4.6,2023-03-31,20:16:18,v3.4.6,argo-workflows-0.22.16,2023-04-04,11:10:35,86.90472222222222 +argo-workflows,v3.4.5,2023-02-07,13:26:29,v3.4.5,argo-workflows-0.22.10,2023-02-07,15:11:29,1.75 +argo-cd,v2.6.6,2023-03-16,23:07:31,v2.6.6,argo-cd-5.27.1,2023-03-17,08:25:05,9.292777777777777 +argo-cd,v2.6.5,2023-03-14,14:59:49,v2.6.5,argo-cd-5.26.1,2023-03-14,18:42:39,3.713888888888889 +argo-cd,v2.6.4,2023-03-07,23:29:08,v2.6.4,argo-cd-5.24.2,2023-03-08,07:13:22,7.737222222222222 +argo-cd,v2.6.3,2023-02-27,15:20:04,v2.6.3,argo-cd-5.23.3,2023-02-28,08:32:15,17.203055555555554 +argo-cd,v2.6.2,2023-02-16,15:43:42,v2.6.2,argo-cd-5.21.1,2023-02-17,08:23:54,16.67 +argo-cd,v2.6.1,2023-02-08,19:39:04,v2.6.1,argo-cd-5.20.3,2023-02-08,20:15:43,0.6108333333333333 +argo-cd,v2.6.0,2023-02-06,22:04:33,v2.6.0,argo-cd-5.20.0,2023-02-07,15:02:47,16.970555555555556 +argo-cd,v2.5.10,2023-02-02,15:48:00,v2.5.10,argo-cd-5.19.14,2023-02-02,21:56:38,6.143888888888889 +argo-cd,v2.5.9,2023-01-28,00:04:28,v2.5.9,argo-cd-5.19.11,2023-01-28,13:41:15,13.613055555555556 +argo-workflows,v3.4.4,2022-11-29,21:15:21,v3.4.4,argo-workflows-0.20.12,2022-11-30,15:26:09,18.18 +argo-rollouts,v1.4.0,2023-01-09,21:43:34,v1.4.0,argo-rollouts-2.22.0,2023-01-19,21:14:27,239.51472222222222 +argo-events,v1.7.5,2023-01-23,08:23:36,v1.7.5,argo-events-2.1.1,2023-01-29,12:16:37,147.88361111111112 +argo-cd,v2.5.8,2023-01-25,17:05:03,v2.5.8,argo-cd-5.19.7,2023-01-26,08:23:02,15.299722222222222 +argo-events,v1.7.4,2022-12-12,07:45:11,v1.7.4,argo-events-2.0.10,2022-12-24,19:41:24,299.93694444444446 +argo-cd,v2.5.7,2023-01-18,03:00:02,v2.5.7,argo-cd-5.17.2,2023-01-18,06:44:45,3.745277777777778 +argo-rollouts,v1.3.1,2022-09-29,17:43:19,v1.3.1,argo-rollouts-2.21.1,2022-09-30,22:29:28,28.769166666666667 +argo-cd,v2.5.6,2023-01-10,20:14:18,v2.5.6,argo-cd-5.17.1,2023-01-11,06:33:59,10.328055555555556 +argo-cd,v2.5.5,2022-12-16,16:53:08,v2.5.5,argo-cd-5.16.7,2022-12-17,11:36:17,18.719166666666666 +argo-events,v1.7.3,2022-09-28,22:10:34,v1.7.3,argo-events-2.0.6,2022-09-29,15:55:01,17.740833333333335 +argo-cd,v2.5.4,2022-12-06,20:26:51,v2.5.4,argo-cd-5.16.2,2022-12-07,07:41:56,11.251388888888888 +argo-cd,v2.5.3,2022-11-28,17:28:00,v2.5.3,argo-cd-5.14.3,2022-11-28,22:10:18,4.705 +argo-workflows,v3.4.3,2022-10-31,09:17:41,v3.4.3,argo-workflows-0.20.6,2022-11-01,09:26:43,24.150555555555556 +argo-cd,v2.5.2,2022-11-07,17:23:44,v2.5.2,argo-cd-5.13.6,2022-11-08,16:04:52,22.685555555555556 +argo-cd,v2.5.1,2022-11-01,21:53:59,v2.5.1,argo-cd-5.13.1,2022-11-02,07:31:33,9.626111111111111 +argo-cd,v2.5.0,2022-10-25,15:32:28,v2.5.0,argo-cd-5.8.0,2022-10-25,21:22:42,5.8372222222222225 +argo-workflows,v3.4.2,2022-10-23,07:36:55,v3.4.2,argo-workflows-0.20.3,2022-10-24,05:53:54,22.283055555555556 +argo-cd,v2.4.15,2022-10-17,21:17:43,v2.4.15,argo-cd-5.6.1,2022-10-20,11:23:48,62.10138888888889 +argo-workflows,v3.4.1,2022-10-01,16:09:34,v3.4.1,argo-workflows-0.20.1,2022-10-02,09:28:15,17.31138888888889 +argo-cd,v2.4.14,2022-10-05,17:53:31,v2.4.14,argo-cd-5.5.10,2022-10-06,21:05:05,27.192777777777778 +argo-cd,v2.4.13,2022-10-03,21:38:39,v2.4.13,argo-cd-5.5.8,2022-10-04,00:58:31,3.331111111111111 +argo-cd,v2.4.12,2022-09-16,01:33:23,v2.4.12,argo-cd-5.4.4,2022-09-16,08:58:43,7.4222222222222225 +argo-rollouts,v1.3.0,2022-09-19,03:29:00,v1.3.0,argo-rollouts-2.21.0,2022-09-29,06:43:50,243.24722222222223 +argo-workflows,v3.4.0,2022-09-19,05:23:46,v3.4.0,argo-workflows-0.18.0,2022-09-19,16:10:42,10.782222222222222 +argo-events,v1.7.2,2022-09-12,23:46:11,v1.7.2,argo-events-2.0.5,2022-09-20,11:55:01,180.1472222222222 +argo-cd,v2.4.11,2022-08-22,09:52:10,v2.4.11,argo-cd-4.10.9,2022-08-22,14:04:30,4.205555555555556 +argo-workflows,v3.3.9,2022-08-10,01:08:09,v3.3.9,argo-workflows-0.16.9,2022-08-10,11:43:41,10.592222222222222 +argo-rollouts,v1.2.2,2022-07-26,17:49:31,v1.2.2,argo-rollouts-2.19.2,2022-08-26,09:03:17,735.2294444444444 +argo-events,v1.7.1,2022-06-09,06:27:31,v1.7.1,argo-events-2.0.2,2022-07-04,09:50:24,603.3813888888889 +argo-rollouts,v1.2.0,2022-03-22,17:16:13,v1.2.0,argo-rollouts-2.12.0,2022-03-23,21:12:12,27.933055555555555 +argo-cd,v2.4.10,2022-08-17,21:44:09,v2.4.10,argo-cd-4.10.7,2022-08-18,00:28:21,2.736666666666667 +argo-cd,v2.4.9,2022-08-11,15:59:47,v2.4.9,argo-cd-4.10.6,2022-08-11,20:43:51,4.734444444444445 +argo-cd,v2.4.8,2022-07-29,17:38:38,v2.4.8,argo-cd-4.10.4,2022-08-01,13:49:17,68.1775 +argo-cd,v2.4.7,2022-07-18,21:54:21,v2.4.7,argo-cd-4.9.15,2022-07-19,06:25:53,8.525555555555556 +argo-workflows,v3.3.8,2022-06-24,01:18:03,v3.3.8,argo-workflows-0.16.6,2022-06-24,05:47:50,4.496388888888889 +argo-cd,v2.4.6,2022-07-12,23:14:34,v2.4.6,argo-cd-4.9.13,2022-07-13,20:43:07,21.475833333333334 +argo-cd,v2.4.4,2022-07-07,07:59:34,v2.4.4,argo-cd-4.9.12,2022-07-07,16:46:25,8.780833333333334 +argo-cd,v2.4.3,2022-06-27,21:39:15,v2.4.3,argo-cd-4.9.9,2022-06-28,13:20:49,15.692777777777778 +argo-events,v1.7.0,2022-05-04,22:47:01,v1.7.0,argo-events-2.0.0,2022-06-14,15:38:27,976.8572222222223 +argo-cd,v2.4.2,2022-06-21,21:19:40,v2.4.2,argo-cd-4.9.5,2022-06-23,05:50:20,32.51111111111111 +argo-workflows,v3.3.7,2022-06-21,00:41:49,v3.3.7,argo-workflows-0.16.5,2022-06-23,16:01:09,63.32222222222222 +argo-workflows,v3.3.6,2022-05-26,01:22:39,v3.3.6,argo-workflows-0.16.1,2022-05-26,11:20:50,9.969722222222222 +argo-cd,v2.4.0,2022-06-10,17:59:33,v2.4.0,argo-cd-4.9.0,2022-06-14,10:10:37,88.18444444444444 +argo-cd,v2.3.4,2022-05-18,13:14:17,v2.3.4,argo-cd-4.6.2,2022-05-19,17:54:21,28.66777777777778 +argo-workflows,v3.3.5,2022-05-04,01:13:34,v3.3.5,argo-workflows-0.15.2,2022-05-20,21:14:27,404.01472222222225 +argo-workflows,v3.3.2,2022-04-20,23:16:10,v3.3.2,argo-workflows-0.14.0,2022-04-22,07:09:42,31.892222222222223 +argo-cd,v2.3.3,2022-03-30,01:55:37,v2.3.3,argo-cd-4.3.1,2022-03-30,13:40:17,11.744444444444444 +argo-events,v1.6.0,2022-02-13,06:42:27,v1.6.0,argo-events-1.11.0,2022-02-20,18:31:57,179.825 +argo-cd,v2.3.2,2022-03-23,02:12:12,v2.3.2,argo-cd-4.2.2,2022-03-23,09:53:45,7.6925 +argo-workflows,v3.2.9,2022-03-02,23:04:35,v3.2.9,argo-workflows-0.11.2,2022-03-05,08:51:50,57.7875 +argo-cd,v2.3.1,2022-03-11,00:07:41,v2.3.1,argo-cd-4.0.0,2022-03-16,21:02:33,140.91444444444446 +argo-rollouts,v1.1.1,2021-11-29,21:44:13,v1.1.1,argo-rollouts-2.8.1,2022-01-10,18:21:14,1004.6169444444445 +argo-cd,v2.2.5,2022-02-05,01:42:13,v2.2.5,argo-cd-3.33.4,2022-02-05,12:55:15,11.217222222222222 +argo-workflows,v3.2.7,2022-01-28,02:28:31,v3.2.7,argo-workflows-0.10.1,2022-02-09,23:06:55,308.64 +argo-cd,v2.2.4,2022-02-03,20:50:43,v2.2.4,argo-cd-3.33.3,2022-02-04,09:19:44,12.483611111111111 +argo-cd,v2.2.3,2022-01-18,18:03:37,v2.2.3,argo-cd-3.32.0,2022-01-26,15:14:35,189.18277777777777 +argo-workflows,v3.2.6,2021-12-17,21:12:28,v3.2.6,argo-workflows-0.9.4,2021-12-20,11:00:00,61.79222222222222 +argo-events,v1.5.6,2022-01-12,05:18:08,v1.5.6,argo-events-1.10.1,2022-01-18,22:20:08,161.03333333333333 +argo-cd,v2.2.2,2022-01-01,06:38:42,v2.2.2,argo-cd-3.29.5,2022-01-04,10:16:28,75.62944444444445 +argo-events,v1.5.0,2021-10-12,18:48:33,v1.5.0,argo-events-1.8.0,2021-10-27,15:13:58,356.4236111111111 +argo-rollouts,v1.1.0,2021-10-12,17:02:30,v1.1.0,argo-rollouts-2.2.0,2021-10-14,14:58:28,45.93277777777778 +argo-cd,v2.2.1,2021-12-17,01:41:25,v2.2.1,argo-cd-3.29.1,2021-12-17,10:06:18,8.414722222222222 +argo-cd,v2.2.0,2021-12-14,18:19:23,v2.2.0,argo-cd-3.29.0,2021-12-15,10:15:30,15.935277777777777 +argo-cd,v2.1.7,2021-11-17,22:18:58,v2.1.7,argo-cd-3.26.10,2021-11-21,12:48:45,86.49638888888889 +argo-workflows,v3.2.4,2021-11-18,00:41:27,v3.2.4,argo-workflows-0.8.3,2021-11-21,18:59:21,90.29833333333333 +argo-workflows,v3.2.0,2021-10-12,16:28:36,v3.2.0,argo-workflows-0.7.3,2021-10-15,10:22:13,65.89361111111111 +argo-cd,v2.1.6,2021-10-28,20:08:23,v2.1.6,argo-cd-3.26.4,2021-10-31,11:57:25,63.81722222222222 +argo-cd,v2.1.5,2021-10-20,15:25:12,v2.1.5,argo-cd-3.26.3,2021-10-21,20:56:35,29.523055555555555 +argo-cd,,,,2.1.4,argo-cd-3.26.1,2021-10-20,06:32:59, +argo-cd,,,,2.1.3,argo-cd-3.23.1,2021-10-06,15:28:20, +argo-workflows,v3.1.8,2021-08-19,00:19:56,v3.1.8,argo-workflows-0.4.2,2021-08-23,11:13:42,106.89611111111111 +argo-cd,,,,2.1.2,argo-cd-3.17.6,2021-09-02,21:59:12, +argo-rollouts,v1.0.2,2021-06-15,22:33:04,v1.0.2,argo-rollouts-1.0.2,2021-07-07,15:18:22,520.755 +argo-cd,,,,2.1.1,argo-cd-3.17.2,2021-08-26,14:22:27, +argo-cd,,,,2.1.0,argo-cd-3.13.0,2021-08-23,12:14:11, +argo-workflows,v3.1.5,2021-08-04,07:14:30,v3.1.5,argo-workflows-0.4.0,2021-08-17,07:31:04,312.2761111111111 +argo-cd,,,,2.0.5,argo-cd-3.10.1,2021-07-27,01:33:24, +argo-workflows,v3.0.7,2021-05-25,19:08:55,v3.0.7,argo-workflows-0.2.6,2021-06-25,06:16:05,731.1194444444444 +argo-events,,,,1.3.1,argo-events-1.4.2,2021-05-21,16:00:05, +argo-cd,,,,2.0.4,argo-cd-3.6.11,2021-06-29,08:49:22, +argo-cd,,,,2.0.3,argo-cd-3.6.3,2021-05-29,08:42:00, +argo-workflows,v3.0.2,2021-04-20,15:37:15,v3.0.2,argo-workflows-0.1.1,2021-05-21,16:00:07,744.3811111111111 +argo-rollouts,v1.0.1,2021-05-26,08:43:12,v1.0.1,argo-rollouts-1.0.0,2021-05-31,16:06:49,127.39361111111111 +argo-rollouts,,,,0.10.2,argo-rollouts-0.5.3,2021-05-21,16:00:06, +argo-cd,,,,2.0.1,argo-cd-3.4.1,2021-05-21,16:00:04, diff --git a/scripts/release-analysis/plot_graph.py b/scripts/release-analysis/plot_graph.py new file mode 100644 index 00000000..8657fe20 --- /dev/null +++ b/scripts/release-analysis/plot_graph.py @@ -0,0 +1,58 @@ +import csv + +import matplotlib.pyplot as plt +from packaging import version + + +def plot_time_difference(csv_file): + # Read the CSV file and process the data + data = {"argo-cd": [], "argo-events": [], "argo-workflows": [], "argo-rollouts": []} + release_tags = { + "argo-cd": [], + "argo-events": [], + "argo-workflows": [], + "argo-rollouts": [], + } + with open(csv_file, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + repo = row["Repository"] + time_diff_str = row["Time Difference"] + release_tag = row["Release Tag"] + if repo in data and time_diff_str: + time_diff = float(time_diff_str) + data[repo].append(time_diff) + release_tags[repo].append(release_tag) + + # Sort the release tags based on semantic versioning + for repo in release_tags: + sorted_indices = sorted( + range(len(release_tags[repo])), + key=lambda i: version.parse(release_tags[repo][i]), + ) + release_tags[repo] = [release_tags[repo][i] for i in sorted_indices] + data[repo] = [data[repo][i] for i in sorted_indices] + + # Plot the data + for repo, time_diffs in data.items(): + plt.figure(figsize=(10, 6)) + plt.plot(release_tags[repo], time_diffs, marker="o", label=repo) + plt.axhline(y=72, color="r", linestyle="--", label="SLA (72 hours)") + plt.xlabel("Upstream Release Tag") + plt.ylabel( + "Time difference between upstream release and Helm Chart release (hours)" + ) + plt.title(f"Time to Release Helm Chart for {repo}") + plt.legend() + plt.grid(True) + plt.xticks(rotation=45) + plt.tight_layout() + plt.savefig(f"time_difference_plot_{repo}.png") + plt.close() + + print("The plots have been saved as 'time_difference_plot_.png'") + + +# Example usage +if __name__ == "__main__": + plot_time_difference("merged_releases.csv") diff --git a/scripts/release-analysis/requirements.txt b/scripts/release-analysis/requirements.txt new file mode 100644 index 00000000..1c1b383e --- /dev/null +++ b/scripts/release-analysis/requirements.txt @@ -0,0 +1,2 @@ +requests +matplotlib diff --git a/scripts/release-analysis/time_difference_plot_argo-cd.png b/scripts/release-analysis/time_difference_plot_argo-cd.png new file mode 100644 index 00000000..738c0b98 Binary files /dev/null and b/scripts/release-analysis/time_difference_plot_argo-cd.png differ diff --git a/scripts/release-analysis/time_difference_plot_argo-events.png b/scripts/release-analysis/time_difference_plot_argo-events.png new file mode 100644 index 00000000..7e6c6431 Binary files /dev/null and b/scripts/release-analysis/time_difference_plot_argo-events.png differ diff --git a/scripts/release-analysis/time_difference_plot_argo-rollouts.png b/scripts/release-analysis/time_difference_plot_argo-rollouts.png new file mode 100644 index 00000000..4a24f491 Binary files /dev/null and b/scripts/release-analysis/time_difference_plot_argo-rollouts.png differ diff --git a/scripts/release-analysis/time_difference_plot_argo-workflows.png b/scripts/release-analysis/time_difference_plot_argo-workflows.png new file mode 100644 index 00000000..eb0dcf25 Binary files /dev/null and b/scripts/release-analysis/time_difference_plot_argo-workflows.png differ diff --git a/scripts/renovate-bump-version.sh b/scripts/renovate-bump-version.sh new file mode 100755 index 00000000..80f1ae11 --- /dev/null +++ b/scripts/renovate-bump-version.sh @@ -0,0 +1,41 @@ +#!/bin/bash +while getopts c:d:v: opt; do + case ${opt} in + c) chart=${OPTARG} ;; + d) dependency_name=${OPTARG} ;; + v) dependency_version=${OPTARG} ;; + *) + echo 'Usage:' >&2 + echo '-c: chart Related Helm chart name' >&2 + echo '-d dependency Name of the updated dependency' >&2 + echo '-v version New version of the updated dependency' >&2 + exit 1 + esac +done + +if [ -z "${dependency_name}" ] || [ -z "${dependency_version}" ] || [ -z "${chart}" ] ; then + echo 'Missing relevant CLI flag(s).' >&2 + exit 1 +fi + +chart_yaml_path="charts/${chart}/Chart.yaml" +# Split dependency by '/' and only use last element +# This way we can drop prefixes like "argoproj/..." , "argoproj-labs/..." , "quay.io/foo/..." +dependency_name="${dependency_name##*/}" + +# Bump the chart version by one patch version +version=$(grep '^version:' "${chart_yaml_path}" | awk '{print $2}') +major=$(echo "${version}" | cut -d. -f1) +minor=$(echo "${version}" | cut -d. -f2) +patch=$(echo "${version}" | cut -d. -f3) +patch=$((patch + 1)) +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${chart_yaml_path}" + +# Add a changelog entry +sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${chart_yaml_path}" +{ + echo " artifacthub.io/changes: |" + echo " - kind: changed" + echo " description: Bump ${dependency_name} to ${dependency_version}" +} >> "${chart_yaml_path}" +cat "${chart_yaml_path}"