From 56f3b77fd1a059fff8a80587c4c54d1555d49779 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 19 Dec 2022 18:07:44 +0900 Subject: [PATCH 001/768] chore(argo-workflows): Support missing configurations to workflow controller cm (#1716) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 5 +++-- charts/argo-workflows/README.md | 2 ++ .../workflow-controller-config-map.yaml | 5 +++++ charts/argo-workflows/values.yaml | 19 +++++++++++++++++++ 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 68a28c43..ff38bb28 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.2 +version: 0.22.3 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,4 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Support images property to workflow-controller-configmap for emissary executor" + - "[Added]: Support nodeEvents property to workflow-controller-configmap" + - "[Added]: Support kubeConfig property to workflow-controller-configmap" diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 571ef659..b775c939 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -83,6 +83,7 @@ Fields to note: | controller.instanceID.enabled | bool | `false` | Configures the controller to filter workflow submissions to only those which have a matching instanceID attribute. | | controller.instanceID.explicitID | string | `""` | Use a custom instanceID | | controller.instanceID.useReleaseName | bool | `false` | Use ReleaseName as instanceID | +| controller.kubeConfig | object | `{}` (See [values.yaml]) | Configure when workflow controller runs in a different k8s cluster with the workflow workloads, or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. | | controller.links | list | `[]` | Configure Argo Server to show custom [links] | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | @@ -100,6 +101,7 @@ Fields to note: | controller.name | string | `"workflow-controller"` | Workflow controller name string | | controller.namespaceParallelism | string | `nil` | Limits the maximum number of incomplete workflows in a namespace | | controller.navColor | string | `""` | Set ui navigation bar background color | +| controller.nodeEvents.enabled | bool | `true` | Enable to emit events on node completion. | | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] | | controller.parallelism | string | `nil` | parallelism dictates how many workflows can be running at the same time | | controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index fc223926..ea4660e0 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -173,3 +173,8 @@ data: {{- with .Values.emissary.images }} images: {{- toYaml . | nindent 6 }} {{- end }} + nodeEvents: + enabled: {{ .Values.controller.nodeEvents.enabled }} + {{- with .Values.controller.kubeConfig }} + kubeConfig: {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 95d1351f..3f643906 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -297,6 +297,25 @@ controller: # failed: 3 # errored: 3 + nodeEvents: + # -- Enable to emit events on node completion. + ## This can take up a lot of space in k8s (typically etcd) resulting in errors when trying to create new events: + ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" + enabled: true + + # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads, + # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. + # @default -- `{}` (See [values.yaml]) + kubeConfig: {} + # # name of the kubeconfig secret, may not be empty when kubeConfig specified + # secretName: kubeconfig-secret + # # key of the kubeconfig secret, may not be empty when kubeConfig specified + # secretKey: kubeconfig + # # mounting path of the kubeconfig secret, default to /kube/config + # mountPath: /kubeconfig/mount/path + # # volume name when mounting the secret, default to kubeconfig + # volumeName: kube-config-volume + # mainContainer adds default config for main container that could be overriden in workflows template mainContainer: # -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`. From c04ff27b341f6ffaf6323ab82788eaf44b22c9e0 Mon Sep 17 00:00:00 2001 From: Karl Parry <88431088+karlparry@users.noreply.github.com> Date: Tue, 20 Dec 2022 11:53:54 +0000 Subject: [PATCH 002/768] fix(argo-cd): remove incorrect flag for repoServer TLS secret (#1719) Signed-off-by: Karl Parry Signed-off-by: Karl Parry --- charts/argo-cd/Chart.yaml | 4 ++-- .../argocd-configs/argocd-repo-server-tls-secret.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b1591a5f..2cd56118 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.16.7 +version: 5.16.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[chore]: Update ArgoCD to v2.5.5" + - "[fixed]: remove incorrect enabled flag for repoServer TLS secret " diff --git a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml index 7efa2051..b0f35aa2 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.repoServer.enabled .Values.repoServer.certificateSecret.enabled }} +{{- if .Values.repoServer.certificateSecret.enabled }} apiVersion: v1 kind: Secret metadata: From 7e45f5f03fd1606ecb6cfebdc7d094456245ed04 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 20 Dec 2022 22:18:07 +0900 Subject: [PATCH 003/768] chore(argo-cd): Support relabelings and metricRelabelings to Notification's ServiceMonitor (#1720) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 ++ .../templates/argocd-notifications/servicemonitor.yaml | 8 ++++++++ charts/argo-cd/values.yaml | 4 ++++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2cd56118..bd3982a7 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.16.8 +version: 5.16.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[fixed]: remove incorrect enabled flag for repoServer TLS secret " + - "[Added]: Support relabelings and metricRelabelings to Notification's ServiceMonitor" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 99108a06..02a3a9a8 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1085,6 +1085,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | | notifications.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | notifications.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 7f11d08f..2dd280bf 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -35,6 +35,14 @@ spec: tlsConfig: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 776eb9f8..fbf42932 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2534,6 +2534,10 @@ notifications: scheme: "" # -- Prometheus ServiceMonitor tlsConfig tlsConfig: {} + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] # -- Configures notification services such as slack, email or custom webhook # @default -- See [values.yaml] From 4ada750a8479882f7049e66cef85fdc22cf9aec8 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 22 Dec 2022 22:00:38 +0900 Subject: [PATCH 004/768] chore(argo-workflows): Add changelog link on README (#1726) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 5 ++--- charts/argo-workflows/README.md | 5 +++++ charts/argo-workflows/README.md.gotmpl | 5 +++++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index ff38bb28..c775ebc5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.3 +version: 0.22.4 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Support nodeEvents property to workflow-controller-configmap" - - "[Added]: Support kubeConfig property to workflow-controller-configmap" + - "[Added]: Changelog link on README" diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index b775c939..4c172f29 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -13,6 +13,10 @@ A few options are: - Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec - Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. + ## Usage Notes ### Workflow controller @@ -260,3 +264,4 @@ Fields to note: [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 28ee4fdc..a263139b 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -13,6 +13,10 @@ A few options are: - Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec - Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. + ## Usage Notes ### Workflow controller @@ -135,3 +139,4 @@ Fields to note: [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog From 00ed90f524a98cd48c4cfcbcf2dd30e31c457efc Mon Sep 17 00:00:00 2001 From: Aleksandr Lossenko Date: Sat, 24 Dec 2022 20:41:02 +0100 Subject: [PATCH 005/768] chore(argo-events): upgrade argo-events to app version 1.7.4 (#1730) Signed-off-by: Aleksandr Lossenko --- charts/argo-events/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index fa40f90f..91b74800 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.3 +appVersion: v1.7.4 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.0.9 +version: 2.0.10 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,4 +15,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Ability to specify port for webhook deployment" + - "[Changed]: Upgrade Argo events controller to v1.7.4" From 37484603eb7462258506545da678054d460892f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 25 Dec 2022 20:06:09 +0900 Subject: [PATCH 006/768] chore(github): bump actions/stale from 6 to 7 (#1729) chore(deps): bump actions/stale from 6 to 7 Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 3637ed8f..3a8e77d1 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@v6 + - uses: actions/stale@v7 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale From c4d8b37fe49cfcfd09cbd693032ba54a0bc21403 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 25 Dec 2022 22:56:33 +0900 Subject: [PATCH 007/768] chore(argocd-apps): Add changelog link on README (#1731) Signed-off-by: yu-croco --- charts/argocd-apps/Chart.yaml | 4 ++-- charts/argocd-apps/README.md | 6 ++++++ charts/argocd-apps/README.md.gotmpl | 6 ++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 7a5840b7..4f2d82be 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 0.0.5 +version: 0.0.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -14,4 +14,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Support sourceNamespaces for AppProject" + - "[Added]: Changelog link on README" diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md index fc994888..bc0d0685 100644 --- a/charts/argocd-apps/README.md +++ b/charts/argocd-apps/README.md @@ -13,6 +13,10 @@ docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:late - CRDs (Application and AppProject) - You need to install them via [argo-cd Helm chart](../argo-cd) or upstream. +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. + ## Installation ```console @@ -31,3 +35,5 @@ $ helm install my-release argo/argocd-apps ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[changelog]: https://artifacthub.io/packages/helm/argo/argocd-apps?modal=changelog diff --git a/charts/argocd-apps/README.md.gotmpl b/charts/argocd-apps/README.md.gotmpl index 8d628693..e8cb1c17 100644 --- a/charts/argocd-apps/README.md.gotmpl +++ b/charts/argocd-apps/README.md.gotmpl @@ -13,6 +13,10 @@ docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:late - CRDs (Application and AppProject) - You need to install them via [argo-cd Helm chart](../argo-cd) or upstream. +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. + ## Installation ```console @@ -24,3 +28,5 @@ $ helm install my-release argo/argocd-apps ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[changelog]: https://artifacthub.io/packages/helm/argo/argocd-apps?modal=changelog From 2204f028b9ff0a17be888c923bbf7892f0458343 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 27 Dec 2022 21:12:04 +0900 Subject: [PATCH 008/768] chore(argo-cd): Update redis-ha to v4.22.4 (#1732) Signed-off-by: yu-croco --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index 7a069ce9..a2a5011e 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.22.3 -digest: sha256:ef6269e4e073dad10c230ccfb069fc013608111c895c5e7568450bb3967cf195 -generated: "2022-11-03T12:04:33.673857+09:00" + version: 4.22.4 +digest: sha256:5df60910862b364ebfb82cba2b2f0951c39ad36446647fb3f501bdeadc92fbd7 +generated: "2022-12-26T22:58:11.561184+09:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bd3982a7..e8695ca3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.16.9 +version: 5.16.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,9 +18,9 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.22.3 + version: 4.22.4 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Support relabelings and metricRelabelings to Notification's ServiceMonitor" + - "[Changed]: Update redis-ha to v4.22.4" From fbc8cb263c7b6f53bb73fcab908a13c67b09b617 Mon Sep 17 00:00:00 2001 From: Boris Gershanik Date: Thu, 29 Dec 2022 13:49:10 +0200 Subject: [PATCH 009/768] feat(argo-cd): Add hostAliases to ApplicationSet Deployment (#1737) Signed-off-by: Boris Gershanik Signed-off-by: Boris Gershanik --- charts/argo-cd/Chart.yaml | 4 ++-- .../argo-cd/templates/argocd-applicationset/deployment.yaml | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e8695ca3..236c39c6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.16.10 +version: 5.16.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Update redis-ha to v4.22.4" + - "[Added]: Added HostAliases to ApplicationSet Deployment" diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 6c48fefb..ce4cd821 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -40,6 +40,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 6 }} + {{- end }} containers: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} From f6c884a0969ebe07e81b1204811dc1b4efc1511d Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 29 Dec 2022 16:47:29 +0100 Subject: [PATCH 010/768] chore(argo-cd): Remove legacy API versions for PDBs (#1740) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 - charts/argo-cd/templates/_versions.tpl | 13 ------------- .../argocd-application-controller/pdb.yaml | 2 +- .../templates/argocd-applicationset/pdb.yaml | 2 +- .../argocd-notifications/bots/slack/pdb.yaml | 2 +- .../argo-cd/templates/argocd-notifications/pdb.yaml | 2 +- .../argo-cd/templates/argocd-repo-server/pdb.yaml | 2 +- charts/argo-cd/templates/argocd-server/pdb.yaml | 2 +- charts/argo-cd/templates/dex/pdb.yaml | 2 +- charts/argo-cd/templates/redis/pdb.yaml | 2 +- charts/argo-cd/values.yaml | 2 -- 12 files changed, 10 insertions(+), 26 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 236c39c6..7e7b4d50 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.16.11 +version: 5.16.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Added HostAliases to ApplicationSet Deployment" + - "[Removed]: API override for PDB" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 02a3a9a8..49527754 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -360,7 +360,6 @@ NAME: my-release | apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of cert-manager resources rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | apiVersionOverrides.ingress | string | `""` | String to override apiVersion of ingresses rendered by this helm chart | -| apiVersionOverrides.pdb | string | `""` | String to override apiVersion of pod disruption budgets rendered by this helm chart | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl index 2f2c61f9..b3aa6a41 100644 --- a/charts/argo-cd/templates/_versions.tpl +++ b/charts/argo-cd/templates/_versions.tpl @@ -34,19 +34,6 @@ Return the appropriate apiVersion for ingress {{- end -}} {{- end -}} -{{/* -Return the appropriate apiVersion for pod disruption budget -*/}} -{{- define "argo-cd.apiVersion.pdb" -}} -{{- if .Values.apiVersionOverrides.pdb -}} -{{- print .Values.apiVersionOverrides.pdb -}} -{{- else if semverCompare "<1.21-0" (include "argo-cd.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - {{/* Return the appropriate apiVersion for cert-manager */}} diff --git a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml index 8f2531ff..b6804c54 100644 --- a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml @@ -1,5 +1,5 @@ {{- if .Values.controller.pdb.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.pdb" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.controller.fullname" . }} diff --git a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml index d101d576..51974356 100644 --- a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -1,5 +1,5 @@ {{- if and .Values.applicationSet.enabled .Values.applicationSet.pdb.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.pdb" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml index 458af6f7..60df983e 100644 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml +++ b/charts/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml @@ -1,5 +1,5 @@ {{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.pdb.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.pdb" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.notifications.fullname" . }}-bot diff --git a/charts/argo-cd/templates/argocd-notifications/pdb.yaml b/charts/argo-cd/templates/argocd-notifications/pdb.yaml index 711495a2..f1f32715 100644 --- a/charts/argo-cd/templates/argocd-notifications/pdb.yaml +++ b/charts/argo-cd/templates/argocd-notifications/pdb.yaml @@ -1,5 +1,5 @@ {{- if and .Values.notifications.enabled .Values.notifications.pdb.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.pdb" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.notifications.fullname" . }} diff --git a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml index 7202bd39..318671f0 100644 --- a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml @@ -1,5 +1,5 @@ {{- if .Values.repoServer.pdb.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.pdb" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.repoServer.fullname" . }} diff --git a/charts/argo-cd/templates/argocd-server/pdb.yaml b/charts/argo-cd/templates/argocd-server/pdb.yaml index 81d3367b..89c54c65 100644 --- a/charts/argo-cd/templates/argocd-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-server/pdb.yaml @@ -1,5 +1,5 @@ {{- if .Values.server.pdb.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.pdb" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.server.fullname" . }} diff --git a/charts/argo-cd/templates/dex/pdb.yaml b/charts/argo-cd/templates/dex/pdb.yaml index caa2ab29..45bd0050 100644 --- a/charts/argo-cd/templates/dex/pdb.yaml +++ b/charts/argo-cd/templates/dex/pdb.yaml @@ -1,5 +1,5 @@ {{- if and .Values.dex.enabled .Values.dex.pdb.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.pdb" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.dex.fullname" . }} diff --git a/charts/argo-cd/templates/redis/pdb.yaml b/charts/argo-cd/templates/redis/pdb.yaml index 57fb94b3..8be05f93 100644 --- a/charts/argo-cd/templates/redis/pdb.yaml +++ b/charts/argo-cd/templates/redis/pdb.yaml @@ -1,6 +1,6 @@ {{- $redisHa := index .Values "redis-ha" -}} {{- if and .Values.redis.enabled (not $redisHa.enabled) .Values.redis.pdb.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.pdb" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.redis.fullname" . }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fbf42932..063f215b 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -20,8 +20,6 @@ apiVersionOverrides: autoscaling: "" # autoscaling/v2 # -- String to override apiVersion of ingresses rendered by this helm chart ingress: "" # networking.k8s.io/v1beta1 - # -- String to override apiVersion of pod disruption budgets rendered by this helm chart - pdb: "" # policy/v1 # -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles From 9c71f1cbabae17b365212377f7148b1484716d03 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 29 Dec 2022 16:54:28 +0100 Subject: [PATCH 011/768] chore(argo-cd): Add pdrastil as Argo CD codeowner (#1743) Add pdrastil as Argo CD codeowner Signed-off-by: Petr Drastil Signed-off-by: Petr Drastil --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index c161dac3..aea8942f 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -7,7 +7,7 @@ /charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @jmeridth @yu-croco # Argo CD -/charts/argo-cd/ @davidkarlsen @mr-sour @yann-soubeyrand @mbevc1 @mkilchhofer @yu-croco @jmeridth +/charts/argo-cd/ @davidkarlsen @mr-sour @yann-soubeyrand @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil # Argo Events /charts/argo-events/ @jbehling @VaibhavPage @pdrastil From def1e657dabec9ed32704306354a209ee2044d83 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 29 Dec 2022 17:26:36 +0100 Subject: [PATCH 012/768] chore(argo-cd): Remove legacy API versions for Ingresses (#1742) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 1 - charts/argo-cd/templates/_versions.tpl | 15 ---- .../webhook-ingress.yaml | 53 +++++---------- .../templates/argocd-server/ingress-grpc.yaml | 57 ++++++---------- .../templates/argocd-server/ingress.yaml | 68 ++++++------------- charts/argo-cd/values.yaml | 30 ++------ 7 files changed, 68 insertions(+), 160 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7e7b4d50..4867e68c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.16.12 +version: 5.16.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Removed]: API override for PDB" + - "[Removed]: Legacy API versions for Ingresses" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 49527754..03d9e7f7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -359,7 +359,6 @@ NAME: my-release | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of cert-manager resources rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | -| apiVersionOverrides.ingress | string | `""` | String to override apiVersion of ingresses rendered by this helm chart | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl index b3aa6a41..8240c4b0 100644 --- a/charts/argo-cd/templates/_versions.tpl +++ b/charts/argo-cd/templates/_versions.tpl @@ -19,21 +19,6 @@ Return the appropriate apiVersion for autoscaling {{- end -}} {{- end -}} -{{/* -Return the appropriate apiVersion for ingress -*/}} -{{- define "argo-cd.apiVersion.ingress" -}} -{{- if .Values.apiVersionOverrides.ingress -}} -{{- print .Values.apiVersionOverrides.ingress -}} -{{- else if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - {{/* Return the appropriate apiVersion for cert-manager */}} diff --git a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml index affeec86..5285c6f2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml @@ -1,89 +1,72 @@ {{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}} -{{- $serviceName := include "argo-cd.applicationSet.fullname" . -}} {{- $servicePort := .Values.applicationSet.service.portName -}} {{- $paths := .Values.applicationSet.webhook.ingress.paths -}} {{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}} {{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}} -apiVersion: {{ include "argo-cd.apiVersion.ingress" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: -{{- if .Values.applicationSet.webhook.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.applicationSet.webhook.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.applicationSet.fullname" . }} + name: {{ include "argo-cd.applicationSet.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} - {{- if .Values.applicationSet.webhook.ingress.labels }} - {{- toYaml .Values.applicationSet.webhook.ingress.labels | nindent 4 }} + {{- with .Values.applicationSet.webhook.ingress.labels }} + {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.applicationSet.webhook.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} {{- with .Values.applicationSet.webhook.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} - {{- end }} rules: {{- if .Values.applicationSet.webhook.ingress.hosts }} {{- range $host := .Values.applicationSet.webhook.ingress.hosts }} - host: {{ $host }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.applicationSet.fullname" $ }} port: {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} {{- else }} name: {{ $servicePort }} {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} {{- else }} - http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.applicationSet.fullname" $ }} port: {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} {{- else }} name: {{ $servicePort }} {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} - {{- if .Values.applicationSet.webhook.ingress.tls }} + {{- with .Values.applicationSet.webhook.ingress.tls }} tls: - {{- toYaml .Values.applicationSet.webhook.ingress.tls | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end -}} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 54304007..b728a11b 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,89 +1,72 @@ {{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}} -{{- $serviceName := include "argo-cd.server.fullname" . -}} {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} {{- $paths := .Values.server.ingressGrpc.paths -}} {{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} {{- $pathType := .Values.server.ingressGrpc.pathType -}} -apiVersion: {{ include "argo-cd.apiVersion.ingress" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: -{{- if .Values.server.ingressGrpc.annotations }} - annotations: - {{- range $key, $value := .Values.server.ingressGrpc.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }}-grpc + name: {{ include "argo-cd.server.fullname" . }}-grpc labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- if .Values.server.ingressGrpc.labels }} - {{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }} + {{- with .Values.server.ingressGrpc.labels }} + {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.ingressGrpc.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} {{- with .Values.server.ingressGrpc.ingressClassName }} ingressClassName: {{ . }} {{- end }} - {{- end }} rules: {{- if .Values.server.ingressGrpc.hosts }} {{- range $host := .Values.server.ingressGrpc.hosts }} - host: {{ $host }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" $ }} port: {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} {{- else }} name: {{ $servicePort }} {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} {{- else }} - http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" $ }} port: {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} {{- else }} name: {{ $servicePort }} {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} - {{- if .Values.server.ingressGrpc.tls }} + {{- with .Values.server.ingressGrpc.tls }} tls: - {{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end -}} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index aeb60d24..52269d0a 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -1,51 +1,45 @@ {{- if .Values.server.ingress.enabled -}} -{{- $serviceName := include "argo-cd.server.fullname" . -}} {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} {{- $paths := .Values.server.ingress.paths -}} {{- $extraPaths := .Values.server.ingress.extraPaths -}} {{- $pathType := .Values.server.ingress.pathType -}} -apiVersion: {{ include "argo-cd.apiVersion.ingress" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: -{{- if .Values.server.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }} - alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: | - [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] - {{- end }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- if .Values.server.ingress.labels }} - {{- toYaml .Values.server.ingress.labels | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} {{- end }} + {{- if .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }} + alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- end }} + {{- end }} spec: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} {{- with .Values.server.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} - {{- end }} rules: {{- if .Values.server.ingress.hosts }} {{- range $host := .Values.server.ingress.hosts }} - host: {{ $host }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} {{- range $p := $paths }} {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }} - path: {{ $p }} - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} pathType: Prefix - {{- end }} backend: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} service: name: {{ template "argo-cd.server.fullname" $ }}-grpc port: @@ -54,60 +48,42 @@ spec: {{- else }} name: {{ $servicePort }} {{- end }} - {{- else }} - serviceName: {{ template "argo-cd.server.fullname" $ }}-grpc - servicePort: {{ $servicePort }} - {{- end }} {{- end }} - path: {{ $p }} - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" $ }} port: {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} {{- else }} name: {{ $servicePort }} {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} {{- else }} - http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} + {{- with $extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} pathType: {{ $pathType }} - {{- end }} backend: - {{- if eq (include "argo-cd.apiVersion.ingress" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" $ }} port: {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} {{- else }} name: {{ $servicePort }} {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} {{- end -}} {{- end -}} - {{- if .Values.server.ingress.tls }} + {{- with .Values.server.ingress.tls }} tls: - {{- toYaml .Values.server.ingress.tls | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end -}} {{- end -}} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 063f215b..8228f29e 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -18,8 +18,6 @@ apiVersionOverrides: cloudgoogle: "" # cloud.google.com/v1 # -- String to override apiVersion of autoscaling rendered by this helm chart autoscaling: "" # autoscaling/v2 - # -- String to override apiVersion of ingresses rendered by this helm chart - ingress: "" # networking.k8s.io/v1beta1 # -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles @@ -1590,8 +1588,7 @@ server: ## Argo Ingress. ## Hostnames must be provided if Ingress is enabled. ## Secrets must be manually created in the namespace - hosts: - [] + hosts: [] # - argocd.example.com # -- List of ingress paths @@ -1600,13 +1597,7 @@ server: # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix # -- Additional ingress paths - extraPaths: - [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + extraPaths: [] # - path: /* # pathType: Prefix # backend: @@ -1616,8 +1607,7 @@ server: # name: use-annotation # -- Ingress TLS configuration - tls: - [] + tls: [] # - secretName: your-certificate-name # hosts: # - argocd.example.com @@ -1656,8 +1646,7 @@ server: ## Hostnames must be provided if Ingress is enabled. ## Secrets must be manually created in the namespace ## - hosts: - [] + hosts: [] # - argocd.example.com # -- List of ingress paths for dedicated [gRPC-ingress] @@ -1666,13 +1655,7 @@ server: # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix # -- Additional ingress paths for dedicated [gRPC-ingress] - extraPaths: - [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + extraPaths: [] # - path: /* # pathType: Prefix # backend: @@ -1682,8 +1665,7 @@ server: # name: use-annotation # -- Ingress TLS configuration for dedicated [gRPC-ingress] - tls: - [] + tls: [] # - secretName: your-certificate-name # hosts: # - argocd.example.com From 10e3af1bcfea41c12e6894400e8f098a98f45c1c Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 30 Dec 2022 01:31:39 +0900 Subject: [PATCH 013/768] chore(argo-workflows): Remove legacy API versions for PDBs (#1741) Signed-off-by: yu-croco Co-authored-by: Petr Drastil --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/_helpers.tpl | 11 ----------- .../workflow-controller-deployment-pdb.yaml | 2 +- .../templates/server/server-deployment-pdb.yaml | 2 +- 4 files changed, 4 insertions(+), 15 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index c775ebc5..32108003 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.4 +version: 0.22.5 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,4 +13,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Changelog link on README" + - "[Removed]: legacy API versions for PDBs" diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index a3ce8934..057ed5f9 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -129,17 +129,6 @@ Return the appropriate apiVersion for ingress {{- end -}} {{- end -}} -{{/* -Return the appropriate apiVersion for pod disruption budget -*/}} -{{- define "argo-workflows.podDisruptionBudget.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "argo-workflows.kubeVersion" $) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - {{/* Return the target Kubernetes version */}} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index deef3de1..4e7545c7 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -1,5 +1,5 @@ {{- if .Values.controller.pdb.enabled }} -apiVersion: {{ include "argo-workflows.podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.controller.fullname" . }} diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml index 47be0dd1..d92a4083 100644 --- a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -1,5 +1,5 @@ {{- if and .Values.server.enabled .Values.server.pdb.enabled -}} -apiVersion: {{ include "argo-workflows.podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.server.fullname" . }} From daba66b68c69d37db2fe878f9df4a902978ff479 Mon Sep 17 00:00:00 2001 From: Ramin A Date: Thu, 29 Dec 2022 09:55:31 -0800 Subject: [PATCH 014/768] fix(argo-events): Added missing NATS version in values.yaml (#1735) Signed-off-by: Ramin Akhbari Co-authored-by: Petr Drastil --- charts/argo-events/Chart.yaml | 4 ++-- charts/argo-events/README.md | 2 +- charts/argo-events/values.yaml | 4 ++++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 91b74800..ece10ef8 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.4 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.0.10 +version: 2.0.11 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,4 +15,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Changed]: Upgrade Argo events controller to v1.7.4" + - "[Fixed]: Added missing NATS version in values.yaml" diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 30f26f30..39b46bf5 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -57,7 +57,7 @@ done | configs.jetstream.versions[0].natsImage | string | `"nats:latest"` | | | configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | | configs.jetstream.versions[0].version | string | `"latest"` | | -| configs.nats.versions | list | `[{"metricsExporterImage":"natsio/prometheus-nats-exporter:latest","natsStreamingImage":"nats-streaming:latest","version":"latest"}]` | Supported versions of NATS event bus | +| configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 094a3638..c2436851 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -62,10 +62,14 @@ configs: ## NATS event bus nats: # -- Supported versions of NATS event bus + # @default -- See [values.yaml] versions: - version: latest natsStreamingImage: nats-streaming:latest metricsExporterImage: natsio/prometheus-nats-exporter:latest + - version: 0.22.1 + natsStreamingImage: nats-streaming:0.22.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.8.0 ## JetStream event bus jetstream: From 5bd70fbd24f7303c58e388370144a5cb8f64964d Mon Sep 17 00:00:00 2001 From: huiwq1990 Date: Fri, 30 Dec 2022 13:20:47 +0800 Subject: [PATCH 015/768] feat(argo-workflows): add envFrom for main container (#1736) Signed-off-by: huiwq1990 Signed-off-by: huiwq1990 --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../templates/controller/workflow-controller-config-map.yaml | 5 ++++- charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 32108003..c317d053 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.5 +version: 0.22.6 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,4 +13,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Removed]: legacy API versions for PDBs" + - "[Added]: Suuport envFrom for main container" diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 4c172f29..42a1e51c 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -153,6 +153,7 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| | mainContainer.env | list | `[]` | Adds environment variables for the Workflow main container | +| mainContainer.envFrom | list | `[]` | Adds reference environment variables for the Workflow main container | | mainContainer.imagePullPolicy | string | `""` | imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`. | | mainContainer.resources | object | `{}` | Resource limits and requests for the Workflow main container | | mainContainer.securityContext | object | `{}` | sets security context for the Workflow main container | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index ea4660e0..1193163a 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -25,7 +25,7 @@ data: {{- with .Values.controller.initialDelay }} initialDelay: {{ . }} {{- end }} - {{- if or .Values.mainContainer.resources .Values.mainContainer.env .Values.mainContainer.securityContext}} + {{- if or .Values.mainContainer.resources .Values.mainContainer.env .Values.mainContainer.envFrom .Values.mainContainer.securityContext}} mainContainer: imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.mainContainer.imagePullPolicy }} {{- with .Values.mainContainer.resources }} @@ -34,6 +34,9 @@ data: {{- with .Values.mainContainer.env }} env: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.mainContainer.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.mainContainer.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 3f643906..034c662a 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -324,6 +324,8 @@ mainContainer: resources: {} # -- Adds environment variables for the Workflow main container env: [] + # -- Adds reference environment variables for the Workflow main container + envFrom: [] # -- sets security context for the Workflow main container securityContext: {} From 4b8703db7571b4131262640be1e0fa3efbfcffb6 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 3 Jan 2023 10:46:01 +0900 Subject: [PATCH 016/768] chore(argo-workflows): Support podGCDeleteDelayDuration and podGCGracePeriodSeconds (#1728) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 2 ++ .../controller/workflow-controller-config-map.yaml | 6 ++++++ charts/argo-workflows/values.yaml | 8 ++++++++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index c317d053..61c78e11 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.6 +version: 0.22.7 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,4 +13,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Suuport envFrom for main container" + - "[Added]: Support podGCDeleteDelayDuration and podGCGracePeriodSeconds" diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 42a1e51c..19bc0ee2 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -111,6 +111,8 @@ Fields to note: | controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods | | controller.persistence | object | `{}` | enable persistence using postgres | | controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods | +| controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. | +| controller.podGCGracePeriodSeconds | string | `30` seconds (Kubernetes default) | Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. | | controller.podLabels | object | `{}` | Optional labels to add to the controller pods | | controller.podSecurityContext | object | `{}` | SecurityContext to set on the controller pods | | controller.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages. | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 1193163a..125f48d3 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -181,3 +181,9 @@ data: {{- with .Values.controller.kubeConfig }} kubeConfig: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.controller.podGCGracePeriodSeconds }} + podGCGracePeriodSeconds: {{ . }} + {{- end }} + {{- with .Values.controller.podGCDeleteDelayDuration }} + podGCDeleteDelayDuration: {{ . }} + {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 034c662a..bb102c8b 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -316,6 +316,14 @@ controller: # # volume name when mounting the secret, default to kubeconfig # volumeName: kube-config-volume + # -- Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. + # @default -- `30` seconds (Kubernetes default) + podGCGracePeriodSeconds: + + # -- The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. + # @default -- `5s` (Argo Workflows default) + podGCDeleteDelayDuration: "" + # mainContainer adds default config for main container that could be overriden in workflows template mainContainer: # -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`. From 45861fadb78bc79456b97f636a5ab05bf1b8890a Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 4 Jan 2023 10:49:30 +0100 Subject: [PATCH 017/768] docs(argo-cd): Improve documentation for extra containers (#1747) Signed-off-by: Petr Drastil Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 675 +++++++++++++++++-------------------- 3 files changed, 318 insertions(+), 365 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4867e68c..a3f338f0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.16.13 +version: 5.16.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,6 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Removed]: Legacy API versions for Ingresses" + - "[Docs]: Added sample how to provide K8s credentials plugin" + - "[Docs]: Added sample how to provide Argo config management plugin" + - "[Docs]: Removed samples that injects tools into incorrect controllers" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 03d9e7f7..f71184f3 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -639,7 +639,7 @@ NAME: my-release | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | | server.extensions.enabled | bool | `false` | Enable support for Argo UI extensions | -| server.extensions.image.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy for extensions | +| server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image | | server.extensions.image.tag | string | `"v0.1.0"` | Tag to use for extensions image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8228f29e..010d7cbe 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -520,14 +520,6 @@ controller: # # -- define the application controller `--repo-server-timeout-seconds` # repoServerTimeoutSeconds: "60" - # DEPRECATED - Use configs.params to override - # -- Application controller log format. Either `text` or `json` - # @default -- `""` (defaults to global.logging.format) - # logFormat: "" - # -- Application controller log level. One of: `debug`, `info`, `warn` or `error` - # @default -- `""` (defaults to global.logging.level) - # logLevel: "" - # -- Additional command line arguments to pass to application controller extraArgs: [] @@ -542,6 +534,35 @@ controller: # - secretRef: # name: secret-name + # -- Additional containers to be added to the application controller pod + extraContainers: [] + + # -- Init containers to add to the application controller pod + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the server pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + initContainers: [] + # - name: download-tools + # image: alpine:3 + # command: [sh, -c] + # args: + # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && + # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + + # -- Additional volumeMounts to the application controller main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin + # name: custom-tools + # subPath: kubelogin + + # -- Additional volumes to the application controller pod + volumes: [] + # - name: custom-tools + # emptyDir: {} + # -- Annotations for the application controller StatefulSet statefulsetAnnotations: {} @@ -551,6 +572,15 @@ controller: # -- Labels to be added to application controller pods podLabels: {} + # -- Resource limits and requests for the application controller pods + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + # -- Application controller container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -580,12 +610,6 @@ controller: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 - # -- Additional volumeMounts to the application controller main container - volumeMounts: [] - - # -- Additional volumes to the application controller pod - volumes: [] - # -- [Node selector] nodeSelector: {} @@ -606,15 +630,6 @@ controller: # -- Priority class for the application controller pods priorityClassName: "" - # -- Resource limits and requests for the application controller pods - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 250m - # memory: 256Mi - serviceAccount: # -- Create a service account for the application controller create: true @@ -716,28 +731,6 @@ controller: # -- List of custom rules for the application controller's ClusterRole resource rules: [] - # -- Additional containers to be added to the application controller pod - extraContainers: [] - - # -- Init containers to add to the application controller pod - ## If your target Kubernetes cluster(s) require a custom auth provider executable - ## you could use this (and the same in the server pod) to bootstrap - ## that executable into your Argo CD container - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - ## Dex dex: # -- Enable dex @@ -835,6 +828,18 @@ dex: # - secretRef: # name: secret-name + # -- Additional containers to be added to the dex pod + extraContainers: [] + + # -- Init containers to add to the dex pod + initContainers: [] + + # -- Additional volumeMounts to the dex main container + volumeMounts: [] + + # -- Additional volumes to the dex pod + volumes: [] + # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers. @@ -861,6 +866,15 @@ dex: # -- Labels to be added to the Dex server pods podLabels: {} + # -- Resource limits and requests for dex + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + # -- Dex container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -912,12 +926,6 @@ dex: # -- Automount API credentials for the Service Account automountServiceAccountToken: true - # -- Additional volumeMounts to the dex main container - volumeMounts: [] - - # -- Additional volumes to the dex pod - volumes: [] - # -- Container port for HTTP access containerPortHttp: 5556 # -- Service port for HTTP access @@ -953,34 +961,6 @@ dex: # -- Priority class for dex priorityClassName: "" - # -- Resource limits and requests for dex - resources: {} - # limits: - # cpu: 50m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi - - # -- Additional containers to be added to the dex pod - extraContainers: [] - - # -- Init containers to add to the dex pod - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - ## Redis redis: # -- Enable redis @@ -1022,11 +1002,6 @@ redis: # - --bind # - "0.0.0.0" - # -- Redis container port - containerPort: 6379 - # -- Redis service port - servicePort: 6379 - # -- Environment variables to pass to the Redis server env: [] @@ -1038,6 +1013,18 @@ redis: # - secretRef: # name: secret-name + # -- Additional containers to be added to the redis pod + extraContainers: [] + + # -- Init containers to add to the redis pod + initContainers: [] + + # -- Additional volumeMounts to the redis container + volumeMounts: [] + + # -- Additional volumes to the redis pod + volumes: [] + # -- Annotations to be added to the Redis server Deployment deploymentAnnotations: {} @@ -1047,6 +1034,15 @@ redis: # -- Labels to be added to the Redis server pods podLabels: {} + # -- Resource limits and requests for redis + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + # -- Redis pod-level security context # @default -- See [values.yaml] securityContext: @@ -1063,10 +1059,17 @@ redis: drop: - ALL + # -- Redis container port + containerPort: 6379 + # -- Redis service port + servicePort: 6379 + # -- [Node selector] nodeSelector: {} + # -- [Tolerations] for use with node taints tolerations: [] + # -- Assign custom [affinity] rules to the deployment affinity: {} @@ -1091,39 +1094,6 @@ redis: # -- Automount API credentials for the Service Account automountServiceAccountToken: false - # -- Resource limits and requests for redis - resources: {} - # limits: - # cpu: 200m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 64Mi - - # -- Additional volumeMounts to the redis container - volumeMounts: [] - # -- Additional volumes to the redis pod - volumes: [] - - # -- Additional containers to be added to the redis pod - extraContainers: [] - - # -- Init containers to add to the redis pod - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - service: # -- Redis service annotations annotations: {} @@ -1200,7 +1170,6 @@ redis: # -- Prometheus ServiceMonitor annotations annotations: {} - # This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true) # the custom redis deployment is omitted # Check the redis-ha chart for more properties @@ -1347,13 +1316,93 @@ server: # -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container lifecycle: {} - # DEPRECATED - Use configs.params to override - # -- Argo CD server log format: Either `text` or `json` - # @default -- `""` (defaults to global.logging.format) - # logFormat: "" - # -- Argo CD server log level. One of: `debug`, `info`, `warn` or `error` - # @default -- `""` (defaults to global.logging.level) - # logLevel: "" + ## Argo UI extensions + ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. + ## Ref: https://github.com/argoproj-labs/argocd-extensions + extensions: + # -- Enable support for Argo UI extensions + enabled: false + + ## Argo UI extensions image + image: + # -- Repository to use for extensions image + repository: "ghcr.io/argoproj-labs/argocd-extensions" + # -- Tag to use for extensions image + tag: "v0.1.0" + # -- Image pull policy for extensions + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Server UI extensions container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + # -- Resource limits and requests for the argocd-extensions container + resources: {} + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + + # -- Additional containers to be added to the server pod + ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + extraContainers: [] + # - name: my-sidecar + # image: nginx:latest + # - name: lemonldap-ng-controller + # image: lemonldapng/lemonldap-ng-controller:0.2.0 + # args: + # - /lemonldap-ng-controller + # - --alsologtostderr + # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration + # env: + # - name: POD_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.name + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: + # fieldPath: metadata.namespace + # volumeMounts: + # - name: copy-portal-skins + # mountPath: /srv/var/lib/lemonldap-ng/portal/skins + + # -- Init containers to add to the server pod + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the application controller pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + initContainers: [] + # - name: download-tools + # image: alpine:3 + # command: [sh, -c] + # args: + # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && + # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + + # -- Additional volumeMounts to the server main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin + # name: custom-tools + # subPath: kubelogin + + # -- Additional volumes to the server pod + volumes: [] + # - name: custom-tools + # emptyDir: {} # -- Annotations to be added to server Deployment deploymentAnnotations: {} @@ -1364,6 +1413,15 @@ server: # -- Labels to be added to server pods podLabels: {} + # -- Resource limits and requests for the Argo CD server + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 50m + # memory: 64Mi + # -- Configures the server port containerPort: 8080 @@ -1392,12 +1450,6 @@ server: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 - # -- Additional volumeMounts to the server main container - volumeMounts: [] - - # -- Additional volumes to the server pod - volumes: [] - # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints @@ -1428,15 +1480,6 @@ server: drop: - ALL - # -- Resource limits and requests for the Argo CD server - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 50m - # memory: 64Mi - # TLS certificate configuration via cert-manager ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server certificate: @@ -1727,86 +1770,6 @@ server: # enabled: true # responseCodeName: RESPONSE_CODE - # -- Additional containers to be added to the server pod - ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. - extraContainers: [] - # - name: my-sidecar - # image: nginx:latest - # - name: lemonldap-ng-controller - # image: lemonldapng/lemonldap-ng-controller:0.2.0 - # args: - # - /lemonldap-ng-controller - # - --alsologtostderr - # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration - # env: - # - name: POD_NAME - # valueFrom: - # fieldRef: - # fieldPath: metadata.name - # - name: POD_NAMESPACE - # valueFrom: - # fieldRef: - # fieldPath: metadata.namespace - # volumeMounts: - # - name: copy-portal-skins - # mountPath: /srv/var/lib/lemonldap-ng/portal/skins - - # -- Init containers to add to the server pod - ## If your target Kubernetes cluster(s) require a custom auth provider executable - ## you could use this (and the same in the application controller pod) to bootstrap - ## that executable into your Argo CD container - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - - ## Argo UI extensions - ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. - ## Ref: https://github.com/argoproj-labs/argocd-extensions - extensions: - # -- Enable support for Argo UI extensions - enabled: false - - ## Argo UI extensions image - image: - # -- Repository to use for extensions image - repository: "ghcr.io/argoproj-labs/argocd-extensions" - # -- Tag to use for extensions image - tag: "v0.1.0" - # -- Image pull policy for extensions - imagePullPolicy: IfNotPresent - - # -- Server UI extensions container-level security context - # @default -- See [values.yaml] - containerSecurityContext: - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - - # -- Resource limits and requests for the argocd-extensions container - resources: {} - # limits: - # cpu: 50m - # memory: 128Mi - # requests: - # cpu: 10m - # memory: 64Mi - ## Repo Server repoServer: # -- Repo server name @@ -1863,13 +1826,13 @@ repoServer: image: # -- Repository to use for the repo server # @default -- `""` (defaults to global.image.repository) - repository: "" # defaults to global.image.repository + repository: "" # -- Tag to use for the repo server # @default -- `""` (defaults to global.image.tag) - tag: "" # defaults to global.image.tag + tag: "" # -- Image pull policy for the repo server # @default -- `""` (defaults to global.image.imagePullPolicy) - imagePullPolicy: "" # IfNotPresent + imagePullPolicy: "" # -- Secrets with credentials to pull images from a private registry # @default -- `[]` (defaults to global.imagePullSecrets) @@ -1889,13 +1852,43 @@ repoServer: # - secretRef: # name: secret-name - # DEPRECATED - Use configs.params to override - # -- Repo server log format: Either `text` or `json` - # @default -- `""` (defaults to global.logging.level) - # logFormat: "" - # -- Repo server log level. One of: `debug`, `info`, `warn` or `error` - # @default -- `""` (defaults to global.logging.format) - # logLevel: "" + # -- Additional containers to be added to the repo server pod + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ + extraContainers: [] + # - name: cmp + # # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server + # command: [/var/run/argocd/argocd-cmp-server] + # image: busybox # This can be off-the-shelf or custom-built image + # securityContext: + # runAsNonRoot: true + # runAsUser: 999 + # volumeMounts: + # - mountPath: /var/run/argocd + # name: var-files + # - mountPath: /home/argocd/cmp-server/plugins + # name: plugins + # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. + # - mountPath: /home/argocd/cmp-server/config/plugin.yaml + # subPath: plugin.yaml + # name: cmp-plugin + # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # # mitigate path traversal attacks. + # - mountPath: /tmp + # name: cmp-tmp + + # -- Init containers to add to the repo server pods + initContainers: [] + + # -- Additional volumeMounts to the repo server main container + volumeMounts: [] + + # -- Additional volumes to the repo server pod + volumes: [] + # - name: cmp-plugin + # configMap: + # name: cmp-plugin + # - name: cmp-tmp + # emptyDir: {} # -- Annotations to be added to repo server Deployment deploymentAnnotations: {} @@ -1906,6 +1899,15 @@ repoServer: # -- Labels to be added to repo server pods podLabels: {} + # -- Resource limits and requests for the repo server pods + resources: {} + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + # -- Configures the repo server port containerPort: 8081 @@ -1934,17 +1936,6 @@ repoServer: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 - # -- Additional volumeMounts to the repo server main container - volumeMounts: [] - - # -- Additional volumes to the repo server pod - volumes: [] - ## Use init containers to configure custom tooling - ## https://argo-cd.readthedocs.io/en/stable/operator-manual/custom_tools/ - ## When using the volumes & volumeMounts section bellow, please comment out those above. - # - name: custom-tools - # emptyDir: {} - # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints @@ -1975,15 +1966,6 @@ repoServer: drop: - ALL - # -- Resource limits and requests for the repo server pods - resources: {} - # limits: - # cpu: 50m - # memory: 128Mi - # requests: - # cpu: 10m - # memory: 64Mi - # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers. @@ -2077,9 +2059,6 @@ repoServer: # -- Automount API credentials for the Service Account automountServiceAccountToken: true - # -- Additional containers to be added to the repo server pod - extraContainers: [] - # -- Repo server rbac rules rbac: [] # - apiGroups: @@ -2091,22 +2070,6 @@ repoServer: # - list # - watch - # -- Init containers to add to the repo server pods - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - ## ApplicationSet controller applicationSet: # -- Enable ApplicationSet controller @@ -2150,6 +2113,13 @@ applicationSet: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] + # -- ApplicationSet controller log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + logFormat: "" + # -- ApplicationSet controller log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + logLevel: "" + args: # -- The default metric address metricsAddr: :8080 @@ -2160,16 +2130,31 @@ applicationSet: # -- Enable dry run mode dryRun: false - # -- ApplicationSet controller log format. Either `text` or `json` - # @default -- `""` (defaults to global.logging.format) - logFormat: "" - # -- ApplicationSet controller log level. One of: `debug`, `info`, `warn`, `error` - # @default -- `""` (defaults to global.logging.level) - logLevel: "" + # -- List of extra cli args to add + extraArgs: [] + + # -- Environment variables to pass to the ApplicationSet controller + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the ApplicationSet controller + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name # -- Additional containers to be added to the ApplicationSet controller pod extraContainers: [] + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + ## Metrics service configuration metrics: # -- Deploy metrics service @@ -2238,6 +2223,15 @@ applicationSet: # -- Labels for the ApplicationSet controller pods podLabels: {} + # -- Resource limits and requests for the ApplicationSet controller pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # -- ApplicationSet controller container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -2280,19 +2274,6 @@ applicationSet: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 - # -- Resource limits and requests for the ApplicationSet controller pods. - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # -- [Node selector] nodeSelector: {} @@ -2305,32 +2286,6 @@ applicationSet: # -- If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. priorityClassName: "" - # -- List of extra mounts to add (normally used with extraVolumes) - extraVolumeMounts: [] - # - mountPath: /tmp/foobar - # name: foobar - - # -- List of extra volumes to add - extraVolumes: [] - # - name: foobar - # emptyDir: {} - - # -- List of extra cli args to add - extraArgs: [] - - # -- Environment variables to pass to the ApplicationSet controller - extraEnv: [] - # - name: "MY_VAR" - # value: "value" - - # -- envFrom to pass to the ApplicationSet controller - # @default -- `[]` (See [values.yaml]) - extraEnvFrom: [] - # - configMapRef: - # name: config-map-name - # - secretRef: - # name: secret-name - ## Webhook for the Git Generator ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) webhook: @@ -2384,9 +2339,6 @@ notifications: # -- Notifications controller name string name: notifications-controller - # -- Assign custom [affinity] rules - affinity: {} - # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates argocdUrl: @@ -2422,8 +2374,32 @@ notifications: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- [Node selector] - nodeSelector: {} + # -- Notifications controller log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + logFormat: "" + # -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + logLevel: "" + + # -- Extra arguments to provide to the notifications controller + extraArgs: [] + + # -- Additional container environment variables + extraEnv: [] + + # -- envFrom to pass to the notifications controller + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] # -- Define user-defined context ## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/#defining-user-defined-context @@ -2454,37 +2430,6 @@ notifications: # email-password: # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/email/ - # -- Notifications controller log format. Either `text` or `json` - # @default -- `""` (defaults to global.logging.format) - logFormat: "" - # -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error` - # @default -- `""` (defaults to global.logging.level) - logLevel: "" - - # -- Extra arguments to provide to the notifications controller - extraArgs: [] - - # -- Additional container environment variables - extraEnv: [] - - # -- envFrom to pass to the notifications controller - # @default -- `[]` (See [values.yaml]) - extraEnvFrom: [] - # - configMapRef: - # name: config-map-name - # - secretRef: - # name: secret-name - - # -- List of extra mounts to add (normally used with extraVolumes) - extraVolumeMounts: [] - # - mountPath: /tmp/foobar - # name: foobar - - # -- List of extra volumes to add - extraVolumes: [] - # - name: foobar - # emptyDir: {} - metrics: # -- Enables prometheus metrics server enabled: false @@ -2535,6 +2480,15 @@ notifications: # -- Labels to be applied to the notifications controller Pods podLabels: {} + # -- Resource limits and requests for the notifications controller + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # -- Notification controller container-level security Context # @default -- See [values.yaml] containerSecurityContext: @@ -2547,18 +2501,18 @@ notifications: drop: - ALL + # -- [Node selector] + nodeSelector: {} + + # -- [Tolerations] for use with node taints + tolerations: [] + + # -- Assign custom [affinity] rules + affinity: {} + # -- Priority class for the notifications controller pods priorityClassName: "" - # -- Resource limits and requests for the notifications controller - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - serviceAccount: # -- Specifies whether a service account should be created create: true @@ -2809,9 +2763,6 @@ notifications: # ] # }] - # -- [Tolerations] for use with node taints - tolerations: [] - # -- The trigger defines the condition when the notification should be sent ## For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/ triggers: {} From 7992b5d04b9ea0d13a3ae7799e042cf9056eb6cd Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 9 Jan 2023 18:03:26 -0600 Subject: [PATCH 018/768] feat(argo-workflows): Add helper function to determine image value, minus tag (#1754) We have a situation where we want to exclude the registry so that images can be pulled from in-network mirrors. Currently when you exclude the registry, you get stuck with a prefixing forward slash. Had to keep the tags in the manifest files because helm template requires a colon in the image value. Otherwise I'd move it into the helper function. image entries changed: server, controller, executor Signed-off-by: jmeridth Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/_helpers.tpl | 11 +++++++++++ .../controller/workflow-controller-deployment.yaml | 4 ++-- .../templates/server/server-deployment.yaml | 2 +- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 61c78e11..25aa9fd6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.7 +version: 0.22.8 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,4 +13,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Support podGCDeleteDelayDuration and podGCGracePeriodSeconds" + - "[Added]: Helm helper function to allow image registry to be absent" diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 057ed5f9..7719052d 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -142,3 +142,14 @@ Return the default Argo Workflows app version {{- define "argo-workflows.defaultTag" -}} {{- default .Chart.AppVersion .Values.images.tag }} {{- end -}} + +{{/* +Return full image name including or excluding registry based on existence +*/}} +{{- define "argo-workflows.image" -}} +{{- if and .image.registry .image.repository -}} + {{ .image.registry }}/{{ .image.repository }} +{{- else -}} + {{ .image.repository }} +{{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 7ce17155..b90122ca 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -34,14 +34,14 @@ spec: {{- end }} containers: - name: controller - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}" + image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} command: [ "workflow-controller" ] args: - "--configmap" - "{{ template "argo-workflows.controller.fullname" . }}-configmap" - "--executor-image" - - "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}" + - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}" - "--loglevel" - "{{ .Values.controller.logging.level }}" - "--gloglevel" diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index e1e9b680..70b1495c 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} containers: - name: argo-server - image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}" + image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} securityContext: {{- toYaml .Values.server.securityContext | nindent 12 }} From c5648d5c9f1e5c8a08690618f8ab0b76e4d8bacd Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 10 Jan 2023 09:58:45 +0100 Subject: [PATCH 019/768] chore(argo-cd): Consolidate cluster-wide RBAC (#1597) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 9 ++++--- charts/argo-cd/README.md | 6 ++--- charts/argo-cd/templates/NOTES.txt | 12 +++++++++ .../clusterrole.yaml | 27 ++++++++++--------- .../clusterrolebinding.yaml | 11 ++++---- .../argocd-repo-server/clusterrole.yaml | 27 ++++++++++--------- .../clusterrolebinding.yaml | 9 ++++--- .../templates/argocd-server/clusterrole.yaml | 3 ++- .../argocd-server/clusterrolebinding.yaml | 11 ++++---- charts/argo-cd/values.yaml | 21 +++------------ 10 files changed, 70 insertions(+), 66 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a3f338f0..912ffeff 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.16.14 +version: 5.16.15 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,6 +23,7 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Docs]: Added sample how to provide K8s credentials plugin" - - "[Docs]: Added sample how to provide Argo config management plugin" - - "[Docs]: Removed samples that injects tools into incorrect controllers" + - "[Added]: Option createClusterRoles to enable cluster roles from one place" + - "[Deprecated]: Option controller.clusterAdminAccess.enabled" + - "[Deprecated]: Option server.clusterAdminAccess.enabled" + - "[Deprecated]: Option repoServer.clusterAdminAccess.enabled" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f71184f3..ec1213f8 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -362,7 +362,8 @@ NAME: my-release | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | -| createAggregateRoles | bool | `false` | Create clusterroles that extend existing clusterroles to interact with argo-cd crds | +| createAggregateRoles | bool | `false` | Create aggregated roles that extend existing cluster roles to interact with argo-cd resources | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraObjects | list | `[]` | Array of extra K8s manifests to deploy | | fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | @@ -451,7 +452,6 @@ NAME: my-release |-----|------|---------|-------------| | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.args | object | `{}` | DEPRECATED - Application controller commandline flags | -| controller.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPort | int | `8082` | Application controller listening port | @@ -529,7 +529,6 @@ NAME: my-release | repoServer.certificateSecret.enabled | bool | `false` | Create argocd-repo-server-tls secret | | repoServer.certificateSecret.key | string | `""` | Certificate private key | | repoServer.certificateSecret.labels | object | `{}` | Labels to be added to argocd-repo-server-tls secret | -| repoServer.clusterAdminAccess.enabled | bool | `false` | Enable RBAC for local cluster deployments | | repoServer.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the Repo server's Cluster Role resource | | repoServer.clusterRoleRules.rules | list | `[]` | List of custom rules for the Repo server's Cluster Role resource | | repoServer.containerPort | int | `8081` | Configures the repo server port | @@ -631,7 +630,6 @@ NAME: my-release | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | | server.certificateSecret.key | string | `""` | Private Key of the certificate | | server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret | -| server.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments | | server.containerPort | int | `8080` | Configures the server port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 98bbb96a..30138ee4 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -52,6 +52,18 @@ DEPRECATED option configs.gpgKeys - Use config.gpg.keys {{- if .Values.configs.gpgKeysAnnotations }} DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations {{- end }} +{{- if hasKey .Values "createAggregateRoles" }} +DEPRECATED option createAggregateRoles - Use global.rbac.aggregatedRoles +{{- end }} +{{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }} +DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles +{{- end }} +{{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }} +DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles +{{- end }} +{{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }} +DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles +{{- end }} {{- if .Values.controller.service }} REMOVED option controller.service - Use controller.metrics {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml index 0aa82961..5ebe00b3 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -1,23 +1,24 @@ -{{- if .Values.controller.clusterAdminAccess.enabled }} +{{- $config := .Values.controller.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: {{- if .Values.controller.clusterRoleRules.enabled }} - {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 0 }} + {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }} {{- else }} -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 86d7c883..39ee80a6 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -1,16 +1,17 @@ -{{- if .Values.controller.clusterAdminAccess.enabled }} +{{- $config := .Values.controller.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.controllerServiceAccountName" . }} + name: {{ include "argo-cd.controllerServiceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml index 4ea41da3..21dff1a9 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml @@ -1,23 +1,24 @@ -{{- if and .Values.repoServer.serviceAccount.create .Values.repoServer.clusterAdminAccess.enabled }} +{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: {{- if .Values.repoServer.clusterRoleRules.enabled }} - {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 0 }} + {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }} {{- else }} -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index 9757912e..c3e21edb 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -1,16 +1,17 @@ -{{- if and .Values.repoServer.serviceAccount.create .Values.repoServer.clusterAdminAccess.enabled }} +{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.repoServerServiceAccountName" . }} + name: {{ include "argo-cd.repoServerServiceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 2caa4dd0..0f26d470 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -1,4 +1,5 @@ -{{- if .Values.server.clusterAdminAccess.enabled }} +{{- $config := .Values.server.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 9f5a960d..72e4d450 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -1,16 +1,17 @@ -{{- if .Values.server.clusterAdminAccess.enabled }} +{{- $config := .Values.server.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.serverServiceAccountName" . }} + name: {{ include "argo-cd.serverServiceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 010d7cbe..d799dcb9 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -19,9 +19,12 @@ apiVersionOverrides: # -- String to override apiVersion of autoscaling rendered by this helm chart autoscaling: "" # autoscaling/v2 -# -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds +# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles createAggregateRoles: false +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD runs +createClusterRoles: true openshift: # -- enables using arbitrary uid for argo repo server @@ -718,11 +721,6 @@ controller: # additionalLabels: {} # annotations: {} - ## Enable if you would like to grant rights to Argo CD to deploy to the local Kubernetes cluster. - clusterAdminAccess: - # -- Enable RBAC for local cluster deployments - enabled: true - ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off clusterRoleRules: @@ -1732,12 +1730,6 @@ server: # -- Termination policy of Openshift Route termination_policy: None - ## Enable Admin ClusterRole resources. - ## Enable if you would like to grant rights to Argo CD to deploy to the local Kubernetes cluster. - clusterAdminAccess: - # -- Enable RBAC for local cluster deployments - enabled: true - GKEbackendConfig: # -- Enable BackendConfig custom resource for Google Kubernetes Engine enabled: false @@ -2031,11 +2023,6 @@ repoServer: # -- Prometheus ServiceMonitor annotations annotations: {} - ## Enable Admin ClusterRole resources. - ## Enable if you would like to grant cluster rights to Argo CD repo server. - clusterAdminAccess: - # -- Enable RBAC for local cluster deployments - enabled: false ## Enable Custom Rules for the Repo server's Cluster Role resource ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off From 31242020c44e75815945aed42a8244a7c13d9dd7 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 10 Jan 2023 13:31:57 +0100 Subject: [PATCH 020/768] feat(argo-cd): Allow templated values for init and extra containers (#1749) --- charts/argo-cd/Chart.yaml | 9 ++-- charts/argo-cd/README.md | 3 ++ .../statefulset.yaml | 10 ++-- .../argocd-applicationset/deployment.yaml | 6 ++- .../argocd-notifications/deployment.yaml | 51 +++++++++++-------- .../argocd-repo-server/deployment.yaml | 48 ++++++++--------- .../templates/argocd-server/deployment.yaml | 14 ++--- charts/argo-cd/templates/dex/deployment.yaml | 44 ++++++++-------- .../argo-cd/templates/redis/deployment.yaml | 10 ++-- charts/argo-cd/values.yaml | 26 +++++++++- 10 files changed, 128 insertions(+), 93 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 912ffeff..45ff4446 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.16.15 +version: 5.17.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,7 +23,6 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Option createClusterRoles to enable cluster roles from one place" - - "[Deprecated]: Option controller.clusterAdminAccess.enabled" - - "[Deprecated]: Option server.clusterAdminAccess.enabled" - - "[Deprecated]: Option repoServer.clusterAdminAccess.enabled" + - "[Added]: Support for extraContainers and initContainers for applicationSet and notifications" + - "[Added]: Support for use of Helm templates for extraContainers and initContainers" + - "[Docs]: Added notes about custom Helm template support" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ec1213f8..dabacfe7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -970,6 +970,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller | | applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller | | applicationSet.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | If defined, uses a Secret to pull an image from a private Docker registry or repository. | +| applicationSet.initContainers | list | `[]` | Init containers to add to the ApplicationSet controller pod | | applicationSet.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | | applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | applicationSet.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | @@ -1063,6 +1064,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | | notifications.enabled | bool | `true` | Enable notifications controller | | notifications.extraArgs | list | `[]` | Extra arguments to provide to the notifications controller | +| notifications.extraContainers | list | `[]` | Additional containers to be added to the notifications controller pod | | notifications.extraEnv | list | `[]` | Additional container environment variables | | notifications.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the notifications controller | | notifications.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | @@ -1071,6 +1073,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the notifications controller | | notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller | | notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod | | notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` | | notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` | | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 66486b53..208545e0 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -257,7 +257,11 @@ spec: - mountPath: /home/argocd name: argocd-home {{- with .Values.controller.extraContainers }} - {{- toYaml . | nindent 6 }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} {{- with .Values.controller.nodeSelector }} nodeSelector: @@ -304,10 +308,6 @@ spec: path: tls.key - key: ca.crt path: ca.crt - {{- with .Values.controller.initContainers }} - initContainers: - {{- toYaml . | nindent 6 }} - {{- end }} {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index ce4cd821..0c3862de 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -125,8 +125,12 @@ spec: - mountPath: /tmp name: tmp {{- with .Values.applicationSet.extraContainers }} - {{- toYaml . | nindent 8 }} + {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} + {{- with .Values.applicationSet.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} {{- with .Values.applicationSet.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 2be14fdd..7ee9f8f4 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -81,12 +81,39 @@ spec: {{- with .Values.notifications.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.notifications.extraContainers }} + {{- tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + {{- with .Values.notifications.initContainers }} + initContainers: + {{- tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + {{- with .Values.notifications.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} volumes: - - configMap: + {{- with .Values.notifications.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: tls-certs + configMap: name: argocd-tls-certs-cm - name: tls-certs - name: argocd-repo-server-tls secret: + secretName: argocd-repo-server-tls + optional: true items: - key: tls.crt path: tls.crt @@ -94,24 +121,4 @@ spec: path: tls.key - key: ca.crt path: ca.crt - optional: true - secretName: argocd-repo-server-tls - {{- with .Values.notifications.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index d8cbb97d..04117ba3 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -264,7 +264,30 @@ spec: securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} {{- with .Values.repoServer.extraContainers }} - {{- toYaml . | nindent 6 }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + initContainers: + - command: + - cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} + name: copyutil + {{- with .Values.repoServer.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.repoServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + {{- with .Values.repoServer.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} {{- with .Values.repoServer.nodeSelector }} nodeSelector: @@ -328,29 +351,6 @@ spec: path: tls.key - key: ca.crt path: ca.crt - initContainers: - - command: - - cp - - -n - - /usr/local/bin/argocd - - /var/run/argocd/argocd-cmp-server - image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} - name: copyutil - {{- with .Values.repoServer.resources }} - resources: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.repoServer.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 10 }} - {{- end }} - volumeMounts: - - mountPath: /var/run/argocd - name: var-files - {{- with .Values.repoServer.initContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} {{- with .Values.repoServer.priorityClassName }} priorityClassName: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 7793b11a..c38d9348 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -319,9 +319,6 @@ spec: lifecycle: {{- toYaml . | nindent 10 }} {{- end }} - {{- with .Values.server.extraContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} {{- if .Values.server.extensions.enabled }} - name: argocd-extensions image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }} @@ -336,6 +333,13 @@ spec: - name: tmp mountPath: /tmp {{- end }} + {{- with .Values.server.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.server.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} {{- with .Values.server.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -406,10 +410,6 @@ spec: path: tls.crt - key: ca.crt path: ca.crt - {{- with .Values.server.initContainers }} - initContainers: - {{- toYaml . | nindent 6 }} - {{- end }} {{- with .Values.server.priorityClassName }} priorityClassName: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 5900070f..bd0362b3 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -43,27 +43,6 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} - initContainers: - - name: copyutil - image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} - command: - - cp - - -n - - /usr/local/bin/argocd - - /shared/argocd-dex - volumeMounts: - - mountPath: /shared - name: static-files - - mountPath: /tmp - name: dexconfig - resources: - {{- toYaml .Values.dex.resources | nindent 10 }} - securityContext: - {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} - {{- with .Values.dex.initContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} @@ -136,7 +115,28 @@ spec: - name: argocd-dex-server-tls mountPath: /tls {{- with .Values.dex.extraContainers }} - {{- toYaml . | nindent 6 }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + initContainers: + - name: copyutil + image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} + command: + - cp + - -n + - /usr/local/bin/argocd + - /shared/argocd-dex + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + resources: + {{- toYaml .Values.dex.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- with .Values.dex.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} {{- with .Values.dex.nodeSelector }} nodeSelector: diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 38ba73be..6c6a4dbe 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -41,10 +41,6 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }} - {{- with .Values.redis.initContainers }} - initContainers: - {{- toYaml . | nindent 6 }} - {{- end }} containers: - name: {{ .Values.redis.name }} image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} @@ -96,7 +92,11 @@ spec: {{- toYaml .Values.redis.metrics.containerSecurityContext | nindent 10 }} {{- end }} {{- with .Values.redis.extraContainers }} - {{- toYaml . | nindent 6 }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.redis.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} {{- with .Values.redis.nodeSelector }} nodeSelector: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d799dcb9..9fad462e 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -439,6 +439,7 @@ configs: # } # -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates extraObjects: [] # - apiVersion: secrets-store.csi.x-k8s.io/v1 # kind: SecretProviderClass @@ -538,12 +539,14 @@ controller: # name: secret-name # -- Additional containers to be added to the application controller pod + ## Note: Supports use of custom Helm templates extraContainers: [] # -- Init containers to add to the application controller pod ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin ## you could use this (and the same in the server pod) to provide such executable ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + ## Note: Supports use of custom Helm templates initContainers: [] # - name: download-tools # image: alpine:3 @@ -827,9 +830,11 @@ dex: # name: secret-name # -- Additional containers to be added to the dex pod + ## Note: Supports use of custom Helm templates extraContainers: [] # -- Init containers to add to the dex pod + ## Note: Supports use of custom Helm templates initContainers: [] # -- Additional volumeMounts to the dex main container @@ -1012,9 +1017,11 @@ redis: # name: secret-name # -- Additional containers to be added to the redis pod + ## Note: Supports use of custom Helm templates extraContainers: [] # -- Init containers to add to the redis pod + ## Note: Supports use of custom Helm templates initContainers: [] # -- Additional volumeMounts to the redis container @@ -1353,7 +1360,7 @@ server: # memory: 64Mi # -- Additional containers to be added to the server pod - ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + ## Note: Supports use of custom Helm templates extraContainers: [] # - name: my-sidecar # image: nginx:latest @@ -1846,11 +1853,13 @@ repoServer: # -- Additional containers to be added to the repo server pod ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ + ## Note: Supports use of custom Helm templates extraContainers: [] # - name: cmp # # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server # command: [/var/run/argocd/argocd-cmp-server] - # image: busybox # This can be off-the-shelf or custom-built image + # # This can be off-the-shelf or custom-built image + # image: busybox # securityContext: # runAsNonRoot: true # runAsUser: 999 @@ -2134,8 +2143,13 @@ applicationSet: # name: secret-name # -- Additional containers to be added to the ApplicationSet controller pod + ## Note: Supports use of custom Helm templates extraContainers: [] + # -- Init containers to add to the ApplicationSet controller pod + ## Note: Supports use of custom Helm templates + initContainers: [] + # -- List of extra mounts to add (normally used with extraVolumes) extraVolumeMounts: [] @@ -2382,6 +2396,14 @@ notifications: # - secretRef: # name: secret-name + # -- Additional containers to be added to the notifications controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the notifications controller pod + ## Note: Supports use of custom Helm templates + initContainers: [] + # -- List of extra mounts to add (normally used with extraVolumes) extraVolumeMounts: [] From 136d8c4fca96cfad3736ba44ea4df17195c343da Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 11 Jan 2023 15:33:30 +0900 Subject: [PATCH 021/768] chore(argo-cd): Update Argo CD to v2.5.6 (#1757) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 45ff4446..7e45a587 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.5.5 +appVersion: v2.5.6 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.17.0 +version: 5.17.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,6 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Support for extraContainers and initContainers for applicationSet and notifications" - - "[Added]: Support for use of Helm templates for extraContainers and initContainers" - - "[Docs]: Added notes about custom Helm template support" + - "[Changed]: Update Argo CD to v2.5.6" From 5c6ad38b15fccd082da657bc577d23a803808d09 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Jan 2023 07:39:58 +0100 Subject: [PATCH 022/768] chore(deps): bump helm/chart-releaser-action from 1.4.1 to 1.5.0 (#1752) Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Kilchhofer --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ac6f0137..cb56596b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -39,7 +39,7 @@ jobs: git checkout origin/gh-pages index.yaml - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 + uses: helm/chart-releaser-action@v1.5.0 with: config: "./.github/configs/cr.yaml" env: From 2777121707ccb8a9cdc45e84b496fea2568db483 Mon Sep 17 00:00:00 2001 From: Kiyoshi Muranaka Date: Wed, 18 Jan 2023 11:38:50 +0900 Subject: [PATCH 023/768] feat(argo-rollouts): Add support for topologySpreadConstraints (#1755) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 3 +++ charts/argo-rollouts/README.md.gotmpl | 1 + .../templates/controller/deployment.yaml | 12 ++++++++++++ .../templates/dashboard/deployment.yaml | 12 ++++++++++++ charts/argo-rollouts/values.yaml | 18 ++++++++++++++++++ 6 files changed, 48 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 6688d9b0..913a190a 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.3.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.21.1 +version: 2.21.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,4 +15,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Changed]: Upgrade ArgoRollouts to v1.3.1" + - "[Added]: Add support for topologySpreadConstraints" diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index e471d284..43f68a05 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -88,6 +88,7 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r | controller.replicas | int | `2` | The number of controller pods to run | | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | | podAnnotations | object | `{}` | Annotations to be added to the Rollout pods | | podLabels | object | `{}` | Labels to be added to the Rollout pods | | podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | @@ -145,6 +146,7 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r | dashboard.serviceAccount.create | bool | `true` | Specifies whether a dashboard service account should be created | | dashboard.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | dashboard.tolerations | list | `[]` | [Tolerations] for use with node taints | +| dashboard.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the dashboard server | ## Upgrading @@ -174,6 +176,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ [Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [values.yaml]: values.yaml diff --git a/charts/argo-rollouts/README.md.gotmpl b/charts/argo-rollouts/README.md.gotmpl index 445c84db..1a587350 100644 --- a/charts/argo-rollouts/README.md.gotmpl +++ b/charts/argo-rollouts/README.md.gotmpl @@ -96,6 +96,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ [Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [values.yaml]: values.yaml diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index d06c0c92..d6adf9cf 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -83,6 +83,18 @@ spec: affinity: {{- toYaml .Values.controller.affinity | nindent 8 }} {{- end }} + {{- with .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + app.kubernetes.io/component: {{ $.Values.controller.component }} + {{- include "argo-rollouts.selectorLabels" $ | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index a84d4bbf..ebf9ce8b 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -65,6 +65,18 @@ spec: affinity: {{- toYaml .Values.dashboard.affinity | nindent 8 }} {{- end }} + {{- with .Values.dashboard.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-rollouts.selectorLabels" $ | nindent 12 }} + app.kubernetes.io/component: {{ $.Values.dashboard.component }} + {{- end }} + {{- end }} + {{- end }} {{- with .Values.dashboard.priorityClassName }} priorityClassName: {{ . }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index f74ed7a1..43d322c2 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -47,6 +47,15 @@ controller: tolerations: [] # -- Assign custom [affinity] rules to the deployment affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the controller + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # -- [priorityClassName] for the controller priorityClassName: "" # -- The number of controller pods to run @@ -194,6 +203,15 @@ dashboard: tolerations: [] # -- Assign custom [affinity] rules to the deployment affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the dashboard server + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # -- [priorityClassName] for the dashboard server priorityClassName: "" From 0d57f6ec17d24ae0786ceb85615991bf1d6a24b7 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 18 Jan 2023 15:44:21 +0900 Subject: [PATCH 024/768] chore(argo-cd): Update Argo CD to v2.5.7 (#1769) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7e45a587..0f294c96 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.5.6 +appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.17.1 +version: 5.17.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Update Argo CD to v2.5.6" + - "[Changed]: Update Argo CD to v2.5.7" From f3888bc99609cb82e1bda47a30dfc8c88c3cefb6 Mon Sep 17 00:00:00 2001 From: Victor Login Date: Wed, 18 Jan 2023 19:00:59 +0600 Subject: [PATCH 025/768] chore(argo-cd): Update Argo CD extensions to v0.2.1 (#1770) Signed-off-by: Victor Login Signed-off-by: Victor Login --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0f294c96..bc3ac6d1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.17.2 +version: 5.17.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Update Argo CD to v2.5.7" + - "[Changed]: Update Argo CD extensions to v0.2.1" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index dabacfe7..d1ad8c14 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -639,7 +639,7 @@ NAME: my-release | server.extensions.enabled | bool | `false` | Enable support for Argo UI extensions | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image | -| server.extensions.image.tag | string | `"v0.1.0"` | Tag to use for extensions image | +| server.extensions.image.tag | string | `"v0.2.1"` | Tag to use for extensions image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 9fad462e..cd0bee81 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1333,7 +1333,7 @@ server: # -- Repository to use for extensions image repository: "ghcr.io/argoproj-labs/argocd-extensions" # -- Tag to use for extensions image - tag: "v0.1.0" + tag: "v0.2.1" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From 206d4922bfdf0b757ea9885204cc3f4cfc56a7e1 Mon Sep 17 00:00:00 2001 From: Pedro Date: Thu, 19 Jan 2023 04:37:18 -0600 Subject: [PATCH 026/768] fix(argo-rollouts): avoid label exceeding maximum length (#1694) * fix(argo-rollouts): generated value for app.kubernetes.io/version label for argo-rollouts will not exceed maximum length and support passing a SHA digest. Signed-off-by: Pedro Salgado * fix: Add missing double quote in changelog Signed-off-by: Marco Kilchhofer Signed-off-by: Pedro Salgado Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-rollouts/Chart.yaml | 5 +++-- charts/argo-rollouts/templates/_helpers.tpl | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 913a190a..a15ecf9b 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.3.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.21.2 +version: 2.21.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,4 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Add support for topologySpreadConstraints" + - "[Fixed]: avoid app.kubernetes.io/version kubernetes label from exceeding maximum length (63)" + - "[Fixed]: generated value for app.kubernetes.io/version label is now valid even when defining a controller.image.tag with a SHA digest" diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 94733603..46ebaea5 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -31,6 +31,20 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create kubernetes friendly chart version label. + +Examples: +image.tag = v1.3.1 +output = v1.3.1 + +image.tag = v1.3.1@sha256:38828e693b02e6f858d89fa22a9d9811d3d7a2430a1d4c7d687b6f509775c6ce +output = v1.3.1 +*/}} +{{- define "argo-rollouts.chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default .Chart.AppVersion $.Values.controller.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + {{/* Common labels */}} @@ -38,7 +52,7 @@ Common labels helm.sh/chart: {{ include "argo-rollouts.chart" . }} {{ include "argo-rollouts.selectorLabels" . }} {{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ default .Chart.AppVersion $.Values.controller.image.tag | quote }} +app.kubernetes.io/version: {{ include "argo-rollouts.chart_version_label" . }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argo-rollouts From 132449caccd9cbb65499c7b1ac625fbc5dc76809 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Thu, 19 Jan 2023 15:14:02 -0600 Subject: [PATCH 027/768] chore(argo-rollouts): Upgrade argo-rollouts to 1.4.0 (#1774) Fixes #1763 Signed-off-by: jmeridth Signed-off-by: jmeridth --- charts/argo-rollouts/Chart.yaml | 7 +- .../templates/controller/clusterrole.yaml | 22 ++++- .../templates/controller/role.yaml | 99 +++++++++++++++++-- .../templates/crds/analysis-run-crd.yaml | 3 + .../templates/crds/analysis-template-crd.yaml | 3 + .../crds/cluster-analysis-template-crd.yaml | 3 + .../templates/crds/rollout-crd.yaml | 39 ++++++++ .../templates/dashboard/clusterrole.yaml | 7 +- 8 files changed, 166 insertions(+), 17 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index a15ecf9b..89ff80ef 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.3.1 +appVersion: v1.4.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.21.3 +version: 2.22.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,5 +15,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Fixed]: avoid app.kubernetes.io/version kubernetes label from exceeding maximum length (63)" - - "[Fixed]: generated value for app.kubernetes.io/version label is now valid even when defining a controller.image.tag with a SHA digest" + - "[Changed]: Upgrade ArgoRollouts to v1.4.0" diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index b8fdf475..eaaadd24 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -89,7 +89,7 @@ rules: - create - get - update -# secret access to run analysis templates which reference secrets, allow init containers to manipulate secrets +# secret read access to run analysis templates which reference secrets - apiGroups: - "" resources: @@ -99,9 +99,6 @@ rules: - get - list - watch - - create - - patch - - update # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -110,6 +107,7 @@ rules: verbs: - list - update + - watch # pods eviction needed for restart - apiGroups: - "" @@ -223,4 +221,20 @@ rules: - list - update - patch +- apiGroups: + - traefik.containo.us + resources: + - traefikservices + verbs: + - watch + - get + - update +- apiGroups: + - apisix.apache.org + resources: + - apisixroutes + verbs: + - watch + - get + - update {{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index 81ce8542..8c7aa9d4 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -56,7 +56,19 @@ rules: - update - patch - delete +# deployments and podtemplates read access needed for workload reference support +- apiGroups: + - "" + - apps + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch # services patch needed to update selector of canary/stable/active/preview services +# services create needed to create and delete services for experiments - apiGroups: - "" resources: @@ -66,8 +78,18 @@ rules: - list - watch - patch -# secret access to run analysis templates which reference secrets -# configmap access to read notification-engine configuration + - create + - delete +# leases create/get/update needed for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +# secret read access to run analysis templates which reference secrets - apiGroups: - "" resources: @@ -77,9 +99,6 @@ rules: - get - list - watch - - create - - patch - - update # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -88,6 +107,7 @@ rules: verbs: - list - update + - watch # pods eviction needed for restart - apiGroups: - "" @@ -129,15 +149,17 @@ rules: - update - patch - delete -# virtualservice access needed for using the Istio provider +# virtualservice/destinationrule access needed for using the Istio provider - apiGroups: - networking.istio.io resources: - virtualservices + - destinationrules verbs: - watch - get - update + - patch - list # trafficsplit access needed for using the SMI provider - apiGroups: @@ -150,4 +172,69 @@ rules: - get - update - patch +# ambassador access needed for Ambassador provider +- apiGroups: + - getambassador.io + - x.getambassador.io + resources: + - mappings + - ambassadormappings + verbs: + - create + - watch + - get + - update + - list + - delete +# Endpoints and TargetGroupBindings needed for ALB target group verification +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +- apiGroups: + - elbv2.k8s.aws + resources: + - targetgroupbindings + verbs: + - list + - get +# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualservices + verbs: + - watch + - get + - list +# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualnodes + - virtualrouters + verbs: + - watch + - get + - list + - update + - patch +- apiGroups: + - traefik.containo.us + resources: + - traefikservices + verbs: + - watch + - get + - update +- apiGroups: + - apisix.apache.org + resources: + - apisixroutes + verbs: + - watch + - get + - update {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 0d95f6f5..70187985 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -2742,6 +2742,9 @@ spec: type: array insecure: type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string method: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 862af976..c2846186 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -2738,6 +2738,9 @@ spec: type: array insecure: type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string method: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 60604611..a00f68fe 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -2738,6 +2738,9 @@ spec: type: array insecure: type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string method: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index ec58d318..3f6ea749 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -89,6 +89,12 @@ spec: revisionHistoryLimit: format: int32 type: integer + rollbackWindow: + properties: + revisions: + format: int32 + type: integer + type: object selector: properties: matchExpressions: @@ -397,6 +403,9 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + minPodsPerReplicaSet: + format: int32 + type: integer pingPong: properties: pingService: @@ -713,6 +722,20 @@ spec: required: - mappings type: object + apisix: + properties: + route: + properties: + name: + type: string + rules: + items: + type: string + type: array + required: + - name + type: object + type: object appMesh: properties: virtualNodeGroup: @@ -770,6 +793,14 @@ spec: items: type: string type: array + tcpRoutes: + items: + properties: + port: + format: int64 + type: integer + type: object + type: array tlsRoutes: items: properties: @@ -794,6 +825,14 @@ spec: items: type: string type: array + tcpRoutes: + items: + properties: + port: + format: int64 + type: integer + type: object + type: array tlsRoutes: items: properties: diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml index 6a84102d..5f05d6e6 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -44,17 +44,18 @@ rules: - get - list - watch - # deployments and podtemplates read access needed for workload reference support - apiGroups: - - "" - apps resources: - deployments - - podtemplates verbs: - get - list - watch + {{- if not .Values.dashboard.readonly }} + - update + - patch + {{- end }} - apiGroups: - apps resources: From 45c1534eeb03ee2a6cf89d2a2f10de2a00d206f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?carlos=20gonz=C3=A1lez?= Date: Thu, 19 Jan 2023 23:14:49 +0100 Subject: [PATCH 028/768] feat(argo-cd): Add labels for argocd-secret (#1779) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(argo-cd): add secret labels field (#1778) Signed-off-by: carlos gonzález Co-authored-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-configs/argocd-secret.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bc3ac6d1..0b495196 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.17.4 +version: 5.18.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Update Argo CD extensions to v0.2.1" + - "[Added]: Extra secret labels with .Values.configs.secret.labels" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d1ad8c14..278f1680 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -442,6 +442,7 @@ NAME: my-release | configs.secret.githubSecret | string | `""` | Shared secret for authenticating GitHub webhook events | | configs.secret.gitlabSecret | string | `""` | Shared secret for authenticating GitLab webhook events | | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | +| configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | | configs.tlsCerts | object | See [values.yaml] | TLS certificate | | configs.tlsCertsAnnotations | object | `{}` | TLS certificate configmap annotations | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index f289480d..84a51197 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -5,6 +5,9 @@ metadata: name: argocd-secret labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} + {{- with .Values.configs.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.configs.secret.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index cd0bee81..98b62c1e 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -392,6 +392,8 @@ configs: secret: # -- Create the argocd-secret createSecret: true + # -- Labels to be added to argocd-secret + labels: {} # -- Annotations to be added to argocd-secret annotations: {} From 9905dcca8eae8f2499c18c31475ad117b12611ad Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 20 Jan 2023 08:33:55 -0600 Subject: [PATCH 029/768] fix(argo-cd): Update CONTRIBUTING docs (#1782) * Update CONTRIBUTING - [x] versioning details - [x] remove broken links - [x] fix markdown linting errors - [x] README.md updating clarification * Rename variable in helm-docs script * Update argo-cd README * Add blurb about mandatory Chart versioning * Reword artifacthub changes section in CONTRIBUTING * Reorder/restructure CONTRIBUTING.md * Update argo-cd chart version * Add section in CONTRIBUTING about semantic title linting Signed-off-by: jmeridth Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- CONTRIBUTING.md | 125 +++++++++++++++++++------------- charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 5 +- charts/argo-cd/README.md.gotmpl | 5 +- scripts/helm-docs.sh | 6 +- 5 files changed, 85 insertions(+), 60 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 49c0577b..f8753d60 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,38 +2,87 @@ Argo Helm is a collection of **community maintained** charts. Therefore we rely on you to test your changes sufficiently. - -# Pull Requests +## Pull Requests All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. See the above stated requirements for PR on this project. +### Pull Request Title Linting + +We lint the title of your pull request to ensure it follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification. This is done using GitHub actions and the [action-semantic-pull-request](.github/workflows/pr-title.yml) workflow. We require the scope of the change to be included in the title. The scope should be the name of the chart you are changing. For example, if you are changing the `argo-cd` chart, the title of your pull request should be `fix(argo-cd): Fix typo in values.yaml`. + +## Documentation + +The documentation for each chart is generated with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. + +We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges): + +```shell +./scripts/helm-docs.sh +``` + +> **Note** +> When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file. + +### Updating a chart README.md + +When updating the `README.md.gotmpl` inside a chart directory you must to run the `helm-docs` script to generate the updated `README.md` file. To reiterate, you should not edit the `README.md` file manually. It will be generated by the following command: + +```shell +./scripts/helm-docs.sh +``` + +> **Note** +> If you see changes to unrelated chart `README.md` files you may have accidentally updated a `README.md.gotmpl` file in another chart's folder unintentionally or someone else failed to run this script. Please revert those changes if you do not intend them to be a part of your pull request. + ## Versioning -Each chart's version follows the [semver standard](https://semver.org/). New charts should start at version `1.0.0`, if it's considered stable. If it's not considered stable, it must be released as [prerelease](#prerelease). +Each chart's version follows the [semver standard](https://semver.org/). + +New charts should start at version `1.0.0`, if it's considered stable. If it isn't considered stable, it must be released as `prerelease`. Any breaking changes to a chart (backwards incompatible) require: - * Bump of the current Major version of the chart - * State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` ([See Upgrade](#upgrades)) +* Bump of the current Major version of the chart +* State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` + +### New Application Versions + +When selecting new application versions ensure you make the following changes: + +* `values.yaml`: Bump all instances of the container image version +* `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version` + +Please ensure chart version changes adhere to semantic versioning standards: + +* Major: Large chart rewrites, major non-backwards compatible or destructive changes +* Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes +* Patch: App version patch updates, backwards compatible optional chart features ### Immutability Each release for each chart must be immutable. Any change to a chart (even just documentation) requires a version bump. Trying to release the same version twice will result in an error. +### Chart Versioning + +Currently we require a chart version bump for every change to a chart, including updating information for older verions. This may change in the future. ### Artifact Hub Annotations Since we release our charts on Artifact Hub we encourage making use of the provided chart annotations for Artifact Hub. - * [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/) +* [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/) #### Changelog We want to deliver transparent chart releases for our chart consumers. Therefore we require a changelog per new chart release. -Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). For every new release the entire `artifacthub.io/changes` needs to be rewritten. Each change requires a new bullet point following the pattern `- "[{type}]: {description}"`. You can use the following template: +Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). -``` +A new `artifacthub.io/changes` needs to be written covering only the changes since the previous release. + +Each change requires a new bullet point following the pattern `- "[{type}]: {description}"`. You can use the following template: + +```yaml name: argo-cd version: 3.4.1 ... @@ -45,67 +94,54 @@ annotations: - "[Deprecated]: Something deprecated" - "[Removed]: Something was removed" - "[Fixed]: Something was fixed" - - "[Security]": Some Security Patch was included" + - "[Security]: Some Security Patch was included" ``` -## Documentation +## Testing -The documentation for each chart is done with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. - -We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges): - -``` -bash scripts/helm-docs.sh -``` - -**NOTE**: When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file. - - - -# Testing - -## Testing Argo Workflows Changes +### Testing Argo Workflows Changes Minimally: -``` +```shell helm install charts/argo-workflows -n argo argo version ``` Follow this instructions for running a hello world workflow. -## Testing Argo CD Changes +### Testing Argo CD Changes Clean-up: -``` +```shell helm delete argo-cd --purge kubectl delete crd -l app.kubernetes.io/part-of=argocd ``` Pre-requisites: -``` + +```shell helm repo add redis-ha https://dandydeveloper.github.io/charts/ helm dependency update ``` Minimally: -``` +```shell helm install argocd argo/argo-cd -n argocd --create-namespace kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443 ``` In a new terminal: -``` +```shell argocd version --server localhost:8080 --insecure # reset password to 'Password1!' kubectl -n argocd patch secret argocd-secret \ -p '{"stringData": { - "admin.password": "$2a$10$hDj12Tw9xVmvybSahN1Y0.f9DZixxN8oybyA32Uy/eqWklFU4Mo8O", - "admin.passwordMtime": "'$(date +%FT%T%Z)'" + "admin.password": "$2a$10$hDj12Tw9xVmvybSahN1Y0.f9DZixxN8oybyA32Uy/eqWklFU4Mo8O", + "admin.passwordMtime": "'$(date +%FT%T%Z)'" }}' argocd login localhost:8080 --username admin --password 'Password1!' @@ -114,38 +150,25 @@ argocd login localhost:8080 --username admin --password 'Password1!' Create and sync app: -``` +```shell argocd app create guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --path guestbook --project default --repo https://github.com/argoproj/argocd-example-apps.git argocd app sync guestbook ``` -## New Application Versions - -When raising application versions ensure you make the following changes: - -- `values.yaml`: Bump all instances of the container image version -- `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version` - -Please ensure chart version changes adhere to semantic versioning standards: - -- Patch: App version patch updates, backwards compatible optional chart features -- Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes -- Major: Large chart rewrites, major non-backwards compatible or destructive changes - -## Testing Charts +### Testing Charts As part of the Continuous Integration system we run Helm's [Chart Testing](https://github.com/helm/chart-testing) tool. -The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. +The checks for Chart Testing are stricter than the standard Helm requirements. For example, fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml) The linting can be invoked manually with the following command: -``` +```shell ./scripts/lint.sh ``` ## Publishing Changes -Changes are automatically publish whenever a commit is merged to main. The CI job (see `./.github/workflows/publish.yml`). +Changes are automatically publish whenever a commit is merged to the `main` branch by the CI job (see `./.github/workflows/publish.yml`). diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0b495196..df9f69ed 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.18.0 +version: 5.18.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Extra secret labels with .Values.configs.secret.labels" + - "[Fixed]: README information about 5.12.0 TLS changes" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 278f1680..ec342a3d 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -111,8 +111,9 @@ This version reduces history limit for Argo CD deployment replicas to 3 to provi ### 5.12.0 -This version deprecates the `configs.secret.argocdServerTlsConfig` option. Use `server.certificate` or `server.certificateSecret` to provide custom TLS configuration for Argo CD server. -If you terminate TLS on ingress please use `argocd-server-tls` secret instead of `argocd-secret` secret. +If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead. +For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`. +For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys. ### 5.10.0 diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index a844449a..b41f82c0 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -110,8 +110,9 @@ This version reduces history limit for Argo CD deployment replicas to 3 to provi ### 5.12.0 -This version deprecates the `configs.secret.argocdServerTlsConfig` option. Use `server.certificate` or `server.certificateSecret` to provide custom TLS configuration for Argo CD server. -If you terminate TLS on ingress please use `argocd-server-tls` secret instead of `argocd-secret` secret. +If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead. +For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`. +For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys. ### 5.10.0 diff --git a/scripts/helm-docs.sh b/scripts/helm-docs.sh index e8ade437..5669f91c 100755 --- a/scripts/helm-docs.sh +++ b/scripts/helm-docs.sh @@ -1,11 +1,11 @@ #!/bin/bash ## Reference: https://github.com/norwoodj/helm-docs set -eux -CHART_DIR="$(cd "$(dirname "$0")/.." && pwd)" -echo "$CHART_DIR" +REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" +echo "$REPO_ROOT" echo "Running Helm-Docs" docker run \ - -v "$CHART_DIR:/helm-docs" \ + -v "$REPO_ROOT:/helm-docs" \ -u $(id -u) \ jnorwood/helm-docs:v1.9.1 From 4dd31571b3ce2d90bd3598ca020e70cd887c6d23 Mon Sep 17 00:00:00 2001 From: Richard Johansson Date: Fri, 20 Jan 2023 17:41:52 +0100 Subject: [PATCH 030/768] feat(argo-rollouts): Added flags to toggle provider-specific RBAC (#1777) * Toggle for provider-specific RBAC + Added missing RBAC rules Signed-off-by: Richard Johansson * Updated docs with new Helm values Signed-off-by: Richard Johansson * Added a general flag providerRBAC.enabled to toggle all of the providers Signed-off-by: Richard Johansson * Aligned with main Signed-off-by: Richard Johansson * Corrected inline comments Signed-off-by: Richard Johansson * Fixed incorrect inline comments Signed-off-by: Richard Johansson Signed-off-by: Richard Johansson --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 8 ++++++++ .../templates/controller/clusterrole.yaml | 20 ++++++++++++++++++- .../templates/controller/role.yaml | 20 ++++++++++++++++++- charts/argo-rollouts/values.yaml | 20 +++++++++++++++++++ 5 files changed, 68 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 89ff80ef..a9968a4f 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.4.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.22.0 +version: 2.22.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,4 +15,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Changed]: Upgrade ArgoRollouts to v1.4.0" + - "[Added]: Flags to toggle provider-specific RBAC rules in Role and ClusterRole" diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 43f68a05..73581f4e 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -55,6 +55,14 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +| providerRBAC.enabled | bool | `true` | Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole | +| providerRBAC.providers.ambassador | bool | `true` | Adds RBAC rules for the Ambassador provider | +| providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider | +| providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | +| providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | +| providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | +| providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | +| providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider | ### Controller diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index eaaadd24..964daed3 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -149,6 +149,8 @@ rules: - update - patch - delete +{{- if .Values.providerRBAC.enabled }} +{{- if .Values.providerRBAC.providers.istio }} # virtualservice/destinationrule access needed for using the Istio provider - apiGroups: - networking.istio.io @@ -161,6 +163,8 @@ rules: - update - patch - list +{{- end }} +{{- if .Values.providerRBAC.providers.smi }} # trafficsplit access needed for using the SMI provider - apiGroups: - split.smi-spec.io @@ -172,6 +176,8 @@ rules: - get - update - patch +{{- end }} +{{- if .Values.providerRBAC.providers.ambassador }} # ambassador access needed for Ambassador provider - apiGroups: - getambassador.io @@ -186,7 +192,9 @@ rules: - update - list - delete -# Endpoints and TargetGroupBindings needed for ALB target group verification +{{- end }} +{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} +# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller - apiGroups: - "" resources: @@ -200,6 +208,8 @@ rules: verbs: - list - get +{{- end }} +{{- if .Values.providerRBAC.providers.awsAppMesh }} # AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider - apiGroups: - appmesh.k8s.aws @@ -221,6 +231,9 @@ rules: - list - update - patch +{{- end }} +{{- if .Values.providerRBAC.providers.traefik }} +# Traefik access needed when using the Traefik provider - apiGroups: - traefik.containo.us resources: @@ -229,6 +242,9 @@ rules: - watch - get - update +{{- end }} +{{- if .Values.providerRBAC.providers.apisix }} +# Access needed when using the Apisix provider - apiGroups: - apisix.apache.org resources: @@ -238,3 +254,5 @@ rules: - get - update {{- end }} +{{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index 8c7aa9d4..72ebdbc9 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -149,6 +149,8 @@ rules: - update - patch - delete +{{- if .Values.providerRBAC.enabled }} +{{- if .Values.providerRBAC.providers.istio }} # virtualservice/destinationrule access needed for using the Istio provider - apiGroups: - networking.istio.io @@ -161,6 +163,8 @@ rules: - update - patch - list +{{- end }} +{{- if .Values.providerRBAC.providers.smi }} # trafficsplit access needed for using the SMI provider - apiGroups: - split.smi-spec.io @@ -172,6 +176,8 @@ rules: - get - update - patch +{{- end }} +{{- if .Values.providerRBAC.providers.ambassador }} # ambassador access needed for Ambassador provider - apiGroups: - getambassador.io @@ -186,7 +192,9 @@ rules: - update - list - delete -# Endpoints and TargetGroupBindings needed for ALB target group verification +{{- end }} +{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} +# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller - apiGroups: - "" resources: @@ -200,6 +208,8 @@ rules: verbs: - list - get +{{- end }} +{{- if .Values.providerRBAC.providers.awsAppMesh }} # AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider - apiGroups: - appmesh.k8s.aws @@ -221,6 +231,9 @@ rules: - list - update - patch +{{- end }} +{{- if .Values.providerRBAC.providers.traefik }} +# Traefik access needed when using the Traefik provider - apiGroups: - traefik.containo.us resources: @@ -229,6 +242,9 @@ rules: - watch - get - update +{{- end }} +{{- if .Values.providerRBAC.providers.apisix }} +# Access needed when using the Apisix provider - apiGroups: - apisix.apache.org resources: @@ -238,3 +254,5 @@ rules: - get - update {{- end }} +{{- end }} +{{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 43d322c2..eb077221 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -190,6 +190,26 @@ podLabels: {} imagePullSecrets: [] # - name: argo-pull-secret +providerRBAC: + # -- Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole + enabled: true + # providerRBAC.enabled must be true in order to toggle the individual providers + providers: + # -- Adds RBAC rules for the Istio provider + istio: true + # -- Adds RBAC rules for the SMI provider + smi: true + # -- Adds RBAC rules for the Ambassador provider + ambassador: true + # -- Adds RBAC rules for the AWS Load Balancer Controller provider + awsLoadBalancerController: true + # -- Adds RBAC rules for the AWS App Mesh provider + awsAppMesh: true + # -- Adds RBAC rules for the Traefik provider + traefik: true + # -- Adds RBAC rules for the Apisix provider + apisix: true + dashboard: # -- Deploy dashboard server enabled: false From 5b9f624ba21f167bb55d948f0c5042383c87678d Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sat, 21 Jan 2023 10:24:46 +0100 Subject: [PATCH 031/768] feat(argo-cd): Consolidate certificate config for repositories (#1786) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 14 ++- charts/argo-cd/README.md.gotmpl | 5 + charts/argo-cd/templates/NOTES.txt | 12 +++ .../argocd-ssh-known-hosts-cm.yaml | 15 ++- .../argocd-configs/argocd-tls-certs-cm.yaml | 15 ++- charts/argo-cd/values.yaml | 102 ++++++++---------- 7 files changed, 98 insertions(+), 71 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index df9f69ed..daad23a9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.18.1 +version: 5.19.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,6 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Fixed]: README information about 5.12.0 TLS changes" + - "[Added]: Option configs.ssh.extraHosts that allows to keep original SSH known list" + - "[Changed]: Option configs.knownHosts deprecated as moved to configs.ssh" + - "[Changed]: Option configs.tlsCerts deprecated as moved to configs.tls" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ec342a3d..37a2dc19 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,11 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.19.0 + +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. +You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. + ### 5.13.0 This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter. @@ -410,8 +415,6 @@ NAME: my-release | configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | | configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | -| configs.knownHosts.data.ssh_known_hosts | string | See [values.yaml] | Known Hosts | -| configs.knownHostsAnnotations | object | `{}` | Known Hosts configmap annotations | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | | configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | | configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | @@ -444,9 +447,12 @@ NAME: my-release | configs.secret.gitlabSecret | string | `""` | Shared secret for authenticating GitLab webhook events | | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | | configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | +| configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap | +| configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories | +| configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. | | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | -| configs.tlsCerts | object | See [values.yaml] | TLS certificate | -| configs.tlsCertsAnnotations | object | `{}` | TLS certificate configmap annotations | +| configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap | +| configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories | ## Argo CD Controller diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index b41f82c0..fde0c0c8 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,11 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.19.0 + +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. +You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. + ### 5.13.0 This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter. diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 30138ee4..c5c5e7c5 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -64,6 +64,18 @@ DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles {{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }} DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles {{- end }} +{{- if .Values.configs.knownHostsAnnotations }} +DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations +{{- end }} +{{- if hasKey .Values.configs "knownHosts" }} +DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts +{{- end }} +{{- if .Values.configs.tlsCertsAnnotations }} +DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations +{{- end }} +{{- if hasKey .Values.configs "tlsCerts" }} +DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates +{{- end }} {{- if .Values.controller.service }} REMOVED option controller.service - Use controller.metrics {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index 844f492d..03c306d4 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -3,11 +3,20 @@ kind: ConfigMap metadata: name: argocd-ssh-known-hosts-cm labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "ssh-known-hosts-cm") | nindent 4 }} - {{- with .Values.configs.knownHostsAnnotations }} + {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) -}} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- toYaml .Values.configs.knownHosts | nindent 0 }} +data: + ssh_known_hosts: | + {{- if hasKey .Values.configs "knownHosts" }} + {{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }} + {{- else }} + {{- .Values.configs.ssh.knownHosts | nindent 4 }} + {{- end }} + {{- with .Values.configs.ssh.extraHosts }} + {{- . | nindent 4 }} + {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index 74b21181..8e5c7c88 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -3,13 +3,20 @@ kind: ConfigMap metadata: name: argocd-tls-certs-cm labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "tls-certs-cm") | nindent 4 }} - {{- with .Values.configs.tlsCertsAnnotations }} + {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) -}} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- with .Values.configs.tlsCerts }} -{{- toYaml . | nindent 0 }} +{{- if hasKey .Values.configs "tlsCerts" }} + {{- with .Values.configs.tlsCerts }} + {{- toYaml . | nindent 0 }} + {{- end }} +{{- else }} +{{- with .Values.configs.tls.certificates }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 98b62c1e..5e73d218 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -254,6 +254,41 @@ configs: # ... # -----END PGP PUBLIC KEY BLOCK----- + # SSH known hosts for Git repositories + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys + ssh: + # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap + annotations: {} + + # -- Known hosts to be added to the known host list by default. + # @default -- See [values.yaml] + knownHosts: | + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + + # -- Additional known hosts for private repositories + extraHosts: '' + + # Repository TLS certificates + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca + tls: + # -- Annotations to be added to argocd-tls-certs-cm configmap + annotations: {} + + # -- TLS certificates for Git repositories + # @default -- `{}` (See [values.yaml]) + certificates: {} + # server.example.com: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- # -- Provide one or multiple [external cluster credentials] # @default -- `[]` (See [values.yaml]) @@ -282,64 +317,15 @@ configs: # insecure: false # caData: "" - # -- Known Hosts configmap annotations - knownHostsAnnotations: {} - knownHosts: - data: - # -- Known Hosts - # @default -- See [values.yaml] - ssh_known_hosts: | - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - # -- TLS certificate configmap annotations - tlsCertsAnnotations: {} - # -- TLS certificate - # @default -- See [values.yaml] - tlsCerts: - {} - # data: - # argocd.example.com: | - # -----BEGIN CERTIFICATE----- - # MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL - # BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE - # BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0 - # c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda - # Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT - # YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES - # MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi - # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5 - # NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc - # CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u - # P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G - # ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+ - # YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E - # Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko - # Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J - # kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u - # kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO - # gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7 - # bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86 - # r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/ - # BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn - # Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx - # CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2 - # XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT - # +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr - # d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO - # OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so - # 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr - # jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8 - # 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W - # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK - # XWyb96wrUlv+E8I= - # -----END CERTIFICATE----- + # DEPRECATED - Moved to configs.ssh.annotations + # knownHostsAnnotations: {} + # DEPRECATED - Moved to configs.ssh.knownHosts + # knownHosts: {} + + # DEPRECATED - Moved to configs.tls.annotations + # tlsCertsAnnotations: {} + # DEPRECATED - Moved to configs.tls.certificates + # tlsCerts: {} # -- Repository credentials to be used as Templates for other repos ## Creates a secret for each key/value specified below to create repository credentials From e91bc78a4a337ab014adb19611dfb8f2b5ce707f Mon Sep 17 00:00:00 2001 From: Pedro Date: Sat, 21 Jan 2023 05:37:52 -0600 Subject: [PATCH 032/768] feat(argocd-image-updater): prevent generation of label value of invalid length (#1691) * feat(argocd-image-updater): prevent label from being greater than 63 characters. Signed-off-by: Pedro Salgado * fix: Add missing double quote in changelog Signed-off-by: Marco Kilchhofer Signed-off-by: Pedro Salgado Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer Co-authored-by: Jason Meridth --- charts/argocd-image-updater/Chart.yaml | 4 ++-- charts/argocd-image-updater/templates/_helpers.tpl | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 049ed8ce..5147ea82 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.8.1 +version: 0.8.2 appVersion: v0.12.0 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -15,4 +15,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Add support for additional initContainers and additional volume/volumeMounts" + - "[Changed]: avoid app.kubernetes.io/version kubernetes label from exceeding maximum length (63)" diff --git a/charts/argocd-image-updater/templates/_helpers.tpl b/charts/argocd-image-updater/templates/_helpers.tpl index 5c0be1da..934d894c 100644 --- a/charts/argocd-image-updater/templates/_helpers.tpl +++ b/charts/argocd-image-updater/templates/_helpers.tpl @@ -38,7 +38,7 @@ Common labels helm.sh/chart: {{ include "argocd-image-updater.chart" . }} {{ include "argocd-image-updater.selectorLabels" . }} {{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Chart.AppVersion | trunc 63 | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} From 58f587618fbabe601d0f433d8a2d935069fbffdf Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sat, 21 Jan 2023 13:07:14 +0100 Subject: [PATCH 033/768] fix(argo-cd): Consolidate and fix container ports (#1788) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 7 +- charts/argo-cd/README.md | 25 ++-- charts/argo-cd/templates/NOTES.txt | 21 +++ .../statefulset.yaml | 15 ++- .../argocd-applicationset/deployment.yaml | 11 +- .../argocd-notifications/deployment.yaml | 4 +- .../argocd-repo-server/deployment.yaml | 6 +- .../templates/argocd-server/aws/service.yaml | 4 +- .../templates/argocd-server/deployment.yaml | 12 +- .../templates/argocd-server/service.yaml | 6 +- charts/argo-cd/templates/dex/deployment.yaml | 6 +- .../argo-cd/templates/redis/deployment.yaml | 8 +- charts/argo-cd/values.yaml | 124 +++++++++++------- 13 files changed, 152 insertions(+), 97 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index daad23a9..e75156e7 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.0 +version: 5.19.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,6 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Option configs.ssh.extraHosts that allows to keep original SSH known list" - - "[Changed]: Option configs.knownHosts deprecated as moved to configs.ssh" - - "[Changed]: Option configs.tlsCerts deprecated as moved to configs.tls" + - "[Fixed]: Container port configuration now properly sets the listening port" + - "[Changed]: Container ports consolidated from various places to new containerPorts sections" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 37a2dc19..ca54a9bc 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -462,7 +462,7 @@ NAME: my-release | controller.args | object | `{}` | DEPRECATED - Application controller commandline flags | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | -| controller.containerPort | int | `8082` | Application controller listening port | +| controller.containerPorts.metrics | int | `8082` | Metrics container port | | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | @@ -539,7 +539,8 @@ NAME: my-release | repoServer.certificateSecret.labels | object | `{}` | Labels to be added to argocd-repo-server-tls secret | | repoServer.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the Repo server's Cluster Role resource | | repoServer.clusterRoleRules.rules | list | `[]` | List of custom rules for the Repo server's Cluster Role resource | -| repoServer.containerPort | int | `8081` | Configures the repo server port | +| repoServer.containerPorts.metrics | int | `8084` | Metrics container port | +| repoServer.containerPorts.server | int | `8081` | Repo server container port | | repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | | repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | | repoServer.env | list | `[]` | Environment variables to pass to repo server | @@ -638,7 +639,8 @@ NAME: my-release | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | | server.certificateSecret.key | string | `""` | Private Key of the certificate | | server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret | -| server.containerPort | int | `8080` | Configures the server port | +| server.containerPorts.metrics | int | `8082` | Metrics container port | +| server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | | server.env | list | `[]` | Environment variables to pass to Argo CD server | @@ -728,7 +730,6 @@ NAME: my-release | server.service.labels | object | `{}` | Server service labels | | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | -| server.service.namedTargetPort | bool | `true` | Use named target port for argocd | | server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") | | server.service.nodePortHttps | int | `30443` | Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") | | server.service.servicePortHttp | int | `80` | Server service http port | @@ -780,9 +781,9 @@ server: | dex.certificateSecret.enabled | bool | `false` | Create argocd-dex-server-tls secret | | dex.certificateSecret.key | string | `""` | Certificate private key | | dex.certificateSecret.labels | object | `{}` | Labels to be added to argocd-dex-server-tls secret | -| dex.containerPortGrpc | int | `5557` | Container port for gRPC access | -| dex.containerPortHttp | int | `5556` | Container port for HTTP access | -| dex.containerPortMetrics | int | `5558` | Container port for metrics access | +| dex.containerPorts.grpc | int | `5557` | gRPC container port | +| dex.containerPorts.http | int | `5556` | HTTP container port | +| dex.containerPorts.metrics | int | `5558` | Metrics container port | | dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context | | dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment | | dex.enabled | bool | `true` | Enable dex | @@ -856,7 +857,8 @@ server: | Key | Type | Default | Description | |-----|------|---------|-------------| | redis.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | -| redis.containerPort | int | `6379` | Redis container port | +| redis.containerPorts.metrics | int | `9121` | Metrics container port | +| redis.containerPorts.redis | int | `6379` | Redis container port | | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | | redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment | | redis.enabled | bool | `true` | Enable redis | @@ -869,7 +871,6 @@ server: | redis.image.tag | string | `"7.0.5-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | -| redis.metrics.containerPort | int | `9121` | Port to use for redis-exporter sidecar | | redis.metrics.containerSecurityContext | object | See [values.yaml] | Redis exporter security context | | redis.metrics.enabled | bool | `false` | Deploy metrics service and redis-exporter sidecar | | redis.metrics.image.imagePullPolicy | string | `"IfNotPresent"` | redis-exporter image PullPolicy | @@ -962,9 +963,10 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` | Assign custom [affinity] rules | | applicationSet.args.dryRun | bool | `false` | Enable dry run mode | -| applicationSet.args.metricsAddr | string | `":8080"` | The default metric address | | applicationSet.args.policy | string | `"sync"` | How application is synced between the generator and the cluster | -| applicationSet.args.probeBindAddr | string | `":8081"` | The default health check port | +| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | +| applicationSet.containerPorts.probe | int | `8081` | Probe container port | +| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | | applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment | | applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | @@ -1067,6 +1069,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.bots.slack.serviceAccount.name | string | `"argocd-notifications-bot"` | The name of the service account to use. | | notifications.bots.slack.tolerations | list | `[]` | [Tolerations] for use with node taints | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | +| notifications.containerPorts.metrics | int | `9001` | Metrics container port | | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | | notifications.context | object | `{}` | Define user-defined context | | notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index c5c5e7c5..210cf3bb 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -88,6 +88,27 @@ REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug {{- if .Values.applicationSet.args.enableLeaderElection }} REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas {{- end }} +{{- if .Values.controller.containerPort }} +REMOVED option controller.containerPort - Use controller.containerPorts +{{- end }} +{{- if .Values.server.containerPort }} +REMOVED option server.containerPort - Use server.containerPorts +{{- end }} +{{- if .Values.repoServer.containerPort }} +REMOVED option repoServer.containerPort - Use repoServer.containerPorts +{{- end }} +{{- if .Values.applicationSet.args.metricsAddr }} +REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts +{{- end }} +{{- if .Values.applicationSet.args.probeBindAddr }} +REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts +{{- end }} +{{- if .Values.redis.containerPort }} +REMOVED option redis.containerPort - Use redis.containerPorts +{{- end }} +{{- if .Values.redis.metrics.containerPort }} +REMOVED option redis.metrics.containerPort - Use redis.containerPorts +{{- end }} In order to access the server UI you have the following options: diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 208545e0..d853a856 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -44,6 +44,13 @@ spec: containers: - command: - argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + {{- if .Values.controller.metrics.applicationLabels.enabled }} + {{- range .Values.controller.metrics.applicationLabels.labels }} + - --metrics-application-labels + - {{ . }} + {{- end }} + {{- end }} {{- with .Values.controller.args.statusProcessors }} - --status-processors - {{ . | quote }} @@ -76,12 +83,6 @@ spec: - --loglevel - {{ . | quote }} {{- end }} - {{- if .Values.controller.metrics.applicationLabels.enabled }} - {{- range .Values.controller.metrics.applicationLabels.labels }} - - --metrics-application-labels - - {{ . }} - {{- end }} - {{- end }} {{- with .Values.controller.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} @@ -232,7 +233,7 @@ spec: {{- end }} ports: - name: metrics - containerPort: {{ .Values.controller.containerPort }} + containerPort: {{ .Values.controller.containerPorts.metrics }} protocol: TCP readinessProbe: httpGet: diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 0c3862de..6fd9170c 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -51,10 +51,11 @@ spec: command: - entrypoint.sh - argocd-applicationset-controller + - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} + - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} + - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - --enable-leader-election={{ gt ( .Values.applicationSet.replicaCount | int64) 1 }} - - --metrics-addr={{ .Values.applicationSet.args.metricsAddr }} - - --probe-addr={{ .Values.applicationSet.args.probeBindAddr }} - --policy={{ .Values.applicationSet.args.policy }} - --dry-run={{ .Values.applicationSet.args.dryRun }} - --logformat @@ -78,13 +79,13 @@ spec: {{- end }} ports: - name: metrics - containerPort: {{ (split ":" .Values.applicationSet.args.metricsAddr)._1 }} + containerPort: {{ .Values.applicationSet.containerPorts.metrics }} protocol: TCP - name: probe - containerPort: {{ (split ":" .Values.applicationSet.args.probeBindAddr)._1 }} + containerPort: {{ .Values.applicationSet.containerPorts.probe }} protocol: TCP - name: webhook - containerPort: 7000 + containerPort: {{ .Values.applicationSet.containerPorts.webhook }} protocol: TCP {{- if .Values.applicationSet.livenessProbe.enabled }} livenessProbe: diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 7ee9f8f4..85d586cc 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -48,9 +48,9 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }} command: - argocd-notifications + - --metrics-port={{ .Values.notifications.containerPorts.metrics }} - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }} - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} - - --metrics-port={{ .Values.notifications.metrics.port }} - --namespace={{ .Release.Namespace }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} {{- range .Values.notifications.extraArgs }} @@ -66,7 +66,7 @@ spec: {{- end }} ports: - name: metrics - containerPort: {{ .Values.notifications.metrics.port }} + containerPort: {{ .Values.notifications.containerPorts.metrics }} protocol: TCP resources: {{- toYaml .Values.notifications.resources | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 04117ba3..c786d714 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -53,6 +53,8 @@ spec: - entrypoint.sh args: - argocd-repo-server + - --port={{ .Values.repoServer.containerPorts.server }} + - --metrics-port={{ .Values.repoServer.containerPorts.metrics }} {{- with .Values.repoServer.logFormat }} - --logformat - {{ . | quote }} @@ -236,10 +238,10 @@ spec: name: tmp ports: - name: repo-server - containerPort: {{ .Values.repoServer.containerPort }} + containerPort: {{ .Values.repoServer.containerPorts.server }} protocol: TCP - name: metrics - containerPort: 8084 + containerPort: {{ .Values.repoServer.containerPorts.metrics }} protocol: TCP livenessProbe: httpGet: diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index 4adcd82d..a0368023 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -12,11 +12,11 @@ spec: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP port: {{ .Values.server.service.servicePortHttp }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: server - name: {{ .Values.server.service.servicePortHttpsName }} protocol: TCP port: {{ .Values.server.service.servicePortHttps }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: server selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index c38d9348..2f510bc3 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -47,6 +47,8 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} command: - argocd-server + - --port={{ .Values.server.containerPorts.server }} + - --metrics-port={{ .Values.server.containerPorts.metrics }} {{- with .Values.server.logFormat }} - --logformat - {{ . | quote }} @@ -287,16 +289,16 @@ spec: name: extensions {{- end }} ports: - - name: {{ .Values.server.name }} - containerPort: {{ .Values.server.containerPort }} + - name: server + containerPort: {{ .Values.server.containerPorts.server }} protocol: TCP - name: metrics - containerPort: 8083 + containerPort: {{ .Values.server.containerPorts.metrics }} protocol: TCP livenessProbe: httpGet: path: /healthz?full=true - port: {{ .Values.server.containerPort }} + port: server initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} @@ -305,7 +307,7 @@ spec: readinessProbe: httpGet: path: /healthz - port: {{ .Values.server.containerPort }} + port: server initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 1dc04116..879bdb32 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -19,14 +19,14 @@ spec: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP port: {{ .Values.server.service.servicePortHttp }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: {{ .Values.server.containerPorts.server }} {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttp }} {{- end }} - name: {{ .Values.server.service.servicePortHttpsName }} protocol: TCP port: {{ .Values.server.service.servicePortHttps }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: {{ .Values.server.containerPorts.server }} {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttps }} {{- end }} @@ -49,4 +49,4 @@ spec: {{- end }} {{- with .Values.server.service.sessionAffinity }} sessionAffinity: {{ . }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index bd0362b3..1b3b4338 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -70,13 +70,13 @@ spec: {{- end }} ports: - name: http - containerPort: {{ .Values.dex.containerPortHttp }} + containerPort: {{ .Values.dex.containerPorts.http }} protocol: TCP - name: grpc - containerPort: {{ .Values.dex.containerPortGrpc }} + containerPort: {{ .Values.dex.containerPorts.grpc }} protocol: TCP - name: metrics - containerPort: {{ .Values.dex.containerPortMetrics }} + containerPort: {{ .Values.dex.containerPorts.metrics }} protocol: TCP {{- if .Values.dex.livenessProbe.enabled }} livenessProbe: diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 6c6a4dbe..c2f17a45 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -63,7 +63,7 @@ spec: {{- end }} ports: - name: redis - containerPort: {{ .Values.redis.containerPort }} + containerPort: {{ .Values.redis.containerPorts.redis }} protocol: TCP resources: {{- toYaml .Values.redis.resources | nindent 10 }} @@ -79,12 +79,12 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.metrics.image.imagePullPolicy }} env: - name: REDIS_ADDR - value: {{ printf "redis://localhost:%v" .Values.redis.containerPort }} + value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS - value: {{ printf "0.0.0.0:%v" .Values.redis.metrics.containerPort }} + value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} ports: - name: metrics - containerPort: {{ .Values.redis.metrics.containerPort }} + containerPort: {{ .Values.redis.containerPorts.metrics }} protocol: TCP resources: {{- toYaml .Values.redis.metrics.resources | nindent 10 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5e73d218..e7207863 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -575,6 +575,11 @@ controller: # cpu: 250m # memory: 256Mi + # Application controller container ports + containerPorts: + # -- Metrics container port + metrics: 8082 + # -- Application controller container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -587,9 +592,6 @@ controller: drop: - ALL - # -- Application controller listening port - containerPort: 8082 - # Rediness probe for application controller ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ readinessProbe: @@ -866,6 +868,16 @@ dex: # cpu: 10m # memory: 32Mi + # Dex container ports + # NOTE: These ports are currently hardcoded and cannot be changed + containerPorts: + # -- HTTP container port + http: 5556 + # -- gRPC container port + grpc: 5557 + # -- Metrics container port + metrics: 5558 + # -- Dex container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -893,6 +905,7 @@ dex: successThreshold: 1 # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + readinessProbe: # -- Enable Kubernetes readiness probe for Dex >= 2.28.0 enabled: false @@ -917,20 +930,14 @@ dex: # -- Automount API credentials for the Service Account automountServiceAccountToken: true - # -- Container port for HTTP access - containerPortHttp: 5556 # -- Service port for HTTP access servicePortHttp: 5556 # -- Service port name for HTTP access servicePortHttpName: http - # -- Container port for gRPC access - containerPortGrpc: 5557 # -- Service port for gRPC access servicePortGrpc: 5557 # -- Service port name for gRPC access servicePortGrpcName: grpc - # -- Container port for metrics access - containerPortMetrics: 5558 # -- Service port for metrics access servicePortMetrics: 5558 @@ -1044,6 +1051,13 @@ redis: seccompProfile: type: RuntimeDefault + # Redis container ports + containerPorts: + # -- Redis container port + redis: 6379 + # -- Metrics container port + metrics: 9121 + # -- Redis container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -1052,8 +1066,6 @@ redis: drop: - ALL - # -- Redis container port - containerPort: 6379 # -- Redis service port servicePort: 6379 @@ -1103,8 +1115,6 @@ redis: tag: 1.26.0-debian-10-r2 # -- redis-exporter image PullPolicy imagePullPolicy: IfNotPresent - # -- Port to use for redis-exporter sidecar - containerPort: 9121 # -- Redis exporter security context # @default -- See [values.yaml] @@ -1415,8 +1425,24 @@ server: # cpu: 50m # memory: 64Mi - # -- Configures the server port - containerPort: 8080 + # Server container ports + containerPorts: + # -- Server container port + server: 8080 + # -- Metrics container port + metrics: 8082 + + # -- Server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL ## Readiness and liveness probes for default backend ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ @@ -1431,6 +1457,7 @@ server: successThreshold: 1 # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + livenessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -1461,18 +1488,6 @@ server: # -- Priority class for the Argo CD server priorityClassName: "" - # -- Server container-level security context - # @default -- See [values.yaml] - containerSecurityContext: - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - # TLS certificate configuration via cert-manager ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server certificate: @@ -1546,10 +1561,6 @@ server: servicePortHttpName: http # -- Server service https port name, can be used to route traffic via istio servicePortHttpsName: https - # -- Use named target port for argocd - ## Named target ports are not supported by GCE health checks, so when deploying argocd on GKE - ## and exposing it via GCE ingress, the health checks fail and the load balancer returns a 502. - namedTargetPort: true # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from @@ -1897,8 +1908,24 @@ repoServer: # cpu: 10m # memory: 64Mi - # -- Configures the repo server port - containerPort: 8081 + # Repo server container ports + containerPorts: + # -- Repo server container port + server: 8081 + # -- Metrics container port + metrics: 8084 + + # -- Repo server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL ## Readiness and liveness probes for default backend ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ @@ -1913,6 +1940,7 @@ repoServer: successThreshold: 1 # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + livenessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -1943,18 +1971,6 @@ repoServer: # -- Priority class for the repo server priorityClassName: "" - # -- Repo server container-level security context - # @default -- See [values.yaml] - containerSecurityContext: - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers. @@ -2105,10 +2121,6 @@ applicationSet: logLevel: "" args: - # -- The default metric address - metricsAddr: :8080 - # -- The default health check port - probeBindAddr: :8081 # -- How application is synced between the generator and the cluster policy: sync # -- Enable dry run mode @@ -2221,6 +2233,15 @@ applicationSet: # cpu: 100m # memory: 128Mi + # ApplicationSet controller container ports + containerPorts: + # -- Metrics container port + metrics: 8080 + # -- Probe container port + probe: 8081 + # -- Webhook container port + webhook: 7000 + # -- ApplicationSet controller container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -2486,6 +2507,11 @@ notifications: # cpu: 100m # memory: 128Mi + # Notification controller container ports + containerPorts: + # -- Metrics container port + metrics: 9001 + # -- Notification controller container-level security Context # @default -- See [values.yaml] containerSecurityContext: From 0f2856ea416ae45e06382e63e2cb9ef083cb318d Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sat, 21 Jan 2023 13:18:53 +0100 Subject: [PATCH 034/768] fix(argo-cd): Add missing options for mounting service account tokens (#1787) Signed-off-by: Petr Drastil Co-authored-by: Jason Meridth --- charts/argo-cd/Chart.yaml | 5 ++--- charts/argo-cd/README.md | 12 +++++++----- charts/argo-cd/values.yaml | 22 +++++++++++----------- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e75156e7..8799e3eb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.1 +version: 5.19.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Fixed]: Container port configuration now properly sets the listening port" - - "[Changed]: Container ports consolidated from various places to new containerPorts sections" + - "[Fixed]: Added missing options for automounting service tokens for applicationset and notifications controllers" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ca54a9bc..03243652 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1026,10 +1026,11 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | | applicationSet.service.portName | string | `"webhook"` | ApplicationSet service port name | -| applicationSet.serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| applicationSet.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | | applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account | -| applicationSet.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name | | applicationSet.tolerations | list | `[]` | [Tolerations] for use with node taints | | applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations | | applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks | @@ -1116,9 +1117,10 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | | notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | -| notifications.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| notifications.serviceAccount.create | bool | `true` | Create notifications controller service account | | notifications.serviceAccount.labels | object | `{}` | Labels applied to created service account | -| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | The name of the service account to use. | +| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name | | notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions | | notifications.templates | object | `{}` | The notification template is used to generate the notification content | | notifications.tolerations | list | `[]` | [Tolerations] for use with node taints | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index e7207863..7f06a376 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2205,15 +2205,16 @@ applicationSet: portName: webhook serviceAccount: - # -- Specifies whether a service account should be created + # -- Create ApplicationSet controller service account create: true - # -- Annotations to add to the service account + # -- ApplicationSet controller service account name + name: argocd-applicationset-controller + # -- Annotations applied to created service account annotations: {} # -- Labels applied to created service account labels: {} - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true # -- Annotations to be added to ApplicationSet controller Deployment deploymentAnnotations: {} @@ -2537,18 +2538,17 @@ notifications: priorityClassName: "" serviceAccount: - # -- Specifies whether a service account should be created + # -- Create notifications controller service account create: true - - # -- The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template + # -- Notification controller service account name name: argocd-notifications-controller - # -- Annotations applied to created service account annotations: {} - # -- Labels applied to created service account labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + cm: # -- Whether helm chart creates notifications controller config map create: true From adc526612fa553d1e9dfe8c213be6294dc023281 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sat, 21 Jan 2023 20:11:02 +0100 Subject: [PATCH 035/768] fix(argo-cd): Redis service have invalid targetPort (#1792) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/redis/service.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8799e3eb..b7e63216 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.2 +version: 5.19.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Fixed]: Added missing options for automounting service tokens for applicationset and notifications controllers" + - "[Fixed]: Fixed invalid port on redis service" diff --git a/charts/argo-cd/templates/redis/service.yaml b/charts/argo-cd/templates/redis/service.yaml index af273d71..6e949fd4 100644 --- a/charts/argo-cd/templates/redis/service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -19,7 +19,7 @@ spec: ports: - name: redis port: {{ .Values.redis.servicePort }} - targetPort: {{ .Values.redis.containerPort }} + targetPort: redis selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 4 }} {{- end }} From b4de202859d65343dc32d88364aa3dd368ba7d27 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sun, 22 Jan 2023 18:20:30 +0100 Subject: [PATCH 036/768] chore(argo-cd): Decouple Redis exporter from metrics service (#1791) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 13 ++-- .../argo-cd/templates/redis/deployment.yaml | 10 +-- charts/argo-cd/values.yaml | 67 +++++++++++-------- 4 files changed, 53 insertions(+), 41 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b7e63216..b39e40b7 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.3 +version: 5.19.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Fixed]: Fixed invalid port on redis service" + - "[Changed]: Decoupled redis metrics exporter from metrics service" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 03243652..41ab164f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -864,6 +864,12 @@ server: | redis.enabled | bool | `true` | Enable redis | | redis.env | list | `[]` | Environment variables to pass to the Redis server | | redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server | +| redis.exporter.containerSecurityContext | object | See [values.yaml] | Redis exporter security context | +| redis.exporter.enabled | bool | `true` | Enable Prometheus redis-exporter sidecar | +| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis exporter | +| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | redis-exporter image repository | +| redis.exporter.image.tag | string | `"1.26.0-debian-10-r2"` | redis-exporter image tag | +| redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `"IfNotPresent"` | Redis imagePullPolicy | @@ -871,12 +877,7 @@ server: | redis.image.tag | string | `"7.0.5-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | -| redis.metrics.containerSecurityContext | object | See [values.yaml] | Redis exporter security context | -| redis.metrics.enabled | bool | `false` | Deploy metrics service and redis-exporter sidecar | -| redis.metrics.image.imagePullPolicy | string | `"IfNotPresent"` | redis-exporter image PullPolicy | -| redis.metrics.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | redis-exporter image repository | -| redis.metrics.image.tag | string | `"1.26.0-debian-10-r2"` | redis-exporter image tag | -| redis.metrics.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | +| redis.metrics.enabled | bool | `false` | Deploy metrics service | | redis.metrics.service.annotations | object | `{}` | Metrics service annotations | | redis.metrics.service.clusterIP | string | `"None"` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | redis.metrics.service.labels | object | `{}` | Metrics service labels | diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index c2f17a45..6f23e44e 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -73,10 +73,10 @@ spec: volumeMounts: {{- toYaml . | nindent 10 }} {{- end }} - {{- if .Values.redis.metrics.enabled }} + {{- if .Values.redis.exporter.enabled }} - name: metrics - image: {{ .Values.redis.metrics.image.repository }}:{{ .Values.redis.metrics.image.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.metrics.image.imagePullPolicy }} + image: {{ .Values.redis.exporter.image.repository }}:{{ .Values.redis.exporter.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.exporter.image.imagePullPolicy }} env: - name: REDIS_ADDR value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} @@ -87,9 +87,9 @@ spec: containerPort: {{ .Values.redis.containerPorts.metrics }} protocol: TCP resources: - {{- toYaml .Values.redis.metrics.resources | nindent 10 }} + {{- toYaml .Values.redis.exporter.resources | nindent 10 }} securityContext: - {{- toYaml .Values.redis.metrics.containerSecurityContext | nindent 10 }} + {{- toYaml .Values.redis.exporter.containerSecurityContext | nindent 10 }} {{- end }} {{- with .Values.redis.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 7f06a376..75296bd9 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -991,6 +991,42 @@ redis: # -- Redis imagePullPolicy imagePullPolicy: IfNotPresent + # Prometheus redis-exporter sidecar + exporter: + # -- Enable Prometheus redis-exporter sidecar + enabled: true + + # Prometheus redis-exporter image + image: + # -- redis-exporter image repository + repository: public.ecr.aws/bitnami/redis-exporter + # -- redis-exporter image tag + tag: 1.26.0-debian-10-r2 + # -- Image pull policy for the Redis exporter + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Redis exporter security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + # -- Resource limits and requests for redis-exporter sidecar + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + # -- Secrets with credentials to pull images from a private registry # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] @@ -1106,36 +1142,10 @@ redis: labels: {} metrics: - # -- Deploy metrics service and redis-exporter sidecar + # -- Deploy metrics service enabled: false - image: - # -- redis-exporter image repository - repository: public.ecr.aws/bitnami/redis-exporter - # -- redis-exporter image tag - tag: 1.26.0-debian-10-r2 - # -- redis-exporter image PullPolicy - imagePullPolicy: IfNotPresent - # -- Redis exporter security context - # @default -- See [values.yaml] - containerSecurityContext: - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - - # -- Resource limits and requests for redis-exporter sidecar - resources: {} - # limits: - # cpu: 50m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi + # Redis metrics service configuration service: # -- Metrics service type type: ClusterIP @@ -1149,6 +1159,7 @@ redis: servicePort: 9121 # -- Metrics service port name portName: http-metrics + serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false From 885959311f6214bc6da9b461ec89b2d0ef44ea87 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sun, 22 Jan 2023 20:22:41 +0100 Subject: [PATCH 037/768] fix(argo-cd): Fix annotations for ssh and tls configs (#1793) Signed-off-by: Petr Drastil Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml | 2 +- .../argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b39e40b7..200889de 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.4 +version: 5.19.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Decoupled redis metrics exporter from metrics service" + - "[Fixed]: Annotations for tls and ssh sections works as expected" diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index 03c306d4..7b8e5d0b 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -4,7 +4,7 @@ metadata: name: argocd-ssh-known-hosts-cm labels: {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) -}} + {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index 8e5c7c88..1ba0176d 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -4,7 +4,7 @@ metadata: name: argocd-tls-certs-cm labels: {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) -}} + {{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} From 0578482bd69c2cf341e34893e916d638002d546d Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 24 Jan 2023 01:15:46 +0100 Subject: [PATCH 038/768] chore(argo-cd): Upgrade Redis exporter image (#1795) Signed-off-by: Petr Drastil Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 200889de..d08ba1c3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.5 +version: 5.19.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Fixed]: Annotations for tls and ssh sections works as expected" + - "[Changed]: Upgrade Redis exporter image to 1.45.0" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 41ab164f..04441317 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -868,7 +868,7 @@ server: | redis.exporter.enabled | bool | `true` | Enable Prometheus redis-exporter sidecar | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | redis-exporter image repository | -| redis.exporter.image.tag | string | `"1.26.0-debian-10-r2"` | redis-exporter image tag | +| redis.exporter.image.tag | string | `"1.45.0"` | redis-exporter image tag | | redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 75296bd9..76ad809d 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1001,7 +1001,7 @@ redis: # -- redis-exporter image repository repository: public.ecr.aws/bitnami/redis-exporter # -- redis-exporter image tag - tag: 1.26.0-debian-10-r2 + tag: 1.45.0 # -- Image pull policy for the Redis exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From 73e6f1913eb5cab2504f906163abe940e622dbbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20Markus=20Kristiansen=20Tern=C3=B8?= <79976935+oterno@users.noreply.github.com> Date: Wed, 25 Jan 2023 22:46:14 +0100 Subject: [PATCH 039/768] feat(argo-events): Added support for extra k8s manifests (#1797) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(argo-events): Added support for extra k8s manifests Signed-off-by: Ole Markus Kristiansen Ternø <79976935+oterno@users.noreply.github.com> * added value example for extraObjects Signed-off-by: Ole Markus Kristiansen Ternø <79976935+oterno@users.noreply.github.com> Signed-off-by: Ole Markus Kristiansen Ternø <79976935+oterno@users.noreply.github.com> --- charts/argo-events/Chart.yaml | 4 +-- charts/argo-events/README.md | 1 + .../templates/extra-manifests.yaml | 4 +++ charts/argo-events/values.yaml | 29 +++++++++++++++++++ 4 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 charts/argo-events/templates/extra-manifests.yaml diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index ece10ef8..757a3608 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.4 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.0.11 +version: 2.1.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,4 +15,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Fixed]: Added missing NATS version in values.yaml" + - "[Added]: Additional manifests to deploy within the chart" diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 39b46bf5..48597a86 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -62,6 +62,7 @@ done | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | | createAggregateRoles | bool | `false` | Create clusterroles that extend existing clusterroles to interact with argo-events crds Only applies for cluster-wide installation (`controller.rbac.namespaced: false`) | +| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | | fullnameOverride | string | `""` | String to fully override "argo-events.fullname" template | | global.additionalLabels | object | `{}` | Additional labels to add to all resources | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | diff --git a/charts/argo-events/templates/extra-manifests.yaml b/charts/argo-events/templates/extra-manifests.yaml new file mode 100644 index 00000000..a9bb3b6b --- /dev/null +++ b/charts/argo-events/templates/extra-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index c2436851..89a7323d 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -99,6 +99,35 @@ configs: configReloaderImage: natsio/nats-server-config-reloader:latest startCommand: /nats-server +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argo-events-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argo-events" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argo-events-secrets-store + # type: Opaque + # labels: + # app.kubernetes.io/part-of: argocd + ## Argo Events controller controller: # -- Argo Events controller name string From 9fb1f9d0913faaa51a6e07e1a058939a5ff4b8ea Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 26 Jan 2023 17:22:40 +0900 Subject: [PATCH 040/768] chore(argo-cd): Update Argo CD to v2.5.8 (#1798) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d08ba1c3..6c2ab6d2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.5.7 +appVersion: v2.5.8 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.6 +version: 5.19.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Upgrade Redis exporter image to 1.45.0" + - "[Changed]: Update Argo CD to v2.5.8" From 5335a75fbcbb8bdd87d19fa088c9420a0ea8f990 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 26 Jan 2023 13:06:19 +0100 Subject: [PATCH 041/768] fix(argo-cd): Disable Redis exporter by default (#1799) Signed-off-by: Petr Drastil Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 ++++-- charts/argo-cd/README.md | 14 ++++++++------ charts/argo-cd/values.yaml | 27 ++++++++++++++++----------- 3 files changed, 28 insertions(+), 19 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6c2ab6d2..06a52a3a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.8 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.7 +version: 5.19.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,6 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Update Argo CD to v2.5.8" + - "[Changed]: Disable Redis exporter by default" + - "[Changed]: Use bitnami Redis exporter image for redis-ha" + - "[Docs]: Fixed defaults for Redis exporter" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 04441317..5d7cb0d7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -865,14 +865,14 @@ server: | redis.env | list | `[]` | Environment variables to pass to the Redis server | | redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server | | redis.exporter.containerSecurityContext | object | See [values.yaml] | Redis exporter security context | -| redis.exporter.enabled | bool | `true` | Enable Prometheus redis-exporter sidecar | -| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis exporter | -| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | redis-exporter image repository | -| redis.exporter.image.tag | string | `"1.45.0"` | redis-exporter image tag | +| redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | +| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | | redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | -| redis.image.imagePullPolicy | string | `"IfNotPresent"` | Redis imagePullPolicy | +| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | | redis.image.tag | string | `"7.0.5-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | @@ -927,7 +927,9 @@ The main options are listed here: | Key | Type | Default | Description | |-----|------|---------|-------------| | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | -| redis-ha.exporter.enabled | bool | `true` | If `true`, the prometheus exporter sidecar is enabled | +| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.image.tag | string | `"7.0.5-alpine"` | Redis tag | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 76ad809d..ec37a3f8 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -988,21 +988,21 @@ redis: repository: public.ecr.aws/docker/library/redis # -- Redis tag tag: 7.0.5-alpine - # -- Redis imagePullPolicy - imagePullPolicy: IfNotPresent + # -- Redis image pull policy + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" - # Prometheus redis-exporter sidecar + ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar - enabled: true - - # Prometheus redis-exporter image + enabled: false + ## Prometheus redis-exporter image image: - # -- redis-exporter image repository + # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter - # -- redis-exporter image tag + # -- Tag to use for the redis-exporter tag: 1.45.0 - # -- Image pull policy for the Redis exporter + # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1190,9 +1190,14 @@ redis: redis-ha: # -- Enables the Redis HA subchart and disables the custom Redis single node deployment enabled: false + ## Prometheus redis-exporter sidecar exporter: - # -- If `true`, the prometheus exporter sidecar is enabled - enabled: true + # -- Enable Prometheus redis-exporter sidecar + enabled: false + # -- Repository to use for the redis-exporter + image: public.ecr.aws/bitnami/redis-exporter + # -- Tag to use for the redis-exporter + tag: 1.45.0 persistentVolume: # -- Configures persistency on Redis nodes enabled: false From 36cd83081cfaf4d2f83c737e007563710dfc5869 Mon Sep 17 00:00:00 2001 From: Wojciech Date: Fri, 27 Jan 2023 15:45:49 +0100 Subject: [PATCH 042/768] feat(argo-cd): Add log settings and extraArgs to Slack bot (#1802) * Add log settings and extraArgs to Slack bot Signed-off-by: duxet * Fix readme Signed-off-by: duxet --------- Signed-off-by: duxet --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 3 +++ .../argocd-notifications/bots/slack/deployment.yaml | 5 +++++ charts/argo-cd/values.yaml | 10 ++++++++++ 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 06a52a3a..2b9d215f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.8 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.8 +version: 5.19.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,6 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Disable Redis exporter by default" - - "[Changed]: Use bitnami Redis exporter image for redis-ha" - - "[Docs]: Fixed defaults for Redis exporter" + - "[Added]: Added logFormat, logLevel and extraArgs to Slack bot" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5d7cb0d7..54a11752 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1054,10 +1054,13 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.bots.slack.affinity | object | `{}` | Assign custom [affinity] rules | | notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context | | notifications.bots.slack.enabled | bool | `false` | Enable slack bot | +| notifications.bots.slack.extraArgs | list | `[]` | List of extra cli args to add for Slack bot | | notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot | | notifications.bots.slack.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Slack bot | | notifications.bots.slack.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Slack bot | | notifications.bots.slack.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| notifications.bots.slack.logFormat | string | `""` (defaults to global.logging.format) | Slack bot log format. Either `text` or `json` | +| notifications.bots.slack.logLevel | string | `""` (defaults to global.logging.level) | Slack bot log level. One of: `debug`, `info`, `warn`, `error` | | notifications.bots.slack.nodeSelector | object | `{}` | [Node selector] | | notifications.bots.slack.pdb.annotations | object | `{}` | Annotations to be added to Slack bot pdb | | notifications.bots.slack.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Slack bot | diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml index da934607..90fcf78c 100644 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml @@ -40,6 +40,11 @@ spec: command: - argocd-notifications - bot + - --loglevel={{ default .Values.global.logging.level .Values.notifications.bots.slack.logLevel }} + - --logformat={{ default .Values.global.logging.format .Values.notifications.bots.slack.logFormat }} + {{- range .Values.notifications.bots.slack.extraArgs }} + - {{ . | squote }} + {{- end }} workingDir: /app ports: - containerPort: 8080 diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ec37a3f8..1a6bdda4 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2881,6 +2881,16 @@ notifications: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] + # -- Slack bot log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + logFormat: "" + # -- Slack bot log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + logLevel: "" + + # -- List of extra cli args to add for Slack bot + extraArgs: [] + service: # -- Service annotations for Slack bot annotations: {} From 790438efebf423c2d56cb4b93471f4adb3fcd448 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sat, 28 Jan 2023 00:18:43 +0100 Subject: [PATCH 043/768] chore(argo-cd): Upgrade redis to 7.0.7 to avoid CVE-2022-3996 (#1803) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2b9d215f..fb267492 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.8 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.9 +version: 5.19.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Added logFormat, logLevel and extraArgs to Slack bot" + - "[Security]: Upgrade redis to 7.0.7 to avoid CVE-2022-3996" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 54a11752..a7c8c287 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -874,7 +874,7 @@ server: | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.5-alpine"` | Redis tag | +| redis.image.tag | string | `"7.0.7-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.metrics.enabled | bool | `false` | Deploy metrics service | @@ -932,7 +932,7 @@ The main options are listed here: | redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | -| redis-ha.image.tag | string | `"7.0.5-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1a6bdda4..5cff8168 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -987,7 +987,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.5-alpine + tag: 7.0.7-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1218,7 +1218,7 @@ redis-ha: enabled: true image: # -- Redis tag - tag: 7.0.5-alpine + tag: 7.0.7-alpine ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: From 369136b69a7c41c395a8d701195333708b4d6459 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 28 Jan 2023 22:40:50 +0900 Subject: [PATCH 044/768] chore(argo-cd): Update Argo CD to v2.5.9 (#1805) --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fb267492..4056760b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.5.8 +appVersion: v2.5.9 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.10 +version: 5.19.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Security]: Upgrade redis to 7.0.7 to avoid CVE-2022-3996" + - "[Changed]: Update Argo CD to v2.5.9" From 231cfcb20a92a66ad6de5e3f8faaa420c810c854 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 29 Jan 2023 06:16:13 -0600 Subject: [PATCH 045/768] chore(argo-events): Upgrade Argo Events to v1.7.5 (#1809) --- charts/argo-events/Chart.yaml | 6 +++--- .../templates/argo-events-controller/rbac.yaml | 12 +++++++++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 757a3608..c98ab3ae 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.4 +appVersion: v1.7.5 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.1.0 +version: 2.1.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,4 +15,4 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Additional manifests to deploy within the chart" + - "[Changed]: Update Argo Events to v1.7.5" diff --git a/charts/argo-events/templates/argo-events-controller/rbac.yaml b/charts/argo-events/templates/argo-events-controller/rbac.yaml index c69c4419..1d9a2e55 100644 --- a/charts/argo-events/templates/argo-events-controller/rbac.yaml +++ b/charts/argo-events/templates/argo-events-controller/rbac.yaml @@ -71,7 +71,6 @@ rules: - pods - pods/exec - configmaps - - secrets - services - persistentvolumeclaims verbs: @@ -82,6 +81,17 @@ rules: - update - patch - delete +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - update + - patch + - delete - apiGroups: - apps resources: From c7b972c3afb283c50b250ea9856760c9f5539b35 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 30 Jan 2023 00:23:04 +0900 Subject: [PATCH 046/768] fix(argo-cd): Align changelog structure to show changelogs on Artifact Hub (#1810) fixed(argo-cd): Align changelog structure to show changelogs on Artifact Hub Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4056760b..8f9c7d79 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.9 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.11 +version: 5.19.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,4 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Update Argo CD to v2.5.9" + - kind: fixed + description: Align changelog structure to show changelogs on Artifact Hub From b6922aed2fc4d87a162e23f64dd8d36410031b41 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 30 Jan 2023 01:01:21 +0900 Subject: [PATCH 047/768] fix(github): Align changelog structure to show changelogs on Artifact Hub (#1811) fix(doc): Align changelog structure to show changelogs on Artifact Hub Signed-off-by: yu-croco --- CONTRIBUTING.md | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f8753d60..535bbbb3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -80,21 +80,35 @@ Changes on a chart must be documented in a chart specific changelog in the `Char A new `artifacthub.io/changes` needs to be written covering only the changes since the previous release. -Each change requires a new bullet point following the pattern `- "[{type}]: {description}"`. You can use the following template: +Each change requires a new bullet point following the pattern. See more information [Artifact Hub annotations in Helm Chart.yaml file](https://artifacthub.io/docs/topics/annotations/helm/). + +```yaml +- kind: {type} + description: {description} +``` + +You can use the following template: ```yaml name: argo-cd -version: 3.4.1 +version: 5.19.12 ... annotations: artifacthub.io/changes: | - - "[Added]: Something New was added" - - "[Changed]: Changed Something within this chart" - - "[Changed]: Changed Something else within this chart" - - "[Deprecated]: Something deprecated" - - "[Removed]: Something was removed" - - "[Fixed]: Something was fixed" - - "[Security]: Some Security Patch was included" + - kind: added + description: Something New was added + - kind: changed + description: Changed Something within this chart + - kind: changed + description: Changed Something else within this chart + - kind: deprecated + description: Something deprecated + - kind: removed + description: Something was removed + - kind: fixed + description: Something was fixed + - kind: security + description: Some Security Patch was included ``` ## Testing From bdbfaa25233e7db0a3c0a3c1b440b0146e2955b4 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 30 Jan 2023 03:48:27 +0900 Subject: [PATCH 048/768] fix(argo-workflows): Align changelog structure to show changelogs on Artifact Hub (#1812) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 25aa9fd6..37846bed 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.8 +version: 0.22.9 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,4 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Helm helper function to allow image registry to be absent" + - kind: fixed + description: Align changelog structure to show changelogs on Artifact Hub From 4c018a495450e9de40d9b24b32c1dcc557449bf3 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 29 Jan 2023 12:59:32 -0600 Subject: [PATCH 049/768] fix(argocd-image-updater): Align changelog structure (#1816) --- charts/argocd-image-updater/Chart.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 5147ea82..c88296f1 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.8.2 +version: 0.8.3 appVersion: v0.12.0 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -15,4 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Changed]: avoid app.kubernetes.io/version kubernetes label from exceeding maximum length (63)" + - kind: fixed + description: Align changelog structure to show changelogs on Artifact Hub From f299ae3025f547c150a0d031db36382988fc01d1 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 29 Jan 2023 13:07:33 -0600 Subject: [PATCH 050/768] fix(argo-events): Align changelog structure (#1813) relates to #1808 Was fixed already for [argo-cd](https://github.com/argoproj/argo-helm/pull/1810) and [argo-workflows](https://github.com/argoproj/argo-helm/pull/1812) Signed-off-by: jmeridth --- charts/argo-events/Chart.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index c98ab3ae..160f6cf6 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.5 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.1.1 +version: 2.1.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,4 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Changed]: Update Argo Events to v1.7.5" + - kind: fixed + description: Align changelog structure to show changelogs on Artifact Hub From e3ae99b74db033c659f1962392ca14a107af730b Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 29 Jan 2023 13:14:11 -0600 Subject: [PATCH 051/768] fix(argo-rollouts): Align changelog structure (#1814) relates to #1808 Signed-off-by: jmeridth --- charts/argo-rollouts/Chart.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index a9968a4f..2beb83ff 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.4.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.22.1 +version: 2.22.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,4 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Flags to toggle provider-specific RBAC rules in Role and ClusterRole" + - kind: fixed + description: Align changelog structure to show changelogs on Artifact Hub From 8a1c4f0ad6cad127e7148509a5087a1a5bf51075 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 29 Jan 2023 13:17:35 -0600 Subject: [PATCH 052/768] fix(argocd-apps): Align changelog structure (#1815) relates to #1808 Signed-off-by: jmeridth Co-authored-by: Petr Drastil --- charts/argocd-apps/Chart.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 4f2d82be..422dc686 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 0.0.6 +version: 0.0.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -14,4 +14,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - "[Added]: Changelog link on README" + - kind: fixed + description: Align changelog structure to show changelogs on Artifact Hub From 28abc348ac60863cca9f099d4e33ab209c1a96aa Mon Sep 17 00:00:00 2001 From: Ben Hayden Date: Wed, 1 Feb 2023 15:07:07 -0600 Subject: [PATCH 053/768] chore(argocd-image-updater): Update Argo CD Image Updater to v0.12.2 (#1819) Signed-off-by: Ben Hayden --- charts/argocd-image-updater/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index c88296f1..5d599c41 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.8.3 -appVersion: v0.12.0 +version: 0.8.4 +appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: Align changelog structure to show changelogs on Artifact Hub + - kind: changed + description: Update Argo CD Image Updater to v0.12.2 From 92f83fca3ef11fe1ba144bd106867ff23435ebeb Mon Sep 17 00:00:00 2001 From: ArsenyBelorukov <52857617+ArsenyBelorukov@users.noreply.github.com> Date: Thu, 2 Feb 2023 04:11:10 +0000 Subject: [PATCH 054/768] fix(argo-cd): fixed maxUnavailable value in redis-PDB (#1820) fixed maxUnavailable value in redis-PDB Signed-off-by: ArsenyBelorukov Co-authored-by: Jason Meridth --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/redis/pdb.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8f9c7d79..118ed99e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.9 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.12 +version: 5.19.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: fixed - description: Align changelog structure to show changelogs on Artifact Hub + description: Fixed maxUnavailable value in redis-PDB diff --git a/charts/argo-cd/templates/redis/pdb.yaml b/charts/argo-cd/templates/redis/pdb.yaml index 8be05f93..223c5758 100644 --- a/charts/argo-cd/templates/redis/pdb.yaml +++ b/charts/argo-cd/templates/redis/pdb.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} {{- end }} spec: - {{- with .Values.dex.pdb.maxUnavailable }} + {{- with .Values.redis.pdb.maxUnavailable }} maxUnavailable: {{ . }} {{- else }} minAvailable: {{ .Values.redis.pdb.minAvailable | default 0 }} From 5687377d8ff4bcd8095207a1480dbbff13d7e117 Mon Sep 17 00:00:00 2001 From: Marcel Hoyer Date: Thu, 2 Feb 2023 22:56:18 +0100 Subject: [PATCH 055/768] chore(argo-cd): Update Argo CD to v2.5.10 (#1822) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 118ed99e..37c612bc 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.5.9 +appVersion: v2.5.10 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.13 +version: 5.19.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Fixed maxUnavailable value in redis-PDB + - kind: changed + description: Update Argo CD to v2.5.10 From 05c79e322a6d1f54a70840dd9649d9b9cb5ef8a2 Mon Sep 17 00:00:00 2001 From: Tone Date: Mon, 6 Feb 2023 05:40:13 +0100 Subject: [PATCH 056/768] feat(argo-cd): Configurable `dnsPolicy` / `hostNetwork` (#1821) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 6 ++++++ .../statefulset.yaml | 2 ++ .../argocd-repo-server/deployment.yaml | 2 ++ .../templates/argocd-server/deployment.yaml | 2 ++ charts/argo-cd/values.yaml | 18 ++++++++++++++++++ 6 files changed, 33 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 37c612bc..ce2b91c1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.5.10 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.14 +version: 5.19.15 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Update Argo CD to v2.5.10 + - kind: added + description: Configurable dnsPolicy / hostNetwork diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index a7c8c287..02482d75 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -464,10 +464,12 @@ NAME: my-release | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | | controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | +| controller.hostNetwork | bool | `false` | Host Network for application controller pods | | controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | | controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | | controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller | @@ -543,10 +545,12 @@ NAME: my-release | repoServer.containerPorts.server | int | `8081` | Repo server container port | | repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | | repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | | repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | | repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | | repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | +| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods | | repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server | | repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server | | repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | @@ -643,6 +647,7 @@ NAME: my-release | server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | | server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | @@ -653,6 +658,7 @@ NAME: my-release | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | +| server.hostNetwork | bool | `false` | Host Network for Server pods | | server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server | | server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server | | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index d853a856..634431dd 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -312,3 +312,5 @@ spec: {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} + hostNetwork: {{ .Values.controller.hostNetwork }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index c786d714..a39c007c 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -356,3 +356,5 @@ spec: {{- with .Values.repoServer.priorityClassName }} priorityClassName: {{ . }} {{- end }} + hostNetwork: {{ .Values.repoServer.hostNetwork }} + dnsPolicy: {{ .Values.repoServer.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 2f510bc3..aa06bf25 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -415,3 +415,5 @@ spec: {{- with .Values.server.priorityClassName }} priorityClassName: {{ . }} {{- end }} + hostNetwork: {{ .Values.server.hostNetwork }} + dnsPolicy: {{ .Values.server.dnsPolicy }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5cff8168..c3f6fdab 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -580,6 +580,12 @@ controller: # -- Metrics container port metrics: 8082 + # -- Host Network for application controller pods + hostNetwork: false + + # -- Alternative DNS policy for application controller pods + dnsPolicy: "ClusterFirst" + # -- Application controller container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -1448,6 +1454,12 @@ server: # -- Metrics container port metrics: 8082 + # -- Host Network for Server pods + hostNetwork: false + + # -- Alternative DNS policy for Server pods + dnsPolicy: "ClusterFirst" + # -- Server container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -1931,6 +1943,12 @@ repoServer: # -- Metrics container port metrics: 8084 + # -- Host Network for Repo server pods + hostNetwork: false + + # -- Alternative DNS policy for Repo server pods + dnsPolicy: "ClusterFirst" + # -- Repo server container-level security context # @default -- See [values.yaml] containerSecurityContext: From 0d3150ce670346e07533965e0beec8e62fabffce Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 7 Feb 2023 16:02:23 +0100 Subject: [PATCH 057/768] feat(argo-cd): Upgrade Argo CD to 2.6.0 (#1758) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 10 +- charts/argo-cd/README.md | 7 +- charts/argo-cd/templates/NOTES.txt | 12 + charts/argo-cd/templates/_helpers.tpl | 5 +- .../argocd-applicationset/deployment.yaml | 78 +- .../templates/argocd-server/deployment.yaml | 6 + .../templates/crds/crd-application.yaml | 1862 +++++++- .../templates/crds/crd-applicationset.yaml | 4048 ++++++++++++++++- charts/argo-cd/values.yaml | 22 +- 9 files changed, 6001 insertions(+), 49 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ce2b91c1..c5f6c5fb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.5.10 +appVersion: v2.6.0 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.19.15 +version: 5.20.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,7 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Configurable dnsPolicy / hostNetwork + - kind: changed + description: Upgrade Argo CD to 2.6.0 + - kind: deprecated + description: ApplicationSet args, logFormat and logLevel superseded by configs.params diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 02482d75..652620e5 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -415,6 +415,8 @@ NAME: my-release | configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | | configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | +| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | | configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | | configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | @@ -971,8 +973,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` | Assign custom [affinity] rules | -| applicationSet.args.dryRun | bool | `false` | Enable dry run mode | -| applicationSet.args.policy | string | `"sync"` | How application is synced between the generator and the cluster | +| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | @@ -996,8 +997,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | applicationSet.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| applicationSet.logFormat | string | `""` (defaults to global.logging.format) | ApplicationSet controller log format. Either `text` or `json` | -| applicationSet.logLevel | string | `""` (defaults to global.logging.level) | ApplicationSet controller log level. One of: `debug`, `info`, `warn`, `error` | | applicationSet.metrics.enabled | bool | `false` | Deploy metrics service | | applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations | | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 210cf3bb..002d3844 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -76,6 +76,18 @@ DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations {{- if hasKey .Values.configs "tlsCerts" }} DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates {{- end }} +{{- if .Values.applicationSet.logFormat }} +DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format +{{- end }} +{{- if .Values.applicationSet.logLevel }} +DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level +{{- end }} +{{- if .Values.applicationSet.args.policy }} +DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy +{{- end }} +{{- if .Values.applicationSet.args.dryRun }} +DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun +{{- end }} {{- if .Values.controller.service }} REMOVED option controller.service - Use controller.metrics {{- end }} diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index bdfa010b..bd99fc9d 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -202,10 +202,13 @@ redis.server: {{ . | quote }} server.dex.server: {{ include "argo-cd.dex.server" . | quote }} server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }} {{- end }} -{{- range $component := tuple "controller" "server" "reposerver" }} +{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" }} {{ $component }}.log.format: {{ $.Values.global.logging.format | quote }} {{ $component }}.log.level: {{ $.Values.global.logging.level | quote }} {{- end }} +{{- if .Values.applicationSet.enabled }} +applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.replicaCount | int64) 1 }} +{{- end }} {{- end -}} {{/* diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 6fd9170c..82324f4d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -54,14 +54,20 @@ spec: - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} - - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - - --enable-leader-election={{ gt ( .Values.applicationSet.replicaCount | int64) 1 }} - - --policy={{ .Values.applicationSet.args.policy }} - - --dry-run={{ .Values.applicationSet.args.dryRun }} + {{- with .Values.applicationSet.args.policy }} + - --policy={{ . }} + {{- end }} + {{- with .Values.applicationSet.args.dryRun }} + - --dry-run={{ . }} + {{- end }} + {{- with .Values.applicationSet.logFormat }} - --logformat - - {{ default .Values.global.logging.format .Values.applicationSet.logFormat }} + - {{ . }} + {{- end }} + {{- with .Values.applicationSet.logLevel }} - --loglevel - - {{ default .Values.global.logging.level .Values.applicationSet.logLevel }} + - {{ . }} + {{- end }} {{- with .Values.applicationSet.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} @@ -73,6 +79,66 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespace + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.rollouts + name: argocd-cmd-params-cm + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index aa06bf25..b0ed47d4 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -262,6 +262,12 @@ spec: name: argocd-cmd-params-cm key: application.namespaces optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.proxy.extension + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 23f9b6b3..ae0f7295 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -151,6 +151,14 @@ spec: which to sync the application to If omitted, will use the revision specified in app spec. type: string + revisions: + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. + items: + type: string + type: array source: description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and @@ -366,7 +374,35 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -380,6 +416,271 @@ spec: required: - repoURL type: object + sources: + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. + type: string + required: + - repoURL + type: object + type: array syncOptions: description: SyncOptions provide per-sync sync-options, e.g. Validate=false items: @@ -711,7 +1012,32 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -725,6 +1051,264 @@ spec: required: - repoURL type: object + sources: + description: Sources is a reference to the location of the application's + manifests or chart + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being + used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to + force applying common annotations to resources for Kustomize + apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array syncPolicy: description: SyncPolicy controls when and how a sync will be performed properties: @@ -747,6 +1331,19 @@ spec: (default: false)' type: boolean type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: description: Retry controls failed sync retry behavior properties: @@ -784,7 +1381,6 @@ spec: required: - destination - project - - source type: object status: description: ApplicationStatus contains status information for the application @@ -850,6 +1446,12 @@ spec: description: Revision holds the revision the sync was performed against type: string + revisions: + description: Revisions holds the revision of each source in + sources field the sync was performed against + items: + type: string + type: array source: description: Source is a reference to the application source used for the sync operation @@ -1067,7 +1669,35 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -1082,10 +1712,278 @@ spec: required: - repoURL type: object + sources: + description: Sources is a reference to the application sources + used for the sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. + type: string + required: + - repoURL + type: object + type: array required: - deployedAt - id - - revision type: object type: array observedAt: @@ -1208,6 +2106,14 @@ spec: (Helm) which to sync the application to If omitted, will use the revision specified in app spec. type: string + revisions: + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. + items: + type: string + type: array source: description: Source overrides the source definition set in the application. This is typically set in a Rollback @@ -1440,7 +2346,37 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -1455,6 +2391,291 @@ spec: required: - repoURL type: object + sources: + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required + information about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles + do not exist locally by not appending them + to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during manifest + generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource + definition installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to + be passed to helm template, typically defined + as a block + type: string + version: + description: Version is the Helm version to + use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of + additional annotations to add to rendered + manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the + Git repository, and is only valid for applications + sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the + variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an + array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map + type parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a + string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source + within sources field. This field will not be used + if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array syncOptions: description: SyncOptions provide per-sync sync-options, e.g. Validate=false @@ -1564,6 +2785,12 @@ spec: description: Revision holds the revision this sync operation was performed to type: string + revisions: + description: Revisions holds the revision this sync operation + was performed for respective indexed source in sources field + items: + type: string + type: array source: description: Source records the application source information of the sync, used for comparing auto-sync @@ -1784,7 +3011,37 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -1799,6 +3056,284 @@ spec: required: - repoURL type: object + sources: + description: Source records the application source information + of the sync, used for comparing auto-sync + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block + type: string + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array required: - revision type: object @@ -1862,6 +3397,14 @@ spec: sourceType: description: SourceType specifies the type of this application type: string + sourceTypes: + description: SourceTypes specifies the type of the sources included + in the application + items: + description: ApplicationSourceType specifies the type of the application's + source + type: string + type: array summary: description: Summary contains a list of URLs and container images used by this application @@ -2125,7 +3668,37 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -2140,14 +3713,297 @@ spec: required: - repoURL type: object + sources: + description: Sources is a reference to the application's multiple + sources used for comparison + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block + type: string + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array required: - destination - - source type: object revision: description: Revision contains information about the revision the comparison has been performed to type: string + revisions: + description: Revisions contains information about the revisions + of multiple sources the comparison has been performed to + items: + type: string + type: array status: description: Status is the sync state of the comparison type: string diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 48dd57c5..7a15b67d 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -278,7 +278,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -286,6 +305,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -297,6 +475,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -321,7 +510,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -565,7 +753,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -573,6 +780,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -584,6 +950,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -608,7 +985,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -641,6 +1017,8 @@ spec: - path type: object type: array + pathParamPrefix: + type: string repoURL: type: string requeueAfterSeconds: @@ -854,7 +1232,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -862,6 +1259,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -873,6 +1429,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -897,13 +1464,13 @@ spec: required: - destination - project - - source type: object required: - metadata - spec type: object required: + - pathParamPrefix - repoURL - revision type: object @@ -1119,7 +1686,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -1127,6 +1713,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -1138,6 +1883,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -1162,7 +1918,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -1414,7 +2169,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -1422,6 +2196,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -1433,6 +2366,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -1457,7 +2401,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -1701,7 +2644,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -1709,6 +2671,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -1720,6 +2841,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -1744,7 +2876,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -1777,6 +2908,8 @@ spec: - path type: object type: array + pathParamPrefix: + type: string repoURL: type: string requeueAfterSeconds: @@ -1990,7 +3123,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -1998,6 +3150,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -2009,6 +3320,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2033,13 +3355,13 @@ spec: required: - destination - project - - source type: object required: - metadata - spec type: object required: + - pathParamPrefix - repoURL - revision type: object @@ -2255,7 +3577,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -2263,6 +3604,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -2274,6 +3774,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2298,7 +3809,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -2638,7 +4148,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -2646,6 +4175,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -2657,6 +4345,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2681,7 +4380,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -3068,7 +4766,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -3076,6 +4793,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -3087,6 +4963,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3111,7 +4998,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -3349,7 +5235,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -3357,6 +5262,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -3368,6 +5432,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3392,7 +5467,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -3644,7 +5718,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -3652,6 +5745,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -3663,6 +5915,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3687,7 +5950,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -3931,7 +6193,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -3939,6 +6220,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -3950,6 +6390,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3974,7 +6425,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -4007,6 +6457,8 @@ spec: - path type: object type: array + pathParamPrefix: + type: string repoURL: type: string requeueAfterSeconds: @@ -4220,7 +6672,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -4228,6 +6699,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -4239,6 +6869,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4263,13 +6904,13 @@ spec: required: - destination - project - - source type: object required: - metadata - spec type: object required: + - pathParamPrefix - repoURL - revision type: object @@ -4485,7 +7126,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -4493,6 +7153,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -4504,6 +7323,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4528,7 +7358,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -4868,7 +7697,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -4876,6 +7724,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -4887,6 +7894,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4911,7 +7929,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -5298,7 +8315,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -5306,6 +8342,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -5317,6 +8512,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5341,7 +8547,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -5583,7 +8788,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -5591,6 +8815,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -5602,6 +8985,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5626,7 +9020,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -5963,7 +9356,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -5971,6 +9383,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -5982,6 +9553,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6006,7 +9588,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -6393,7 +9974,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -6401,6 +10001,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -6412,6 +10171,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6436,7 +10206,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -6470,6 +10239,37 @@ spec: type: array goTemplate: type: boolean + strategy: + properties: + rollingSync: + properties: + steps: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: array + type: object + type: + type: string + type: object syncPolicy: properties: preserveResourcesOnDeletion: @@ -6681,7 +10481,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -6689,6 +10508,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -6700,6 +10678,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6724,7 +10713,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -6736,6 +10724,24 @@ spec: type: object status: properties: + applicationStatus: + items: + properties: + application: + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + required: + - application + - message + - status + type: object + type: array conditions: items: properties: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c3f6fdab..6e885f10 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -205,6 +205,12 @@ configs: # -- Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. reposerver.parallelism.limit: 0 + ## ApplicationSet Properties + # -- Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` + applicationsetcontroller.policy: sync + # -- Enables use of the Progressive Syncs capability + applicationsetcontroller.enable.progressive.syncs: false + # Argo CD RBAC policy configuration ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md rbac: @@ -2147,18 +2153,14 @@ applicationSet: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- ApplicationSet controller log format. Either `text` or `json` - # @default -- `""` (defaults to global.logging.format) - logFormat: "" - # -- ApplicationSet controller log level. One of: `debug`, `info`, `warn`, `error` - # @default -- `""` (defaults to global.logging.level) - logLevel: "" - - args: + # -- DEPRECATED - ApplicationSet controller command line flags + args: {} + # DEPRECATED - Use configs.params.applicationsetcontroller.policy to override # -- How application is synced between the generator and the cluster - policy: sync + # policy: sync + # DEPRECATED - Use configs.params.applicationsetcontroller.dryrun to override # -- Enable dry run mode - dryRun: false + # dryRun: false # -- List of extra cli args to add extraArgs: [] From b1be8fabd462229b0f5acfad528208eed6146c2d Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Tue, 7 Feb 2023 09:11:10 -0600 Subject: [PATCH 058/768] chore(argo-workflows): Update Argo Workflows to v3.4.5 (#1828) Signed-off-by: jmeridth Co-authored-by: Petr Drastil --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 37846bed..8ba37092 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.4 +appVersion: v3.4.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.9 +version: 0.22.10 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: Align changelog structure to show changelogs on Artifact Hub + - kind: changed + description: Upgrade Argo Workflows to v3.4.5 From 3bede30d3909a2c3d0c48aef3ccc6ddb4a557730 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 8 Feb 2023 02:09:40 +0100 Subject: [PATCH 059/768] fix(argo-cd): Fix ApplicationSet CRD for pathParamPrefix (#1829) fix(argo-cd): Fix ApplicationSet CRD for pathParamPrefix Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 8 +++----- charts/argo-cd/templates/crds/crd-applicationset.yaml | 6 +++--- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c5f6c5fb..af4de156 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.0 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.20.0 +version: 5.20.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,7 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to 2.6.0 - - kind: deprecated - description: ApplicationSet args, logFormat and logLevel superseded by configs.params + - kind: fixed + description: Sync latest ApplicationSet CRD diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 7a15b67d..43452242 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -1470,7 +1470,6 @@ spec: - spec type: object required: - - pathParamPrefix - repoURL - revision type: object @@ -3361,7 +3360,6 @@ spec: - spec type: object required: - - pathParamPrefix - repoURL - revision type: object @@ -6910,7 +6908,6 @@ spec: - spec type: object required: - - pathParamPrefix - repoURL - revision type: object @@ -10736,10 +10733,13 @@ spec: type: string status: type: string + step: + type: string required: - application - message - status + - step type: object type: array conditions: From e17d218600091b20a57310df07fbba2d35ae715f Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 8 Feb 2023 17:41:16 +0100 Subject: [PATCH 060/768] docs(argo-cd): Remove incorrect deprecation note (#1830) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/NOTES.txt | 3 --- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index af4de156..47438c33 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.0 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.20.1 +version: 5.20.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Sync latest ApplicationSet CRD + - kind: removed + description: Removed incorrect deprecation note diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 002d3844..d79d95f0 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -52,9 +52,6 @@ DEPRECATED option configs.gpgKeys - Use config.gpg.keys {{- if .Values.configs.gpgKeysAnnotations }} DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations {{- end }} -{{- if hasKey .Values "createAggregateRoles" }} -DEPRECATED option createAggregateRoles - Use global.rbac.aggregatedRoles -{{- end }} {{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }} DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles {{- end }} From eb102d27aa1f84811e4873a781d867ba81cb3cfd Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Wed, 8 Feb 2023 15:14:07 -0500 Subject: [PATCH 061/768] feat(argo-cd): Upgrade Argo CD to 2.6.1 (#1832) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 47438c33..321bd352 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.6.0 +appVersion: v2.6.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.20.2 +version: 5.20.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: removed - description: Removed incorrect deprecation note + - kind: changed + description: Upgrade Argo CD to 2.6.1 From 31768175b92e708ebb447dace0a54e1b0df1a7ef Mon Sep 17 00:00:00 2001 From: toyamagu <83329336+toyamagu-2021@users.noreply.github.com> Date: Fri, 10 Feb 2023 07:43:38 +0900 Subject: [PATCH 062/768] feat(argocd-apps): multiple sources for Application and ApplicationSet (#1831) * feat(argocd-apps): multiple sources for application and applicationset Signed-off-by: toyamagu * fix typo Signed-off-by: toyamagu2021@gmail.com --------- Signed-off-by: toyamagu Signed-off-by: toyamagu2021@gmail.com Co-authored-by: Aikawa --- charts/argocd-apps/Chart.yaml | 6 ++-- .../applications-multiple-sources-values.yaml | 28 +++++++++++++++++ .../argocd-apps/ci/applications-values.yaml | 30 +++++++++++++++++++ ...plicationsets-multiple-sources-values.yaml | 24 +++++++++++++++ .../ci/applicationsets-values.yaml | 3 +- .../argocd-apps/templates/applications.yaml | 8 ++++- .../templates/applicationsets.yaml | 8 ++++- charts/argocd-apps/values.yaml | 8 +++++ 8 files changed, 108 insertions(+), 7 deletions(-) create mode 100644 charts/argocd-apps/ci/applications-multiple-sources-values.yaml create mode 100644 charts/argocd-apps/ci/applications-values.yaml create mode 100644 charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 422dc686..1a2c0914 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 0.0.7 +version: 0.0.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -14,5 +14,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: Align changelog structure to show changelogs on Artifact Hub + - kind: added + description: Multiple sources for Application and ApplicationSet diff --git a/charts/argocd-apps/ci/applications-multiple-sources-values.yaml b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml new file mode 100644 index 00000000..4d21403b --- /dev/null +++ b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml @@ -0,0 +1,28 @@ +# Test with multi-source applications + +applications: +- name: argocd-application-multiple-sources + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas diff --git a/charts/argocd-apps/ci/applications-values.yaml b/charts/argocd-apps/ci/applications-values.yaml new file mode 100644 index 00000000..4d708a16 --- /dev/null +++ b/charts/argocd-apps/ci/applications-values.yaml @@ -0,0 +1,30 @@ +# Test with applications + +applications: +- name: argocd-application + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ diff --git a/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml new file mode 100644 index 00000000..f1dd7cda --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml @@ -0,0 +1,24 @@ +# Test with multi-source applicationsets + +applicationsets: +- name: applicationset-multiple-sources + generators: + - list: + elements: + - cluster: default-cluster + url: https://kubernetes.default.svc + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: '{{url}}' + namespace: default diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index a76ed41a..2258f422 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -1,8 +1,7 @@ # Test with applicationsets applicationsets: -- name: guestbook - namespace: default # Only for test purpose. +- name: applicationset additionalLabels: {} additionalAnnotations: {} # See PR #10026 (ArgoCD v2.5 or later) diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml index ea63fc25..fee643d8 100644 --- a/charts/argocd-apps/templates/applications.yaml +++ b/charts/argocd-apps/templates/applications.yaml @@ -23,8 +23,14 @@ metadata: {{- end }} spec: project: {{ tpl .project $ }} + {{- with .source }} source: - {{- toYaml .source | nindent 4 }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .sources }} + sources: + {{- toYaml . | nindent 4 }} + {{- end }} destination: {{- toYaml .destination | nindent 4 }} {{- with .syncPolicy }} diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index 20898d0a..aa7a3b79 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -52,8 +52,14 @@ spec: {{- with .spec }} spec: project: {{ tpl .project $ }} + {{- with .source }} source: - {{- toYaml .source | nindent 8 }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .sources }} + sources: + {{- toYaml . | nindent 8 }} + {{- end }} destination: {{- toYaml .destination | nindent 8 }} {{- with .syncPolicy }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index b3eaa5d2..62a2509c 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -15,6 +15,14 @@ applications: [] # path: guestbook # directory: # recurse: true +# # ArgoCD v2.6 or later +# sources: +# - chart: elasticsearch +# repoURL: https://helm.elastic.co +# targetRevision: 8.5.1 +# - repoURL: https://github.com/argoproj/argocd-example-apps.git +# path: guestbook +# targetRevision: HEAD # destination: # server: https://kubernetes.default.svc # namespace: guestbook From c08fc230d75c85b2c9a07138c5c7b7bc957b98df Mon Sep 17 00:00:00 2001 From: Vlad Losev Date: Thu, 9 Feb 2023 21:31:49 -0800 Subject: [PATCH 063/768] fix(argo-workflows): clean subresource permissions (#1835) --- charts/argo-workflows/Chart.yaml | 4 ++-- .../controller/workflow-controller-cluster-roles.yaml | 7 ++++++- .../templates/server/server-cluster-roles.yaml | 9 +++++++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 8ba37092..0fe6953a 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.10 +version: 0.22.11 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Workflows to v3.4.5 + description: Cleaned RBAC permissions for subresources (pods/log, pods/exec). diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 34f91c0d..bb08306b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -14,7 +14,6 @@ rules: - "" resources: - pods - - pods/exec verbs: - create - get @@ -23,6 +22,12 @@ rules: - update - patch - delete +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create - apiGroups: - "" resources: diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index c3c4e688..c7d18f50 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -23,13 +23,18 @@ rules: - "" resources: - pods - - pods/exec - - pods/log verbs: - get - list - watch - delete +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list {{- if .Values.server.sso }} - apiGroups: - "" From a915e774a53edfb76b654e214aa5de794bf419b2 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Mon, 13 Feb 2023 12:22:15 +0100 Subject: [PATCH 064/768] fix(argo-cd): Fix invalid progressive sync parameter (#1839) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-applicationset/deployment.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 321bd352..40aed46f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.20.3 +version: 5.20.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to 2.6.1 + - kind: fixed + description: Fixed invalid ApplicationSet progressive sync parameter diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 82324f4d..ff99bd07 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -136,7 +136,7 @@ spec: - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS valueFrom: configMapKeyRef: - key: applicationsetcontroller.enable.progressive.rollouts + key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true {{- with .Values.applicationSet.extraEnvFrom }} From 4a56a4d7f019f61a4aa2ee348562998f1aa34870 Mon Sep 17 00:00:00 2001 From: nicogl Date: Tue, 14 Feb 2023 09:21:29 -0300 Subject: [PATCH 065/768] fix(argo-cd): Add quotes on Ingress Host to allow wildcards (#1841) * Add quotes on Ingress Host to allow wildcards Signed-off-by: nicogl * Update Chart.yaml Signed-off-by: nicogl --------- Signed-off-by: nicogl --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 40aed46f..8bb57d7d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.20.4 +version: 5.20.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: fixed - description: Fixed invalid ApplicationSet progressive sync parameter + description: Fixed missing quotes on Ingress host diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 52269d0a..0e064b0b 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -29,7 +29,7 @@ spec: rules: {{- if .Values.server.ingress.hosts }} {{- range $host := .Values.server.ingress.hosts }} - - host: {{ $host }} + - host: {{ $host | quote }} http: paths: {{- with $extraPaths }} From d59ae7bd757f43ad73b118628c732f7da717e7de Mon Sep 17 00:00:00 2001 From: Loris Date: Wed, 15 Feb 2023 01:11:16 +0100 Subject: [PATCH 066/768] feat(argo-cd): Add dnsConfig and dnsPolicy for pods (#1773) feat(argo-cd): Add dnsConfig and dnsPolicy for pods (#1771) Signed-off-by: Loris Torikian Co-authored-by: Loris Torikian Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 6 ++-- charts/argo-cd/README.md | 14 +++++++++ charts/argo-cd/README.md.gotmpl | 1 + .../statefulset.yaml | 4 +++ .../argocd-applicationset/deployment.yaml | 5 +++ .../bots/slack/deployment.yaml | 5 +++ .../argocd-notifications/deployment.yaml | 5 +++ .../argocd-repo-server/deployment.yaml | 4 +++ .../templates/argocd-server/deployment.yaml | 4 +++ charts/argo-cd/templates/dex/deployment.yaml | 5 +++ .../argo-cd/templates/redis/deployment.yaml | 5 +++ charts/argo-cd/values.yaml | 31 +++++++++++++++++++ 12 files changed, 86 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8bb57d7d..8b857298 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.20.5 +version: 5.21.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Fixed missing quotes on Ingress host + - kind: added + description: Allow dnsConfig pod configuration diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 652620e5..fe125210 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -466,6 +466,7 @@ NAME: my-release | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| controller.dnsConfig | object | `{}` | [DNS configuration] | | controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | @@ -547,6 +548,7 @@ NAME: my-release | repoServer.containerPorts.server | int | `8081` | Repo server container port | | repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | | repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| repoServer.dnsConfig | object | `{}` | [DNS configuration] | | repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | | repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | @@ -649,6 +651,7 @@ NAME: my-release | server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| server.dnsConfig | object | `{}` | [DNS configuration] | | server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | | server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | @@ -794,6 +797,8 @@ server: | dex.containerPorts.metrics | int | `5558` | Metrics container port | | dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context | | dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment | +| dex.dnsConfig | object | `{}` | [DNS configuration] | +| dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | | dex.enabled | bool | `true` | Enable dex | | dex.env | list | `[]` | Environment variables to pass to the Dex server | | dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server | @@ -869,6 +874,8 @@ server: | redis.containerPorts.redis | int | `6379` | Redis container port | | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | | redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment | +| redis.dnsConfig | object | `{}` | [DNS configuration] | +| redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods | | redis.enabled | bool | `true` | Enable redis | | redis.env | list | `[]` | Environment variables to pass to the Redis server | | redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server | @@ -979,6 +986,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | | applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment | +| applicationSet.dnsConfig | object | `{}` | [DNS configuration] | +| applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | | applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | | applicationSet.extraArgs | list | `[]` | List of extra cli args to add | | applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | @@ -1058,6 +1067,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | | notifications.bots.slack.affinity | object | `{}` | Assign custom [affinity] rules | | notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context | +| notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] | +| notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods | | notifications.bots.slack.enabled | bool | `false` | Enable slack bot | | notifications.bots.slack.extraArgs | list | `[]` | List of extra cli args to add for Slack bot | | notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot | @@ -1085,6 +1096,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | | notifications.context | object | `{}` | Define user-defined context | | notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | +| notifications.dnsConfig | object | `{}` | [DNS configuration] | +| notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods | | notifications.enabled | bool | `true` | Enable notifications controller | | notifications.extraArgs | list | `[]` | Extra arguments to provide to the notifications controller | | notifications.extraContainers | list | `[]` | Additional containers to be added to the notifications controller pod | @@ -1145,6 +1158,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index fde0c0c8..6cec3732 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -521,6 +521,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 634431dd..2ada23b4 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -313,4 +313,8 @@ spec: priorityClassName: {{ . }} {{- end }} hostNetwork: {{ .Values.controller.hostNetwork }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index ff99bd07..ca129ffd 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -230,4 +230,9 @@ spec: emptyDir: {} - name: tmp emptyDir: {} + {{- with .Values.applicationSet.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.applicationSet.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml index 90fcf78c..b9949aab 100644 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml @@ -65,4 +65,9 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.notifications.bots.slack.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.notifications.bots.slack.dnsPolicy }} {{ end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 85d586cc..474dc01d 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -121,4 +121,9 @@ spec: path: tls.key - key: ca.crt path: ca.crt + {{- with .Values.notifications.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.notifications.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index a39c007c..67ad60f9 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -357,4 +357,8 @@ spec: priorityClassName: {{ . }} {{- end }} hostNetwork: {{ .Values.repoServer.hostNetwork }} + {{- with .Values.repoServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} dnsPolicy: {{ .Values.repoServer.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index b0ed47d4..57d1305b 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -422,4 +422,8 @@ spec: priorityClassName: {{ . }} {{- end }} hostNetwork: {{ .Values.server.hostNetwork }} + {{- with .Values.server.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} dnsPolicy: {{ .Values.server.dnsPolicy }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 1b3b4338..9acc0871 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -188,4 +188,9 @@ spec: {{- with .Values.dex.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- with .Values.dex.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dex.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 6f23e44e..ff4b29b1 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -128,4 +128,9 @@ spec: volumes: {{- toYaml . | nindent 8}} {{- end }} + {{- with .Values.redis.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.redis.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6e885f10..f444e21c 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -589,6 +589,8 @@ controller: # -- Host Network for application controller pods hostNetwork: false + # -- [DNS configuration] + dnsConfig: {} # -- Alternative DNS policy for application controller pods dnsPolicy: "ClusterFirst" @@ -890,6 +892,11 @@ dex: # -- Metrics container port metrics: 5558 + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Dex server pods + dnsPolicy: "ClusterFirst" + # -- Dex container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -1106,6 +1113,11 @@ redis: # -- Metrics container port metrics: 9121 + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Redis server pods + dnsPolicy: "ClusterFirst" + # -- Redis container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -1463,6 +1475,8 @@ server: # -- Host Network for Server pods hostNetwork: false + # -- [DNS configuration] + dnsConfig: {} # -- Alternative DNS policy for Server pods dnsPolicy: "ClusterFirst" @@ -1952,6 +1966,8 @@ repoServer: # -- Host Network for Repo server pods hostNetwork: false + # -- [DNS configuration] + dnsConfig: {} # -- Alternative DNS policy for Repo server pods dnsPolicy: "ClusterFirst" @@ -2279,6 +2295,11 @@ applicationSet: # -- Webhook container port webhook: 7000 + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for ApplicationSet controller pods + dnsPolicy: "ClusterFirst" + # -- ApplicationSet controller container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -2549,6 +2570,11 @@ notifications: # -- Metrics container port metrics: 9001 + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for notifications controller Pods + dnsPolicy: "ClusterFirst" + # -- Notification controller container-level security Context # @default -- See [values.yaml] containerSecurityContext: @@ -2930,6 +2956,11 @@ notifications: # -- Annotations applied to created service account annotations: {} + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Slack bot pods + dnsPolicy: "ClusterFirst" + # -- Slack bot container-level security Context # @default -- See [values.yaml] containerSecurityContext: From 70fd1b3fe64e127a28780c33dc25b7f9670be753 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 17 Feb 2023 17:23:33 +0900 Subject: [PATCH 067/768] chore(argo-cd): Upgrade Argo CD to v2.6.2 (#1844) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8b857298..7519bc45 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.6.1 +appVersion: v2.6.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.21.0 +version: 5.21.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Allow dnsConfig pod configuration + - kind: changed + description: Upgrade Argo CD to v2.6.2 From 51386c69be246d233d106ca97d33fda6b63b0caa Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 17 Feb 2023 17:38:17 +0100 Subject: [PATCH 068/768] feat(argo-cd): Add global affinity configuration (#1794) --- charts/argo-cd/Chart.yaml | 6 +-- charts/argo-cd/README.md | 23 +++++--- charts/argo-cd/README.md.gotmpl | 4 ++ charts/argo-cd/templates/_common.tpl | 54 +++++++++++++++++++ .../statefulset.yaml | 6 +-- .../argocd-applicationset/deployment.yaml | 6 +-- .../bots/slack/deployment.yaml | 6 +-- .../argocd-notifications/deployment.yaml | 6 +-- .../argocd-repo-server/deployment.yaml | 6 +-- .../templates/argocd-server/deployment.yaml | 6 +-- charts/argo-cd/templates/dex/deployment.yaml | 4 +- .../argo-cd/templates/redis/deployment.yaml | 4 +- charts/argo-cd/values.yaml | 25 +++++++++ 13 files changed, 115 insertions(+), 41 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7519bc45..76bdbde6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.21.1 +version: 5.22.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.6.2 + - kind: added + description: Global affinity configuration diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index fe125210..2533c180 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.21.0 + +This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. + ### 5.19.0 This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. @@ -381,6 +385,9 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | global.additionalLabels | object | `{}` | Common labels for the all resources | +| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | +| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `soft` or `hard` | +| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `soft` or `hard` | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | @@ -460,7 +467,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | controller.args | object | `{}` | DEPRECATED - Application controller commandline flags | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | @@ -529,7 +536,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| repoServer.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | @@ -622,7 +629,7 @@ NAME: my-release | server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | | server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate | | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | -| server.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | @@ -785,7 +792,7 @@ server: | Key | Type | Default | Description | |-----|------|---------|-------------| -| dex.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret | | dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | | dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) | @@ -869,7 +876,7 @@ server: | Key | Type | Default | Description | |-----|------|---------|-------------| -| redis.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | redis.containerPorts.metrics | int | `9121` | Metrics container port | | redis.containerPorts.redis | int | `6379` | Redis container port | | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | @@ -979,7 +986,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| -| applicationSet.affinity | object | `{}` | Assign custom [affinity] rules | +| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | @@ -1063,9 +1070,9 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| -| notifications.affinity | object | `{}` | Assign custom [affinity] rules | +| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | -| notifications.bots.slack.affinity | object | `{}` | Assign custom [affinity] rules | +| notifications.bots.slack.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context | | notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] | | notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 6cec3732..f450e0e7 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.21.0 + +This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. + ### 5.19.0 This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index f5154e47..2ba53d8c 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -63,3 +63,57 @@ app.kubernetes.io/instance: {{ .context.Release.Name }} app.kubernetes.io/component: {{ .component }} {{- end }} {{- end }} + +{{/* +Common affinity definition +Pod affinity + - Soft prefers different nodes + - Hard requires different nodes and prefers different availibility zones +Node affinity + - Soft prefers given user expressions + - Hard requires given user expressions +*/}} +{{- define "argo-cd.affinity" -}} +{{- with .component.affinity -}} + {{- toYaml . -}} +{{- else -}} +{{- $preset := .context.Values.global.affinity -}} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + {{- if (eq $preset.podAntiAffinity "soft") }} + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname + {{- else }} + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: topology.kubernetes.io/zone + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname + {{- end }} +{{- with $preset.nodeAffinity.matchExpressions }} +nodeAffinity: + {{- if (eq $preset.nodeAffinity.type "soft") }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- else }} + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 2ada23b4..0a161362 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -264,6 +264,8 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.controller) | nindent 8 }} {{- with .Values.controller.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -272,10 +274,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.controller.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.controller.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index ca129ffd..462ebcba 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -198,14 +198,12 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) | nindent 8 }} {{- with .Values.applicationSet.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.applicationSet.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.applicationSet.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml index b9949aab..2749cb2b 100644 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml @@ -53,14 +53,12 @@ spec: {{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }} securityContext: {{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications.bots.slack) | nindent 8 }} {{- with .Values.notifications.bots.slack.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.notifications.bots.slack.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.notifications.bots.slack.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 474dc01d..5efc0965 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -88,14 +88,12 @@ spec: initContainers: {{- tpl (toYaml . ) $ | nindent 8 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) | nindent 8 }} {{- with .Values.notifications.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.notifications.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.notifications.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 67ad60f9..00e73d8a 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -291,6 +291,8 @@ spec: {{- with .Values.repoServer.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) | nindent 8 }} {{- with .Values.repoServer.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -299,10 +301,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.repoServer.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.repoServer.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 57d1305b..bb394006 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -348,6 +348,8 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + affinity: + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.server) | nindent 8 }} {{- with .Values.server.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -356,10 +358,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.server.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} {{- with .Values.server.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 9acc0871..7fea0b48 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -146,10 +146,8 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.dex.affinity }} affinity: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.dex) | nindent 8 }} {{- with .Values.dex.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index ff4b29b1..ffff4bad 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -106,10 +106,8 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.redis.affinity }} affinity: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "argo-cd.affinity" (dict "context" . "component" .Values.redis) | nindent 8 }} {{- with .Values.redis.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f444e21c..b3706c5a 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -92,12 +92,29 @@ global: # hostnames: # - git.myhostname + # Default network policy rules used by all components networkPolicy: # -- Create NetworkPolicy objects for all components create: false # -- Default deny all ingress traffic defaultDenyIngress: false + # Default affinity preset for all components + affinity: + # -- Default pod anti-affinity rules. Either: `soft` or `hard` + podAntiAffinity: soft + # Node affinity rules + nodeAffinity: + # -- Default node affinity rules. Either: `soft` or `hard` + type: hard + # -- Default match expressions for node affinity + matchExpressions: [] + # - key: topology.kubernetes.io/zone + # operator: In + # values: + # - antarctica-east1 + # - antarctica-west1 + ## Argo Configs configs: # General Argo CD configuration @@ -627,6 +644,7 @@ controller: tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the application controller @@ -965,6 +983,7 @@ dex: # -- [Tolerations] for use with node taints tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to dex @@ -1136,6 +1155,7 @@ redis: tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to redis @@ -1523,6 +1543,7 @@ server: # -- [Tolerations] for use with node taints tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server @@ -2014,6 +2035,7 @@ repoServer: # -- [Tolerations] for use with node taints tolerations: [] # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the repo server @@ -2349,6 +2371,7 @@ applicationSet: tolerations: [] # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. @@ -2594,6 +2617,7 @@ notifications: tolerations: [] # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Priority class for the notifications controller pods @@ -2983,6 +3007,7 @@ notifications: # memory: 128Mi # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- [Tolerations] for use with node taints From 63b741ed580be65282a957855787f94ffc00b3b1 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sun, 19 Feb 2023 13:38:02 +0100 Subject: [PATCH 069/768] chore(argo-cd): Group component templates together (#1847) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/templates/_helpers.tpl | 100 +++++++++++++------------- 2 files changed, 53 insertions(+), 53 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 76bdbde6..efd96096 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.22.0 +version: 5.22.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Global affinity configuration + - kind: changed + description: Grouped component templates together diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index bd99fc9d..76abc8d2 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -8,6 +8,17 @@ to 63 chars and it includes 10 chars of hash and a separating '-'. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 52 | trimSuffix "-" -}} {{- end -}} +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-cd.controllerServiceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create dex name and version as used by the chart label. */}} @@ -26,6 +37,17 @@ Create Dex server endpoint {{- printf "%s://%s:%d" $scheme $host $port }} {{- end }} +{{/* +Create the name of the dex service account to use +*/}} +{{- define "argo-cd.dexServiceAccountName" -}} +{{- if .Values.dex.serviceAccount.create -}} + {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.dex.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create redis name and version as used by the chart label. */}} @@ -53,56 +75,6 @@ Return Redis server endpoint {{- end }} {{- end -}} -{{/* -Create argocd server name and version as used by the chart label. -*/}} -{{- define "argo-cd.server.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create argocd repo-server name and version as used by the chart label. -*/}} -{{- define "argo-cd.repoServer.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create argocd application set name and version as used by the chart label. -*/}} -{{- define "argo-cd.applicationSet.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.applicationSet.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create argocd notifications name and version as used by the chart label. -*/}} -{{- define "argo-cd.notifications.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.notifications.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the controller service account to use -*/}} -{{- define "argo-cd.controllerServiceAccountName" -}} -{{- if .Values.controller.serviceAccount.create -}} - {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.controller.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the dex service account to use -*/}} -{{- define "argo-cd.dexServiceAccountName" -}} -{{- if .Values.dex.serviceAccount.create -}} - {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.dex.serviceAccount.name }} -{{- end -}} -{{- end -}} - {{/* Create the name of the redis service account to use */}} @@ -114,6 +86,13 @@ Create the name of the redis service account to use {{- end -}} {{- end -}} +{{/* +Create argocd server name and version as used by the chart label. +*/}} +{{- define "argo-cd.server.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the Argo CD server service account to use */}} @@ -125,6 +104,13 @@ Create the name of the Argo CD server service account to use {{- end -}} {{- end -}} +{{/* +Create argocd repo-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.repoServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the repo-server service account to use */}} @@ -136,6 +122,13 @@ Create the name of the repo-server service account to use {{- end -}} {{- end -}} +{{/* +Create argocd application set name and version as used by the chart label. +*/}} +{{- define "argo-cd.applicationSet.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.applicationSet.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the application set service account to use */}} @@ -147,6 +140,13 @@ Create the name of the application set service account to use {{- end -}} {{- end -}} +{{/* +Create argocd notifications name and version as used by the chart label. +*/}} +{{- define "argo-cd.notifications.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.notifications.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the notifications service account to use */}} From 99932a96c28af3d06432ace85dc00b52abcbae5d Mon Sep 17 00:00:00 2001 From: Vadim Grek Date: Tue, 21 Feb 2023 03:14:33 +0200 Subject: [PATCH 070/768] chore(argo-events): Upgrade Argo Events to v1.7.6 (#1849) --- charts/argo-events/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 160f6cf6..9318cb85 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.5 +appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.1.2 +version: 2.1.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: Align changelog structure to show changelogs on Artifact Hub + - kind: changed + description: Upgrade Argo Events to v1.7.6 From 2ae7e1ad0dc7a7cb64a1bf03c38a151f207291d3 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 23 Feb 2023 17:57:15 +0100 Subject: [PATCH 071/768] chore(argo-cd): Remove notification bot (#1854) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 26 ----- charts/argo-cd/templates/_helpers.tpl | 11 -- .../bots/slack/deployment.yaml | 71 ------------ .../argocd-notifications/bots/slack/pdb.yaml | 26 ----- .../argocd-notifications/bots/slack/role.yaml | 27 ----- .../bots/slack/rolebinding.yaml | 13 --- .../bots/slack/service.yaml | 19 ---- .../bots/slack/serviceaccount.yaml | 15 --- charts/argo-cd/values.yaml | 105 ------------------ 10 files changed, 3 insertions(+), 316 deletions(-) delete mode 100644 charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml delete mode 100644 charts/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml delete mode 100644 charts/argo-cd/templates/argocd-notifications/bots/slack/role.yaml delete mode 100644 charts/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml delete mode 100644 charts/argo-cd/templates/argocd-notifications/bots/slack/service.yaml delete mode 100644 charts/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index efd96096..2d1a2cc3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.22.1 +version: 5.23.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Grouped component templates together + - kind: removed + description: Removed notification bot that is no longer supported diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 2533c180..6b2a88af 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1072,32 +1072,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | -| notifications.bots.slack.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | -| notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context | -| notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] | -| notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods | -| notifications.bots.slack.enabled | bool | `false` | Enable slack bot | -| notifications.bots.slack.extraArgs | list | `[]` | List of extra cli args to add for Slack bot | -| notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot | -| notifications.bots.slack.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Slack bot | -| notifications.bots.slack.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Slack bot | -| notifications.bots.slack.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | -| notifications.bots.slack.logFormat | string | `""` (defaults to global.logging.format) | Slack bot log format. Either `text` or `json` | -| notifications.bots.slack.logLevel | string | `""` (defaults to global.logging.level) | Slack bot log level. One of: `debug`, `info`, `warn`, `error` | -| notifications.bots.slack.nodeSelector | object | `{}` | [Node selector] | -| notifications.bots.slack.pdb.annotations | object | `{}` | Annotations to be added to Slack bot pdb | -| notifications.bots.slack.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Slack bot | -| notifications.bots.slack.pdb.labels | object | `{}` | Labels to be added to Slack bot pdb | -| notifications.bots.slack.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | -| notifications.bots.slack.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | -| notifications.bots.slack.resources | object | `{}` | Resource limits and requests for the Slack bot | -| notifications.bots.slack.service.annotations | object | `{}` | Service annotations for Slack bot | -| notifications.bots.slack.service.port | int | `80` | Service port for Slack bot | -| notifications.bots.slack.service.type | string | `"LoadBalancer"` | Service type for Slack bot | -| notifications.bots.slack.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | -| notifications.bots.slack.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| notifications.bots.slack.serviceAccount.name | string | `"argocd-notifications-bot"` | The name of the service account to use. | -| notifications.bots.slack.tolerations | list | `[]` | [Tolerations] for use with node taints | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 76abc8d2..377a07e1 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -158,17 +158,6 @@ Create the name of the notifications service account to use {{- end -}} {{- end -}} -{{/* -Create the name of the notifications bots slack service account to use -*/}} -{{- define "argo-cd.notificationsBotsSlackServiceAccountName" -}} -{{- if .Values.notifications.bots.slack.serviceAccount.create -}} - {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.bots.slack.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.notifications.bots.slack.serviceAccount.name }} -{{- end -}} -{{- end -}} - {{/* Argo Configuration Preset Values (Incluenced by Values configuration) */}} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml deleted file mode 100644 index 2749cb2b..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml +++ /dev/null @@ -1,71 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - name: {{ template "argo-cd.notifications.fullname" . }}-bot - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }} -spec: - replicas: 1 - revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} - strategy: - type: Recreate - selector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }} - template: - metadata: - labels: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 8 }} - spec: - {{- with .Values.notifications.bots.slack.imagePullSecrets | default .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.global.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "argo-cd.notificationsBotsSlackServiceAccountName" . }} - containers: - - name: {{ include "argo-cd.notifications.fullname" . }}-bot - image: {{ default .Values.global.image.repository .Values.notifications.bots.slack.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.bots.slack.image.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.bots.slack.image.pullPolicy }} - command: - - argocd-notifications - - bot - - --loglevel={{ default .Values.global.logging.level .Values.notifications.bots.slack.logLevel }} - - --logformat={{ default .Values.global.logging.format .Values.notifications.bots.slack.logFormat }} - {{- range .Values.notifications.bots.slack.extraArgs }} - - {{ . | squote }} - {{- end }} - workingDir: /app - ports: - - containerPort: 8080 - name: http - resources: - {{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }} - securityContext: - {{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }} - affinity: - {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications.bots.slack) | nindent 8 }} - {{- with .Values.notifications.bots.slack.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.bots.slack.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.bots.slack.dnsConfig }} - dnsConfig: - {{- toYaml . | nindent 8 }} - {{- end }} - dnsPolicy: {{ .Values.notifications.bots.slack.dnsPolicy }} -{{ end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml deleted file mode 100644 index 60df983e..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.pdb.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "argo-cd.notifications.fullname" . }}-bot - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }} - {{- with .Values.notifications.bots.slack.pdb.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.notifications.bots.slack.pdb.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -spec: - {{- with .Values.notifications.bots.slack.pdb.maxUnavailable }} - maxUnavailable: {{ . }} - {{- else }} - minAvailable: {{ .Values.notifications.bots.slack.pdb.minAvailable | default 0 }} - {{- end }} - selector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/role.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/role.yaml deleted file mode 100644 index 26df5b9c..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - get - - list - - watch - - update - - patch -{{ end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml deleted file mode 100644 index 80813f5e..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "argo-cd.notifications.fullname" . }}-bot -subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }} -{{ end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/service.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/service.yaml deleted file mode 100644 index 5cbbd2b1..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot - {{- if .Values.notifications.bots.slack.service.annotations }} - annotations: - {{- toYaml .Values.notifications.bots.slack.service.annotations | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: {{ .Values.notifications.bots.slack.service.port }} - protocol: TCP - targetPort: http - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }} - type: {{ .Values.notifications.bots.slack.service.type }} -{{ end }} diff --git a/charts/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml deleted file mode 100644 index bdffa2cf..00000000 --- a/charts/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.notifications.bots.slack.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }} -{{- if .Values.notifications.bots.slack.serviceAccount.annotations }} - annotations: - {{- range $key, $value := .Values.notifications.bots.slack.serviceAccount.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }} -{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b3706c5a..1c6837d7 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2910,108 +2910,3 @@ notifications: # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown - - ## The optional bot component simplifies managing subscriptions - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/ - bots: - slack: - # -- Enable slack bot - ## You have to set secret.notifiers.slack.signingSecret - enabled: false - - ## Slack bot Pod Disruption Budget - ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - pdb: - # -- Deploy a [PodDisruptionBudget] for the Slack bot - enabled: false - # -- Labels to be added to Slack bot pdb - labels: {} - # -- Annotations to be added to Slack bot pdb - annotations: {} - # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) - # @default -- `""` (defaults to 0 if not specified) - minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). - ## Has higher precedence over `notifications.bots.slack.pdb.minAvailable` - maxUnavailable: "" - - ## Slack bot image - image: - # -- Repository to use for the Slack bot - # @default -- `""` (defaults to global.image.repository) - repository: "" - # -- Tag to use for the Slack bot - # @default -- `""` (defaults to global.image.tag) - tag: "" - # -- Image pull policy for the Slack bot - # @default -- `""` (defaults to global.image.imagePullPolicy) - imagePullPolicy: "" - - # -- Secrets with credentials to pull images from a private registry - # @default -- `[]` (defaults to global.imagePullSecrets) - imagePullSecrets: [] - - # -- Slack bot log format. Either `text` or `json` - # @default -- `""` (defaults to global.logging.format) - logFormat: "" - # -- Slack bot log level. One of: `debug`, `info`, `warn`, `error` - # @default -- `""` (defaults to global.logging.level) - logLevel: "" - - # -- List of extra cli args to add for Slack bot - extraArgs: [] - - service: - # -- Service annotations for Slack bot - annotations: {} - # -- Service port for Slack bot - port: 80 - # -- Service type for Slack bot - type: LoadBalancer - - serviceAccount: - # -- Specifies whether a service account should be created - create: true - - # -- The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template - name: argocd-notifications-bot - - # -- Annotations applied to created service account - annotations: {} - - # -- [DNS configuration] - dnsConfig: {} - # -- Alternative DNS policy for Slack bot pods - dnsPolicy: "ClusterFirst" - - # -- Slack bot container-level security Context - # @default -- See [values.yaml] - containerSecurityContext: - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - - # -- Resource limits and requests for the Slack bot - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - # -- Assign custom [affinity] rules - # @default -- `{}` (defaults to global.affinity preset) - affinity: {} - - # -- [Tolerations] for use with node taints - tolerations: [] - - # -- [Node selector] - nodeSelector: {} From 4735ea5cfb536a67392a4efc1ca8d4387639384f Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Thu, 23 Feb 2023 11:44:01 -0600 Subject: [PATCH 072/768] chore(argo-workflows): Update docs to mention why CRDs are in templates folder (#1857) Closes #1785 Borrowed `Custom resource definition` from argo-cd helm chart README and added it to argo-workflows helm chart README Signed-off-by: jmeridth --- CONTRIBUTING.md | 2 +- README.md | 21 +++++++++++++++++++-- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 15 +++++++++++++++ charts/argo-workflows/README.md.gotmpl | 15 +++++++++++++++ 5 files changed, 52 insertions(+), 5 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 535bbbb3..1f7745b5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -122,7 +122,7 @@ helm install charts/argo-workflows -n argo argo version ``` -Follow this instructions for running a hello world workflow. +Follow [these](https://argoproj.github.io/argo-workflows/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow. ### Testing Argo CD Changes diff --git a/README.md b/README.md index 1d96a35f..210b9a83 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command: -``` +```bash helm repo add argo https://argoproj.github.io/argo-helm ``` @@ -15,10 +15,27 @@ helm repo add argo https://argoproj.github.io/argo-helm We'd love to have you contribute! Please refer to our [contribution guidelines](CONTRIBUTING.md) for details. +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of the main four charts (argo-cd, argo-workflows, argo-events, argo-rollouts) by using `--set crds.install=false` when installing the chart. + +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Our CRDs have been moved to `/templates` to address this design decision. + +If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +Example: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=" + +# Eg. version v2.4.9 +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" +``` + ### Security Policy If you have a security concern relating to either this project repo or an individual helm chart, please [open an issue](https://github.com/argoproj/argo-helm/issues/new/choose) or [start a discussion](https://github.com/argoproj/argo-helm/discussions/new). ### Changelog -Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). \ No newline at end of file +Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0fe6953a..5891ca58 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.11 +version: 0.22.12 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: changed - description: Cleaned RBAC permissions for subresources (pods/log, pods/exec). + description: Update documentation to explain why CRDs are in templates folder diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 19bc0ee2..78d5780b 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -13,6 +13,21 @@ A few options are: - Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec - Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 3.4.0 (chart version 0.19.0), the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo Workflows chart version prior to 3.4.0 (chart version 0.19.0) or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=" + +# Eg. version v3.3.9 +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" +``` + ## Changelog For full list of changes, please check ArtifactHub [changelog]. diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index a263139b..0a441821 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -13,6 +13,21 @@ A few options are: - Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec - Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 3.4.0 (chart version 0.19.0), the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo Workflows chart version prior to 3.4.0 (chart version 0.19.0) or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=" + +# Eg. version v3.3.9 +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" +``` + ## Changelog For full list of changes, please check ArtifactHub [changelog]. From 88b92909e6b97bddce6c61f655a9ae677c743600 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 23 Feb 2023 19:11:54 +0100 Subject: [PATCH 073/768] chore(argo-cd): Add missing hostAliases to all components (#1848) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/statefulset.yaml | 10 +++++----- .../templates/argocd-applicationset/deployment.yaml | 8 ++++---- .../templates/argocd-notifications/deployment.yaml | 4 ++++ .../templates/argocd-repo-server/deployment.yaml | 11 +++++------ .../argo-cd/templates/argocd-server/deployment.yaml | 10 +++++----- charts/argo-cd/templates/dex/deployment.yaml | 10 +++++----- charts/argo-cd/templates/redis/deployment.yaml | 4 ++++ 8 files changed, 35 insertions(+), 28 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2d1a2cc3..2998c691 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.23.0 +version: 5.23.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: removed - description: Removed notification bot that is no longer supported + - kind: added + description: Missing hostAliases for notification controller and redis diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 0a161362..f8460906 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -37,10 +37,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} containers: - command: - argocd-application-controller @@ -285,11 +290,6 @@ spec: {{- end }} {{- end }} {{- end }} - serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} volumes: {{- with .Values.controller.volumes }} {{- toYaml . | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 462ebcba..6011cd0b 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -35,15 +35,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} containers: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 5efc0965..e3e7968b 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -37,6 +37,10 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 00e73d8a..28bd3b6d 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -40,11 +40,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }} containers: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} @@ -312,11 +316,6 @@ spec: {{- end }} {{- end }} {{- end }} - serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} volumes: {{- with .Values.repoServer.volumes }} {{- toYaml . | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index bb394006..ea3d3a6e 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -37,10 +37,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }} containers: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} @@ -369,11 +374,6 @@ spec: {{- end }} {{- end }} {{- end }} - serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} volumes: {{- with .Values.server.volumes }} {{- toYaml . | nindent 6}} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 7fea0b48..d2189cc3 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -39,10 +39,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with.Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "argo-cd.dexServiceAccountName" . }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} @@ -159,11 +164,6 @@ spec: {{- end }} {{- end }} {{- end }} - serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} volumes: - name: static-files emptyDir: {} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index ffff4bad..e23fe46c 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -36,6 +36,10 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.redis.securityContext }} securityContext: {{- toYaml . | nindent 8 }} From f66c40319a280abcf1e831f57ed1190ec264a05b Mon Sep 17 00:00:00 2001 From: Jonathan Muller Date: Fri, 24 Feb 2023 22:56:41 +0100 Subject: [PATCH 074/768] chore(argo-workflows): expose option to control the log format/level (#1855) * Allow to change the log format to json Signed-off-by: Jonathan Muller * Documentation, version Signed-off-by: Jonathan Muller --------- Signed-off-by: Jonathan Muller --- charts/argo-workflows/Chart.yaml | 12 +++++++++--- charts/argo-workflows/README.md | 4 ++++ .../controller/workflow-controller-deployment.yaml | 2 ++ .../templates/server/server-deployment.yaml | 6 ++++++ charts/argo-workflows/values.yaml | 10 ++++++++++ 5 files changed, 31 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 5891ca58..b5f88211 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.12 +version: 0.22.13 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,11 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: changed - description: Update documentation to explain why CRDs are in templates folder + - kind: added + description: Added workflow startup option --log-format (defaults to 'text'). + - kind: added + description: Added server startup option --log-format (defaults to 'text'). + - kind: added + description: Added server startup option --loglevel (defaults to 'info'). + - kind: added + description: Added server startup option --gloglevel (defaults to '0'). diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 78d5780b..d6fa862c 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -106,6 +106,7 @@ Fields to note: | controller.links | list | `[]` | Configure Argo Server to show custom [links] | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | +| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.globallevel | string | `"0"` | Set the glog logging level | | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | @@ -214,6 +215,9 @@ Fields to note: | server.ingress.tls | list | `[]` | Ingress TLS configuration | | server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` | | server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | +| server.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | +| server.logging.globallevel | string | `"0"` | Set the glog logging level | +| server.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | server.name | string | `"server"` | Server name string | | server.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] | | server.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the server pods | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index b90122ca..8f4f783f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -46,6 +46,8 @@ spec: - "{{ .Values.controller.logging.level }}" - "--gloglevel" - "{{ .Values.controller.logging.globallevel }}" + - "--log-format" + - "{{ .Values.controller.logging.format }}" {{- if .Values.singleNamespace }} - "--namespaced" {{- end }} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 70b1495c..e5230cd0 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -49,6 +49,12 @@ spec: {{- if .Values.singleNamespace }} - "--namespaced" {{- end }} + - "--loglevel" + - "{{ .Values.server.logging.level }}" + - "--gloglevel" + - "{{ .Values.server.logging.globallevel }}" + - "--log-format" + - "{{ .Values.server.logging.format }}" ports: - name: web containerPort: 2746 diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index bb102c8b..904d766b 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -216,6 +216,8 @@ controller: level: info # -- Set the glog logging level globallevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" # -- Service type of the controller Service serviceType: ClusterIP @@ -469,6 +471,14 @@ server: # extraArgs: # - --auth-mode=server + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the glog logging level + globallevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" + # -- Additional volume mounts to the server main container. volumeMounts: [] # -- Additional volumes to the server pod. From 4f48352af1067cd18908cccf8a1e2e9ebb386cd8 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 24 Feb 2023 18:26:24 -0600 Subject: [PATCH 075/768] fix(github): Replace deprecated set-output from github-actions (#1860) fix(github): Remove deprecated set-output from github-actions Warning in GitHub Actions: ``` Warning: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ Warning: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ ``` Signed-off-by: jmeridth --- .github/workflows/lint-and-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 33942db0..0158f3fa 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -38,8 +38,8 @@ jobs: changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed) charts=$(echo "$changed" | tr '\n' ' ' | xargs) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" - echo "::set-output name=changed_charts::$charts" + echo "changed=true" >> $GITHUB_STATE + echo "changed_charts=$charts" >> $GITHUB_STATE fi - name: Run chart-testing (lint) From 3a6617ce8f76284776486007cf3279501068cc83 Mon Sep 17 00:00:00 2001 From: Juan Carrillo Date: Sun, 26 Feb 2023 10:34:01 -0600 Subject: [PATCH 076/768] fix(argo-cd): Fix typo in values.yaml (#1862) Signed-off-by: Juan Carrillo --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 14 +++++++------- charts/argo-cd/values.yaml | 18 +++++++++--------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2998c691..138e7c66 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.23.1 +version: 5.23.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Missing hostAliases for notification controller and redis + - kind: fixed + description: Fixed typos in values.yaml and README.md diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6b2a88af..3cc94e79 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -509,7 +509,7 @@ NAME: my-release | controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb | | controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller | | controller.pdb.labels | object | `{}` | Labels to be added to application controller pdb | -| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | controller.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | | controller.podLabels | object | `{}` | Labels to be added to application controller pods | @@ -592,7 +592,7 @@ NAME: my-release | repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb | | repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server | | repoServer.pdb.labels | object | `{}` | Labels to be added to repo server pdb | -| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | repoServer.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | repoServer.podAnnotations | object | `{}` | Annotations to be added to repo server pods | | repoServer.podLabels | object | `{}` | Labels to be added to repo server pods | @@ -642,7 +642,7 @@ NAME: my-release | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | | server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | | server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | -| server.certificate.issuer.name | string | `""` | Certificate isser name. Eg. `letsencrypt` | +| server.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | | server.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | | server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | @@ -725,7 +725,7 @@ NAME: my-release | server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb | | server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server | | server.pdb.labels | object | `{}` | Labels to be added to Argo CD server pdb | -| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | server.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | server.podAnnotations | object | `{}` | Annotations to be added to server pods | | server.podLabels | object | `{}` | Labels to be added to server pods | @@ -955,7 +955,7 @@ The main options are listed here: | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag | -| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes | +| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | @@ -1033,7 +1033,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb | | applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller | | applicationSet.pdb.labels | object | `{}` | Labels to be added to ApplicationSet controller pdb | -| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | applicationSet.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | applicationSet.podAnnotations | object | `{}` | Annotations for the ApplicationSet controller pods | | applicationSet.podLabels | object | `{}` | Labels for the ApplicationSet controller pods | @@ -1112,7 +1112,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb | | notifications.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the notifications controller | | notifications.pdb.labels | object | `{}` | Labels to be added to notifications controller pdb | -| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | notifications.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods | | notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1c6837d7..d7c5c853 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -499,7 +499,7 @@ controller: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `controller.pdb.minAvailable` maxUnavailable: "" @@ -623,7 +623,7 @@ controller: drop: - ALL - # Rediness probe for application controller + # Readiness probe for application controller ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded @@ -1243,7 +1243,7 @@ redis-ha: # -- Tag to use for the redis-exporter tag: 1.45.0 persistentVolume: - # -- Configures persistency on Redis nodes + # -- Configures persistence on Redis nodes enabled: false redis: # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated @@ -1342,7 +1342,7 @@ server: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `server.pdb.minAvailable` maxUnavailable: "" @@ -1380,7 +1380,7 @@ server: lifecycle: {} ## Argo UI extensions - ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. + ## This function in tech preview stage, do expect instability or breaking changes in newer versions. ## Ref: https://github.com/argoproj-labs/argocd-extensions extensions: # -- Enable support for Argo UI extensions @@ -1583,7 +1583,7 @@ server: group: "" # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` kind: "" - # -- Certificate isser name. Eg. `letsencrypt` + # -- Certificate issuer name. Eg. `letsencrypt` name: "" # Private key of the certificate privateKey: @@ -1885,7 +1885,7 @@ repoServer: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `repoServer.pdb.minAvailable` maxUnavailable: "" @@ -2171,7 +2171,7 @@ applicationSet: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `applicationSet.pdb.minAvailable` maxUnavailable: "" @@ -2445,7 +2445,7 @@ notifications: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `notifications.pdb.minAvailable` maxUnavailable: "" From fdebbabf173f5b1f78f78d8113be0399c09f653c Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 28 Feb 2023 17:31:51 +0900 Subject: [PATCH 077/768] chore(argo-cd): Upgrade Argo CD to v2.6.3 (#1868) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 138e7c66..5d082b2b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.6.2 +appVersion: v2.6.3 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.23.2 +version: 5.23.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Fixed typos in values.yaml and README.md + - kind: changed + description: Upgrade Argo CD to v.2.6.3 From c21aa4c86ab4b03f52653b6b35087ce1fec29cd0 Mon Sep 17 00:00:00 2001 From: ugoogalizer Date: Wed, 1 Mar 2023 08:53:17 +1100 Subject: [PATCH 078/768] fix(argo-cd): Added pod exec permission to argo-server Role when exec.enabled is True. (#1867) * Added pods exec to role permissions The argocd-server Role requires the pods/exec create permission in order to be able to start the web based terminal as per: https://argo-cd.readthedocs.io/en/stable/operator-manual/web_based_terminal/ This brings the Role in line with the ClusterRole change already made Signed-off-by: ugoogalizer * bumped version Signed-off-by: ugoogalizer * Added description of change Signed-off-by: ugoogalizer * Removed trailing whitespace Signed-off-by: ugoogalizer --------- Signed-off-by: ugoogalizer Signed-off-by: Petr Drastil Co-authored-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/role.yaml | 8 ++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5d082b2b..cd17b7ce 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.3 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.23.3 +version: 5.23.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v.2.6.3 + - kind: added + description: Added pod exec permission to argo-server Role when exec.enabled is True. diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index f4c5d533..477aa7a3 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -42,3 +42,11 @@ rules: verbs: - create - list +{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }} +- apiGroups: + - "" +resources: + - pods/exec +verbs: + - create +{{- end }} From 7b499adc8b59a0561962c6cf4310507e4bb26b2a Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 1 Mar 2023 00:30:03 +0100 Subject: [PATCH 079/768] fix(argo-cd): Fix indentation for argocd-server role (#1871) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/role.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index cd17b7ce..412180ce 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.3 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.23.4 +version: 5.23.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Added pod exec permission to argo-server Role when exec.enabled is True. + - kind: fixed + description: Indentation for argo-server role when exec.enabled is True. diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 477aa7a3..16164a9a 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -45,8 +45,8 @@ rules: {{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }} - apiGroups: - "" -resources: + resources: - pods/exec -verbs: + verbs: - create {{- end }} From 053a338ea9f2c85ed5df37409d4ab1352c43c419 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 2 Mar 2023 15:28:23 +0100 Subject: [PATCH 080/768] feat(argo-cd): Add additional global parameters for scheduling (#1846) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 16 ++- charts/argo-cd/README.md | 69 ++++++---- charts/argo-cd/README.md.gotmpl | 7 +- charts/argo-cd/templates/_common.tpl | 15 +- .../statefulset.yaml | 16 ++- .../argocd-applicationset/deployment.yaml | 19 ++- .../argocd-notifications/deployment.yaml | 23 +++- .../argocd-repo-server/deployment.yaml | 16 ++- .../templates/argocd-server/deployment.yaml | 16 ++- charts/argo-cd/templates/dex/deployment.yaml | 20 +-- .../argo-cd/templates/redis/deployment.yaml | 16 ++- charts/argo-cd/values.yaml | 130 +++++++++++++----- 12 files changed, 248 insertions(+), 115 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 412180ce..2760c828 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.3 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.23.5 +version: 5.24.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,15 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Indentation for argo-server role when exec.enabled is True. + - kind: added + description: Global nodeSelector configuration + - kind: added + description: Global tolerations configuration + - kind: added + description: Global topologySpreadConstraints configuration + - kind: added + description: Missing component level topologySpreadConstraints configuration + - kind: added + description: Missing component level priorityClassName configuration + - kind: changed + description: Global affinity preset can be disabled diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3cc94e79..21a945fa 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,7 +105,12 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. -### 5.21.0 +### 5.24.0 + +This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +Default `global.affinity` rules can be disabled when `none` value is used for the preset. + +### 5.22.0 This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. @@ -386,8 +391,8 @@ NAME: my-release |-----|------|---------|-------------| | global.additionalLabels | object | `{}` | Common labels for the all resources | | global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | -| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `soft` or `hard` | -| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `soft` or `hard` | +| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | +| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | @@ -398,11 +403,15 @@ NAME: my-release | global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` | | global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | | global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | +| global.nodeSelector | object | `{}` | Default node selector for all components | | global.podAnnotations | object | `{}` | Annotations for the all deployed pods | | global.podLabels | object | `{}` | Labels for the all deployed pods | +| global.priorityClassName | string | `""` | Default priority class for all components | | global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | | global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | +| global.tolerations | object | `{}` | Default tolerations for all components | +| global.topologySpreadConstraints | list | `[]` | Default [TopologySpreadConstraints] rules for all components | ## Argo CD Configs @@ -505,7 +514,7 @@ NAME: my-release | controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | controller.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | controller.name | string | `"application-controller"` | Application controller name string | -| controller.nodeSelector | object | `{}` | [Node selector] | +| controller.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb | | controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller | | controller.pdb.labels | object | `{}` | Labels to be added to application controller pdb | @@ -513,7 +522,7 @@ NAME: my-release | controller.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | | controller.podLabels | object | `{}` | Labels to be added to application controller pods | -| controller.priorityClassName | string | `""` | Priority class for the application controller pods | +| controller.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the application controller pods | | controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | controller.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | @@ -527,8 +536,8 @@ NAME: my-release | controller.serviceAccount.labels | object | `{}` | Labels applied to created service account | | controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name | | controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet | -| controller.tolerations | list | `[]` | [Tolerations] for use with node taints | -| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the application controller | +| controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container | | controller.volumes | list | `[]` | Additional volumes to the application controller pod | @@ -588,7 +597,7 @@ NAME: my-release | repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | repoServer.name | string | `"repo-server"` | Repo server name | -| repoServer.nodeSelector | object | `{}` | [Node selector] | +| repoServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb | | repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server | | repoServer.pdb.labels | object | `{}` | Labels to be added to repo server pdb | @@ -596,7 +605,7 @@ NAME: my-release | repoServer.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | repoServer.podAnnotations | object | `{}` | Annotations to be added to repo server pods | | repoServer.podLabels | object | `{}` | Labels to be added to repo server pods | -| repoServer.priorityClassName | string | `""` | Priority class for the repo server | +| repoServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the repo server pods | | repoServer.rbac | list | `[]` | Repo server rbac rules | | repoServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | repoServer.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | @@ -614,8 +623,8 @@ NAME: my-release | repoServer.serviceAccount.create | bool | `true` | Create repo server service account | | repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | | repoServer.serviceAccount.name | string | `""` | Repo server service account name | -| repoServer.tolerations | list | `[]` | [Tolerations] for use with node taints | -| repoServer.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the repo server | +| repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server | | repoServer.volumeMounts | list | `[]` | Additional volumeMounts to the repo server main container | | repoServer.volumes | list | `[]` | Additional volumes to the repo server pod | @@ -721,7 +730,7 @@ NAME: my-release | server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | server.name | string | `"server"` | Argo CD server name | -| server.nodeSelector | object | `{}` | [Node selector] | +| server.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb | | server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server | | server.pdb.labels | object | `{}` | Labels to be added to Argo CD server pdb | @@ -729,7 +738,7 @@ NAME: my-release | server.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | server.podAnnotations | object | `{}` | Annotations to be added to server pods | | server.podLabels | object | `{}` | Labels to be added to server pods | -| server.priorityClassName | string | `""` | Priority class for the Argo CD server | +| server.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the Argo CD server pods | | server.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | server.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | server.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | @@ -761,8 +770,8 @@ NAME: my-release | server.serviceAccount.create | bool | `true` | Create server service account | | server.serviceAccount.labels | object | `{}` | Labels applied to created service account | | server.serviceAccount.name | string | `"argocd-server"` | Server service account name | -| server.tolerations | list | `[]` | [Tolerations] for use with node taints | -| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | +| server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | | server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | | server.volumes | list | `[]` | Additional volumes to the server pod | @@ -840,7 +849,7 @@ server: | dex.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | dex.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | dex.name | string | `"dex-server"` | Dex name | -| dex.nodeSelector | object | `{}` | [Node selector] | +| dex.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | dex.pdb.annotations | object | `{}` | Annotations to be added to Dex server pdb | | dex.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Dex server | | dex.pdb.labels | object | `{}` | Labels to be added to Dex server pdb | @@ -848,7 +857,7 @@ server: | dex.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | dex.podAnnotations | object | `{}` | Annotations to be added to the Dex server pods | | dex.podLabels | object | `{}` | Labels to be added to the Dex server pods | -| dex.priorityClassName | string | `""` | Priority class for dex | +| dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods | | dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 | | dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | @@ -865,8 +874,8 @@ server: | dex.servicePortHttp | int | `5556` | Service port for HTTP access | | dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access | | dex.servicePortMetrics | int | `5558` | Service port for metrics access | -| dex.tolerations | list | `[]` | [Tolerations] for use with node taints | -| dex.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to dex | +| dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex | | dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | | dex.volumes | list | `[]` | Additional volumes to the dex pod | @@ -917,7 +926,7 @@ server: | redis.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | redis.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | redis.name | string | `"redis"` | Redis name | -| redis.nodeSelector | object | `{}` | [Node selector] | +| redis.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | redis.pdb.annotations | object | `{}` | Annotations to be added to Redis pdb | | redis.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Redis | | redis.pdb.labels | object | `{}` | Labels to be added to Redis pdb | @@ -925,7 +934,7 @@ server: | redis.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | redis.podAnnotations | object | `{}` | Annotations to be added to the Redis server pods | | redis.podLabels | object | `{}` | Labels to be added to the Redis server pods | -| redis.priorityClassName | string | `""` | Priority class for redis | +| redis.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for redis pods | | redis.resources | object | `{}` | Resource limits and requests for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | @@ -935,8 +944,8 @@ server: | redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod | | redis.serviceAccount.name | string | `""` | Service account name for redis pod | | redis.servicePort | int | `6379` | Redis service port | -| redis.tolerations | list | `[]` | [Tolerations] for use with node taints | -| redis.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to redis | +| redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis | | redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container | | redis.volumes | list | `[]` | Additional volumes to the redis pod | @@ -1029,7 +1038,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string | -| applicationSet.nodeSelector | object | `{}` | [Node selector] | +| applicationSet.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb | | applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller | | applicationSet.pdb.labels | object | `{}` | Labels to be added to ApplicationSet controller pdb | @@ -1037,7 +1046,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | applicationSet.podAnnotations | object | `{}` | Annotations for the ApplicationSet controller pods | | applicationSet.podLabels | object | `{}` | Labels for the ApplicationSet controller pods | -| applicationSet.priorityClassName | string | `""` | If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. | +| applicationSet.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the ApplicationSet controller pods | | applicationSet.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | | applicationSet.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | applicationSet.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | @@ -1055,7 +1064,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | | applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account | | applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name | -| applicationSet.tolerations | list | `[]` | [Tolerations] for use with node taints | +| applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | | applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations | | applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks | | applicationSet.webhook.ingress.extraPaths | list | `[]` | Additional ingress paths | @@ -1107,7 +1117,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | notifications.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | notifications.name | string | `"notifications-controller"` | Notifications controller name string | -| notifications.nodeSelector | object | `{}` | [Node selector] | +| notifications.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | notifications.notifiers | object | See [values.yaml] | Configures notification services such as slack, email or custom webhook | | notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb | | notifications.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the notifications controller | @@ -1116,7 +1126,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods | | notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods | -| notifications.priorityClassName | string | `""` | Priority class for the notifications controller pods | +| notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | @@ -1128,7 +1138,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name | | notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions | | notifications.templates | object | `{}` | The notification template is used to generate the notification content | -| notifications.tolerations | list | `[]` | [Tolerations] for use with node taints | +| notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | ---------------------------------------------- diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index f450e0e7..945bab72 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,7 +104,12 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. -### 5.21.0 +### 5.24.0 + +This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +Default `global.affinity` rules can be disabled when `none` value is used for the preset. + +### 5.22.0 This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index 2ba53d8c..dd43d0d5 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -78,16 +78,18 @@ Node affinity {{- toYaml . -}} {{- else -}} {{- $preset := .context.Values.global.affinity -}} +{{- if (eq $preset.podAntiAffinity "soft") }} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - {{- if (eq $preset.podAntiAffinity "soft") }} - weight: 100 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} topologyKey: kubernetes.io/hostname - {{- else }} +{{- else if (eq $preset.podAntiAffinity "hard") }} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: @@ -99,21 +101,22 @@ podAntiAffinity: matchLabels: app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} topologyKey: kubernetes.io/hostname - {{- end }} +{{- end }} {{- with $preset.nodeAffinity.matchExpressions }} +{{- if (eq $preset.nodeAffinity.type "soft") }} nodeAffinity: - {{- if (eq $preset.nodeAffinity.type "soft") }} preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: {{- toYaml . | nindent 6 }} - {{- else }} +{{- else if (eq $preset.nodeAffinity.type "hard") }} +nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: {{- toYaml . | nindent 6 }} - {{- end }} +{{- end }} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index f8460906..ad8cbc1b 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -45,6 +45,9 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} containers: - command: @@ -269,17 +272,19 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} affinity: - {{- include "argo-cd.affinity" (dict "context" . "component" .Values.controller) | nindent 8 }} - {{- with .Values.controller.nodeSelector }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.controller.tolerations }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.controller.topologySpreadConstraints }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} - {{ toYaml $constraint | nindent 8 | trim }} @@ -307,9 +312,6 @@ spec: path: tls.key - key: ca.crt path: ca.crt - {{- with .Values.controller.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- with .Values.controller.dnsConfig }} dnsConfig: diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 6011cd0b..bbf8d160 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -43,6 +43,9 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} containers: - name: {{ .Values.applicationSet.name }} @@ -198,8 +201,10 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) }} affinity: - {{- include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) | nindent 8 }} + {{- trim . | nindent 8 }} + {{- end }} {{- with .Values.applicationSet.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -208,8 +213,16 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.applicationSet.priorityClassName }} - priorityClassName: {{ . }} + {{- with .Values.applicationSet.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.applicationSet.name) | nindent 12 }} + {{- end }} + {{- end }} {{- end }} volumes: {{- with .Values.applicationSet.extraVolumes }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index e3e7968b..45ba1de0 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -45,6 +45,9 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }} containers: - name: {{ .Values.notifications.name }} @@ -92,18 +95,28 @@ spec: initContainers: {{- tpl (toYaml . ) $ | nindent 8 }} {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) }} affinity: - {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) | nindent 8 }} - {{- with .Values.notifications.nodeSelector }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.notifications.tolerations }} + {{- with .Values.notifications.tolerations | default .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.notifications.priorityClassName }} - priorityClassName: {{ . }} + {{- with .Values.notifications.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.notifications.name) | nindent 12 }} + {{- end }} + {{- end }} {{- end }} volumes: {{- with .Values.notifications.extraVolumes }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 28bd3b6d..3e22a00d 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -48,6 +48,9 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }} containers: - name: {{ .Values.repoServer.name }} @@ -295,17 +298,19 @@ spec: {{- with .Values.repoServer.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) }} affinity: - {{- include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) | nindent 8 }} - {{- with .Values.repoServer.nodeSelector }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.repoServer.tolerations }} + {{- with .Values.repoServer.tolerations | default .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.repoServer.topologySpreadConstraints }} + {{- with .Values.repoServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} - {{ toYaml $constraint | nindent 8 | trim }} @@ -350,9 +355,6 @@ spec: path: tls.key - key: ca.crt path: ca.crt - {{- with .Values.repoServer.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} hostNetwork: {{ .Values.repoServer.hostNetwork }} {{- with .Values.repoServer.dnsConfig }} dnsConfig: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index ea3d3a6e..bb2f750b 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -45,6 +45,9 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }} containers: - name: {{ .Values.server.name }} @@ -353,17 +356,19 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }} affinity: - {{- include "argo-cd.affinity" (dict "context" . "component" .Values.server) | nindent 8 }} - {{- with .Values.server.nodeSelector }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.server.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.server.tolerations }} + {{- with .Values.server.tolerations | default .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.server.topologySpreadConstraints }} + {{- with .Values.server.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} - {{ toYaml $constraint | nindent 8 | trim }} @@ -416,9 +421,6 @@ spec: path: tls.crt - key: ca.crt path: ca.crt - {{- with .Values.server.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} hostNetwork: {{ .Values.server.hostNetwork }} {{- with .Values.server.dnsConfig }} dnsConfig: diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index d2189cc3..fd5e00d9 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -47,7 +47,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "argo-cd.dexServiceAccountName" . }} + {{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} @@ -143,17 +146,19 @@ spec: {{- with .Values.dex.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- with .Values.dex.nodeSelector }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.dex) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.dex.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.dex.tolerations }} + {{- with .Values.dex.tolerations | default .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - affinity: - {{- include "argo-cd.affinity" (dict "context" . "component" .Values.dex) | nindent 8 }} - {{- with .Values.dex.topologySpreadConstraints }} + {{- with .Values.dex.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} - {{ toYaml $constraint | nindent 8 | trim }} @@ -183,9 +188,6 @@ spec: {{- with .Values.dex.volumes }} {{- toYaml . | nindent 6 }} {{- end }} - {{- with .Values.dex.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} {{- with .Values.dex.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index e23fe46c..389cf678 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -44,6 +44,9 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }} containers: - name: {{ .Values.redis.name }} @@ -102,17 +105,19 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- with .Values.redis.nodeSelector }} + {{- with .Values.redis.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.redis.tolerations }} + {{- with .Values.redis.tolerations | default .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redis) }} affinity: - {{- include "argo-cd.affinity" (dict "context" . "component" .Values.redis) | nindent 8 }} - {{- with .Values.redis.topologySpreadConstraints }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.redis.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} topologySpreadConstraints: {{- range $constraint := . }} - {{ toYaml $constraint | nindent 8 | trim }} @@ -123,9 +128,6 @@ spec: {{- end }} {{- end }} {{- end }} - {{- with .Values.redis.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} {{- with .Values.redis.volumes }} volumes: {{- toYaml . | nindent 8}} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d7c5c853..3cc933a6 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -99,13 +99,22 @@ global: # -- Default deny all ingress traffic defaultDenyIngress: false + # -- Default priority class for all components + priorityClassName: "" + + # -- Default node selector for all components + nodeSelector: {} + + # -- Default tolerations for all components + tolerations: {} + # Default affinity preset for all components affinity: - # -- Default pod anti-affinity rules. Either: `soft` or `hard` + # -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard` podAntiAffinity: soft # Node affinity rules nodeAffinity: - # -- Default node affinity rules. Either: `soft` or `hard` + # -- Default node affinity rules. Either: `none`, `soft` or `hard` type: hard # -- Default match expressions for node affinity matchExpressions: [] @@ -115,6 +124,15 @@ global: # - antarctica-east1 # - antarctica-west1 + # -- Default [TopologySpreadConstraints] rules for all components + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector of the component + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + ## Argo Configs configs: # General Argo CD configuration @@ -637,10 +655,16 @@ controller: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- Priority class for the application controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] # -- Assign custom [affinity] rules to the deployment @@ -648,15 +672,13 @@ controller: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the application controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - - # -- Priority class for the application controller pods - priorityClassName: "" + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule serviceAccount: # -- Create a service account for the application controller @@ -978,24 +1000,30 @@ dex: # -- Service port for metrics access servicePortMetrics: 5558 + # -- Priority class for the dex pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] + # -- Assign custom [affinity] rules to the deployment # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to dex + # @default -- `[]` (defaults to global.topologySpreadConstraints) ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - - # -- Priority class for dex - priorityClassName: "" + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule ## Redis redis: @@ -1148,10 +1176,16 @@ redis: # -- Redis service port servicePort: 6379 + # -- Priority class for redis pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] # -- Assign custom [affinity] rules to the deployment @@ -1159,15 +1193,13 @@ redis: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to redis + # @default -- `[]` (defaults to global.topologySpreadConstraints) ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - - # -- Priority class for redis - priorityClassName: "" + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule serviceAccount: # -- Create a service account for the redis pod @@ -1538,24 +1570,30 @@ server: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- Priority class for the Argo CD server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] + # -- Assign custom [affinity] rules to the deployment # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server + # @default -- `[]` (defaults to global.topologySpreadConstraints) ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - - # -- Priority class for the Argo CD server - priorityClassName: "" + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule # TLS certificate configuration via cert-manager ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server @@ -2031,22 +2069,28 @@ repoServer: timeoutSeconds: 1 # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] + # -- Assign custom [affinity] rules to the deployment # @default -- `{}` (defaults to global.affinity preset) affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the repo server + # @default -- `[]` (defaults to global.topologySpreadConstraints) ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule - # -- Priority class for the repo server + # -- Priority class for the repo server pods + # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" # TLS certificate configuration via Secret @@ -2365,16 +2409,28 @@ applicationSet: failureThreshold: 3 # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] # -- Assign custom [affinity] rules # @default -- `{}` (defaults to global.affinity preset) affinity: {} - # -- If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. + # -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Priority class for the ApplicationSet controller pods + # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" ## Webhook for the Git Generator @@ -2611,16 +2667,28 @@ notifications: - ALL # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) tolerations: [] # -- Assign custom [affinity] rules # @default -- `{}` (defaults to global.affinity preset) affinity: {} + # -- Assign custom [TopologySpreadConstraints] rules to the application controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # -- Priority class for the notifications controller pods + # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" serviceAccount: From 037d3a9e769749ac49d3d6e7dac5417fd673ac7f Mon Sep 17 00:00:00 2001 From: Sergi Alonso <45431066+sergialonsaco@users.noreply.github.com> Date: Thu, 2 Mar 2023 15:56:41 +0100 Subject: [PATCH 081/768] fix(argocd-apps): Add revisionHistoryLimit option to apps (#1874) --- charts/argocd-apps/Chart.yaml | 2 +- charts/argocd-apps/ci/applications-values.yaml | 1 + charts/argocd-apps/templates/applications.yaml | 3 +++ charts/argocd-apps/values.yaml | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 1a2c0914..2f7a6d5c 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 0.0.8 +version: 0.0.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: diff --git a/charts/argocd-apps/ci/applications-values.yaml b/charts/argocd-apps/ci/applications-values.yaml index 4d708a16..9d8b21bf 100644 --- a/charts/argocd-apps/ci/applications-values.yaml +++ b/charts/argocd-apps/ci/applications-values.yaml @@ -20,6 +20,7 @@ applications: automated: prune: false selfHeal: false + revisionHistoryLimit: null ignoreDifferences: - group: apps kind: Deployment diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml index fee643d8..df0ea5eb 100644 --- a/charts/argocd-apps/templates/applications.yaml +++ b/charts/argocd-apps/templates/applications.yaml @@ -37,6 +37,9 @@ spec: syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .revisionHistoryLimit }} + revisionHistoryLimit: {{ . }} + {{- end }} {{- with .ignoreDifferences }} ignoreDifferences: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 62a2509c..eb0767b9 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -30,6 +30,7 @@ applications: [] # automated: # prune: false # selfHeal: false +# revisionHistoryLimit: null # ignoreDifferences: # - group: apps # kind: Deployment From 9663ca2fbdc060166fba7ce19898431c3e5e2b85 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 3 Mar 2023 00:02:33 +0900 Subject: [PATCH 082/768] chore(argo-rollouts): Upgrade Argo Rollouts to v.1.4.1 (#1877) * chore(argo-rollouts): Upgrade Argo Rollouts to v.1.4.1 Signed-off-by: yu-croco * chore(argo-rollouts): Add update information Signed-off-by: yu-croco --------- Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 10 ++++++---- charts/argo-rollouts/README.md | 5 +++++ charts/argo-rollouts/README.md.gotmpl | 5 +++++ 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 2beb83ff..a5e8e9c5 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.4.0 +appVersion: v1.4.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.22.2 +version: 2.22.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,5 +15,7 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: Align changelog structure to show changelogs on Artifact Hub + - kind: changed + description: Upgrade Argo Rollouts to v.1.4.1 + - kind: added + description: Put Changelog URL on README.md diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 73581f4e..ee3821bf 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -33,6 +33,10 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r |:---------------------------------------------------------------------------| | The chart provides an option to change the service type (`dashboard.service.type`). Also it provides the ability to expose the dashboard via Ingress. Dashboard was never intended to be exposed as an administrative console -- it started out as a local view available via CLI. It should be protected by something (e.g. network access or even better an oauth proxy). | +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + ## Chart Values ### General parameters @@ -188,3 +192,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ [Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-rollouts?modal=changelog diff --git a/charts/argo-rollouts/README.md.gotmpl b/charts/argo-rollouts/README.md.gotmpl index 1a587350..735dae2c 100644 --- a/charts/argo-rollouts/README.md.gotmpl +++ b/charts/argo-rollouts/README.md.gotmpl @@ -33,6 +33,10 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r |:---------------------------------------------------------------------------| | The chart provides an option to change the service type (`dashboard.service.type`). Also it provides the ability to expose the dashboard via Ingress. Dashboard was never intended to be exposed as an administrative console -- it started out as a local view available via CLI. It should be protected by something (e.g. network access or even better an oauth proxy). | +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + ## Chart Values ### General parameters @@ -100,3 +104,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ [Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-rollouts?modal=changelog From 77d9214543eda5c963ab80c2da99b295c6489bba Mon Sep 17 00:00:00 2001 From: Ian Martin Date: Fri, 3 Mar 2023 10:53:18 -0700 Subject: [PATCH 083/768] fix(argo-cd): ApplicationSet deployment uses global tolerations (#1881) * ApplicationSet deployment uses global tolerations Fixes #1880 Signed-off-by: Ian Martin * Bump chart version, add artifacthub annotations Signed-off-by: Ian Martin * correct change entry Signed-off-by: Ian Martin --------- Signed-off-by: Ian Martin --- charts/argo-cd/Chart.yaml | 16 +++------------- .../argocd-applicationset/deployment.yaml | 2 +- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2760c828..8e1e29f6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.3 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.24.0 +version: 5.24.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,15 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Global nodeSelector configuration - - kind: added - description: Global tolerations configuration - - kind: added - description: Global topologySpreadConstraints configuration - - kind: added - description: Missing component level topologySpreadConstraints configuration - - kind: added - description: Missing component level priorityClassName configuration - - kind: changed - description: Global affinity preset can be disabled + - kind: fixed + description: ApplicationSet utilizes global tolerations diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index bbf8d160..c737fb5e 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -209,7 +209,7 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.applicationSet.tolerations }} + {{- with .Values.applicationSet.tolerations | default .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} From a7a4294a99f20bedc9e90baadfb19a058298703a Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 6 Mar 2023 13:00:30 -0600 Subject: [PATCH 084/768] chore(github): Add slack button to README (#1887) * chore(github): Add slack button to README Signed-off-by: jmeridth * Update README.md Co-authored-by: Marco Kilchhofer Signed-off-by: Jason Meridth --------- Signed-off-by: jmeridth Signed-off-by: Jason Meridth Co-authored-by: Marco Kilchhofer --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 210b9a83..ac71eb3e 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # Argo Helm Charts +[![Slack](https://img.shields.io/badge/slack-%23argo--helm--charts-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo) From 16fe47b908909141d46046d6cc98b1141f9dfd7a Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 8 Mar 2023 16:12:58 +0900 Subject: [PATCH 085/768] chore(argo-cd): Upgrade Argo CD v2.6.4 (#1891) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8e1e29f6..cc699d33 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.6.3 +appVersion: v2.6.4 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.24.1 +version: 5.24.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: ApplicationSet utilizes global tolerations + - kind: changed + description: Upgrade Argo CD v2.6.4 From 832a1e5c109fe6e4b0134a3bd7371671dbf0ddca Mon Sep 17 00:00:00 2001 From: TheRealNoob Date: Wed, 8 Mar 2023 01:46:33 -0600 Subject: [PATCH 086/768] fix(argo-cd): Clarify syntax in values.yaml (#1864) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++++ charts/argo-cd/values.yaml | 16 +++++++++++----- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index cc699d33..bf4ed737 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.4 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.24.2 +version: 5.24.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD v2.6.4 + - kind: fixed + description: Clarify syntax in values.yaml diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 21a945fa..63806eb2 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -497,7 +497,11 @@ NAME: my-release | controller.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric | | controller.metrics.applicationLabels.labels | list | `[]` | Additional labels | | controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels | +| controller.metrics.rules.annotations | object | `{}` | PrometheusRule annotations | | controller.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the application controller | +| controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace | +| controller.metrics.rules.selector | object | `{}` | PrometheusRule selector | | controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | | controller.metrics.service.annotations | object | `{}` | Metrics service annotations | | controller.metrics.service.labels | object | `{}` | Metrics service labels | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 3cc933a6..f0da2fcb 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -736,6 +736,17 @@ controller: rules: # -- Deploy a PrometheusRule for the application controller enabled: false + # -- PrometheusRule namespace + namespace: "" # "monitoring" + # -- PrometheusRule selector + selector: {} + # prometheus: kube-prometheus + + # -- PrometheusRule labels + additionalLabels: {} + # -- PrometheusRule annotations + annotations: {} + # -- PrometheusRule.Spec for the application controller spec: [] # - alert: ArgoAppMissing @@ -762,11 +773,6 @@ controller: # The application [{{`{{$labels.name}}`}} has not been synchronized for over # 12 hours which means that the state of this cloud has drifted away from the # state inside Git. - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} - # annotations: {} ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off From 71f61651aedc798598fd1501f00869e8fa20ab49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Kukr=C3=A1l?= Date: Thu, 9 Mar 2023 11:48:22 +0100 Subject: [PATCH 087/768] fix(argo-cd): skip empty configmap params (#1892) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bf4ed737..17ea8a45 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.4 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.24.3 +version: 5.24.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: fixed - description: Clarify syntax in values.yaml + description: Updated argocd-cm to skip empty values diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 377a07e1..2338d1c0 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -174,7 +174,10 @@ Merge Argo Configuration with Preset Configuration {{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}} {{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}} {{- range $key, $value := mergeOverwrite $preset $config }} -{{ $key }}: {{ toString $value | toYaml }} +{{- $fmted := $value | toString }} +{{- if not (eq $fmted "") }} +{{ $key }}: {{ $fmted | toYaml }} +{{- end }} {{- end }} {{- end -}} From 9781abdfd8e5b612dcec58f664aea45a4e26c382 Mon Sep 17 00:00:00 2001 From: Christian Groschupp Date: Thu, 9 Mar 2023 13:05:01 +0100 Subject: [PATCH 088/768] feat(argo-cd): add parameter env to redis exporter (#1876) Signed-off-by: Christian Groschupp --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/redis/deployment.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 17ea8a45..663a1081 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.4 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.24.4 +version: 5.25.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Updated argocd-cm to skip empty values + - kind: added + description: Add parameter env to redis exporter diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 63806eb2..b5e4adba 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -901,6 +901,7 @@ server: | redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server | | redis.exporter.containerSecurityContext | object | See [values.yaml] | Redis exporter security context | | redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis.exporter.image.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 389cf678..3376d732 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -89,6 +89,9 @@ spec: value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} + {{- with .Values.redis.exporter.env }} + {{- toYaml . | nindent 8 }} + {{- end }} ports: - name: metrics containerPort: {{ .Values.redis.containerPorts.metrics }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f0da2fcb..a5b5a989 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1068,6 +1068,8 @@ redis: exporter: # -- Enable Prometheus redis-exporter sidecar enabled: false + # -- Environment variables to pass to the Redis exporter + env: [] ## Prometheus redis-exporter image image: # -- Repository to use for the redis-exporter From 0845b604805ba32db3994e0759d46108dc18428b Mon Sep 17 00:00:00 2001 From: Saad Ali Date: Sun, 12 Mar 2023 19:00:24 +0500 Subject: [PATCH 089/768] feat(argo-cd): Added Config Management Plugins cm (#1865) * feat(argo-cd): Added Config Management Plugins cm using sidecar approach Signed-off-by: Saad Ali * fix(argo-cd): Set ConfigMap creation for CMP using sidecar approach to false by default Signed-off-by: Saad Ali --------- Signed-off-by: Saad Ali Signed-off-by: Petr Drastil Co-authored-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 3 + .../argocd-configs/argocd-cmp-cm.yaml | 24 ++++ charts/argo-cd/values.yaml | 108 ++++++++++++++---- 4 files changed, 115 insertions(+), 26 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 663a1081..ea4a432a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.4 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.25.0 +version: 5.26.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Add parameter env to redis exporter + - kind: Added + description: ConfigMap for Config Management Plugins using sidecar approach diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b5e4adba..9606ee6c 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -427,6 +427,9 @@ NAME: my-release | configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap | | configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] | | configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO | +| configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap | +| configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap | +| configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm | | configs.credentialTemplates | object | `{}` | Repository credentials to be used as Templates for other repos | | configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | | configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml new file mode 100644 index 00000000..39a6db6b --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml @@ -0,0 +1,24 @@ +{{- if .Values.configs.cmp.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmp-cm + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }} + {{- with .Values.configs.cmp.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- range $cmp_plugin, $cmp_plugin_config := .Values.configs.cmp.plugins }} + {{ $cmp_plugin }}.yaml: | + apiVersion: argoproj.io/v1alpha1 + kind: ConfigManagementPlugin + metadata: + name: {{ $cmp_plugin }} + spec: + {{- toYaml $cmp_plugin_config | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index a5b5a989..c1a693a4 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -331,6 +331,49 @@ configs: # ... # -----END CERTIFICATE----- + # ConfigMap for Config Management Plugins + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ + cmp: + # -- Create the argocd-cmp-cm configmap + create: false + + # -- Annotations to be added to argocd-cmp-cm configmap + annotations: {} + + # -- Plugin yaml files to be added to argocd-cmp-cm + plugins: {} + # --- First plugin + # my-plugin: + # init: + # command: [sh] + # args: [-c, 'echo "Initializing..."'] + # generate: + # command: [sh, -c] + # args: + # - | + # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}" + # discover: + # fileName: "./subdir/s*.yaml" + # find: + # glob: "**/Chart.yaml" + # command: [sh, -c, find . -name env.yaml] + + # --- Second plugin + # my-plugin2: + # init: + # command: [sh] + # args: [-c, 'echo "Initializing..."'] + # generate: + # command: [sh, -c] + # args: + # - | + # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}" + # discover: + # fileName: "./subdir/s*.yaml" + # find: + # glob: "**/Chart.yaml" + # command: [sh, -c, find . -name env.yaml] + # -- Provide one or multiple [external cluster credentials] # @default -- `[]` (See [values.yaml]) ## Ref: @@ -1969,27 +2012,46 @@ repoServer: ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ ## Note: Supports use of custom Helm templates extraContainers: [] - # - name: cmp - # # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server - # command: [/var/run/argocd/argocd-cmp-server] - # # This can be off-the-shelf or custom-built image - # image: busybox - # securityContext: - # runAsNonRoot: true - # runAsUser: 999 - # volumeMounts: - # - mountPath: /var/run/argocd - # name: var-files - # - mountPath: /home/argocd/cmp-server/plugins - # name: plugins - # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. - # - mountPath: /home/argocd/cmp-server/config/plugin.yaml - # subPath: plugin.yaml - # name: cmp-plugin - # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps - # # mitigate path traversal attacks. - # - mountPath: /tmp - # name: cmp-tmp + # - name: cmp-my-plugin + # command: + # - "/var/run/argocd/argocd-cmp-server" + # image: busybox + # securityContext: + # runAsNonRoot: true + # runAsUser: 999 + # volumeMounts: + # - mountPath: /var/run/argocd + # name: var-files + # - mountPath: /home/argocd/cmp-server/plugins + # name: plugins + # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. + # - mountPath: /home/argocd/cmp-server/config/plugin.yaml + # subPath: my-plugin.yaml + # name: argocd-cmp-cm + # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # # mitigate path traversal attacks. + # - mountPath: /tmp + # name: cmp-tmp + # - name: cmp-my-plugin2 + # command: + # - "/var/run/argocd/argocd-cmp-server" + # image: busybox + # securityContext: + # runAsNonRoot: true + # runAsUser: 999 + # volumeMounts: + # - mountPath: /var/run/argocd + # name: var-files + # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. + # - mountPath: /home/argocd/cmp-server/plugins + # name: plugins + # - mountPath: /home/argocd/cmp-server/config/plugin.yaml + # subPath: my-plugin2.yaml + # name: argocd-cmp-cm + # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # # mitigate path traversal attacks. + # - mountPath: /tmp + # name: cmp-tmp # -- Init containers to add to the repo server pods initContainers: [] @@ -1999,9 +2061,9 @@ repoServer: # -- Additional volumes to the repo server pod volumes: [] - # - name: cmp-plugin + # - name: argocd-cmp-cm # configMap: - # name: cmp-plugin + # name: argocd-cmp-cm # - name: cmp-tmp # emptyDir: {} From b629a3a0960e466a46bbdabaff4325f5f40bd082 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 15 Mar 2023 03:36:13 +0900 Subject: [PATCH 090/768] chore(argo-cd): Upgrade Argo CD v2.6.5 (#1900) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ea4a432a..ccf6f5cd 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.6.4 +appVersion: v2.6.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.26.0 +version: 5.26.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: Added - description: ConfigMap for Config Management Plugins using sidecar approach + - kind: changed + description: Upgrade Argo CD v2.6.5 From fca26f9e95486edc29e18f2b9263f56dbdb88ad0 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 15 Mar 2023 12:31:24 +0100 Subject: [PATCH 091/768] ci(github): Fix CI testing (#1904) Signed-off-by: Marco Kilchhofer --- .github/workflows/lint-and-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 0158f3fa..5899b559 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -38,8 +38,8 @@ jobs: changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed) charts=$(echo "$changed" | tr '\n' ' ' | xargs) if [[ -n "$changed" ]]; then - echo "changed=true" >> $GITHUB_STATE - echo "changed_charts=$charts" >> $GITHUB_STATE + echo "changed=true" >> $GITHUB_OUTPUT + echo "changed_charts=$charts" >> $GITHUB_OUTPUT fi - name: Run chart-testing (lint) From 21f4ac8d53a94ada50c91951a4fff2c9a1761bb2 Mon Sep 17 00:00:00 2001 From: Julien Aubert Date: Wed, 15 Mar 2023 14:55:32 +0100 Subject: [PATCH 092/768] fix(argo-cd): Use nodeSelector global property as default on ApplicationSet (#1907) fix(argo-cd): Use nodeSelector global property as default value on ApplicationSet Deployment according to the documentation. Signed-off-by: Julien Aubert Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 4 ++-- .../argo-cd/templates/argocd-applicationset/deployment.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ccf6f5cd..ccb4f7c4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.26.1 +version: 5.26.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD v2.6.5 + description: Use global.nodeSelector value as default value for nodeSelector on ApplicationSet diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index c737fb5e..6d8e5460 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -205,7 +205,7 @@ spec: affinity: {{- trim . | nindent 8 }} {{- end }} - {{- with .Values.applicationSet.nodeSelector }} + {{- with .Values.applicationSet.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} From 96182b4d088b7f759f894abe9e9a2e6cdfd9f6ff Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 16 Mar 2023 02:34:22 +0900 Subject: [PATCH 093/768] chore(argo-events): Add install guide on README (#1909) Signed-off-by: yu-croco --- charts/argo-events/Chart.yaml | 6 +++--- charts/argo-events/README.md | 13 +++++++++++++ charts/argo-events/README.md.gotmpl | 13 +++++++++++++ 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 9318cb85..f577f257 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.1.3 +version: 2.1.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Events to v1.7.6 + - kind: added + description: Add install guide on README diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 48597a86..f06f9d3a 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -17,6 +17,19 @@ To regenerate this document, please run: ./scripts/helm-docs.sh ``` +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-events +NAME: my-release +... +``` + ## Upgrading ### Custom resource definitions diff --git a/charts/argo-events/README.md.gotmpl b/charts/argo-events/README.md.gotmpl index 7ee5cefe..c25a3e97 100644 --- a/charts/argo-events/README.md.gotmpl +++ b/charts/argo-events/README.md.gotmpl @@ -17,6 +17,19 @@ To regenerate this document, please run: ./scripts/helm-docs.sh ``` +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-events +NAME: my-release +... +``` + ## Upgrading ### Custom resource definitions From b34b555b7af250d82717431c561d869c819ad29e Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 15 Mar 2023 20:27:34 +0100 Subject: [PATCH 094/768] fix(argo-cd): Use default metrics port for APIServer (#1911) fix(argo-cd): Use default metrics port for argocd-server Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ccb4f7c4..b0d0065d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.26.2 +version: 5.26.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Use global.nodeSelector value as default value for nodeSelector on ApplicationSet + - kind: fixed + description: Use default metrics port for argocd-server diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 9606ee6c..a71687ed 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -670,7 +670,7 @@ NAME: my-release | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | | server.certificateSecret.key | string | `""` | Private Key of the certificate | | server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret | -| server.containerPorts.metrics | int | `8082` | Metrics container port | +| server.containerPorts.metrics | int | `8083` | Metrics container port | | server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c1a693a4..31eda2f6 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1573,7 +1573,7 @@ server: # -- Server container port server: 8080 # -- Metrics container port - metrics: 8082 + metrics: 8083 # -- Host Network for Server pods hostNetwork: false From fa17c46a7398a9ec85b30b4e280b935561e2a3df Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Thu, 16 Mar 2023 01:08:55 +0100 Subject: [PATCH 095/768] feat(argo-cd): Add ability to add project scoped cluster(s) (#1913) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 6 +++--- .../templates/argocd-configs/cluster-secrets.yaml | 3 +++ charts/argo-cd/values.yaml | 11 +++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b0d0065d..2f77e818 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.5 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.26.3 +version: 5.27.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Use default metrics port for argocd-server + - kind: added + description: Ability to add project scoped cluster(s) diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index aba14db7..c1aaa531 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -26,6 +26,9 @@ stringData: clusterResources: {{ .clusterResources | quote }} {{- end }} {{- end }} + {{- if .project }} + project: {{ .project | quote }} + {{- end }} config: | {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 31eda2f6..cad9a1b6 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -379,6 +379,7 @@ configs: ## Ref: ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials + ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters clusterCredentials: [] # - name: mycluster # server: https://mycluster.com @@ -400,6 +401,16 @@ configs: # tlsClientConfig: # insecure: false # caData: "" + # - name: mycluster3-project-scoped + # server: https://mycluster3.com + # labels: {} + # annotations: {} + # project: my-project1 + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" # DEPRECATED - Moved to configs.ssh.annotations # knownHostsAnnotations: {} From 69c3e6086ba86a4b31f5306cb1b75c334279dfeb Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 16 Mar 2023 20:04:52 +0900 Subject: [PATCH 096/768] chore(argo-workflows): Add install guide on README (#1908) Signed-off-by: yu-croco Co-authored-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 10 ++-------- charts/argo-workflows/README.md | 13 +++++++++++++ charts/argo-workflows/README.md.gotmpl | 13 +++++++++++++ 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index b5f88211..a69edb0d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.13 +version: 0.22.14 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,10 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: added - description: Added workflow startup option --log-format (defaults to 'text'). - - kind: added - description: Added server startup option --log-format (defaults to 'text'). - - kind: added - description: Added server startup option --loglevel (defaults to 'info'). - - kind: added - description: Added server startup option --gloglevel (defaults to '0'). + description: Add install guide on README. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index d6fa862c..a9f05ab4 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -28,6 +28,19 @@ kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" ``` +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-workflows +NAME: my-release +... +``` + ## Changelog For full list of changes, please check ArtifactHub [changelog]. diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 0a441821..95c626e2 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -28,6 +28,19 @@ kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" ``` +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-workflows +NAME: my-release +... +``` + ## Changelog For full list of changes, please check ArtifactHub [changelog]. From 2563d1e6f94e7102fb403bfa1ca6ece9ca39e3c3 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 17 Mar 2023 17:24:44 +0900 Subject: [PATCH 097/768] chore(argo-cd): Upgrade Argo CD to v2.6.6 (#1915) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2f77e818..051155f2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.6.5 +appVersion: v2.6.6 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.27.0 +version: 5.27.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Ability to add project scoped cluster(s) + - kind: changed + description: Upgrade Argo CD to v2.6.6 From 2d193be5c0694dbe5e1568217a86bbe972bb091d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Smole=C5=84ski?= <20775179+moleskin-smile@users.noreply.github.com> Date: Thu, 23 Mar 2023 08:09:03 +0100 Subject: [PATCH 098/768] feat(argo-workflows): Add ability to use memoization (#1924) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-cluster-roles.yaml | 4 ++++ charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index a69edb0d..b8983739 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.14 +version: 0.22.15 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: added - description: Add install guide on README. + description: Ability to use memoization feature. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index a9f05ab4..0c4dd649 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -147,6 +147,7 @@ Fields to note: | controller.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages. | | controller.rbac.create | bool | `true` | Adds Role and RoleBinding for the controller. | | controller.rbac.secretWhitelist | list | `[]` | Allows controller to get, list, and watch certain k8s secrets | +| controller.rbac.writeConfigMaps | bool | `false` | Allows controller to create and update ConfigMaps. Enables memoization feature | | controller.replicas | int | `1` | The number of controller pods to run | | controller.resourceRateLimit | object | `{}` | Globally limits the rate at which pods are created. This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of parallel nodes. | | controller.resources | object | `{}` | Resource limits and requests for the controller | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index bb08306b..6b1a724e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -36,6 +36,10 @@ rules: - get - watch - list + {{- if .Values.controller.rbac.writeConfigMaps }} + - create + - update + {{- end}} - apiGroups: - "" resources: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 904d766b..3537ac89 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -74,6 +74,8 @@ controller: create: true # -- Allows controller to get, list, and watch certain k8s secrets secretWhitelist: [] + # -- Allows controller to create and update ConfigMaps. Enables memoization feature + writeConfigMaps: false # -- Limits the maximum number of incomplete workflows in a namespace namespaceParallelism: From ccef4448748601bb253a89fa86ed036b0e620cc1 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Fri, 24 Mar 2023 01:08:45 +0100 Subject: [PATCH 099/768] chore(argo-cd): Upgrade to appVersion v2.6.7 (#1926) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 051155f2..273a65f7 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.6.6 +appVersion: v2.6.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.27.1 +version: 5.27.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.6.6 + description: Upgrade Argo CD to v2.6.7 From ceb6011cb666d64c9e36e7daf058102c5f64b6ba Mon Sep 17 00:00:00 2001 From: Miles Armstrong Date: Fri, 24 Mar 2023 09:57:01 +0000 Subject: [PATCH 100/768] chore(argo-cd): Update to use Github's new RSA SSH public key (#1927) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 273a65f7..85355364 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.27.2 +version: 5.27.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.6.7 + description: Update Github RSA SSH public key diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index cad9a1b6..8a558c6c 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -307,7 +307,7 @@ configs: bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 From b8c86dd91461fb39342074da1e8417f813b74994 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 Mar 2023 15:27:19 +0100 Subject: [PATCH 101/768] chore(github): bump actions/stale from 7 to 8 (#1931) chore(deps): bump actions/stale from 7 to 8 Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v7...v8) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 3a8e77d1..9b4053bb 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@v7 + - uses: actions/stale@v8 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale From d959c79775204facd6d413e7af53999b0fd3f776 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 Mar 2023 15:28:31 +0100 Subject: [PATCH 102/768] chore(github): bump helm/chart-testing-action from 2.3.1 to 2.4.0 (#1930) chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.4.0 Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.3.1 to 2.4.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.3.1...v2.4.0) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Petr Drastil --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 5899b559..97684b86 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -26,7 +26,7 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.4.0 with: # Note: Also update in scripts/lint.sh version: v3.7.1 From d34a3765682b52c6d02726b144759b796e9e3b07 Mon Sep 17 00:00:00 2001 From: LucasBoisserie Date: Tue, 28 Mar 2023 15:48:09 +0200 Subject: [PATCH 103/768] fix(argo-cd): Disable hostNetwork field when is set to false (#1934) * fix(argo-cd): fix host network configuration Signed-off-by: LucasBoisserie * update changelog Signed-off-by: LucasBoisserie --------- Signed-off-by: LucasBoisserie --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/statefulset.yaml | 2 ++ charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 ++ charts/argo-cd/templates/argocd-server/deployment.yaml | 2 ++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 85355364..bf4000b5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.27.3 +version: 5.27.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Update Github RSA SSH public key + - kind: fixed + description: Surround with if hostNetwork field to disable it when is set to false diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index ad8cbc1b..0bef6ced 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -312,7 +312,9 @@ spec: path: tls.key - key: ca.crt path: ca.crt + {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} {{- with .Values.controller.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 3e22a00d..4d5fd8dc 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -355,7 +355,9 @@ spec: path: tls.key - key: ca.crt path: ca.crt + {{- if .Values.repoServer.hostNetwork }} hostNetwork: {{ .Values.repoServer.hostNetwork }} + {{- end }} {{- with .Values.repoServer.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index bb2f750b..ddd23a02 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -421,7 +421,9 @@ spec: path: tls.crt - key: ca.crt path: ca.crt + {{- if .Values.server.hostNetwork }} hostNetwork: {{ .Values.server.hostNetwork }} + {{- end }} {{- with .Values.server.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} From af90fd665f82ab314d4fad77b4c6ecbd51ae54ac Mon Sep 17 00:00:00 2001 From: Khanh Ngo Date: Wed, 29 Mar 2023 11:16:34 +0200 Subject: [PATCH 104/768] feat(argo-rollouts): support setting pod annotations separately on controller and dashboard (#1928) --- charts/argo-rollouts/Chart.yaml | 6 ++---- charts/argo-rollouts/README.md | 4 +++- charts/argo-rollouts/templates/controller/deployment.yaml | 6 ++++-- charts/argo-rollouts/templates/dashboard/deployment.yaml | 6 ++++-- charts/argo-rollouts/values.yaml | 6 +++++- 5 files changed, 18 insertions(+), 10 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index a5e8e9c5..64cc3539 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.4.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.22.3 +version: 2.23.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,7 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Rollouts to v.1.4.1 - kind: added - description: Put Changelog URL on README.md + description: Added the ability to set pod annotations separately on controller and dashboard deployment diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index ee3821bf..1e8a29f0 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -95,13 +95,14 @@ For full list of changes please check ArtifactHub [changelog]. | controller.pdb.labels | object | `{}` | Labels to be added to controller [Pod Disruption Budget] | | controller.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | controller.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | +| controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | | controller.priorityClassName | string | `""` | [priorityClassName] for the controller | | controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller | | controller.replicas | int | `2` | The number of controller pods to run | | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | -| podAnnotations | object | `{}` | Annotations to be added to the Rollout pods | +| podAnnotations | object | `{}` | Annotations for the all deployed pods | | podLabels | object | `{}` | Labels to be added to the Rollout pods | | podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | @@ -139,6 +140,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.pdb.labels | object | `{}` | Labels to be added to dashboard [Pod Disruption Budget] | | dashboard.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | dashboard.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | +| dashboard.podAnnotations | object | `{}` | Annotations to be added to application dashboard pods | | dashboard.podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | | dashboard.priorityClassName | string | `""` | [priorityClassName] for the dashboard server | | dashboard.readonly | bool | `false` | Set cluster role to readonly | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index d6adf9cf..ee118e5a 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -15,9 +15,11 @@ spec: replicas: {{ .Values.controller.replicas }} template: metadata: - {{- with .Values.podAnnotations }} + {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.controller.podAnnotations) }} annotations: - {{- toYaml . | nindent 8 }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index ebf9ce8b..0d210934 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -16,9 +16,11 @@ spec: replicas: {{ .Values.dashboard.replicas }} template: metadata: - {{- with .Values.podAnnotations }} + {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.dashboard.podAnnotations) }} annotations: - {{- toYaml . | nindent 8 }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index eb077221..d92e9304 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -41,6 +41,8 @@ extraObjects: [] controller: # -- Value of label `app.kubernetes.io/component` component: rollouts-controller + # -- Annotations to be added to application controller pods + podAnnotations: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints @@ -164,7 +166,7 @@ serviceAccount: # -- Annotations to be added to all CRDs crdAnnotations: {} -# -- Annotations to be added to the Rollout pods +# -- Annotations for the all deployed pods podAnnotations: {} # -- Security Context to set on pod level @@ -217,6 +219,8 @@ dashboard: readonly: false # -- Value of label `app.kubernetes.io/component` component: rollouts-dashboard + # -- Annotations to be added to application dashboard pods + podAnnotations: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints From 3c24d55fa4029f83543308a055577457b492e719 Mon Sep 17 00:00:00 2001 From: Gergely Czuczy Date: Thu, 30 Mar 2023 18:33:14 +0200 Subject: [PATCH 105/768] feat(argo-cd): Entrypoint can be configured now (#1898) * Entrypoint can be configured now Signed-off-by: Gergely Czuczy * Updated charts.lock after following master Signed-off-by: Gergely Czuczy * Bump version Signed-off-by: Gergely Czuczy --------- Signed-off-by: Gergely Czuczy Signed-off-by: Gergely Czuczy --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 8 ++++---- charts/argo-cd/README.md | 2 ++ .../templates/argocd-applicationset/deployment.yaml | 5 ++++- .../argo-cd/templates/argocd-repo-server/deployment.yaml | 4 +++- charts/argo-cd/values.yaml | 8 ++++++++ 6 files changed, 24 insertions(+), 9 deletions(-) mode change 100755 => 100644 charts/argo-cd/values.yaml diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index a2a5011e..e21296c6 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.22.4 -digest: sha256:5df60910862b364ebfb82cba2b2f0951c39ad36446647fb3f501bdeadc92fbd7 -generated: "2022-12-26T22:58:11.561184+09:00" + version: 4.22.5 +digest: sha256:d2e927511e515fb862f23dd413ee3a356c855d808f6f9ad1d345ee62b8c7ea16 +generated: "2023-03-30T08:25:32.738257836+02:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bf4000b5..059c9250 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.27.4 +version: 5.27.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,10 +18,10 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.22.4 + version: 4.22.5 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Surround with if hostNetwork field to disable it when is set to false + - kind: changed + description: entrypoint usage can be configured diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index a71687ed..2b7d4ea3 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -394,6 +394,8 @@ NAME: my-release | global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | | global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | +| global.entrypoint.entrypoint | string | `"entrypoint.sh"` | The entrypoint to use for the containers. | +| global.entrypoint.useImplicit | bool | `false` | Implicitly use the docker image's entrypoint. This requires the image to have ENTRYPOINT set properly | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | | global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all Argo CD deployments | diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 6d8e5460..e4e86570 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -51,8 +51,11 @@ spec: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }} + {{- if not .Values.global.entrypoint.useImplicit }} command: - - entrypoint.sh + - {{ .Values.global.entrypoint.entrypoint | quote }} + {{- end }} + args: - argocd-applicationset-controller - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 4d5fd8dc..01a79204 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -56,8 +56,10 @@ spec: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} + {{- if not .Values.global.entrypoint.useImplicit }} command: - - entrypoint.sh + - {{ .Values.global.entrypoint.entrypoint | quote }} + {{- end }} args: - argocd-repo-server - --port={{ .Values.repoServer.containerPorts.server }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml old mode 100755 new mode 100644 index 8a558c6c..41815314 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -132,6 +132,14 @@ global: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # POD entrypoint configuration + entrypoint: + # -- Implicitly use the docker image's entrypoint. This requires the image to have + # ENTRYPOINT set properly + useImplicit: false + # -- The entrypoint to use for the containers. + entrypoint: "entrypoint.sh" + ## Argo Configs configs: From 0697ab1e4b15a0f323469a65f858622a5692f0e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Boniecki?= Date: Sat, 1 Apr 2023 20:40:02 +0000 Subject: [PATCH 106/768] fix(argo-events): wire up priorityClassName (#1940) --- charts/argo-events/Chart.yaml | 6 +++--- .../templates/argo-events-controller/deployment.yaml | 3 +++ .../templates/argo-events-webhook/deployment.yaml | 3 +++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index f577f257..a702a625 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.1.4 +version: 2.1.5 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: added - description: Add install guide on README + - kind: fixed + description: priorityClassName was not being set on pods. diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index ab41c26b..0ca65ee2 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -27,6 +27,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-events/templates/argo-events-webhook/deployment.yaml b/charts/argo-events/templates/argo-events-webhook/deployment.yaml index 2f0478af..e3839caf 100644 --- a/charts/argo-events/templates/argo-events-webhook/deployment.yaml +++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml @@ -27,6 +27,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.webhook.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} From 4ea0119321d9c58c75eaef889033f98994af40a6 Mon Sep 17 00:00:00 2001 From: Laurent Lavaud Date: Mon, 3 Apr 2023 11:58:50 +0200 Subject: [PATCH 107/768] feat(argo-cd): Add support for custom Deployment strategy (#1918) Signed-off-by: Laurent Lavaud --- charts/argo-cd/Chart.yaml | 6 +-- charts/argo-cd/README.md | 6 +++ charts/argo-cd/templates/_common.tpl | 17 +++++++++ .../argocd-applicationset/deployment.yaml | 4 ++ .../argocd-notifications/deployment.yaml | 4 +- .../argocd-repo-server/deployment.yaml | 4 ++ .../templates/argocd-server/deployment.yaml | 4 ++ charts/argo-cd/templates/dex/deployment.yaml | 4 ++ charts/argo-cd/values.yaml | 38 +++++++++++++++++++ 9 files changed, 83 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 059c9250..09552820 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.27.5 +version: 5.28.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: entrypoint usage can be configured + - kind: added + description: Add support for custom Deployment strategy diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 2b7d4ea3..faa37022 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -394,6 +394,7 @@ NAME: my-release | global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | | global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | +| global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | global.entrypoint.entrypoint | string | `"entrypoint.sh"` | The entrypoint to use for the containers. | | global.entrypoint.useImplicit | bool | `false` | Implicitly use the docker image's entrypoint. This requires the image to have ENTRYPOINT set properly | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | @@ -573,6 +574,7 @@ NAME: my-release | repoServer.containerPorts.server | int | `8081` | Repo server container port | | repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | | repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | | repoServer.dnsConfig | object | `{}` | [DNS configuration] | | repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | | repoServer.env | list | `[]` | Environment variables to pass to repo server | @@ -676,6 +678,7 @@ NAME: my-release | server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | | server.dnsConfig | object | `{}` | [DNS configuration] | | server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | | server.env | list | `[]` | Environment variables to pass to Argo CD server | @@ -822,6 +825,7 @@ server: | dex.containerPorts.metrics | int | `5558` | Metrics container port | | dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context | | dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment | +| dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | | dex.dnsConfig | object | `{}` | [DNS configuration] | | dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | | dex.enabled | bool | `true` | Enable dex | @@ -1012,6 +1016,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | | applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment | +| applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | | applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | @@ -1097,6 +1102,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | | notifications.context | object | `{}` | Define user-defined context | | notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | +| notifications.deploymentStrategy | object | `{"type":"Recreate"}` | Deployment strategy to be added to the notifications controller Deployment | | notifications.dnsConfig | object | `{}` | [DNS configuration] | | notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods | | notifications.enabled | bool | `true` | Enable notifications controller | diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index dd43d0d5..bf0c1e84 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -120,3 +120,20 @@ nodeAffinity: {{- end -}} {{- end -}} {{- end -}} + +{{/* +Common deployment strategy definition +- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite +*/}} +{{- define "argo-cd.strategy" -}} +{{- $preset := . -}} +{{- if (eq $preset.type "Recreate") }} +type: Recreate +{{- else if (eq $preset.type "RollingUpdate") }} +type: RollingUpdate +{{- with $preset.rollingUpdate }} +rollingUpdate: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index e4e86570..76d77b42 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -12,6 +12,10 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.applicationSet.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} replicas: {{ .Values.applicationSet.replicaCount }} revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 45ba1de0..fc51bb00 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -14,8 +14,10 @@ metadata: spec: replicas: 1 revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.notifications.deploymentStrategy) }} strategy: - type: Recreate + {{- trim . | nindent 4 }} + {{- end }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 01a79204..906a544f 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -11,6 +11,10 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.repoServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} {{- if not .Values.repoServer.autoscaling.enabled }} replicas: {{ .Values.repoServer.replicas }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index ddd23a02..a5bea81b 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -11,6 +11,10 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.server.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} {{- if not .Values.server.autoscaling.enabled }} replicas: {{ .Values.server.replicas }} {{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index fd5e00d9..af6523d5 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -12,6 +12,10 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.dex.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} replicas: 1 revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 41815314..640f1a48 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -140,6 +140,12 @@ global: # -- The entrypoint to use for the containers. entrypoint: "entrypoint.sh" + # -- Deployment strategy for the all deployed Deployments + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% ## Argo Configs configs: @@ -1093,6 +1099,13 @@ dex: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Deployment strategy to be added to the Dex server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + ## Redis redis: # -- Enable redis @@ -1665,6 +1678,13 @@ server: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Deployment strategy to be added to the server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + # TLS certificate configuration via cert-manager ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server certificate: @@ -2178,6 +2198,13 @@ repoServer: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Deployment strategy to be added to the repo server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + # -- Priority class for the repo server pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" @@ -2518,6 +2545,13 @@ applicationSet: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Deployment strategy to be added to the ApplicationSet controller Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + # -- Priority class for the ApplicationSet controller pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" @@ -2776,6 +2810,10 @@ notifications: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Deployment strategy to be added to the notifications controller Deployment + deploymentStrategy: + type: Recreate + # -- Priority class for the notifications controller pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" From a012bd41c9d070d71633aa65d64c644146f719cf Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 4 Apr 2023 20:10:13 +0900 Subject: [PATCH 108/768] chore(argo-workflows): Upgrade Argo Workflows to v3.4.6 (#1942) Signed-off-by: yu-croco Co-authored-by: Jason Meridth --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index b8983739..6524a472 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.5 +appVersion: v3.4.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.15 +version: 0.22.16 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: added - description: Ability to use memoization feature. + - kind: changed + description: Upgrade Argo Workflows to v3.4.6. From c3759febbd4b6fee5a09aa75f194a018b88869f2 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Thu, 6 Apr 2023 16:52:19 +0300 Subject: [PATCH 109/768] feat(argocd-image-updater): Add support for pod labels (#1944) Signed-off-by: drfaust92 --- charts/argocd-image-updater/Chart.yaml | 4 ++-- charts/argocd-image-updater/README.md | 1 + charts/argocd-image-updater/templates/deployment.yaml | 3 +++ charts/argocd-image-updater/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 5d599c41..f64d558b 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.8.4 +version: 0.8.5 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -16,4 +16,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: changed - description: Update Argo CD Image Updater to v0.12.2 + description: Added support for pod labels diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 10259e19..5d5c7253 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -106,6 +106,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override | | nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment | | podAnnotations | object | `{}` | Pod Annotations for the deployment | +| podLabels | object | `{}` | Pod Labels for the deployment | | podSecurityContext | object | `{}` | Pod security context settings for the deployment | | rbac.enabled | bool | `true` | Enable RBAC creation | | replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. | diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 61136fb8..936a4a70 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -19,6 +19,9 @@ spec: {{- end }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} labels: + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- include "argocd-image-updater.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 9ac3e1ef..90498e26 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -156,6 +156,9 @@ serviceAccount: # -- Pod Annotations for the deployment podAnnotations: {} +# -- Pod Labels for the deployment +podLabels: {} + # -- Pod security context settings for the deployment podSecurityContext: {} # fsGroup: 2000 From b19beee4f8cea0c1b9a37511c92a5e9b09a8e141 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 7 Apr 2023 01:16:40 +0900 Subject: [PATCH 110/768] fix(argo-cd): Change default value for global.tolerations, from object to array (#1947) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 09552820..fc35d6b4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.28.0 +version: 5.28.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Add support for custom Deployment strategy + - kind: fixed + description: Change default value for global.tolerations, from object to array. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index faa37022..a3e43b0f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -413,7 +413,7 @@ NAME: my-release | global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | | global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | -| global.tolerations | object | `{}` | Default tolerations for all components | +| global.tolerations | list | `[]` | Default tolerations for all components | | global.topologySpreadConstraints | list | `[]` | Default [TopologySpreadConstraints] rules for all components | ## Argo CD Configs diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 640f1a48..40eee8cb 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -106,7 +106,7 @@ global: nodeSelector: {} # -- Default tolerations for all components - tolerations: {} + tolerations: [] # Default affinity preset for all components affinity: From 56136f65185ba97ac14543d49413626dd49e3f78 Mon Sep 17 00:00:00 2001 From: Justin Sievenpiper Date: Thu, 6 Apr 2023 16:43:01 -0700 Subject: [PATCH 111/768] feat(argo-workflows): add the ability to declare initContainers (#1923) feat(argo-workflows): add the ability to declare initContainers to server and controller deployments Signed-off-by: Justin Sievenpiper --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ .../controller/workflow-controller-deployment.yaml | 4 ++++ .../argo-workflows/templates/server/server-deployment.yaml | 4 ++++ charts/argo-workflows/values.yaml | 6 ++++++ 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6524a472..59a8a66a 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.22.16 +version: 0.23.0 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.4.6. + - kind: added + description: Added the ability to deploy init containers alongside the controller and server deployments. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 0c4dd649..0cd08319 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -108,6 +108,7 @@ Fields to note: | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | | controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment | | controller.extraEnv | list | `[]` | Extra environment variables to provide to the controller container | +| controller.extraInitContainers | list | `[]` | Enables init containers to be added to the controller deployment | | controller.image.registry | string | `"quay.io"` | Registry to use for the controller | | controller.image.repository | string | `"argoproj/workflow-controller"` | Registry to use for the controller | | controller.image.tag | string | `""` | Image tag for the workflow controller. Defaults to `.Values.images.tag`. | @@ -215,6 +216,7 @@ Fields to note: | server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary, such as for disabling authentication. | | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | +| server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment | | server.image.registry | string | `"quay.io"` | Registry to use for the server | | server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server | | server.image.tag | string | `""` | Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 8f4f783f..021a2e76 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -32,6 +32,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controller.extraInitContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: controller image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}" diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index e5230cd0..552c7d05 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -33,6 +33,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.extraInitContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: argo-server image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}" diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 3537ac89..155a0acd 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -295,6 +295,9 @@ controller: # -- Extra containers to be added to the controller deployment extraContainers: [] + # -- Enables init containers to be added to the controller deployment + extraInitContainers: [] + # -- Workflow retention by number of workflows retentionPolicy: {} # completed: 10 @@ -570,6 +573,9 @@ server: # -- Extra containers to be added to the server deployment extraContainers: [] + # -- Enables init containers to be added to the server deployment + extraInitContainers: [] + # -- Array of extra K8s manifests to deploy extraObjects: [] # - apiVersion: secrets-store.csi.x-k8s.io/v1 From 950c5be7256b0f2a4360de275d56c644e7e8fb42 Mon Sep 17 00:00:00 2001 From: Shawqi <74347460+shaw8ii@users.noreply.github.com> Date: Fri, 7 Apr 2023 15:45:35 +0300 Subject: [PATCH 112/768] fix(argo-events): missing argument for toYaml function in deployment template (#1933) * fix(argo-events): missing argument for toYaml function in deployment template Signed-off-by: Shawqi <74347460+shaw8ii@users.noreply.github.com> * Add description to Chart.yaml Signed-off-by: Shawqi <74347460+shaw8ii@users.noreply.github.com> * bump version Signed-off-by: Shawqi <74347460+shaw8ii@users.noreply.github.com> --------- Signed-off-by: Shawqi <74347460+shaw8ii@users.noreply.github.com> Co-authored-by: Petr Drastil --- charts/argo-events/Chart.yaml | 4 ++-- .../templates/argo-events-controller/deployment.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index a702a625..f11e6a0a 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.1.5 +version: 2.1.6 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -16,4 +16,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: fixed - description: priorityClassName was not being set on pods. + description: fix toYaml function in deployment template for envFrom block diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index 0ca65ee2..6f6a965b 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -63,7 +63,7 @@ spec: {{- end }} {{- with .Values.controller.envFrom }} envFrom: - {{- toYaml | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} volumeMounts: - name: config From 7eafaa742e6c14f3ed0d21614f53826848044ec4 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 11 Apr 2023 22:33:49 +0900 Subject: [PATCH 113/768] chore(argo-cd): Add log format and log level to dex (#1951) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/dex/deployment.yaml | 2 ++ charts/argo-cd/values.yaml | 7 +++++++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fc35d6b4..be815df3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.28.1 +version: 5.28.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Change default value for global.tolerations, from object to array. + - kind: added + description: Add log format and log level to dex. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index a3e43b0f..b90af7af 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -847,6 +847,8 @@ server: | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| dex.logFormat | string | `""` (defaults to global.logging.format) | Dex log format. Either `text` or `json` | +| dex.logLevel | string | `""` (defaults to global.logging.level) | Dex log level. One of: `debug`, `info`, `warn`, `error` | | dex.metrics.enabled | bool | `false` | Deploy metrics service | | dex.metrics.service.annotations | object | `{}` | Metrics service annotations | | dex.metrics.service.labels | object | `{}` | Metrics service labels | diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index af6523d5..f8342233 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -61,6 +61,8 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }} command: - /shared/argocd-dex + - --logformat={{ default .Values.global.logging.format .Values.dex.logFormat }} + - --loglevel={{ default .Values.global.logging.level .Values.dex.logLevel }} args: - rundex {{- with .Values.dex.extraArgs }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 40eee8cb..32b9060c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1106,6 +1106,13 @@ dex: # maxSurge: 25% # maxUnavailable: 25% + # -- Dex log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + logFormat: "" + # -- Dex log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + logLevel: "" + ## Redis redis: # -- Enable redis From 633954386f82ff86fe1504afbdc92b7673246ff7 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 11 Apr 2023 22:50:22 +0900 Subject: [PATCH 114/768] fix(argo-workflows): Update outdated content on README (#1948) fix(argo-workflows): Remove outdated content on README Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 ++-- charts/argo-workflows/README.md | 42 +++++++++++++++++++++----- charts/argo-workflows/README.md.gotmpl | 42 +++++++++++++++++++++----- 3 files changed, 73 insertions(+), 17 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 59a8a66a..e648478f 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.23.0 +version: 0.23.1 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: added - description: Added the ability to deploy init containers alongside the controller and server deployments. + - kind: fixed + description: Update outdated content on README. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 0cd08319..2c8ceb70 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -6,13 +6,6 @@ If you want your deployment of this helm chart to most closely match the [argo C ## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to create these. - -A few options are: - -- Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions - ### Custom resource definitions Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. @@ -28,6 +21,41 @@ kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" ``` +### ServiceAccount for Workflow Spec +In order for each Workflow run, you create ServiceAccount via `values.yaml` like below. + +```yaml +workflow: + serviceAccount: + create: true + name: "argo-workflow" + rbac: + create: true +controller: + workflowNamespaces: + - default + - foo + - bar +``` + +Set ServiceAccount on Workflow. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: hello-world- +spec: + entrypoint: whalesay + serviceAccountName: argo-workflow # Set ServiceAccount + templates: + - name: whalesay + container: + image: docker/whalesay + command: [ cowsay ] + args: [ "hello world" ] +``` + ## Installing the Chart To install the chart with the release name `my-release`: diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 95c626e2..398a8788 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -6,13 +6,6 @@ If you want your deployment of this helm chart to most closely match the [argo C ## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to create these. - -A few options are: - -- Manually create a ServiceAccount in the Namespace in which your release will be deployed w/ appropriate bindings to perform this action and set the `serviceAccountName` field in the Workflow spec -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions - ### Custom resource definitions Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. @@ -28,6 +21,41 @@ kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" ``` +### ServiceAccount for Workflow Spec +In order for each Workflow run, you create ServiceAccount via `values.yaml` like below. + +```yaml +workflow: + serviceAccount: + create: true + name: "argo-workflow" + rbac: + create: true +controller: + workflowNamespaces: + - default + - foo + - bar +``` + +Set ServiceAccount on Workflow. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: hello-world- +spec: + entrypoint: whalesay + serviceAccountName: argo-workflow # Set ServiceAccount + templates: + - name: whalesay + container: + image: docker/whalesay + command: [ cowsay ] + args: [ "hello world" ] +``` + ## Installing the Chart To install the chart with the release name `my-release`: From 1d17840549a7956e437069132b0513f6d2e4824a Mon Sep 17 00:00:00 2001 From: Julien Duchesne Date: Wed, 12 Apr 2023 00:52:28 -0400 Subject: [PATCH 115/768] chore(argo-workflows): Upgrade Argo Workflows to v3.4.7 (#1954) --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index e648478f..bde79c69 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.6 +appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.23.1 +version: 0.23.2 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: Update outdated content on README. + - kind: changed + description: Upgrade Argo Workflows to v3.4.7. From 7eeb70f7117df0e25ebf30ed193c11a3b9960e24 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 13 Apr 2023 18:25:06 +0900 Subject: [PATCH 116/768] fix(argo-workflows): Add namespace field to all namespace scoped resources (#1956) Reason: `helm template` doesn't add the namespace field automatically * fix(argo-workflows): Add namespace field to all namespace scoped resources because `helm template` doesn't add the namespace filed automatically Signed-off-by: yu-croco * chore(argo-workflows): bump minor version Signed-off-by: yu-croco * refactor(argo-workflows): reflect review points Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-controller-cluster-roles.yaml | 3 +++ .../controller/workflow-controller-config-map.yaml | 1 + .../templates/controller/workflow-controller-crb.yaml | 7 +++++-- .../controller/workflow-controller-deployment-pdb.yaml | 1 + .../controller/workflow-controller-deployment.yaml | 1 + .../templates/controller/workflow-controller-sa.yaml | 1 + .../templates/controller/workflow-controller-service.yaml | 1 + .../controller/workflow-controller-servicemonitor.yaml | 6 ++---- .../templates/server/server-cluster-roles.yaml | 3 +++ charts/argo-workflows/templates/server/server-crb.yaml | 7 +++++-- .../templates/server/server-deployment-pdb.yaml | 1 + .../argo-workflows/templates/server/server-deployment.yaml | 1 + charts/argo-workflows/templates/server/server-ingress.yaml | 1 + charts/argo-workflows/templates/server/server-sa.yaml | 1 + charts/argo-workflows/templates/server/server-service.yaml | 1 + 16 files changed, 31 insertions(+), 11 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index bde79c69..69cbe88f 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.23.2 +version: 0.24.0 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.4.7. + - kind: fixed + description: Add namespace field to all namespace scoped resources because `helm template` doesn't add the namespace filed automatically. diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 6b1a724e..b5d78afa 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -7,6 +7,9 @@ kind: ClusterRole {{- end }} metadata: name: {{ template "argo-workflows.controller.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 125f48d3..7327ecac 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "argo-workflows.controller.fullname" . }}-configmap + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} data: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index c630bac6..9fa7a7f6 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -7,6 +7,9 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ template "argo-workflows.controller.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: @@ -20,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- @@ -37,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index 4e7545c7..ee38445f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 021a2e76..4ee117b8 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml index 36245900..c6a8bf66 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 3ca1afad..5ade3d40 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag | trunc 63 | quote }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index f71d3507..29fe1b59 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-workflows.controller.fullname" . }} - {{- with .Values.controller.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.controller.serviceMonitor.namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceMonitor.additionalLabels }} @@ -25,7 +23,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ .Release.Namespace | quote }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index c7d18f50..96f12bfa 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -7,6 +7,9 @@ kind: ClusterRole {{- end }} metadata: name: {{ template "argo-workflows.server.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index 6ac17aef..ec4f6435 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -7,6 +7,9 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ template "argo-workflows.server.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: @@ -20,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.server.clusterWorkflowTemplates.enabled }} --- @@ -37,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end -}} {{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml index d92a4083..7ea6d465 100644 --- a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 552c7d05..e9da0a1d 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index 969676e1..36209f5b 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -14,6 +14,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- if .Values.server.ingress.labels }} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml index 2f6644ed..382d565e 100644 --- a/charts/argo-workflows/templates/server/server-sa.yaml +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index 22fc2b01..f7096a8d 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} From 88d690ef62e40547e951d708bcbd6806e8d579ae Mon Sep 17 00:00:00 2001 From: Jakub Oskera Date: Thu, 13 Apr 2023 16:08:34 +0200 Subject: [PATCH 117/768] fix(argo-cd): add namespace field for namespace scoped resources (#1937) --- charts/argo-cd/Chart.yaml | 6 +++--- .../templates/argocd-application-controller/metrics.yaml | 1 + .../argocd-application-controller/networkpolicy.yaml | 1 + .../templates/argocd-application-controller/pdb.yaml | 1 + .../argocd-application-controller/prometheusrule.yaml | 4 +--- .../templates/argocd-application-controller/role.yaml | 1 + .../argocd-application-controller/rolebinding.yaml | 1 + .../argocd-application-controller/serviceaccount.yaml | 1 + .../argocd-application-controller/servicemonitor.yaml | 4 +--- .../argocd-application-controller/statefulset.yaml | 1 + .../argo-cd/templates/argocd-applicationset/deployment.yaml | 1 + charts/argo-cd/templates/argocd-applicationset/metrics.yaml | 1 + .../templates/argocd-applicationset/networkpolicy.yaml | 1 + charts/argo-cd/templates/argocd-applicationset/pdb.yaml | 1 + charts/argo-cd/templates/argocd-applicationset/role.yaml | 1 + .../templates/argocd-applicationset/rolebinding.yaml | 1 + charts/argo-cd/templates/argocd-applicationset/service.yaml | 1 + .../templates/argocd-applicationset/serviceaccount.yaml | 1 + .../templates/argocd-applicationset/servicemonitor.yaml | 4 +--- .../templates/argocd-applicationset/webhook-ingress.yaml | 1 + charts/argo-cd/templates/argocd-configs/argocd-cm.yaml | 1 + .../templates/argocd-configs/argocd-cmd-params-cm.yaml | 1 + charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml | 1 + .../argocd-configs/argocd-dex-server-tls-secret.yaml | 1 + .../templates/argocd-configs/argocd-gpg-keys-cm.yaml | 1 + .../templates/argocd-configs/argocd-notifications-cm.yaml | 1 + .../argocd-configs/argocd-notifications-secret.yaml | 1 + charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml | 1 + .../argocd-configs/argocd-repo-server-tls-secret.yaml | 1 + charts/argo-cd/templates/argocd-configs/argocd-secret.yaml | 1 + .../templates/argocd-configs/argocd-server-tls-secret.yaml | 1 + .../templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml | 1 + .../argo-cd/templates/argocd-configs/argocd-styles-cm.yaml | 1 + .../templates/argocd-configs/argocd-tls-certs-cm.yaml | 1 + .../argo-cd/templates/argocd-configs/cluster-secrets.yaml | 1 + .../templates/argocd-configs/externalredis-secret.yaml | 1 + .../argocd-configs/repository-credentials-secret.yaml | 1 + .../argo-cd/templates/argocd-configs/repository-secret.yaml | 1 + .../argo-cd/templates/argocd-notifications/deployment.yaml | 1 + charts/argo-cd/templates/argocd-notifications/metrics.yaml | 1 + .../templates/argocd-notifications/networkpolicy.yaml | 1 + charts/argo-cd/templates/argocd-notifications/pdb.yaml | 1 + charts/argo-cd/templates/argocd-notifications/role.yaml | 1 + .../argo-cd/templates/argocd-notifications/rolebinding.yaml | 1 + .../templates/argocd-notifications/serviceaccount.yaml | 1 + .../templates/argocd-notifications/servicemonitor.yaml | 4 +--- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 1 + charts/argo-cd/templates/argocd-repo-server/hpa.yaml | 1 + charts/argo-cd/templates/argocd-repo-server/metrics.yaml | 1 + .../argo-cd/templates/argocd-repo-server/networkpolicy.yaml | 1 + charts/argo-cd/templates/argocd-repo-server/pdb.yaml | 1 + charts/argo-cd/templates/argocd-repo-server/role.yaml | 1 + .../argo-cd/templates/argocd-repo-server/rolebinding.yaml | 1 + charts/argo-cd/templates/argocd-repo-server/service.yaml | 1 + .../templates/argocd-repo-server/serviceaccount.yaml | 1 + .../templates/argocd-repo-server/servicemonitor.yaml | 4 +--- charts/argo-cd/templates/argocd-server/aws/service.yaml | 1 + charts/argo-cd/templates/argocd-server/certificate.yaml | 1 + charts/argo-cd/templates/argocd-server/deployment.yaml | 1 + .../argo-cd/templates/argocd-server/gke/backendconfig.yaml | 1 + .../argo-cd/templates/argocd-server/gke/frontendconfig.yaml | 1 + .../templates/argocd-server/gke/managedcertificate.yaml | 1 + charts/argo-cd/templates/argocd-server/hpa.yaml | 1 + charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 1 + charts/argo-cd/templates/argocd-server/ingress.yaml | 1 + charts/argo-cd/templates/argocd-server/metrics.yaml | 1 + charts/argo-cd/templates/argocd-server/networkpolicy.yaml | 1 + charts/argo-cd/templates/argocd-server/openshift/route.yaml | 1 + charts/argo-cd/templates/argocd-server/pdb.yaml | 1 + charts/argo-cd/templates/argocd-server/role.yaml | 1 + charts/argo-cd/templates/argocd-server/rolebinding.yaml | 1 + charts/argo-cd/templates/argocd-server/service.yaml | 1 + charts/argo-cd/templates/argocd-server/serviceaccount.yaml | 1 + charts/argo-cd/templates/argocd-server/servicemonitor.yaml | 4 +--- charts/argo-cd/templates/dex/deployment.yaml | 1 + charts/argo-cd/templates/dex/networkpolicy.yaml | 1 + charts/argo-cd/templates/dex/pdb.yaml | 1 + charts/argo-cd/templates/dex/role.yaml | 1 + charts/argo-cd/templates/dex/rolebinding.yaml | 1 + charts/argo-cd/templates/dex/service.yaml | 1 + charts/argo-cd/templates/dex/serviceaccount.yaml | 1 + charts/argo-cd/templates/dex/servicemonitor.yaml | 4 +--- charts/argo-cd/templates/networkpolicy-default-deny.yaml | 1 + charts/argo-cd/templates/redis/deployment.yaml | 1 + charts/argo-cd/templates/redis/metrics.yaml | 1 + charts/argo-cd/templates/redis/networkpolicy.yaml | 1 + charts/argo-cd/templates/redis/pdb.yaml | 1 + charts/argo-cd/templates/redis/service.yaml | 1 + charts/argo-cd/templates/redis/serviceaccount.yaml | 1 + charts/argo-cd/templates/redis/servicemonitor.yaml | 4 +--- 90 files changed, 92 insertions(+), 27 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index be815df3..81666537 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.28.2 +version: 5.29.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: added - description: Add log format and log level to dex. + - kind: fixed + description: Add namespace field for namespace scoped resources diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml index 88827a85..754b8490 100644 --- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.controller.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} {{- with .Values.controller.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml index bbb6b324..e7448c52 100644 --- a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml index b6804c54..7eaf28e1 100644 --- a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml index c44a63f5..86d66564 100644 --- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ template "argo-cd.controller.fullname" . }} - {{- if .Values.controller.metrics.rules.namespace }} - namespace: {{ .Values.controller.metrics.rules.namespace }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- if .Values.controller.metrics.rules.selector }} diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index 75aec8db..56ef17b5 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml index f37f4b0c..5f07f109 100644 --- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index 96d786cd..fe56d376 100644 --- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.controller.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 3c8b0ca4..10ba7767 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.controller.fullname" . }} - {{- with .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 0bef6ced..2a067a63 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -8,6 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 76d77b42..90863cce 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -9,6 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index 7a9397cd..fdac0bcf 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }} {{- with .Values.applicationSet.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index 176de64b..81020f54 100644 --- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -3,6 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml index 51974356..8f179032 100644 --- a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml index a9ec2f92..f8f55405 100644 --- a/charts/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml index 91cddeae..8a70526c 100644 --- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index 9e0de533..640b195a 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -9,6 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.service.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index cf5c0ef5..a196626e 100644 --- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.applicationSetServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.applicationSet.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index b836ccc5..bb814a25 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -4,9 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - {{- with .Values.applicationSet.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml index 5285c6f2..d98f9423 100644 --- a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml @@ -7,6 +7,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.webhook.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index a9ff71d9..829a6776 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} {{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml index 0628ff9c..18fead9b 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmd-params-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }} {{- if .Values.configs.params.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml index 39a6db6b..a3400605 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmp-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }} {{- with .Values.configs.cmp.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml index 7e3ae6b0..c543e8a7 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-dex-server-tls + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }} {{- with .Values.dex.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml index 72f9823b..982867f9 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-gpg-keys-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} {{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml index 593da721..c8cdefc4 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-notifications-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index dc5bd383..cde4d555 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-notifications-secret + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.secret.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index 8ebb43d2..c882cb39 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-rbac-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} {{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml index b0f35aa2..4e1b3dc9 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-server-tls + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }} {{- with .Values.repoServer.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 84a51197..1e69bcea 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-secret + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} {{- with .Values.configs.secret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml index 1e9f8dd3..c612a62c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-server-tls + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }} {{- with .Values.server.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index 7b8e5d0b..a7f3abdf 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-ssh-known-hosts-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml index 149104f1..b98e40df 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-styles-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index 1ba0176d..6a5a95e5 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-tls-certs-cm + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} {{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }} diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index c1aaa531..259ee348 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with .labels }} diff --git a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml index 80dfc475..9bfcd983 100644 --- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with .Values.externalRedis.secretAnnotations }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml index 96efd67c..748718ab 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-creds-{{ $repo_cred_key }} + namespace: {{ .Release.Namespace | quote }} labels: argocd.argoproj.io/secret-type: repo-creds {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml index bd0c067c..d64ae5cc 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-{{ $repo_key }} + namespace: {{ .Release.Namespace | quote }} labels: argocd.argoproj.io/secret-type: repository {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index fc51bb00..729e57db 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -9,6 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml index 3b80e97b..3c30a085 100644 --- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.notifications.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }} {{- with .Values.notifications.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml index 6bd0c04e..011a7c33 100644 --- a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml @@ -3,6 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-notifications/pdb.yaml b/charts/argo-cd/templates/argocd-notifications/pdb.yaml index f1f32715..71619547 100644 --- a/charts/argo-cd/templates/argocd-notifications/pdb.yaml +++ b/charts/argo-cd/templates/argocd-notifications/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-notifications/role.yaml b/charts/argo-cd/templates/argocd-notifications/role.yaml index 52df9ad1..128c24f5 100644 --- a/charts/argo-cd/templates/argocd-notifications/role.yaml +++ b/charts/argo-cd/templates/argocd-notifications/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml index e78ac5c6..7bc6e1d1 100644 --- a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml index d6219280..aa824242 100644 --- a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.notificationsServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.notifications.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.notifications.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 2dd280bf..de3cc5a3 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.notifications.fullname" . }} - {{- if .Values.notifications.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.notifications.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 906a544f..f5272bc2 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -8,6 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index d7f74320..2cba8324 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }} name: {{ template "argo-cd.repoServer.fullname" . }}-hpa + namespace: {{ .Release.Namespace | quote }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml index 1124057e..b2be38ee 100644 --- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.repoServer.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} {{- with .Values.repoServer.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml index 619a65ca..08a1c214 100644 --- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml index 318671f0..658a1fe3 100644 --- a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo-cd/templates/argocd-repo-server/role.yaml index bc422c43..5f9324d5 100644 --- a/charts/argo-cd/templates/argocd-repo-server/role.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml index 3cfa312f..8834b778 100644 --- a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo-cd/templates/argocd-repo-server/service.yaml index 541ea41e..c2c43463 100644 --- a/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -13,6 +13,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ports: - name: {{ .Values.repoServer.service.portName }} diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index 71f75583..7b26928f 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.repoServerServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.repoServer.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 82937d9b..aec96461 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - {{- with .Values.repoServer.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.repoServer.metrics.serviceMonitor.namespace | default }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index a0368023..02c543d5 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -7,6 +7,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-grpc + namespace: {{ .Release.Namespace | quote }} spec: ports: - name: {{ .Values.server.service.servicePortHttpName }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index ed844aa2..eec82ae6 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} kind: Certificate metadata: name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index a5bea81b..aa7320e7 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -8,6 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml index 69a42093..e2ae3d84 100644 --- a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "argo-cd.apiVersions.cloudgoogle" . }} kind: BackendConfig metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml index 46fc43a9..31687596 100644 --- a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -3,6 +3,7 @@ apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 81e1e710..942c6b3f 100644 --- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -3,6 +3,7 @@ apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: domains: {{- with .Values.server.GKEmanagedCertificate.domains }} diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index af107b7f..cbc17c31 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-hpa" .Values.server.name)) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-hpa + namespace: {{ .Release.Namespace | quote }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index b728a11b..b671f86f 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -7,6 +7,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }}-grpc + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingressGrpc.labels }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 0e064b0b..98ec1cb1 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -7,6 +7,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml index bf8ee083..3a9f46f7 100644 --- a/charts/argo-cd/templates/argocd-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.server.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} {{- with .Values.server.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml index 8300d696..443ff359 100644 --- a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - {} diff --git a/charts/argo-cd/templates/argocd-server/openshift/route.yaml b/charts/argo-cd/templates/argocd-server/openshift/route.yaml index f1fc8012..59313798 100644 --- a/charts/argo-cd/templates/argocd-server/openshift/route.yaml +++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml @@ -3,6 +3,7 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.route.annotations }} diff --git a/charts/argo-cd/templates/argocd-server/pdb.yaml b/charts/argo-cd/templates/argocd-server/pdb.yaml index 89c54c65..adc47aec 100644 --- a/charts/argo-cd/templates/argocd-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-server/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 16164a9a..f156bc18 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-server/rolebinding.yaml index 54d4eaeb..93b1fa94 100644 --- a/charts/argo-cd/templates/argocd-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 879bdb32..5a31f0b8 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -8,6 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- if .Values.server.service.labels }} diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index a2eb9b11..5d03aaf6 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.server.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.server.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index d00e5657..65d102e3 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.server.fullname" . }} - {{- if .Values.server.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.server.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.server.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index f8342233..8359a6a8 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -9,6 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo-cd/templates/dex/networkpolicy.yaml index e79a2e3e..cb0fcc55 100644 --- a/charts/argo-cd/templates/dex/networkpolicy.yaml +++ b/charts/argo-cd/templates/dex/networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/dex/pdb.yaml b/charts/argo-cd/templates/dex/pdb.yaml index 45bd0050..c0adc73f 100644 --- a/charts/argo-cd/templates/dex/pdb.yaml +++ b/charts/argo-cd/templates/dex/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.pdb.labels }} diff --git a/charts/argo-cd/templates/dex/role.yaml b/charts/argo-cd/templates/dex/role.yaml index 6b9b3f69..49d40891 100644 --- a/charts/argo-cd/templates/dex/role.yaml +++ b/charts/argo-cd/templates/dex/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/argo-cd/templates/dex/rolebinding.yaml index 4cc47005..08da1544 100644 --- a/charts/argo-cd/templates/dex/rolebinding.yaml +++ b/charts/argo-cd/templates/dex/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 9661c7e0..73c98483 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.dex.metrics.service.annotations }} annotations: {{- range $key, $value := .Values.dex.metrics.service.annotations }} diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index 71707f09..65abd57c 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.dexServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.dex.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.dex.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index d08d018f..21d12be2 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.dex.fullname" . }} - {{- with .Values.dex.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.dex.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/networkpolicy-default-deny.yaml b/charts/argo-cd/templates/networkpolicy-default-deny.yaml index 3d47a397..b499ab03 100644 --- a/charts/argo-cd/templates/networkpolicy-default-deny.yaml +++ b/charts/argo-cd/templates/networkpolicy-default-deny.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} name: {{ template "argo-cd.fullname" . }}-default-deny + namespace: {{ .Release.Namespace | quote }} spec: podSelector: {} policyTypes: diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 3376d732..fc0bebbd 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -10,6 +10,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/redis/metrics.yaml b/charts/argo-cd/templates/redis/metrics.yaml index 6886a740..db526285 100644 --- a/charts/argo-cd/templates/redis/metrics.yaml +++ b/charts/argo-cd/templates/redis/metrics.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.redis.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.service.labels }} diff --git a/charts/argo-cd/templates/redis/networkpolicy.yaml b/charts/argo-cd/templates/redis/networkpolicy.yaml index 8b564add..cd8150e1 100644 --- a/charts/argo-cd/templates/redis/networkpolicy.yaml +++ b/charts/argo-cd/templates/redis/networkpolicy.yaml @@ -6,6 +6,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/redis/pdb.yaml b/charts/argo-cd/templates/redis/pdb.yaml index 223c5758..59423b47 100644 --- a/charts/argo-cd/templates/redis/pdb.yaml +++ b/charts/argo-cd/templates/redis/pdb.yaml @@ -4,6 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.pdb.labels }} diff --git a/charts/argo-cd/templates/redis/service.yaml b/charts/argo-cd/templates/redis/service.yaml index 6e949fd4..31f497d7 100644 --- a/charts/argo-cd/templates/redis/service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.service.labels }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml index ae67d3b2..503fb434 100644 --- a/charts/argo-cd/templates/redis/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} metadata: name: {{ template "argo-cd.redisServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- if .Values.redis.serviceAccount.annotations }} annotations: {{- range $key, $value := .Values.redis.serviceAccount.annotations }} diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index ea913467..46a7e32c 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -4,9 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.redis.fullname" . }} - {{- with .Values.redis.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.redis.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.serviceMonitor.selector }} From 406e07b46b62e1f6efef6d035110d02b7a8019f5 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 14 Apr 2023 03:16:20 +0900 Subject: [PATCH 118/768] fix(argo-rollouts): add namespace field for namespace scoped resources (#1960) Signed-off-by: yu-croco --- charts/argo-rollouts/Chart.yaml | 6 +++--- .../templates/controller/clusterrolebinding.yaml | 2 +- charts/argo-rollouts/templates/controller/deployment.yaml | 1 + .../argo-rollouts/templates/controller/metrics-service.yaml | 1 + .../templates/controller/notifcations-configmap.yaml | 1 + .../templates/controller/notifications-secret.yaml | 1 + .../templates/controller/poddisruptionbudget.yaml | 1 + charts/argo-rollouts/templates/controller/role.yaml | 1 + charts/argo-rollouts/templates/controller/rolebinding.yaml | 2 ++ .../argo-rollouts/templates/controller/serviceaccount.yaml | 1 + .../argo-rollouts/templates/controller/servicemonitor.yaml | 1 + .../templates/dashboard/clusterrolebinding.yaml | 2 +- charts/argo-rollouts/templates/dashboard/deployment.yaml | 1 + charts/argo-rollouts/templates/dashboard/ingress.yaml | 1 + .../templates/dashboard/poddisruptionbudget.yaml | 1 + charts/argo-rollouts/templates/dashboard/service.yaml | 1 + .../argo-rollouts/templates/dashboard/serviceaccount.yaml | 1 + 17 files changed, 20 insertions(+), 5 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 64cc3539..a5f3e249 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.4.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.23.0 +version: 2.24.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: added - description: Added the ability to set pod annotations separately on controller and dashboard deployment + - kind: fixed + description: add namespace field for namespace scoped resources diff --git a/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml b/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml index cbdb0e23..740f8f6b 100644 --- a/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index ee118e5a..7f30da02 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/metrics-service.yaml b/charts/argo-rollouts/templates/controller/metrics-service.yaml index 5e380347..0effcc23 100644 --- a/charts/argo-rollouts/templates/controller/metrics-service.yaml +++ b/charts/argo-rollouts/templates/controller/metrics-service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-rollouts.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml index 3008b327..a370a600 100644 --- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml +++ b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argo-rollouts-notification-configmap + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/notifications-secret.yaml b/charts/argo-rollouts/templates/controller/notifications-secret.yaml index 4e9cc64c..52b393df 100644 --- a/charts/argo-rollouts/templates/controller/notifications-secret.yaml +++ b/charts/argo-rollouts/templates/controller/notifications-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argo-rollouts-notification-secret + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml b/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml index 437efab9..7080b55c 100644 --- a/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml +++ b/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "argo-rollouts.podDisruptionBudget.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-rollouts.labels" . | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index 72ebdbc9..e3b80672 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/rolebinding.yaml b/charts/argo-rollouts/templates/controller/rolebinding.yaml index 128df3ab..e76bb194 100644 --- a/charts/argo-rollouts/templates/controller/rolebinding.yaml +++ b/charts/argo-rollouts/templates/controller/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -13,4 +14,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/serviceaccount.yaml b/charts/argo-rollouts/templates/controller/serviceaccount.yaml index 327eb6a5..b0f56633 100644 --- a/charts/argo-rollouts/templates/controller/serviceaccount.yaml +++ b/charts/argo-rollouts/templates/controller/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argo-rollouts.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/servicemonitor.yaml b/charts/argo-rollouts/templates/controller/servicemonitor.yaml index 72d9a691..f64dc328 100644 --- a/charts/argo-rollouts/templates/controller/servicemonitor.yaml +++ b/charts/argo-rollouts/templates/controller/servicemonitor.yaml @@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml index 3296060c..2dbf7379 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index 0d210934..8a47608f 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/dashboard/ingress.yaml b/charts/argo-rollouts/templates/dashboard/ingress.yaml index 0555d1fc..e7f9e41e 100644 --- a/charts/argo-rollouts/templates/dashboard/ingress.yaml +++ b/charts/argo-rollouts/templates/dashboard/ingress.yaml @@ -14,6 +14,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-rollouts.labels" . | nindent 4 }} {{- if .Values.dashboard.ingress.labels }} diff --git a/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml b/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml index 742b149f..d12ba62a 100644 --- a/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml +++ b/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml @@ -3,6 +3,7 @@ apiVersion: {{ include "argo-rollouts.podDisruptionBudget.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-rollouts.labels" . | nindent 4 }} {{- with .Values.dashboard.pdb.labels }} diff --git a/charts/argo-rollouts/templates/dashboard/service.yaml b/charts/argo-rollouts/templates/dashboard/service.yaml index 58978150..6a304b82 100644 --- a/charts/argo-rollouts/templates/dashboard/service.yaml +++ b/charts/argo-rollouts/templates/dashboard/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml b/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml index ff0c7300..4b531bd9 100644 --- a/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml +++ b/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} From 076cf82ddd77126cd7ecf24e2c8882b5cbff9342 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 14 Apr 2023 03:38:04 +0900 Subject: [PATCH 119/768] fix(argo-events): add namespace field for namespace scoped resources (#1959) * fix(argo-events): add namespace field for namespace scoped resources Signed-off-by: yu-croco * Apply suggestion from code review Signed-off-by: Marco Kilchhofer --------- Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-events/Chart.yaml | 4 ++-- .../templates/argo-events-controller/config.yaml | 1 + .../templates/argo-events-controller/deployment.yaml | 1 + .../argo-events/templates/argo-events-controller/pdb.yaml | 1 + .../argo-events/templates/argo-events-controller/rbac.yaml | 5 ++++- .../templates/argo-events-controller/service.yaml | 1 + .../templates/argo-events-controller/serviceaccount.yaml | 1 + .../templates/argo-events-controller/servicemonitor.yaml | 6 ++---- .../templates/argo-events-webhook/clusterrolebinding.yaml | 2 +- .../templates/argo-events-webhook/deployment.yaml | 1 + charts/argo-events/templates/argo-events-webhook/pdb.yaml | 1 + .../argo-events/templates/argo-events-webhook/service.yaml | 1 + .../templates/argo-events-webhook/serviceaccount.yaml | 1 + 13 files changed, 18 insertions(+), 8 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index f11e6a0a..a9f379e7 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.1.6 +version: 2.2.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -16,4 +16,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: fixed - description: fix toYaml function in deployment template for envFrom block + description: add namespace field for namespace scoped resources diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml index 486fa364..b3293385 100644 --- a/charts/argo-events/templates/argo-events-controller/config.yaml +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "argo-events.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} data: diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index 6f6a965b..9b7ace1b 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argo-events.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }} diff --git a/charts/argo-events/templates/argo-events-controller/pdb.yaml b/charts/argo-events/templates/argo-events-controller/pdb.yaml index f1a7b721..0451ecd7 100644 --- a/charts/argo-events/templates/argo-events-controller/pdb.yaml +++ b/charts/argo-events/templates/argo-events-controller/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-controller/rbac.yaml b/charts/argo-events/templates/argo-events-controller/rbac.yaml index 1d9a2e55..aa9c7c2b 100644 --- a/charts/argo-events/templates/argo-events-controller/rbac.yaml +++ b/charts/argo-events/templates/argo-events-controller/rbac.yaml @@ -3,6 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} metadata: name: {{ include "argo-events.controller.fullname" . }} + {{- if .Values.controller.rbac.namespaced }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: @@ -119,5 +122,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/service.yaml b/charts/argo-events/templates/argo-events-controller/service.yaml index d0d6ab33..fe36320b 100644 --- a/charts/argo-events/templates/argo-events-controller/service.yaml +++ b/charts/argo-events/templates/argo-events-controller/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-events.controller.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} {{- with .Values.controller.metrics.service.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml index 7a035b76..3b8a9c81 100644 --- a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- with .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml index 6c1f23ca..55cda1d4 100644 --- a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml +++ b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-events.controller.fullname" . }} - {{- with .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} @@ -31,7 +29,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ .Release.Namespace | quote }} selector: matchLabels: {{- include "argo-events.selectorLabels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 6 }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml index 5562f139..89226483 100644 --- a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml +++ b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.webhook.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/deployment.yaml b/charts/argo-events/templates/argo-events-webhook/deployment.yaml index e3839caf..0445484e 100644 --- a/charts/argo-events/templates/argo-events-webhook/deployment.yaml +++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: events-webhook + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }} diff --git a/charts/argo-events/templates/argo-events-webhook/pdb.yaml b/charts/argo-events/templates/argo-events-webhook/pdb.yaml index 15bf97bf..a3daa745 100644 --- a/charts/argo-events/templates/argo-events-webhook/pdb.yaml +++ b/charts/argo-events/templates/argo-events-webhook/pdb.yaml @@ -3,6 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.webhook.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} {{- with .Values.webhook.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml index cb85a8cb..15563d0e 100644 --- a/charts/argo-events/templates/argo-events-webhook/service.yaml +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: events-webhook + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} spec: diff --git a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml index b723a77f..e3e2ac5b 100644 --- a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.webhook.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- with .Values.webhook.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} From 388102400faf26b4f60f002c4e816256e21e63aa Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Fri, 14 Apr 2023 01:44:19 +0200 Subject: [PATCH 120/768] fix(argo-cd): Evaluate namespace field via helm root scope (#1963) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml | 2 +- .../argocd-configs/repository-credentials-secret.yaml | 2 +- .../argo-cd/templates/argocd-configs/repository-secret.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 81666537..01aab841 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.6.7 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.29.0 +version: 5.29.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: fixed - description: Add namespace field for namespace scoped resources + description: Namespace field for some namespaced resources needs to be evaluated via helm root scope diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 259ee348..83b1c15d 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ $.Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with .labels }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml index 748718ab..ed1d2fd7 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-creds-{{ $repo_cred_key }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ $.Release.Namespace | quote }} labels: argocd.argoproj.io/secret-type: repo-creds {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml index d64ae5cc..4c028958 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-{{ $repo_key }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ $.Release.Namespace | quote }} labels: argocd.argoproj.io/secret-type: repository {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} From dfe36fbde955e525c706243f887e34e127ea2259 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Fri, 14 Apr 2023 01:58:48 +0200 Subject: [PATCH 121/768] feat(argo-rollouts): Add ability to provide additional volumes (#1965) --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 4 ++++ .../templates/controller/deployment.yaml | 8 ++++++++ .../templates/dashboard/deployment.yaml | 8 ++++++++ charts/argo-rollouts/values.yaml | 17 +++++++++++++++++ 5 files changed, 40 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index a5f3e249..376cd8ce 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.4.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.24.0 +version: 2.25.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: add namespace field for namespace scoped resources + - kind: added + description: Ability to provide additional volumes and volumeMounts diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 1e8a29f0..56a79852 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -102,6 +102,8 @@ For full list of changes please check ArtifactHub [changelog]. | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container | +| controller.volumes | list | `[]` | Additional volumes to add to the controller pod | | podAnnotations | object | `{}` | Annotations for the all deployed pods | | podLabels | object | `{}` | Labels to be added to the Rollout pods | | podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | @@ -161,6 +163,8 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | dashboard.tolerations | list | `[]` | [Tolerations] for use with node taints | | dashboard.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the dashboard server | +| dashboard.volumeMounts | list | `[]` | Additional volumeMounts to add to the dashboard container | +| dashboard.volumes | list | `[]` | Additional volumes to add to the dashboard pod | ## Upgrading diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 7f30da02..95ec845f 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -65,6 +65,10 @@ spec: {{- toYaml .Values.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.controller.extraContainers }} {{- toYaml . | nindent 6 }} {{- end }} @@ -101,3 +105,7 @@ spec: {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- with .Values.controller.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index 8a47608f..342e1996 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -54,6 +54,10 @@ spec: {{- toYaml .Values.dashboard.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.dashboard.resources | nindent 10 }} + {{- with .Values.dashboard.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.dashboard.nodeSelector }} nodeSelector: {{- toYaml .Values.dashboard.nodeSelector | nindent 8 }} @@ -83,4 +87,8 @@ spec: {{- with .Values.dashboard.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- with .Values.dashboard.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index d92e9304..e451602f 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -154,6 +154,17 @@ controller: # -- Maximum number / percentage of pods that may be made unavailable maxUnavailable: # 0 + # -- Additional volumes to add to the controller pod + volumes: [] + # - configMap: + # name: my-certs-cm + # name: my-certs + + # -- Additional volumeMounts to add to the controller container + volumeMounts: [] + # - mountPath: /etc/ssl/certs + # name: my-certs + serviceAccount: # -- Specifies whether a service account should be created create: true @@ -355,6 +366,12 @@ dashboard: # hosts: # - argorollouts.example.com + # -- Additional volumes to add to the dashboard pod + volumes: [] + + # -- Additional volumeMounts to add to the dashboard container + volumeMounts: [] + notifications: secret: # -- Whether to create notifications secret From 22356c77af3e672bf6a5ee97ed7305bb367beccb Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 14 Apr 2023 14:53:40 +0100 Subject: [PATCH 122/768] feat(argo-workflows): Add option for controller to read all secrets (#1967) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-cluster-roles.yaml | 10 ++++++++++ charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 69cbe88f..616f3cc4 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.24.0 +version: 0.24.1 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: Add namespace field to all namespace scoped resources because `helm template` doesn't add the namespace filed automatically. + - kind: added + description: Add option for workflow controller to read all secrets. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 2c8ceb70..463fa485 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -174,6 +174,7 @@ Fields to note: | controller.podLabels | object | `{}` | Optional labels to add to the controller pods | | controller.podSecurityContext | object | `{}` | SecurityContext to set on the controller pods | | controller.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages. | +| controller.rbac.accessAllSecrets | bool | `false` | Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. | | controller.rbac.create | bool | `true` | Adds Role and RoleBinding for the controller. | | controller.rbac.secretWhitelist | list | `[]` | Allows controller to get, list, and watch certain k8s secrets | | controller.rbac.writeConfigMaps | bool | `false` | Allows controller to create and update ConfigMaps. Enables memoization feature | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index b5d78afa..c2d2a771 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -187,6 +187,16 @@ rules: - watch resourceNames: {{- toYaml . | nindent 4 }} {{- end }} +{{- if and (not .Values.controller.rbac.secretWhitelist) (.Values.controller.rbac.accessAllSecrets) }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +{{- end }} {{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 155a0acd..4783e0a6 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -74,6 +74,8 @@ controller: create: true # -- Allows controller to get, list, and watch certain k8s secrets secretWhitelist: [] + # -- Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. + accessAllSecrets: false # -- Allows controller to create and update ConfigMaps. Enables memoization feature writeConfigMaps: false From 29b753057bf605e95d07017d6f7e000d3cc808f6 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 16 Apr 2023 17:13:00 +0900 Subject: [PATCH 123/768] fix(argocd-image-updater): add namespace field for namespace scoped resources (#1970) Signed-off-by: yu-croco --- charts/argocd-image-updater/Chart.yaml | 6 +++--- .../templates/configmap-authscripts.yaml | 1 + .../argocd-image-updater/templates/configmap-sshconfig.yaml | 1 + charts/argocd-image-updater/templates/configmap.yaml | 1 + charts/argocd-image-updater/templates/deployment.yaml | 3 ++- charts/argocd-image-updater/templates/metrics-service.yaml | 1 + charts/argocd-image-updater/templates/rbac.yaml | 4 +++- charts/argocd-image-updater/templates/secret.yaml | 3 ++- charts/argocd-image-updater/templates/serviceaccount.yaml | 1 + charts/argocd-image-updater/templates/servicemonitor.yaml | 4 +--- 10 files changed, 16 insertions(+), 9 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index f64d558b..d6ec30ef 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.8.5 +version: 0.9.0 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: changed - description: Added support for pod labels + - kind: fixed + description: add namespace field for namespace scoped resources diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml index fe834149..3659fbaf 100644 --- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-authscripts + namespace: {{ .Release.Namespace | quote }} data: {{- toYaml .Values.authScripts.scripts | nindent 2}} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 548f3100..45554c0e 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -4,6 +4,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-ssh-config + namespace: {{ .Release.Namespace | quote }} data: {{- with .Values.config.sshConfig }} {{- toYaml . | nindent 2 }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 0e0b6cfc..75f69b13 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -5,6 +5,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-config + namespace: {{ .Release.Namespace | quote }} data: {{- with .Values.config.applicationsAPIKind }} applications_api: {{ . }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 936a4a70..9cc71fe3 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} spec: @@ -21,7 +22,7 @@ spec: labels: {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} {{- include "argocd-image-updater.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} diff --git a/charts/argocd-image-updater/templates/metrics-service.yaml b/charts/argocd-image-updater/templates/metrics-service.yaml index 5d1232ae..186abb41 100644 --- a/charts/argocd-image-updater/templates/metrics-service.yaml +++ b/charts/argocd-image-updater/templates/metrics-service.yaml @@ -14,6 +14,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "argocd-image-updater.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} spec: ports: - name: metrics diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index cb508a43..c6316f42 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -5,7 +5,8 @@ kind: Role metadata: labels: {{ include "argocd-image-updater.labels" . | nindent 4 }} - name: {{ include "argocd-image-updater.fullname" . }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ .Release.Namespace | quote }} rules: - apiGroups: - '' @@ -45,4 +46,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml index d0e7bb24..c4cb7781 100644 --- a/charts/argocd-image-updater/templates/secret.yaml +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -3,9 +3,10 @@ apiVersion: v1 kind: Secret metadata: name: argocd-image-updater-secret + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} type: Opaque -data: +data: argocd.token: {{ .Values.config.argocd.token | b64enc }} {{- end }} diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml index c208ee69..c755731d 100644 --- a/charts/argocd-image-updater/templates/serviceaccount.yaml +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/argocd-image-updater/templates/servicemonitor.yaml b/charts/argocd-image-updater/templates/servicemonitor.yaml index fa0b26a6..969f1190 100644 --- a/charts/argocd-image-updater/templates/servicemonitor.yaml +++ b/charts/argocd-image-updater/templates/servicemonitor.yaml @@ -3,9 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argocd-image-updater.fullname" . }}-metrics - {{- with .Values.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.metrics.serviceMonitor.selector }} From 429b474a4f44e073f8ef2a4da03325083c0122e4 Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Sat, 22 Apr 2023 01:53:02 -0400 Subject: [PATCH 124/768] docs(github): comment out notational pieces of PR template (#1969) github: comment out notational pieces of PR template - the DCO and publishing sentences are not filled out during PRs and are purely notational - comment them out with HTML comments, as is common practice - example from a repo I maintain: https://github.com/ezolenko/rollup-plugin-typescript2/blob/f6db59613a66f58c48310aa8fa785951970b5d6d/.github/issue_template.md?plain=1#L2 - I copied that from other repos too - these comments are still visible to the PR author, just not visible when rendered, keeping the PR more concise Signed-off-by: Anton Gilgur Co-authored-by: Marco Kilchhofer --- .github/pull_request_template.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 65c36c00..ed14509e 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,6 +1,8 @@ + Checklist: @@ -11,4 +13,4 @@ Checklist: * [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md). * [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/stable/developer-guide/ci/)). -Changes are automatically published when merged to `main`. They are not published on branches. + From aef554340ff52643c9fbd67afd14fdfa3a0a8b3e Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Mon, 24 Apr 2023 01:47:18 -0400 Subject: [PATCH 125/768] feat(argo-workflows): add optional HPA to Server (#1974) --- charts/argo-workflows/Chart.yaml | 4 +- charts/argo-workflows/README.md | 6 +++ .../server/server-deployment-hpa.yaml | 45 +++++++++++++++++++ .../templates/server/server-deployment.yaml | 2 + charts/argo-workflows/values.yaml | 26 +++++++++++ 5 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 charts/argo-workflows/templates/server/server-deployment-hpa.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 616f3cc4..fe52da19 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.24.1 +version: 0.25.0 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: added - description: Add option for workflow controller to read all secrets. + description: Add optional HPA for Argo Server diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 463fa485..50bc7ce9 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -237,6 +237,12 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| | server.affinity | object | `{}` | Assign custom [affinity] rules | +| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | +| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | +| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] | +| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo Server [HPA] | +| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo Server [HPA] | +| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo Server [HPA] | | server.baseHref | string | `"/"` | Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. | | server.clusterWorkflowTemplates.enableEditing | bool | `true` | Give the server permissions to edit ClusterWorkflowTemplates. | | server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. | diff --git a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml new file mode 100644 index 00000000..ebc45925 --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.server.enabled .Values.server.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "argo-workflows.server.fullname" . }} + minReplicas: {{ .Values.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + metrics: + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ . }} + {{- else }} + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ . }} + {{- else }} + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index e9da0a1d..d75933ac 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -12,7 +12,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- if not .Values.server.autoscaling.enabled }} replicas: {{ .Values.server.replicas }} + {{- end }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 4783e0a6..2fd166b5 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -431,6 +431,32 @@ server: resources: {} # -- The number of server pods to run replicas: 1 + ## Argo Server Horizontal Pod Autoscaler + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server + enabled: false + # -- Minimum number of replicas for the Argo Server [HPA] + minReplicas: 1 + # -- Maximum number of replicas for the Argo Server [HPA] + maxReplicas: 5 + # -- Average CPU utilization percentage for the Argo Server [HPA] + targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the Argo Server [HPA] + targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 pdb: # -- Configure [Pod Disruption Budget] for the server pods enabled: false From d2853afc24766cee089c918dc0bd0ba77ca57e84 Mon Sep 17 00:00:00 2001 From: aniekgul <13356402+aniekgul@users.noreply.github.com> Date: Mon, 24 Apr 2023 10:40:40 -0400 Subject: [PATCH 126/768] feat(argo-rollouts): add service monitor relabeling configs (#1972) Signed-off-by: Aniek Gul <13356402+aniekgul@users.noreply.github.com> Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 2 ++ .../templates/controller/servicemonitor.yaml | 8 ++++++++ charts/argo-rollouts/values.yaml | 4 ++++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 376cd8ce..895826e9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.4.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.25.0 +version: 2.26.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -16,4 +16,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: added - description: Ability to provide additional volumes and volumeMounts + description: Ability to provide service monitor relabeling configs diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 56a79852..58784cf0 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -89,6 +89,8 @@ For full list of changes please check ArtifactHub [changelog]. | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping | | controller.nodeSelector | object | `{}` | [Node selector] | | controller.pdb.annotations | object | `{}` | Annotations to be added to controller [Pod Disruption Budget] | | controller.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the controller | diff --git a/charts/argo-rollouts/templates/controller/servicemonitor.yaml b/charts/argo-rollouts/templates/controller/servicemonitor.yaml index f64dc328..cb489e3b 100644 --- a/charts/argo-rollouts/templates/controller/servicemonitor.yaml +++ b/charts/argo-rollouts/templates/controller/servicemonitor.yaml @@ -17,6 +17,14 @@ metadata: spec: endpoints: - port: metrics + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index e451602f..28a6f1f8 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -116,6 +116,10 @@ controller: additionalLabels: {} # -- Annotations to be added to the ServiceMonitor additionalAnnotations: {} + # -- RelabelConfigs to apply to samples before scraping + relabelings: [] + # -- MetricRelabelConfigs to apply to samples before ingestion + metricRelabelings: [] # -- Configure liveness [probe] for the controller # @default -- See [values.yaml] From 00e585342a099fdc4435b816ba6b33b47424afbe Mon Sep 17 00:00:00 2001 From: Stefan Tertan Date: Mon, 24 Apr 2023 17:57:36 +0100 Subject: [PATCH 127/768] feat(argo-workflows): add Prometheus ServiceMonitor relabelings, metricRelabelings & targetLabels (#1977) * feat(argo-workflows): add Prometheus ServiceMonitor relabelings, metricRelabelings & targetLabels Signed-off-by: Stefan Tertan * chore(argo-workflows): bump Helm chart patch version Signed-off-by: Stefan Tertan * docs(argo-workflows): update README.md via `helm-docs` Signed-off-by: Stefan Tertan * chore(argo-workflows): update changelog via chart annotation Signed-off-by: Stefan Tertan * chore(argo-workflows): remove URLs from README Signed-off-by: Stefan Tertan --------- Signed-off-by: Stefan Tertan Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 3 +++ .../workflow-controller-servicemonitor.yaml | 20 +++++++++++++++++++ charts/argo-workflows/values.yaml | 9 +++++++++ 4 files changed, 34 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index fe52da19..51e901cc 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.25.0 +version: 0.25.1 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: added - description: Add optional HPA for Argo Server + description: Add Prometheus ServiceMonitor relabelings, metricRelabelings & targetLabels diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 50bc7ce9..d918b444 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -153,13 +153,16 @@ Fields to note: | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". | | controller.metricsConfig.port | int | `9090` | Port is the port where metrics are emitted | | controller.metricsConfig.portName | string | `"metrics"` | Container metrics port name | +| controller.metricsConfig.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping | | controller.metricsConfig.secure | bool | `false` | Flag that use a self-signed cert for TLS | | controller.metricsConfig.servicePort | int | `8080` | Service metrics port | | controller.metricsConfig.servicePortName | string | `"metrics"` | Service metrics port name | +| controller.metricsConfig.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric | | controller.name | string | `"workflow-controller"` | Workflow controller name string | | controller.namespaceParallelism | string | `nil` | Limits the maximum number of incomplete workflows in a namespace | | controller.navColor | string | `""` | Set ui navigation bar background color | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 29fe1b59..e5e8307f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -15,11 +15,31 @@ spec: - port: metrics path: {{ .Values.controller.metricsConfig.path }} interval: 30s + {{- with .Values.controller.metricsConfig.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metricsConfig.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry path: {{ .Values.controller.telemetryConfig.path }} interval: 30s + {{- with .Values.controller.metricsConfig.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metricsConfig.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.controller.metricsConfig.targetLabels }} + targetLabels: + {{- toYaml . | nindent 8 }} {{- end }} namespaceSelector: matchNames: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 2fd166b5..7dddf89e 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -111,6 +111,15 @@ controller: servicePort: 8080 # -- Service metrics port name servicePortName: metrics + # -- ServiceMonitor relabel configs to apply to samples before scraping + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + relabelings: [] + # -- ServiceMonitor metric relabel configs to apply to samples before ingestion + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint + metricRelabelings: [] + # -- ServiceMonitor will add labels from the service to the Prometheus metric + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec + targetLabels: [] # -- the controller container's securityContext securityContext: readOnlyRootFilesystem: true From 086310f23701dff84067a077b987a779ec6cd5b1 Mon Sep 17 00:00:00 2001 From: toyamagu <83329336+toyamagu-2021@users.noreply.github.com> Date: Thu, 27 Apr 2023 21:49:02 +0900 Subject: [PATCH 128/768] fix(argocd-apps): Changed the project field of the applicationset from a tpl to str(#1978) (#1979) fix: Changed the project field of the applicationset from a tpl function to a string. Signed-off-by: tomoki-yamaguchi --- charts/argocd-apps/Chart.yaml | 6 ++-- .../ci/applicationsets-values.yaml | 29 +++++++++++++++++++ .../templates/applicationsets.yaml | 2 +- 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 2f7a6d5c..c8e37b3b 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 0.0.9 +version: 1.0.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -14,5 +14,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: added - description: Multiple sources for Application and ApplicationSet + - kind: fixed + description: Changed the project field of the applicationset from a tpl function to a string. diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index 2258f422..6142b1bb 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -42,3 +42,32 @@ applicationsets: syncPolicy: # Set Application finalizer preserveResourcesOnDeletion: false +- name: applicationset-list-generator + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + template: + metadata: {} + spec: + project: '{{cluster}}' + source: + targetRevision: HEAD + repoURL: https://github.com/argoproj/argo-cd.git + # New path value is generated here: + path: 'applicationset/examples/template-override/{{cluster}}-override' + destination: {} + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: '{{cluster}}' + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + # This 'default' value is not used: it is is replaced by the generator's template path, above + path: applicationset/examples/template-override/default + destination: + server: '{{url}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index aa7a3b79..bb8b09d1 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -51,7 +51,7 @@ spec: {{- end }} {{- with .spec }} spec: - project: {{ tpl .project $ }} + project: {{ .project | squote }} {{- with .source }} source: {{- toYaml . | nindent 8 }} From bc4e00b836335731e4b78dd19e396992dfb068fe Mon Sep 17 00:00:00 2001 From: Tal Yitzhak Date: Fri, 28 Apr 2023 10:54:32 +0300 Subject: [PATCH 129/768] fix(argo-rollouts): Added missing permissions for argo rollouts dashboard cluster role (#1988) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/dashboard/clusterrole.yaml | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 895826e9..bb95a986 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.4.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.26.0 +version: 2.26.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -16,4 +16,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: added - description: Ability to provide service monitor relabeling configs + description: Missing permissions to leases under coordination api group diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml index 5f05d6e6..0d69d67e 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -71,4 +71,12 @@ rules: verbs: - list - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update {{- end }} From 5f807d903b89b3cc2daf02efb08a33b845f01e1f Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 2 May 2023 16:28:34 +0900 Subject: [PATCH 130/768] feat(argo-cd): Upgrade Argo CD to v2.7.0 (#1989) * chore(argo-cd): Upgrade Argo CD to v2.7.0 Signed-off-by: yu-croco * fix(argo-cd): collect syntax Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 +- .../templates/crds/crd-application.yaml | 333 +++++++ .../templates/crds/crd-applicationset.yaml | 811 ++++++++++++++++++ 3 files changed, 1148 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 01aab841..169a5329 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.6.7 +appVersion: v2.7.0 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.29.1 +version: 5.30.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: fixed - description: Namespace field for some namespaced resources needs to be evaluated via helm root scope + - kind: changed + description: Upgrade Argo CD to v2.7.0 diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index ae0f7295..5bb7bfb3 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -310,6 +310,10 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -341,6 +345,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -572,6 +599,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -604,6 +636,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -950,6 +1005,10 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether to + apply env variables substitution for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -980,6 +1039,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1203,6 +1285,10 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -1234,6 +1320,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1604,6 +1713,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -1636,6 +1750,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1869,6 +2006,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -1901,6 +2043,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2279,6 +2444,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -2311,6 +2481,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2562,6 +2755,11 @@ spec: additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -2594,6 +2792,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize + Replicas override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2945,6 +3166,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -2977,6 +3203,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3221,6 +3470,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -3253,6 +3507,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3602,6 +3879,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -3634,6 +3916,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3878,6 +4183,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -3910,6 +4220,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 43452242..f9bfde6c 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -241,6 +241,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -257,6 +259,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -399,6 +418,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -415,6 +436,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -716,6 +754,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -732,6 +772,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -874,6 +931,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -890,6 +949,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1195,6 +1271,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1211,6 +1289,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1353,6 +1448,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1369,6 +1466,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1479,6 +1593,8 @@ spec: items: x-kubernetes-preserve-unknown-fields: true type: array + elementsYaml: + type: string template: properties: metadata: @@ -1648,6 +1764,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1664,6 +1782,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1806,6 +1941,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1822,6 +1959,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2131,6 +2285,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2147,6 +2303,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2289,6 +2462,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2305,6 +2480,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2606,6 +2798,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2622,6 +2816,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2764,6 +2975,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2780,6 +2993,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3085,6 +3315,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3101,6 +3333,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3243,6 +3492,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3259,6 +3510,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3369,6 +3637,8 @@ spec: items: x-kubernetes-preserve-unknown-fields: true type: array + elementsYaml: + type: string template: properties: metadata: @@ -3538,6 +3808,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3554,6 +3826,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3696,6 +3985,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3712,6 +4003,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4109,6 +4417,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4125,6 +4435,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4267,6 +4594,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4283,6 +4612,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4727,6 +5073,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4743,6 +5091,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4885,6 +5250,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4901,6 +5268,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5196,6 +5580,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5212,6 +5598,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5354,6 +5757,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5370,6 +5775,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5679,6 +6101,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5695,6 +6119,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5837,6 +6278,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5853,6 +6296,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6154,6 +6614,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6170,6 +6632,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6312,6 +6791,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6328,6 +6809,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6633,6 +7131,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6649,6 +7149,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6791,6 +7308,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6807,6 +7326,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6917,6 +7453,8 @@ spec: items: x-kubernetes-preserve-unknown-fields: true type: array + elementsYaml: + type: string template: properties: metadata: @@ -7086,6 +7624,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7102,6 +7642,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -7244,6 +7801,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7260,6 +7819,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -7657,6 +8233,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7673,6 +8251,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -7815,6 +8410,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7831,6 +8428,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8275,6 +8889,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8291,6 +8907,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8433,6 +9066,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8449,6 +9084,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8748,6 +9400,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8764,6 +9418,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8906,6 +9577,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8922,6 +9595,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -9316,6 +10006,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -9332,6 +10024,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -9474,6 +10183,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -9490,6 +10201,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -9934,6 +10662,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -9950,6 +10680,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10092,6 +10839,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10108,6 +10857,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10236,6 +11002,13 @@ spec: type: array goTemplate: type: boolean + preservedFields: + properties: + annotations: + items: + type: string + type: array + type: object strategy: properties: rollingSync: @@ -10441,6 +11214,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10457,6 +11232,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10599,6 +11391,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10615,6 +11409,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object From b9fa30883b5dae8648b822f56ffb81a6f566653f Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 2 May 2023 19:28:13 +0900 Subject: [PATCH 131/768] chore(argo-cd): Upgrade Dex and Redis (#1990) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 ++++-- charts/argo-cd/README.md | 6 +++--- charts/argo-cd/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 169a5329..675f66ed 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.0 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.30.0 +version: 5.30.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.7.0 + description: Upgrade Dex to v2.36.0 + - kind: changed + description: Upgrade Redis to v7.0.11 for avoiding CVE-2023-0464 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b90af7af..254f2557 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -835,7 +835,7 @@ server: | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.35.3"` | Dex image tag | +| dex.image.tag | string | `"v2.36.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | @@ -921,7 +921,7 @@ server: | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.7-alpine"` | Redis tag | +| redis.image.tag | string | `"7.0.11-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.metrics.enabled | bool | `false` | Deploy metrics service | @@ -979,7 +979,7 @@ The main options are listed here: | redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | -| redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 32b9060c..6702078e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -915,7 +915,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.35.3 + tag: v2.36.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1141,7 +1141,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.7-alpine + tag: 7.0.11-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1384,7 +1384,7 @@ redis-ha: enabled: true image: # -- Redis tag - tag: 7.0.7-alpine + tag: 7.0.11-alpine ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: From decfc73a3fb794c375bd5a3dbd798be8cdfe51cc Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 2 May 2023 21:29:30 +0900 Subject: [PATCH 132/768] feat(argo-cd): Use tini as the ENTRYPOINT (#1991) --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 8 ++++++-- charts/argo-cd/README.md.gotmpl | 6 ++++++ .../argocd-application-controller/statefulset.yaml | 4 ++-- .../templates/argocd-applicationset/deployment.yaml | 6 +----- .../templates/argocd-notifications/deployment.yaml | 4 ++-- .../argo-cd/templates/argocd-repo-server/deployment.yaml | 8 ++------ charts/argo-cd/templates/argocd-server/deployment.yaml | 4 ++-- charts/argo-cd/templates/dex/deployment.yaml | 4 ++-- charts/argo-cd/values.yaml | 8 -------- 10 files changed, 25 insertions(+), 33 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 675f66ed..2467144f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.0 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.30.1 +version: 5.31.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,6 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Upgrade Dex to v2.36.0 - - kind: changed - description: Upgrade Redis to v7.0.11 for avoiding CVE-2023-0464 + description: Use tini as the ENTRYPOINT diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 254f2557..f1f0845f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,11 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.31.0 +The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. +This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. +In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. + ### 5.24.0 This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). @@ -395,8 +400,6 @@ NAME: my-release | global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | -| global.entrypoint.entrypoint | string | `"entrypoint.sh"` | The entrypoint to use for the containers. | -| global.entrypoint.useImplicit | bool | `false` | Implicitly use the docker image's entrypoint. This requires the image to have ENTRYPOINT set properly | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | | global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all Argo CD deployments | @@ -1184,3 +1187,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md +[tini]: https://github.com/argoproj/argo-cd/pull/12707 diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 945bab72..92d7f354 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,11 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.31.0 +The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. +This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. +In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. + ### 5.24.0 This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). @@ -546,3 +551,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md +[tini]: https://github.com/argoproj/argo-cd/pull/12707 diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 2a067a63..c56bf0b3 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -51,8 +51,8 @@ spec: {{- end }} serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} containers: - - command: - - argocd-application-controller + - args: + - /usr/local/bin/argocd-application-controller - --metrics-port={{ .Values.controller.containerPorts.metrics }} {{- if .Values.controller.metrics.applicationLabels.enabled }} {{- range .Values.controller.metrics.applicationLabels.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 90863cce..9033f5b4 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -56,12 +56,8 @@ spec: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }} - {{- if not .Values.global.entrypoint.useImplicit }} - command: - - {{ .Values.global.entrypoint.entrypoint | quote }} - {{- end }} args: - - argocd-applicationset-controller + - /usr/local/bin/argocd-applicationset-controller - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 729e57db..d49944fd 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -56,8 +56,8 @@ spec: - name: {{ .Values.notifications.name }} image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }} - command: - - argocd-notifications + args: + - /usr/local/bin/argocd-notifications - --metrics-port={{ .Values.notifications.containerPorts.metrics }} - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }} - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index f5272bc2..0226b48f 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -61,12 +61,8 @@ spec: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} - {{- if not .Values.global.entrypoint.useImplicit }} - command: - - {{ .Values.global.entrypoint.entrypoint | quote }} - {{- end }} args: - - argocd-repo-server + - /usr/local/bin/argocd-repo-server - --port={{ .Values.repoServer.containerPorts.server }} - --metrics-port={{ .Values.repoServer.containerPorts.metrics }} {{- with .Values.repoServer.logFormat }} @@ -284,7 +280,7 @@ spec: {{- end }} initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index aa7320e7..7ce72e80 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -58,8 +58,8 @@ spec: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} - command: - - argocd-server + args: + - /usr/local/bin/argocd-server - --port={{ .Values.server.containerPorts.server }} - --metrics-port={{ .Values.server.containerPorts.metrics }} {{- with .Values.server.logFormat }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 8359a6a8..6ae17170 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -136,8 +136,8 @@ spec: - name: copyutil image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} - command: - - cp + args: + - /bin/cp - -n - /usr/local/bin/argocd - /shared/argocd-dex diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6702078e..afdaa095 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -132,14 +132,6 @@ global: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule - # POD entrypoint configuration - entrypoint: - # -- Implicitly use the docker image's entrypoint. This requires the image to have - # ENTRYPOINT set properly - useImplicit: false - # -- The entrypoint to use for the containers. - entrypoint: "entrypoint.sh" - # -- Deployment strategy for the all deployed Deployments deploymentStrategy: {} # type: RollingUpdate From bb4d3154e63c89939c732ef89e404f2cba2f03e9 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 3 May 2023 18:48:03 +0900 Subject: [PATCH 133/768] chore(argo-cd): Update Argo CD to v2.7.1 (#1999) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2467144f..9d222608 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.0 +appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.31.0 +version: 5.31.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Use tini as the ENTRYPOINT + description: Update Argo CD v2.7.1 From 513df3df8f7cd781fec944ea3699568831265507 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 5 May 2023 09:13:41 -0500 Subject: [PATCH 134/768] fix(argo-workflows): Add missing argo-workflows.apiVersion.autoscaling helper function for HPA configuration (#2001) fix: Add missing argo-workflows.apiVersion.autoscaling helper function for HPA configuration Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/templates/_helpers.tpl | 13 +++++++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 51e901cc..2d52acbd 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.25.1 +version: 0.25.2 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: added - description: Add Prometheus ServiceMonitor relabelings, metricRelabelings & targetLabels + - kind: fix + description: Add missing argo-workflows.apiVersion.autoscaling helper function used for HPA configuration diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 7719052d..2fbcc708 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -153,3 +153,16 @@ Return full image name including or excluding registry based on existence {{ .image.repository }} {{- end -}} {{- end -}} + +{{/* +Return the appropriate apiVersion for autoscaling +*/}} +{{- define "argo-workflows.apiVersion.autoscaling" -}} +{{- if .Values.apiVersionOverrides.autoscaling -}} +{{- print .Values.apiVersionOverrides.autoscaling -}} +{{- else if semverCompare "<1.23-0" (include "argo-cd.kubeVersion" .) -}} +{{- print "autoscaling/v2beta1" -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} From 2197c8e0402ab1074761af8d5f45825f0d59d4e1 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 5 May 2023 09:30:53 -0500 Subject: [PATCH 135/768] fix(argo-workflows): Drop .Values.useDefaultArtifactRepo flag to simplify usage (#2002) Fixes #1140 - [x] remove `.Values.useDefaultArtifactRepo` to ensure if items populated they get into the configmap. - [x] change structure of `.Values.customArtifactRepository` to only include the custom information Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 3 +-- .../workflow-controller-config-map.yaml | 7 ++---- charts/argo-workflows/values.yaml | 22 ++++++++----------- 4 files changed, 14 insertions(+), 22 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 2d52acbd..443bffb7 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.25.2 +version: 0.26.0 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: fix - description: Add missing argo-workflows.apiVersion.autoscaling helper function used for HPA configuration + description: Drop .Values.useDefaultArtifactRepo flag to simplify usage diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index d918b444..dae6972b 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -308,8 +308,7 @@ Fields to note: | artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage | | artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store | | artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store | -| customArtifactRepository | object | `{}` | The section of custom artifact repository. Will be added to the config in case useDefaultArtifactRepo is set to false | -| useDefaultArtifactRepo | bool | `false` | Influences the creation of the ConfigMap for the workflow-controller itself. | +| customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) | | useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) | ## Breaking changes from the deprecated `argo` chart diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 7327ecac..55720eb2 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -55,7 +55,6 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if .Values.useDefaultArtifactRepo }} artifactRepository: {{- if .Values.artifactRepository.archiveLogs }} archiveLogs: {{ .Values.artifactRepository.archiveLogs }} @@ -96,10 +95,8 @@ data: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - {{- else }} - {{- if .Values.customArtifactRepository }} - artifactRepository: {{- toYaml .Values.customArtifactRepository | nindent 6 }} - {{- end }} + {{- if .Values.customArtifactRepository }} + {{- toYaml .Values.customArtifactRepository | nindent 6 }} {{- end }} {{- if .Values.controller.metricsConfig.enabled }} metricsConfig: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 7dddf89e..c1c0229e 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -639,8 +639,6 @@ extraObjects: [] # secretName: argo-server-sso-secrets-store # type: Opaque -# -- Influences the creation of the ConfigMap for the workflow-controller itself. -useDefaultArtifactRepo: false # -- Use static credentials for S3 (eg. when not using AWS IRSA) useStaticCredentials: true artifactRepository: @@ -702,18 +700,16 @@ artifactRepository: # key: account-access-key # -- The section of custom artifact repository. -# Will be added to the config in case useDefaultArtifactRepo is set to false +# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) customArtifactRepository: {} -# customArtifactRepository: -# archiveLogs: true -# artifactory: -# repoUrl: https://artifactory.example.com/raw -# usernameSecret: -# name: artifactory-creds -# key: username -# passwordSecret: -# name: artifactory-creds -# key: password +# artifactory: +# repoUrl: https://artifactory.example.com/raw +# usernameSecret: +# name: artifactory-creds +# key: username +# passwordSecret: +# name: artifactory-creds +# key: password emissary: # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. From e980b71b83c037c6e8503413aeeff27aedc48ebd Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Fri, 5 May 2023 22:19:18 +0200 Subject: [PATCH 136/768] feat(argo-cd): allow extraObjects to contain string template (#1993) [argo-cd] allow extraObjects to contain string template Signed-off-by: Cyril Jouve Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/extra-manifests.yaml | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9d222608..75944916 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.31.1 +version: 5.32.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -23,5 +23,5 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - kind: changed - description: Update Argo CD v2.7.1 + - kind: added + description: Allow extraObjects to contain string templates diff --git a/charts/argo-cd/templates/extra-manifests.yaml b/charts/argo-cd/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-cd/templates/extra-manifests.yaml +++ b/charts/argo-cd/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} From 71462b7f6d29c68cb5b39ddc57e3e4daf416867a Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Fri, 5 May 2023 22:21:46 +0200 Subject: [PATCH 137/768] feat(github): Add OpenSSF Scorecard action (#2009) Signed-off-by: Marco Kilchhofer Co-authored-by: Marko Bevc --- .github/workflows/scorecard.yml | 72 +++++++++++++++++++++++++++++++++ README.md | 1 + 2 files changed, 73 insertions(+) create mode 100644 .github/workflows/scorecard.yml diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 00000000..c5ec1159 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,72 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '21 6 * * 6' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + with: + sarif_file: results.sarif diff --git a/README.md b/README.md index ac71eb3e..e8544439 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ [![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo) [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm) Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command: From fe901f4dfb786c45a0d6a022e8a731b0564db70e Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 5 May 2023 15:23:04 -0500 Subject: [PATCH 138/768] chore(github): Update repo files (#2006) - [x] DELETE OWNERS file, not parsed, only used for bookkeeping, CODEOWNERS does this - [x] update CODEOWNERS to people who have committed in the last year - [x] create EMERITUS.md to list former CODEOWNERS and thank them for their contribution - [x] create SECURITY.md so people know how to report security issues - [x] turn on private vulnerability reporting in the repository - [x] create CODE_OF_CONDUCT.md linking to CNCF code of conduct By adding a code of conduct and security file we can set our Community Standards to 100% [here](https://github.com/argoproj/argo-helm/community) Signed-off-by: jmeridth Co-authored-by: Marko Bevc --- CODEOWNERS | 14 ++++++-------- CODE_OF_CONDUCT.md | 9 +++++++++ EMERITUS.md | 12 ++++++++++++ OWNERS | 9 --------- SECURITY.md | 21 +++++++++++++++++++++ 5 files changed, 48 insertions(+), 17 deletions(-) create mode 100644 CODE_OF_CONDUCT.md create mode 100644 EMERITUS.md delete mode 100644 OWNERS create mode 100644 SECURITY.md diff --git a/CODEOWNERS b/CODEOWNERS index aea8942f..bd5df3d0 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,16 +1,14 @@ -# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners - -# Other and new charts -/charts/ @oliverbaehler +# All +* @mkilchhofer @jmeridth # Argo Workflows -/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @jmeridth @yu-croco +/charts/argo-workflows/ @vladlosev @yann-soubeyrand @jmeridth @yu-croco # Argo CD -/charts/argo-cd/ @davidkarlsen @mr-sour @yann-soubeyrand @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil +/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil # Argo Events -/charts/argo-events/ @jbehling @VaibhavPage @pdrastil +/charts/argo-events/ @pdrastil @jmeridth # Argo Rollouts -/charts/argo-rollouts/ +/charts/argo-rollouts/ @jmeridth diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..37789a9d --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,9 @@ +# Code of Conduct + +We adhere to the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). Please reference the link for details. + +## TL;DR (too long didn't read) + +Be kind + +Your participation is at the discression of the maintainers of this project. diff --git a/EMERITUS.md b/EMERITUS.md new file mode 100644 index 00000000..2c299690 --- /dev/null +++ b/EMERITUS.md @@ -0,0 +1,12 @@ +# Emeritus Approvers + +These are the people who have been approvers in the past, and have since retired from the role. + +We thank them for their service to the project. + +* @oliverbaehler +* @stefansedich +* @paguos +* @yann-soubeyrand +* @davidkarlsen +* @jbehling diff --git a/OWNERS b/OWNERS deleted file mode 100644 index e393c5ba..00000000 --- a/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -owners: -- alexec -- alexmt -- jessesuen - -approvers: -- alexec -- alexmt -- jessesuen diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..7c30259c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions and Upstream Reporting + +Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy docueent to find out how to report the security issue. + +* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md) +* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md) +* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md) +* [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md) +* [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md) + +## Reporting a Vulnerability for Argo Helm Charts + +We have enabled the ability to privately report security issues through the Security tab above. + +[Here are the details on how to file](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) on how to do that + +A repository owner/maintainer will respond as fast as possible to coordinate confirmation of issue and remediation. + +Thank you for helping to ensure this code stays secure. From 15ade97f88757218ec3ec1f7add96f2526179edd Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sat, 6 May 2023 05:17:19 -0500 Subject: [PATCH 139/768] chore(github): Add deps pr title scope for dependabot PRs (#2013) Signed-off-by: jmeridth --- .github/workflows/pr-title.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index a636b08b..f7281443 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -31,6 +31,7 @@ jobs: argo-workflows argocd-image-updater argocd-apps + deps github # Configure that a scope must always be provided. requireScope: true From 2762902b1fc4d3217db257db146ca4d9e99acbe9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 May 2023 19:23:23 +0900 Subject: [PATCH 140/768] chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 (#2012) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 3.1.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/3cea5372237819ed00197afe530f5a7ea3e805c8...0b7f8abb1508181956e8e162db84b466c27e18ce) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c5ec1159..2ab79857 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: SARIF file path: results.sarif From 0b965f93572534ae8cf1d8f6f540a62673dc34d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 May 2023 19:27:47 +0900 Subject: [PATCH 141/768] chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#2011) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...80e868c13c90f172d68d1f4501dee99e2479f7af) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2ab79857..99fb2945 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 with: results_file: results.sarif results_format: sarif From 6cf01708d36fe7d7bf997a2f77425763bceaf31d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 May 2023 19:35:03 +0900 Subject: [PATCH 142/768] chore(deps): bump github/codeql-action from 2.2.4 to 2.3.3 (#2010) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 2.3.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/17573ee1cc1b9d061760f3a006fc4aac4f944fd5...29b1f65c5e92e24fe6b6647da1eaabe529cec70f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 99fb2945..66e1d5ee 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3 with: sarif_file: results.sarif From 430aaea83c06e08e88c7d479d02252822fcf5520 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Sat, 6 May 2023 13:18:22 +0200 Subject: [PATCH 143/768] feat(argo-events): allow extraObjects to contain string template (#1994) [argo-event] allow extraObjects to contain string template Signed-off-by: Cyril Jouve Co-authored-by: Jason Meridth --- charts/argo-events/Chart.yaml | 6 +++--- charts/argo-events/templates/extra-manifests.yaml | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index a9f379e7..2adfec2b 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.2.0 +version: 2.3.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: add namespace field for namespace scoped resources + - kind: added + description: Allow extraObjects to contain string templates diff --git a/charts/argo-events/templates/extra-manifests.yaml b/charts/argo-events/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-events/templates/extra-manifests.yaml +++ b/charts/argo-events/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} From 80d5a6a65d309385a442a5d523f7a5d023390f32 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Sat, 6 May 2023 13:31:50 +0200 Subject: [PATCH 144/768] feat(argo-rollouts): allow extraObjects to contain string template (#1996) [argo-event] allow extraObjects to contain string template Signed-off-by: Cyril Jouve Co-authored-by: Jason Meridth Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/extra-manifests.yaml | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index bb95a986..46ca6ba7 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.4.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.26.1 +version: 2.27.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -16,4 +16,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: added - description: Missing permissions to leases under coordination api group + description: Allow extraObjects to contain string templates diff --git a/charts/argo-rollouts/templates/extra-manifests.yaml b/charts/argo-rollouts/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-rollouts/templates/extra-manifests.yaml +++ b/charts/argo-rollouts/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} From f40c1d81ca379f93ca19726639444a94a07c8e7d Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sat, 6 May 2023 08:18:37 -0500 Subject: [PATCH 145/768] fix(github): fix error in codeowners file and update README about security (#2015) This is a follow-up of #2006. We cleared out users who have not contributed in the last year and moved them to EMERITUS.md We also created SECURITY.md Signed-off-by: jmeridth --- CODEOWNERS | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index bd5df3d0..9b0a95c5 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -2,7 +2,7 @@ * @mkilchhofer @jmeridth # Argo Workflows -/charts/argo-workflows/ @vladlosev @yann-soubeyrand @jmeridth @yu-croco +/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco # Argo CD /charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil diff --git a/README.md b/README.md index e8544439..b29bb3d1 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" ### Security Policy -If you have a security concern relating to either this project repo or an individual helm chart, please [open an issue](https://github.com/argoproj/argo-helm/issues/new/choose) or [start a discussion](https://github.com/argoproj/argo-helm/discussions/new). +Please refer to [SECURITY.md](SECURITY.md) for details on how to report security issues. ### Changelog From 5cff9158985f9daa8eb7f00719bba532d0e4aea6 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sat, 6 May 2023 11:20:18 -0500 Subject: [PATCH 146/768] fix(argo-workflows): change chart icon to match other charts (#2018) fix(argo-workflows): change chart image to match other charts This will make the charts all look nice when you go to https://artifacthub.io/packages/search?repo=argo&sort=relevance&page=1 Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 443bffb7..3eb787b8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,8 +3,8 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.0 -icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png +version: 0.26.1 +icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: - https://github.com/argoproj/argo-workflows @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fix - description: Drop .Values.useDefaultArtifactRepo flag to simplify usage + - kind: chore + description: Update Chart icon From 2a480226c43b3656a15b4a9691d76f791903c385 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 7 May 2023 09:18:39 -0500 Subject: [PATCH 147/768] chore(argo-events): Update chart icon to standard image (#2020) This will make the charts all look nice when you go to https://artifacthub.io/packages/search?repo=argo&sort=relevance&page=1 Signed-off-by: jmeridth --- charts/argo-events/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 2adfec2b..b763af57 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.3.0 +version: 2.3.1 home: https://github.com/argoproj/argo-helm -icon: https://argoproj.github.io/argo-events/assets/logo.png +icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: - argoproj - argo-events @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: added - description: Allow extraObjects to contain string templates + - kind: chore + description: Update chart icon From ebae3d2462f754fac64bde0d88901c3451ae84dd Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Sun, 7 May 2023 16:57:01 +0200 Subject: [PATCH 148/768] chore(deps): Pin all workflow deps (#2021) --- .github/workflows/lint-and-test.yml | 10 +++++----- .github/workflows/pr-sizing.yml | 4 ++-- .github/workflows/pr-title.yml | 2 +- .github/workflows/publish.yml | 6 +++--- .github/workflows/stale.yml | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 97684b86..1f75294a 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -10,23 +10,23 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 with: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@v4 + uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0 with: python-version: 3.9 - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.4.0 + uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 with: # Note: Also update in scripts/lint.sh version: v3.7.1 @@ -58,7 +58,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@v1.5.0 + uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index bcdfc440..fa9c4c97 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -12,7 +12,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b # v4.0.3 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" @@ -22,6 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - name: size-label - uses: "pascalgn/size-label-action@v0.4.3" + uses: "pascalgn/size-label-action@1619680c5ac1ef360b944bb56a57587ba4aa2af8 # v0.4.3" env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index f7281443..2d45de12 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cb56596b..e104fde2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 with: version: v3.10.1 # Also update in lint-and-test.yaml @@ -39,7 +39,7 @@ jobs: git checkout origin/gh-pages index.yaml - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 with: config: "./.github/configs/cr.yaml" env: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 9b4053bb..b0356dc7 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@v8 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale From a99b021f153c793a2f0b66eff483c756a41cfa39 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Mon, 8 May 2023 02:39:28 +0200 Subject: [PATCH 149/768] fix(github): Remove quotes in `uses` statement (#2022) Signed-off-by: Marco Kilchhofer --- .github/workflows/pr-sizing.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index fa9c4c97..f75d7f82 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -1,8 +1,12 @@ ## Reference: https://github.com/pascalgn/size-label-action name: 'PR Labeling' + on: pull_request_target: - types: [opened, synchronize, reopened] + types: + - opened + - synchronize + - reopened permissions: contents: read @@ -21,7 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - name: size-label - uses: "pascalgn/size-label-action@1619680c5ac1ef360b944bb56a57587ba4aa2af8 # v0.4.3" + - uses: pascalgn/size-label-action@1619680c5ac1ef360b944bb56a57587ba4aa2af8 # v0.4.3 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 9d108349099d75bb4b8ef017a7cdae93b033c68d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 8 May 2023 20:22:52 +0900 Subject: [PATCH 150/768] feat(argo-cd): Enable to customize Service type of applicationset-controller (#2014) chore(argo-cd): Enable to customize Service type of applicationset-controller Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-applicationset/service.yaml | 1 + charts/argo-cd/values.yaml | 2 ++ 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 75944916..dd40f29b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.32.0 +version: 5.32.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -24,4 +24,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: added - description: Allow extraObjects to contain string templates + description: Enable to customize Service type of applicationset-controller diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f1f0845f..054dc2f9 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1079,6 +1079,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | | applicationSet.service.portName | string | `"webhook"` | ApplicationSet service port name | +| applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type | | applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index 640b195a..e3a07b6f 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -16,6 +16,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + type: {{ .Values.applicationSet.service.type }} ports: - name: {{ .Values.applicationSet.service.portName }} port: {{ .Values.applicationSet.service.port }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index afdaa095..3f95a663 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2432,6 +2432,8 @@ applicationSet: annotations: {} # -- ApplicationSet service labels labels: {} + # -- ApplicationSet service type + type: ClusterIP # -- ApplicationSet service port port: 7000 # -- ApplicationSet service port name From 24089bdd384283e51c87046a589fda7522339b0b Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 8 May 2023 15:02:25 -0500 Subject: [PATCH 151/768] fix(argo-workflows): use correct artifacthub annotation kind (#2031) This is to get latest argo-workflows chart version out to artifacthub. Can't get the previous ones that had incorrect kinds. #2030 adds linting so this doesn't happen again. Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 3eb787b8..11bdb8ed 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.1 +version: 0.26.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: chore - description: Update Chart icon + - kind: fixed + description: Use correct artifacthub kind and get latest chart version to artifacthub From 442fa22edcd5f980b2b4297d0d2d1bad1f820b2a Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 8 May 2023 19:38:23 -0500 Subject: [PATCH 152/768] fix(argo-events): use correct artifacthub annotation kind (#2032) This is to get latest argo-workflows chart version out to artifacthub. Can't get the previous ones that had incorrect kinds. argoproj#2030 adds linting so this doesn't happen again. Will merge after argo-workflows and argo-events charts are fixed. Signed-off-by: jmeridth Co-authored-by: Marco Kilchhofer --- charts/argo-events/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index b763af57..d6ce3465 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.3.1 +version: 2.3.2 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: chore - description: Update chart icon + - kind: fixed + description: Use correct artifacthub kind and get latest chart version to artifacthub From 395abc5435724684db43e2c99f4ec8ed859c0b90 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 8 May 2023 21:22:34 -0500 Subject: [PATCH 153/768] feat(github): add artifacthub linting (#2030) This will help us ensure we use correct notation in our artifacthub annotations Signed-off-by: jmeridth --- .github/workflows/lint-and-test.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 1f75294a..90106fc9 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -6,6 +6,18 @@ permissions: contents: read jobs: + linter-artifacthub: + runs-on: ubuntu-latest + container: + image: public.ecr.aws/artifacthub/ah:v1.14.0 + options: --user 1001 + steps: + - name: Checkout + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: Run ah lint + working-directory: ./charts + run: ah lint + chart-test: runs-on: ubuntu-latest steps: From c8b47cf060b2ba6da64d4eb9e1f081472d70a371 Mon Sep 17 00:00:00 2001 From: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> Date: Tue, 9 May 2023 13:41:54 +1000 Subject: [PATCH 154/768] fix(argo-workflows): Fix Helm chart to correctly reference Kubernetes version in conditional check for HPA apiVersion (#2029) * add a fix for argo workflows hpa Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> * add description for the fix Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> * update readme Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> * remove apiVersionOverrides from readme Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> * fix linting Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> --------- Signed-off-by: ryanpark0203 <108246291+ryanpark0203@users.noreply.github.com> Co-authored-by: Aikawa Co-authored-by: Jason Meridth --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/_helpers.tpl | 2 +- .../templates/server/server-deployment-hpa.yaml | 2 +- charts/argo-workflows/values.yaml | 5 +++++ 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 11bdb8ed..ae171a11 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.2 +version: 0.26.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: fixed - description: Use correct artifacthub kind and get latest chart version to artifacthub + description: Fix Helm chart to correctly reference Kubernetes version in conditional check for HPA apiVersion diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index dae6972b..1dbfc155 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -101,6 +101,7 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 2fbcc708..f302f0da 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -160,7 +160,7 @@ Return the appropriate apiVersion for autoscaling {{- define "argo-workflows.apiVersion.autoscaling" -}} {{- if .Values.apiVersionOverrides.autoscaling -}} {{- print .Values.apiVersionOverrides.autoscaling -}} -{{- else if semverCompare "<1.23-0" (include "argo-cd.kubeVersion" .) -}} +{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}} {{- print "autoscaling/v2beta1" -}} {{- else -}} {{- print "autoscaling/v2" -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml index ebc45925..9194bbd9 100644 --- a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.server.enabled .Values.server.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }} kind: HorizontalPodAutoscaler metadata: name: {{ template "argo-workflows.server.fullname" . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index c1c0229e..e7e268a0 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -29,6 +29,11 @@ fullnameOverride: # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" +# Override APIVersions +apiVersionOverrides: + # -- String to override apiVersion of autoscaling rendered by this helm chart + autoscaling: "" # autoscaling/v2 + # -- Restrict Argo to operate only in a single namespace (the namespace of the # Helm release) by apply Roles and RoleBindings instead of the Cluster # equivalents, and start workflow-controller with the --namespaced flag. Use it From cc64b0c9f51b85ec64f23582ee53167ff4abc4d1 Mon Sep 17 00:00:00 2001 From: PidgeyBE Date: Wed, 10 May 2023 12:16:14 +0200 Subject: [PATCH 155/768] fix(argo-workflows): fix clusterworkflowtemplates disabled flag (#2033) * fix clusterworkflowtemplates disabled flag Signed-off-by: Peejai * Bump chart version and add artifacthub changes Signed-off-by: Peejai --------- Signed-off-by: Peejai Co-authored-by: Jason Meridth --- charts/argo-workflows/Chart.yaml | 4 ++-- .../templates/crds/argoproj.io_clusterworkflowtemplates.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index ae171a11..0933c3d5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.3 +version: 0.26.4 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -14,4 +14,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: fixed - description: Fix Helm chart to correctly reference Kubernetes version in conditional check for HPA apiVersion + description: Create clusterWorkflowTemplates CRD only when enabled in Helm values. diff --git a/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml index 7f767b24..9264eaba 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -1,4 +1,5 @@ {{- if .Values.crds.install }} +{{- if or (.Values.server.clusterWorkflowTemplates.enabled) (.Values.controller.clusterWorkflowTemplates.enabled) }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -43,3 +44,4 @@ spec: served: true storage: true {{- end }} +{{- end }} From 07aa087a1942aac79dc04ec41a25a9c2b094ac4b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 15:06:56 +0200 Subject: [PATCH 156/768] feat(github): Introduce chart signing (#2040) Signed-off-by: Marco Kilchhofer --- .github/configs/cr.yaml | 8 +++++++- .github/workflows/publish.yml | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml index 01fdbe0c..a0d425dc 100644 --- a/.github/configs/cr.yaml +++ b/.github/configs/cr.yaml @@ -1,2 +1,8 @@ ## Reference: https://github.com/helm/chart-releaser -index-path: "./index.yaml" \ No newline at end of file +index-path: "./index.yaml" + +# PGP signing +sign: true +key: Argo Helm maintainers +# keyring: # Set via env variable CR_KEYRING +# passphrase-file: # Set via env variable CR_PASSPHRASE_FILE diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e104fde2..58d7d22d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -38,6 +38,22 @@ jobs: run: | git checkout origin/gh-pages index.yaml + # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key + # in ASCII-armored format. To export a (new) key, run this command: + # `gpg --armor --export-secret-key ` + - name: Prepare PGP key + run: | + IFS="" + echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg + echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt + + # Tell chart-releaser-action where to find the key and its passphrase + echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV" + echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV" + env: + PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}" + PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" + - name: Run chart-releaser uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 with: From 8c295d3344dd4c09ef9c8f7b7d8e32b94250ef0b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 15:49:32 +0200 Subject: [PATCH 157/768] feat(argo-cd): Introduce chart signing (#2042) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index dd40f29b..12a1f5f0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.32.1 +version: 5.32.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -22,6 +22,9 @@ dependencies: repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Enable to customize Service type of applicationset-controller + description: Introduce chart signing From 887f68adb1d8ab3f2a767c99a3f46618faee112b Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 16:20:51 +0200 Subject: [PATCH 158/768] feat(argo-workflows): Introduce chart signing (#2044) Signed-off-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0933c3d5..066adfa0 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.4 +version: 0.26.5 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -12,6 +12,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Create clusterWorkflowTemplates CRD only when enabled in Helm values. + - kind: added + description: Introduce chart signing From 2bd14d38b014ad1d45029c0990605d38eca960df Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Wed, 10 May 2023 15:30:17 +0100 Subject: [PATCH 159/768] chore(github): Add tico24 to codeowners (#2047) Signed-off-by: Tim Collins Co-authored-by: Aikawa --- CODEOWNERS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index 9b0a95c5..f7432a77 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -2,13 +2,13 @@ * @mkilchhofer @jmeridth # Argo Workflows -/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco +/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 # Argo CD -/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil +/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 # Argo Events -/charts/argo-events/ @pdrastil @jmeridth +/charts/argo-events/ @pdrastil @jmeridth @tico24 # Argo Rollouts /charts/argo-rollouts/ @jmeridth From 083f42cdd67ab03c4e45f98b8365ebd291b27318 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 11 May 2023 00:30:57 +0900 Subject: [PATCH 160/768] feat(argo-rollouts): Upgrade Argo Rollouts to v1.5.0 (#2039) * feat(argo-rollouts): Upgrade Argo Rollouts to v1.5.0 Signed-off-by: yu-croco * feat(argo-rollouts): Add missing configmap for 3rd party metrics providers Signed-off-by: yu-croco * feat: Add signing information Signed-off-by: Marco Kilchhofer --------- Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 11 ++- charts/argo-rollouts/README.md | 1 + .../templates/controller/configmap.yaml | 12 +++ .../templates/crds/analysis-run-crd.yaml | 70 +++++++++++++++++ .../templates/crds/analysis-template-crd.yaml | 70 +++++++++++++++++ .../crds/cluster-analysis-template-crd.yaml | 70 +++++++++++++++++ .../templates/crds/experiment-crd.yaml | 14 ++++ .../templates/crds/rollout-crd.yaml | 78 ++++++++++++++++++- charts/argo-rollouts/values.yaml | 7 ++ 9 files changed, 328 insertions(+), 5 deletions(-) create mode 100644 charts/argo-rollouts/templates/controller/configmap.yaml diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 46ca6ba7..ecdcbb39 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.4.1 +appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.27.0 +version: 2.28.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -14,6 +14,11 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: changed + description: Upgrade Argo Rollouts to v1.5.0 - kind: added - description: Allow extraObjects to contain string templates + description: Introduce chart signing diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 58784cf0..aaed870f 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -85,6 +85,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | | controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml new file mode 100644 index 00000000..8eb2bbe2 --- /dev/null +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argo-rollouts-config + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +data: + {{- with .Values.controller.metricProviderPlugins }} + {{- toYaml . | nindent 2 }} + {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 70187985..bc2e61db 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -188,6 +188,8 @@ spec: type: object datadog: properties: + apiVersion: + type: string interval: type: string query: @@ -240,6 +242,51 @@ spec: parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object selector: properties: matchExpressions: @@ -1832,6 +1879,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2579,12 +2628,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2710,6 +2768,9 @@ spec: required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: @@ -2717,6 +2778,15 @@ spec: query: type: string type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object wavefront: properties: address: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index c2846186..2c73c5c9 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -184,6 +184,8 @@ spec: type: object datadog: properties: + apiVersion: + type: string interval: type: string query: @@ -236,6 +238,51 @@ spec: parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object selector: properties: matchExpressions: @@ -1828,6 +1875,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2575,12 +2624,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2706,6 +2764,9 @@ spec: required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: @@ -2713,6 +2774,15 @@ spec: query: type: string type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object wavefront: properties: address: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index a00f68fe..612608de 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -184,6 +184,8 @@ spec: type: object datadog: properties: + apiVersion: + type: string interval: type: string query: @@ -236,6 +238,51 @@ spec: parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + - onPodConditions + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object selector: properties: matchExpressions: @@ -1828,6 +1875,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2575,12 +2624,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2706,6 +2764,9 @@ spec: required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: @@ -2713,6 +2774,15 @@ spec: query: type: string type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object wavefront: properties: address: diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 86af1932..acf98935 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -159,6 +159,9 @@ spec: type: object type: object service: + properties: + name: + type: string type: object template: properties: @@ -1727,6 +1730,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -2474,12 +2479,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 3f6ea749..0fafbab3 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -163,6 +163,17 @@ spec: x-kubernetes-int-or-string: true postPromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -220,6 +231,17 @@ spec: type: object prePromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -307,6 +329,17 @@ spec: type: integer analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -440,6 +473,17 @@ spec: properties: analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -580,6 +624,11 @@ spec: type: string type: object type: object + service: + properties: + name: + type: string + type: object specRef: type: string weight: @@ -869,9 +918,14 @@ spec: type: string stableIngress: type: string - required: - - stableIngress + stableIngresses: + items: + type: string + type: array type: object + plugins: + type: object + x-kubernetes-preserve-unknown-fields: true smi: properties: rootService: @@ -2456,6 +2510,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -3203,12 +3259,21 @@ spec: type: string type: object type: object + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -3257,30 +3322,39 @@ spec: properties: arn: type: string + fullName: + type: string name: type: string required: - arn + - fullName - name type: object loadBalancer: properties: arn: type: string + fullName: + type: string name: type: string required: - arn + - fullName - name type: object stableTargetGroup: properties: arn: type: string + fullName: + type: string name: type: string required: - arn + - fullName - name type: object type: object diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 28a6f1f8..d1c91e30 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -169,6 +169,13 @@ controller: # - mountPath: /etc/ssl/certs # name: my-certs + # -- Configures 3rd party metric providers for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/ + metricProviderPlugins: {} + # metricProviderPlugins: |- + # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + serviceAccount: # -- Specifies whether a service account should be created create: true From a487e177845c686f633b31b249e7dc7722aad8ad Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 17:45:46 +0200 Subject: [PATCH 161/768] feat(argo-events): Introduce chart signing (#2043) Signed-off-by: Marco Kilchhofer --- charts/argo-events/Chart.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index d6ce3465..c35d0f96 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.3.2 +version: 2.3.3 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -14,6 +14,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Use correct artifacthub kind and get latest chart version to artifacthub + - kind: added + description: Introduce chart signing From fc47f9baa6613ff747fda14cca0847f9b3e8b716 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 18:46:04 +0200 Subject: [PATCH 162/768] feat(argocd-image-updater): Introduce chart signing (#2046) Signed-off-by: Marco Kilchhofer --- charts/argocd-image-updater/Chart.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index d6ec30ef..665f4bad 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.0 +version: 0.9.1 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -14,6 +14,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: add namespace field for namespace scoped resources + - kind: added + description: Introduce chart signing From b37a9e72a68d8fafe3cddd14cf2b3ed6722eff4a Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 10 May 2023 18:57:43 +0200 Subject: [PATCH 163/768] feat(argocd-apps): Introduce chart signing (#2045) Signed-off-by: Marco Kilchhofer Co-authored-by: Aikawa --- charts/argocd-apps/Chart.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index c8e37b3b..0c55671d 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.0.0 +version: 1.0.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -13,6 +13,9 @@ maintainers: - name: argoproj url: https://argoproj.github.io/ annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Changed the project field of the applicationset from a tpl function to a string. + - kind: added + description: Introduce chart signing From f6d44750b8ecf25e272b22dd78950e3ad43e0ffd Mon Sep 17 00:00:00 2001 From: PidgeyBE Date: Thu, 11 May 2023 02:09:33 +0200 Subject: [PATCH 164/768] fix(argo-workflows): Fix templating in several places (#2026) * Add artifacthub changes Signed-off-by: Peejai * fix templating list of yamls Signed-off-by: Peejai * Bump version and fix templating for gcs and azure as well Signed-off-by: Peejai --------- Signed-off-by: Peejai Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- .../workflow-controller-config-map.yaml | 20 +++++++++---------- .../workflow-controller-deployment.yaml | 2 +- .../templates/server/server-deployment.yaml | 2 +- charts/argo-workflows/values.yaml | 4 ++-- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 066adfa0..3217d8e4 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.5 +version: 0.26.6 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Introduce chart signing + - kind: fixed + description: Fix Helm templating in S3 config and extra init containers diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 55720eb2..d30db859 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -60,29 +60,29 @@ data: archiveLogs: {{ .Values.artifactRepository.archiveLogs }} {{- end }} {{- with .Values.artifactRepository.gcs }} - gcs: {{- toYaml . | nindent 8 }} + gcs: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.artifactRepository.azure }} - azure: {{- toYaml . | nindent 8 }} + azure: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- if and (not .Values.artifactRepository.gcs) (not .Values.artifactRepository.azure) }} s3: {{- if .Values.useStaticCredentials }} accessKeySecret: - key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} - name: {{ .Values.artifactRepository.s3.accessKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }} secretKeySecret: - key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} - name: {{ .Values.artifactRepository.s3.secretKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }} {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket }} - endpoint: {{ .Values.artifactRepository.s3.endpoint }} + bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} + endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} insecure: {{ .Values.artifactRepository.s3.insecure }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} {{- end }} {{- if .Values.artifactRepository.s3.region }} - region: {{ .Values.artifactRepository.s3.region }} + region: {{ tpl .Values.artifactRepository.s3.region $ }} {{- end }} {{- if .Values.artifactRepository.s3.roleARN }} roleARN: {{ .Values.artifactRepository.s3.roleARN }} @@ -184,4 +184,4 @@ data: {{- end }} {{- with .Values.controller.podGCDeleteDelayDuration }} podGCDeleteDelayDuration: {{ . }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 4ee117b8..c391bee8 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} {{- with .Values.controller.extraInitContainers }} initContainers: - {{- toYaml . | nindent 8 }} + {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} containers: - name: controller diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index d75933ac..b2e50967 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -38,7 +38,7 @@ spec: {{- end }} {{- with .Values.server.extraInitContainers }} initContainers: - {{- toYaml . | nindent 8 }} + {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} containers: - name: argo-server diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index e7e268a0..0e5af428 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -655,10 +655,10 @@ artifactRepository: # Note the `key` attribute is not the actual secret, it's the PATH to # the contents in the associated secret, as defined by the `name` attribute. accessKeySecret: - # name: -minio + name: "{{ .Release.Name }}-minio" key: accesskey secretKeySecret: - # name: -minio + name: "{{ .Release.Name }}-minio" key: secretkey # insecure will disable TLS. Primarily used for minio installs not configured with TLS insecure: false From 8402303bf8fcbf2433a9b99714f89f232c0777db Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Thu, 11 May 2023 02:39:56 +0200 Subject: [PATCH 165/768] feat(argo-cd): Add ability to add prometheus.io/scrape annotations (#2037) --- charts/argo-cd/Chart.yaml | 6 +++-- charts/argo-cd/README.md | 11 +++++++++ .../metrics.yaml | 12 ++++++++-- .../argocd-applicationset/metrics.yaml | 12 ++++++++-- .../argocd-notifications/metrics.yaml | 12 ++++++++-- .../templates/argocd-repo-server/metrics.yaml | 12 ++++++++-- .../templates/argocd-server/metrics.yaml | 12 ++++++++-- charts/argo-cd/templates/redis/metrics.yaml | 12 ++++++---- charts/argo-cd/values.yaml | 23 +++++++++++++++++++ 9 files changed, 96 insertions(+), 16 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 12a1f5f0..a8d8e721 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.32.2 +version: 5.33.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,6 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Introduce chart signing + description: Ability to add prometheus.io/scrape annotations to all metrics services + - kind: added + description: Ability to change metrics service type and clusterIP diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 054dc2f9..6f25e5ce 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -394,6 +394,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| +| global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. | | global.additionalLabels | object | `{}` | Common labels for the all resources | | global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | | global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | @@ -513,9 +514,11 @@ NAME: my-release | controller.metrics.rules.selector | object | `{}` | PrometheusRule selector | | controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | | controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | controller.metrics.service.labels | object | `{}` | Metrics service labels | | controller.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -597,9 +600,11 @@ NAME: my-release | repoServer.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.metrics.enabled | bool | `false` | Deploy metrics service | | repoServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| repoServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | repoServer.metrics.service.labels | object | `{}` | Metrics service labels | | repoServer.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | repoServer.metrics.service.servicePort | int | `8084` | Metrics service port | +| repoServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -731,9 +736,11 @@ NAME: my-release | server.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | server.metrics.enabled | bool | `false` | Deploy metrics service | | server.metrics.service.annotations | object | `{}` | Metrics service annotations | +| server.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | server.metrics.service.labels | object | `{}` | Metrics service labels | | server.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | server.metrics.service.servicePort | int | `8083` | Metrics service port | +| server.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -1044,9 +1051,11 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.metrics.enabled | bool | `false` | Deploy metrics service | | applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations | +| applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | | applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port | +| applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | @@ -1128,8 +1137,10 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | | notifications.metrics.port | int | `9001` | Metrics port | | notifications.metrics.service.annotations | object | `{}` | Metrics service annotations | +| notifications.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | notifications.metrics.service.labels | object | `{}` | Metrics service labels | | notifications.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| notifications.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml index 754b8490..01b7a779 100644 --- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.controller.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.controller.metrics.service.annotations }} + {{- if or .Values.controller.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.controller.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.controller.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.controller.metrics.service.type }} + {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.controller.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index fdac0bcf..ad26d22d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.applicationSet.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.applicationSet.metrics.service.annotations }} + {{- if or .Values.applicationSet.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.applicationSet.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.applicationSet.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.applicationSet.metrics.service.type }} + {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.applicationSet.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml index 3c30a085..b5ce611d 100644 --- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.notifications.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.notifications.metrics.service.annotations }} + {{- if or .Values.notifications.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.notifications.metrics.port | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.notifications.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.notifications.metrics.service.type }} + {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} + {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} ports: diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml index b2be38ee..514595a2 100644 --- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.repoServer.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.repoServer.metrics.service.annotations }} + {{- if or .Values.repoServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.repoServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.repoServer.metrics.service.type }} + {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.repoServer.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml index 3a9f46f7..3844820e 100644 --- a/charts/argo-cd/templates/argocd-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -9,13 +9,21 @@ metadata: {{- with .Values.server.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.server.metrics.service.annotations }} + {{- if or .Values.server.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.server.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.server.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: + type: {{ .Values.server.metrics.service.type }} + {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.server.metrics.service.clusterIP }} + {{- end }} ports: - name: {{ .Values.server.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/redis/metrics.yaml b/charts/argo-cd/templates/redis/metrics.yaml index db526285..67b4c3ac 100644 --- a/charts/argo-cd/templates/redis/metrics.yaml +++ b/charts/argo-cd/templates/redis/metrics.yaml @@ -10,16 +10,20 @@ metadata: {{- with .Values.redis.metrics.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.redis.metrics.service.annotations }} + {{- if or .Values.redis.metrics.service.annotations .Values.global.addPrometheusAnnotations }} annotations: - {{- range $key, $value := . }} + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.redis.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.redis.metrics.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: type: {{ .Values.redis.metrics.service.type }} - {{- with .Values.redis.metrics.service.clusterIP }} - clusterIP: {{ . }} + {{- if and .Values.redis.metrics.service.clusterIP (eq .Values.redis.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.redis.metrics.service.clusterIP }} {{- end }} ports: - name: {{ .Values.redis.metrics.service.portName }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 3f95a663..9ee41698 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -79,6 +79,9 @@ global: # -- Labels for the all deployed pods podLabels: {} + # -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. + addPrometheusAnnotations: false + # -- Toggle and define pod-level security context. # @default -- `{}` (See [values.yaml]) securityContext: {} @@ -762,6 +765,10 @@ controller: # -- Additional labels labels: [] service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -1773,6 +1780,10 @@ server: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -2241,6 +2252,10 @@ repoServer: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -2394,6 +2409,10 @@ applicationSet: # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels @@ -2715,6 +2734,10 @@ notifications: # -- Metrics port port: 9001 service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" # -- Metrics service annotations annotations: {} # -- Metrics service labels From 5873a1bc331e37c9500e4337d2ad2deca2fd8c80 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Thu, 11 May 2023 08:39:17 +0200 Subject: [PATCH 166/768] feat(argo-workflows): allow extraObjects to contain string template (#1995) [argo-workflows] allow extraObjects to contain string template Signed-off-by: Cyril Jouve Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/templates/extra-manifests.yaml | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 3217d8e4..9b232421 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.6 +version: 0.27.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix Helm templating in S3 config and extra init containers + - kind: added + description: Allow extraObjects to contain string templates diff --git a/charts/argo-workflows/templates/extra-manifests.yaml b/charts/argo-workflows/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-workflows/templates/extra-manifests.yaml +++ b/charts/argo-workflows/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} From 1492e23522339e07e281aed0c7e659ce6a9d2189 Mon Sep 17 00:00:00 2001 From: Jonas Eilers <133217951+jdvgh@users.noreply.github.com> Date: Thu, 11 May 2023 16:06:46 +0200 Subject: [PATCH 167/768] feat(argo-cd): Add ability to add additional labels to all CRDs (#2051) feat(argo-cd): Add ability to add additional labels to all CRDs via .Values.crds.additionalLabels Signed-off-by: jdvgh <133217951+jdvgh@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/crds/crd-application.yaml | 3 +++ charts/argo-cd/templates/crds/crd-applicationset.yaml | 3 +++ charts/argo-cd/templates/crds/crd-extension.yaml | 3 +++ charts/argo-cd/templates/crds/crd-project.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 7 files changed, 17 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a8d8e721..b199884e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.1 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.0 +version: 5.33.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,6 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Ability to add prometheus.io/scrape annotations to all metrics services - - kind: added - description: Ability to change metrics service type and clusterIP + description: Ability to add additional labels to all CRDs via .Values.crds.additionalLabels diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6f25e5ce..34879a2a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -379,6 +379,7 @@ NAME: my-release | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of cert-manager resources rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 5bb7bfb3..cbb480e6 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -12,6 +12,9 @@ metadata: labels: app.kubernetes.io/name: applications.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: applications.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index f9bfde6c..ad35b062 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -12,6 +12,9 @@ metadata: labels: app.kubernetes.io/name: applicationsets.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: applicationsets.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/templates/crds/crd-extension.yaml b/charts/argo-cd/templates/crds/crd-extension.yaml index 802f0e8c..30fbce70 100644 --- a/charts/argo-cd/templates/crds/crd-extension.yaml +++ b/charts/argo-cd/templates/crds/crd-extension.yaml @@ -13,6 +13,9 @@ metadata: labels: app.kubernetes.io/name: argocdextensions.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: argocdextensions.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index 81e57d82..0a6da4f0 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -12,6 +12,9 @@ metadata: labels: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: appprojects.argoproj.io spec: group: argoproj.io diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 9ee41698..78e3c518 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -38,6 +38,8 @@ crds: keep: true # -- Annotations to be added to all CRDs annotations: {} + # -- Addtional labels to be added to all CRDs + additionalLabels: {} ## Globally shared configuration global: From 5dd7ae964d01eba826202107426fa3a6b3c62b57 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 13 May 2023 00:19:03 +0900 Subject: [PATCH 168/768] chore(argo-cd): Upgrade Argo CD to v2.7.2 (#2054) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b199884e..8e6211ca 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.1 +appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.1 +version: 5.33.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Ability to add additional labels to all CRDs via .Values.crds.additionalLabels + - kind: changed + description: Upgrade Argo CD to v2.7.2 From 6564b4453893d2a2498eed83ef5968cb65578368 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 13 May 2023 20:01:19 +0900 Subject: [PATCH 169/768] feat(argo-cd): Enable to add certificate to ApplicationSet Controller (#2052) * feat(argo-cd): Add ability to add certificate to Argo CD Controller Signed-off-by: yu-croco * fix(argo-cd): Add Certificate to right component Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +-- charts/argo-cd/README.md | 13 +++++++ .../argocd-applicationset/certificate.yaml | 33 ++++++++++++++++ charts/argo-cd/values.yaml | 39 +++++++++++++++++++ 4 files changed, 88 insertions(+), 3 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-applicationset/certificate.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8e6211ca..5eb9ac9e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.2 +version: 5.33.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.2 + - kind: added + description: Enable to add certificate to ApplicationSet Controller diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 34879a2a..4519caec 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1024,6 +1024,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | +| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | +| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | +| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| applicationSet.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| applicationSet.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| applicationSet.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| applicationSet.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | +| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml new file mode 100644 index 00000000..505a70fc --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -0,0 +1,33 @@ +{{- if .Values.applicationSet.certificate.enabled -}} +apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} +kind: Certificate +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + secretName: {{ .Values.applicationSet.certificate.secretName }} + commonName: {{ .Values.applicationSet.certificate.domain | quote }} + dnsNames: + - {{ .Values.applicationSet.certificate.domain | quote }} + {{- range .Values.applicationSet.certificate.additionalHosts }} + - {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} + issuerRef: + {{- with .Values.applicationSet.certificate.issuer.group }} + group: {{ . | quote }} + {{- end }} + kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }} + name: {{ .Values.applicationSet.certificate.issuer.name | quote }} + {{- with .Values.applicationSet.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 78e3c518..2ad1b918 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2623,6 +2623,45 @@ applicationSet: # hosts: # - argocd-applicationset.example.com + # TLS certificate configuration via cert-manager + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration + certificate: + # -- Deploy a Certificate resource (requires cert-manager) + enabled: false + # -- The name of the Secret that will be automatically created and managed by this Certificate resource + secretName: argocd-application-controller-tls + # -- Certificate primary domain (commonName) + domain: argocd.example.com + # -- Certificate Subject Alternate Names (SANs) + additionalHosts: [] + # -- The requested 'duration' (i.e. lifetime) of the certificate. + # @default -- `""` (defaults to 2160h = 90d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + duration: "" + # -- How long before the expiry a certificate should be renewed. + # @default -- `""` (defaults to 360h = 15d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + renewBefore: "" + # Certificate issuer + ## Ref: https://cert-manager.io/docs/concepts/issuer + issuer: + # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` + group: "" + # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` + kind: "" + # -- Certificate issuer name. Eg. `letsencrypt` + name: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 + ## Notifications controller notifications: # -- Enable notifications controller From 6b09ff82e05e808010f12ba277b268c3c21446c9 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Sat, 13 May 2023 13:25:33 +0200 Subject: [PATCH 170/768] fix(github): Don't run Scorecard analysis on forked repos (#2057) Signed-off-by: Marco Kilchhofer --- .github/workflows/scorecard.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 66e1d5ee..7059cc34 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -19,6 +19,7 @@ permissions: read-all jobs: analysis: + if: github.repository_owner == 'argoproj' name: Scorecard analysis runs-on: ubuntu-latest permissions: From 5dfed33a5668f1a18dde26417b69806d5c3e7ac6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 May 2023 20:32:52 +0900 Subject: [PATCH 171/768] chore(deps): bump actions/checkout from 3.1.0 to 3.5.2 (#2056) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.1.0...8e5e7e5ab8b370d6c329ec480221332ada57f0ab) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Kilchhofer Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7059cc34..7f5cbfa5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: persist-credentials: false From 1a5ee8eb352579bd81dfc3a14ef03f6604ad0b1b Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 16 May 2023 18:23:59 +0900 Subject: [PATCH 172/768] chore(argo-cd): Update redis-ha to v4.23.0 (#2058) Signed-off-by: yu-croco --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index e21296c6..edd5df2b 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.22.5 -digest: sha256:d2e927511e515fb862f23dd413ee3a356c855d808f6f9ad1d345ee62b8c7ea16 -generated: "2023-03-30T08:25:32.738257836+02:00" + version: 4.23.0 +digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c +generated: "2023-05-15T19:25:26.049618+09:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5eb9ac9e..6b8ec29d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.3 +version: 5.33.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.22.5 + version: 4.23.0 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Enable to add certificate to ApplicationSet Controller + - kind: changed + description: Update redis-ha to v4.23.0 From 05bc6a236dfafa88bf2366d47709dd8b1748a13c Mon Sep 17 00:00:00 2001 From: GoshaDozoretz <106976988+gosharo@users.noreply.github.com> Date: Wed, 17 May 2023 16:40:18 +0300 Subject: [PATCH 173/768] feat(argo-cd): add lifecycle hooks to repo server (#1922) * add lifesycle webhook to repo server Signed-off-by: goshado * add lifesycle webhook to repo server Signed-off-by: goshado * add lifesycle webhook to repo server Signed-off-by: goshado --------- Signed-off-by: goshado Signed-off-by: GoshaDozoretz <106976988+gosharo@users.noreply.github.com> Co-authored-by: goshado --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 4 ++++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6b8ec29d..32dcb776 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.33.4 +version: 5.34.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Update redis-ha to v4.23.0 + - kind: added + description: Add lifecycle webhook to repo server. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 4519caec..1fa388ed 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -594,6 +594,7 @@ NAME: my-release | repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | | repoServer.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | repoServer.initContainers | list | `[]` | Init containers to add to the repo server pods | +| repoServer.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-repo-server container | | repoServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | repoServer.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | repoServer.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 0226b48f..4f2c45bd 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -275,6 +275,10 @@ spec: {{- toYaml .Values.repoServer.resources | nindent 10 }} securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} + {{- with .Values.repoServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.repoServer.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 2ad1b918..c304de7e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2059,6 +2059,9 @@ repoServer: # - secretRef: # name: secret-name + # -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container + lifecycle: {} + # -- Additional containers to be added to the repo server pod ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ ## Note: Supports use of custom Helm templates From 7347a5d78162a4d7abf5efbb27bd0327905c2c91 Mon Sep 17 00:00:00 2001 From: Jonas Eilers <133217951+jdvgh@users.noreply.github.com> Date: Wed, 17 May 2023 16:24:43 +0200 Subject: [PATCH 174/768] feat(argo-cd): Add new BitbucketCloud ssh keys in values.yaml (#2062) feat: Add new BitbucketCloud ssh keys Update configs.ssh.kownHosts in charts/argo-cd/values.yaml to match new SSHKeys from https://bitbucket.org/site/ssh (as of May 17th, 2023) Signed-off-by: jdvgh <133217951+jdvgh@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 32dcb776..0c7a2d5c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.0 +version: 5.34.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Add lifecycle webhook to repo server. + description: Add new bitbucket cloud SSH key to configs.ssh.knownHosts diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c304de7e..2906eb82 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -315,6 +315,8 @@ configs: # -- Known hosts to be added to the known host list by default. # @default -- See [values.yaml] knownHosts: | + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl From c3cfd49e9679df03e37f963fcb64c6d5375572d5 Mon Sep 17 00:00:00 2001 From: Joe Lee Date: Fri, 19 May 2023 17:35:00 +0800 Subject: [PATCH 175/768] feat(argocd-apps): Generate application, applicationset, project with template (#2025) * add template for application Signed-off-by: Joe Lee * update version Signed-off-by: Joe Lee * fix issue Signed-off-by: Joe Lee * add example for applicationsetTemplates Signed-off-by: Joe Lee * fix issue Signed-off-by: Joe Lee * merge each of items into one Signed-off-by: Joe Lee * update readme Signed-off-by: Joe Lee * update doc Signed-off-by: Joe Lee * update version Signed-off-by: Joe Lee * add template for application Signed-off-by: Joe Lee * update version Signed-off-by: Joe Lee * fix issue Signed-off-by: Joe Lee * fix issue Signed-off-by: Joe Lee * merge each of items into one Signed-off-by: Joe Lee * move itemTemplates to new file Signed-off-by: Joe Lee * discard change for applications.yaml Signed-off-by: Joe Lee --------- Signed-off-by: Joe Lee --- charts/argocd-apps/Chart.yaml | 4 +- charts/argocd-apps/README.md | 1 + charts/argocd-apps/ci/item-templates.yaml | 61 +++++++++++++++++ .../argocd-apps/templates/item-templates.yaml | 15 +++++ charts/argocd-apps/values.yaml | 65 +++++++++++++++++++ 5 files changed, 144 insertions(+), 2 deletions(-) create mode 100644 charts/argocd-apps/ci/item-templates.yaml create mode 100644 charts/argocd-apps/templates/item-templates.yaml diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 0c55671d..6d0a194f 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.0.1 +version: 1.1.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Introduce chart signing + description: Generate application, applicationset, project with template diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md index bc0d0685..0e5bbbe2 100644 --- a/charts/argocd-apps/README.md +++ b/charts/argocd-apps/README.md @@ -31,6 +31,7 @@ $ helm install my-release argo/argocd-apps | applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | | applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | | extensions | list | `[]` (See [values.yaml]) | Deploy Argo UI Extensions within this helm release | +| itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | | projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | ---------------------------------------------- diff --git a/charts/argocd-apps/ci/item-templates.yaml b/charts/argocd-apps/ci/item-templates.yaml new file mode 100644 index 00000000..8a08c684 --- /dev/null +++ b/charts/argocd-apps/ci/item-templates.yaml @@ -0,0 +1,61 @@ +itemTemplates: + - items: + - name: my-appset + generators: &generators + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: "{{ .name }}" + spec: + generators: *generators + template: + metadata: + name: "{{`{{cluster}}`}}-guestbook" + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: "{{`{{cluster}}`}}" + namespace: guestbook + - items: + - name: my-appset + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: |- + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: {{ .name }} + spec: + generators: {{ toYaml .generators | nindent 4 }} + template: + metadata: + name: '{{`{{cluster}}`}}-guestbook' + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: '{{`{{cluster}}`}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/item-templates.yaml b/charts/argocd-apps/templates/item-templates.yaml new file mode 100644 index 00000000..a209cc2a --- /dev/null +++ b/charts/argocd-apps/templates/item-templates.yaml @@ -0,0 +1,15 @@ +{{- range .Values.itemTemplates }} +{{- if kindIs "string" .template }} +{{- $template := .template -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- else }} +{{- $template := .template | toYaml -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index eb0767b9..72301ace 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -133,6 +133,71 @@ applicationsets: [] # # Set Application finalizer # preserveResourcesOnDeletion: false +# -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release +# @default -- `[]` (See [values.yaml]) +## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ +itemTemplates: [] +# - items: +# - name: my-appset +# generators: &generators +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: "{{ .name }}" +# spec: +# generators: *generators +# template: +# metadata: +# name: "{{`{{cluster}}`}}-guestbook" +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: "{{`{{cluster}}`}}" +# namespace: guestbook +# - items: +# - name: my-appset +# generators: +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: |- +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: {{ .name }} +# spec: +# generators: {{ toYaml .generators | nindent 4 }} +# template: +# metadata: +# name: '{{`{{cluster}}`}}-guestbook' +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: '{{`{{cluster}}`}}' +# namespace: guestbook + # -- Deploy Argo UI Extensions within this helm release # @default -- `[]` (See [values.yaml]) ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. From 5766533626cadb5a29c46bd3a6c513da7ca30bea Mon Sep 17 00:00:00 2001 From: Julien Michaud <103417499+julien-michaud@users.noreply.github.com> Date: Fri, 19 May 2023 12:35:33 +0200 Subject: [PATCH 176/768] feat(argo-workflows): support google ManagedCertificate, FrontendConfig & BackendConfig for gce ingress (#2066) * feat: add gke stuff Signed-off-by: julien.michaud * update readme and chart.yaml file Signed-off-by: julien.michaud * fix readme Signed-off-by: julien.michaud * docs: Apply changes from code review Signed-off-by: Marco Kilchhofer --------- Signed-off-by: julien.michaud Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-workflows/Chart.yaml | 8 +++-- charts/argo-workflows/README.md | 9 +++++ charts/argo-workflows/README.md.gotmpl | 2 ++ charts/argo-workflows/templates/_helpers.tpl | 13 +++++++ .../templates/server/gke/backendconfig.yaml | 11 ++++++ .../templates/server/gke/frontendconfig.yaml | 11 ++++++ .../server/gke/managedcertificate.yaml | 12 +++++++ charts/argo-workflows/values.yaml | 36 +++++++++++++++++++ 8 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 charts/argo-workflows/templates/server/gke/backendconfig.yaml create mode 100644 charts/argo-workflows/templates/server/gke/frontendconfig.yaml create mode 100644 charts/argo-workflows/templates/server/gke/managedcertificate.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 9b232421..84e49d84 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.27.0 +version: 0.28.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,8 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Allow extraObjects to contain string templates + description: Add support for Google ManagedCertificate on GKE + - kind: added + description: Add support for Google FrontendConfig on GKE + - kind: added + description: Add support for Google BackendConfig on GKE diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 1dbfc155..b5612a16 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -102,6 +102,7 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | +| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | @@ -240,6 +241,12 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | +| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | +| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine | +| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | +| server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | +| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` | Assign custom [affinity] rules | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | @@ -333,6 +340,8 @@ Fields to note: 1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 398a8788..ab8554f5 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -188,6 +188,8 @@ Fields to note: 1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index f302f0da..f81e6fc4 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -166,3 +166,16 @@ Return the appropriate apiVersion for autoscaling {{- print "autoscaling/v2" -}} {{- end -}} {{- end -}} + +{{/* +Return the appropriate apiVersion for GKE resources +*/}} +{{- define "argo-workflows.apiVersions.cloudgoogle" -}} +{{- if .Values.apiVersionOverrides.cloudgoogle -}} +{{- print .Values.apiVersionOverrides.cloudgoogle -}} +{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}} +{{- print "cloud.google.com/v1" -}} +{{- else -}} +{{- print "cloud.google.com/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/charts/argo-workflows/templates/server/gke/backendconfig.yaml b/charts/argo-workflows/templates/server/gke/backendconfig.yaml new file mode 100644 index 00000000..4597db3d --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/backendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEbackendConfig.enabled }} +apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }} +kind: BackendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml new file mode 100644 index 00000000..6b81c923 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEfrontendConfig.enabled }} +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml new file mode 100644 index 00000000..b77c3131 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml @@ -0,0 +1,12 @@ +{{- if .Values.server.GKEmanagedCertificate.enabled }} +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +spec: + domains: + {{- with .Values.server.GKEmanagedCertificate.domains }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 0e5af428..b65fd4f8 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -33,6 +33,8 @@ kubeVersionOverride: "" apiVersionOverrides: # -- String to override apiVersion of autoscaling rendered by this helm chart autoscaling: "" # autoscaling/v2 + # -- String to override apiVersion of GKE resources rendered by this helm chart + cloudgoogle: "" # cloud.google.com/v1 # -- Restrict Argo to operate only in a single namespace (the namespace of the # Helm release) by apply Roles and RoleBindings instead of the Cluster @@ -576,6 +578,40 @@ server: # hosts: # - argoworkflows.example.com + ## Create a Google Backendconfig for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters + GKEbackendConfig: + # -- Enable BackendConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [BackendConfigSpec] + spec: {} + # spec: + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argoworkflows-secret + + ## Create a Google Managed Certificate for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + GKEmanagedCertificate: + # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. + enabled: false + # -- Domains for the Google Managed Certificate + domains: + - argoworkflows.example.com + + ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + GKEfrontendConfig: + # -- Enable FrontConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [FrontendConfigSpec] + spec: {} + # spec: + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + clusterWorkflowTemplates: # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. enabled: true From b651465fb23e4c252ec0391f2edbaa41fe2742f2 Mon Sep 17 00:00:00 2001 From: Yevhen Tienkaiev Date: Sat, 20 May 2023 18:39:17 +0300 Subject: [PATCH 177/768] feat(argo-rollouts): Add possibility to configure healthz and metrics ports to be compatible with Istio (#1976) --- charts/argo-rollouts/Chart.yaml | 6 ++---- charts/argo-rollouts/README.md | 4 ++++ .../templates/controller/deployment.yaml | 6 ++++-- .../templates/controller/metrics-service.yaml | 6 +++--- .../templates/controller/servicemonitor.yaml | 2 +- charts/argo-rollouts/values.yaml | 12 ++++++++++++ 6 files changed, 26 insertions(+), 10 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index ecdcbb39..756734d1 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.28.0 +version: 2.29.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,7 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Rollouts to v1.5.0 - kind: added - description: Introduce chart signing + description: Ability to configure healthz and metrics ports to be compatible with Istio diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index aaed870f..70a61745 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -75,6 +75,8 @@ For full list of changes please check ArtifactHub [changelog]. | containerSecurityContext | object | `{}` | Security Context to set on container level | | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | +| controller.containerPorts.healthz | int | `8080` | Healthz container port | +| controller.containerPorts.metrics | int | `8090` | Metrics container port | | controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | @@ -87,6 +89,8 @@ For full list of changes please check ArtifactHub [changelog]. | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.service.port | int | `8090` | Metrics service port | +| controller.metrics.service.portName | string | `"metrics"` | Metrics service port name | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 95ec845f..a40dd9ed 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -37,6 +37,8 @@ spec: containers: - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}" args: + - --healthzPort={{ .Values.controller.containerPorts.healthz }} + - --metricsport={{ .Values.controller.containerPorts.metrics }} {{- if not .Values.clusterInstall }} - --namespaced {{- end }} @@ -53,9 +55,9 @@ spec: imagePullPolicy: {{ .Values.controller.image.pullPolicy }} name: argo-rollouts ports: - - containerPort: 8090 + - containerPort: {{ .Values.controller.containerPorts.metrics }} name: metrics - - containerPort: 8080 + - containerPort: {{ .Values.controller.containerPorts.healthz }} name: healthz livenessProbe: {{- toYaml .Values.controller.livenessProbe | nindent 10 }} diff --git a/charts/argo-rollouts/templates/controller/metrics-service.yaml b/charts/argo-rollouts/templates/controller/metrics-service.yaml index 0effcc23..e04d326a 100644 --- a/charts/argo-rollouts/templates/controller/metrics-service.yaml +++ b/charts/argo-rollouts/templates/controller/metrics-service.yaml @@ -13,10 +13,10 @@ metadata: {{- end }} spec: ports: - - name: metrics + - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP - port: 8090 - targetPort: 8090 + port: {{ .Values.controller.metrics.service.port }} + targetPort: metrics selector: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/controller/servicemonitor.yaml b/charts/argo-rollouts/templates/controller/servicemonitor.yaml index cb489e3b..62713764 100644 --- a/charts/argo-rollouts/templates/controller/servicemonitor.yaml +++ b/charts/argo-rollouts/templates/controller/servicemonitor.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} spec: endpoints: - - port: metrics + - port: {{ .Values.controller.metrics.service.portName }} {{- with .Values.controller.metrics.serviceMonitor.relabelings }} relabelings: {{- toYaml . | nindent 6 }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index d1c91e30..2ea4fbb4 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -106,9 +106,21 @@ controller: # -- flag to enable creation of cluster controller role (requires cluster RBAC) createClusterRole: true + # Controller container ports + containerPorts: + # -- Metrics container port + metrics: 8090 + # -- Healthz container port + healthz: 8080 + metrics: # -- Deploy metrics service enabled: false + service: + # -- Metrics service port name + portName: metrics + # -- Metrics service port + port: 8090 serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false From be8a4c97293de9a0e13040f7dadd57556157bd6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 21 May 2023 11:07:08 +0900 Subject: [PATCH 178/768] chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#2067) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.5.0 to 1.7.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00...fa81e57adff234b2908110485695db0f181f3c67) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Kilchhofer --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 90106fc9..e7e35f8a 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0 + uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From 650a9ec7effbc920043a623c8deaba89a110c199 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Sun, 21 May 2023 14:19:31 +0700 Subject: [PATCH 179/768] feat(argocd-apps): Add rollout strategy for ApplicationSet (#2063) feat(argocd-apps): add rollout strategy for ApplicationSet Signed-off-by: Khue Doan --- charts/argocd-apps/Chart.yaml | 4 +- ...licationsets-progressive-syncs-values.yaml | 41 +++++++++++++++++++ .../templates/applicationsets.yaml | 4 ++ charts/argocd-apps/values.yaml | 20 ++++++++- 4 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 6d0a194f..fc733b22 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.1.0 +version: 1.2.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Generate application, applicationset, project with template + description: Rollout strategy for ApplicationSet diff --git a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml new file mode 100644 index 00000000..2fa58978 --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml @@ -0,0 +1,41 @@ +# Test applicationsets with Progressive Syncs + +applicationsets: +- name: applicationset-progressive-syncs + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + env: env-dev + - cluster: engineering-prod + url: https://9.8.7.6/ + env: env-prod + strategy: + type: RollingSync + rollingSync: + steps: + - matchExpressions: + - key: envLabel + operator: In + values: + - env-dev + - matchExpressions: + - key: envLabel + operator: In + values: + - env-prod + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + envLabel: '{{.env}}' + spec: + project: my-project + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index bb8b09d1..0d3a47e9 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -26,6 +26,10 @@ spec: generators: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .syncPolicy }} syncPolicy: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 72301ace..500849df 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -103,10 +103,28 @@ applicationsets: [] # directories: # - path: guestbook # - path: kustomize-* +# # Progressive Syncs is an experimental feature and it must be explicitly enabled +# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs +# strategy: +# type: RollingSync +# rollingSync: +# steps: +# - matchExpressions: +# - key: project +# operator: In +# values: +# - guestbook +# - matchExpressions: +# - key: project +# operator: In +# values: +# - kustomize-foo +# - kustomize-bar # template: # metadata: # name: '{{path.basename}}' -# labels: {} +# labels: +# project: '{{path.basename}}' # annotations: {} # spec: # project: default From 1d999e055266f05639cd81a3e1b4cb7859006794 Mon Sep 17 00:00:00 2001 From: Wim Fournier Date: Mon, 22 May 2023 19:07:09 +0200 Subject: [PATCH 180/768] fix(argo-cd): don't request applicationsets if its disabled (#2069) * don't request applicationsets if its disabled Signed-off-by: Wim Fournier * Update Chart.yaml Signed-off-by: Wim Fournier --------- Signed-off-by: Wim Fournier --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/role.yaml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0c7a2d5c..d5bdb82f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.1 +version: 5.34.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add new bitbucket cloud SSH key to configs.ssh.knownHosts + - kind: fixed + description: don't request applicationSets in the role, if applicationSets are disabled diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index f156bc18..6bfe32a4 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -23,7 +23,9 @@ rules: - argoproj.io resources: - applications + {{- if .Values.applicationSet.enabled }} - applicationsets + {{- end }} - appprojects {{- if .Values.server.extensions.enabled }} - argocdextensions From 6593901daf722c10f9b089a078cd9a7f88c1c2a5 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 23 May 2023 11:46:53 +0900 Subject: [PATCH 181/768] fix(argo-cd): Align with upstream dex initContainers (#2070) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/dex/deployment.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d5bdb82f..72042538 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.2 +version: 5.34.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: don't request applicationSets in the role, if applicationSets are disabled + description: Align with upstream dex initContainers diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 6ae17170..2acf4242 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -136,7 +136,7 @@ spec: - name: copyutil image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} - args: + command: - /bin/cp - -n - /usr/local/bin/argocd From feb7fc0bb8b2a33f0b7fc5772d597eb67775f977 Mon Sep 17 00:00:00 2001 From: Michael Weber Date: Tue, 23 May 2023 02:07:34 -0500 Subject: [PATCH 182/768] feat(argo-rollouts): add deployment annotations for controller (#2048) * feat(argo-rollouts): deployment annotations for controller, dashboard Signed-off-by: Michael Weber * chore: Apply changes from code review Signed-off-by: Marco Kilchhofer --------- Signed-off-by: Michael Weber Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 3 +++ charts/argo-rollouts/templates/controller/deployment.yaml | 6 ++++++ charts/argo-rollouts/templates/dashboard/deployment.yaml | 6 ++++++ charts/argo-rollouts/values.yaml | 8 ++++++++ 5 files changed, 25 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 756734d1..8d87d142 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.29.0 +version: 2.30.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Ability to configure healthz and metrics ports to be compatible with Istio + description: ability to annotate controller Deployment diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 70a61745..a7f8a060 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -49,6 +49,7 @@ For full list of changes please check ArtifactHub [changelog]. | createClusterAggregateRoles | bool | `true` | flag to enable creation of cluster aggregate roles (requires cluster RBAC) | | extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. | | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | +| global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | installCRDs | bool | `true` | Install and upgrade CRDs | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | @@ -78,6 +79,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.containerPorts.healthz | int | `8080` | Healthz container port | | controller.containerPorts.metrics | int | `8090` | Metrics container port | | controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | +| controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | | controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. | @@ -127,6 +129,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` | | dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | | dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) | +| dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment | | dashboard.enabled | bool | `false` | Deploy dashboard server | | dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. | | dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index a40dd9ed..966491c8 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -1,6 +1,12 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-rollouts.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index 342e1996..cae24888 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -2,6 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dashboard.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-rollouts.fullname" . }}-dashboard namespace: {{ .Release.Namespace | quote }} labels: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 2ea4fbb4..6a533eaf 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -38,9 +38,15 @@ extraObjects: [] # api-key: # app-key: +global: + # -- Annotations for all deployed Deployments + deploymentAnnotations: {} + controller: # -- Value of label `app.kubernetes.io/component` component: rollouts-controller + # -- Annotations to be added to the controller deployment + deploymentAnnotations: {} # -- Annotations to be added to application controller pods podAnnotations: {} # -- [Node selector] @@ -253,6 +259,8 @@ dashboard: readonly: false # -- Value of label `app.kubernetes.io/component` component: rollouts-dashboard + # -- Annotations to be added to the dashboard deployment + deploymentAnnotations: {} # -- Annotations to be added to application dashboard pods podAnnotations: {} # -- [Node selector] From cd4c291e47f0e9c1184fb05e79d9f3b742195c5c Mon Sep 17 00:00:00 2001 From: Wim Fournier Date: Tue, 23 May 2023 22:29:26 +0200 Subject: [PATCH 183/768] fix(argo-cd): Allow to disable containerSecurityContext (#2072) * Allow to disable containerSecurityContext Add a `enabled` property to allow the whole containerSecurityContext to be disabled. Fixes https://github.com/argoproj/argo-helm/issues/2071 Signed-off-by: wim.fournier Signed-off-by: Wim Fournier * fix missing space Signed-off-by: Wim Fournier * remove enabled key Signed-off-by: Wim Fournier * fix typo Signed-off-by: Wim Fournier * missed one Signed-off-by: Wim Fournier * simplify using `with`, thx @pborn-ionos! Signed-off-by: wim.fournier * missed one Signed-off-by: wim.fournier --------- Signed-off-by: wim.fournier Signed-off-by: Wim Fournier Signed-off-by: wim.fournier Co-authored-by: wim.fournier --- charts/argo-cd/Chart.yaml | 4 ++-- .../argocd-application-controller/statefulset.yaml | 4 +++- .../templates/argocd-applicationset/deployment.yaml | 4 +++- .../templates/argocd-notifications/deployment.yaml | 4 +++- .../argo-cd/templates/argocd-repo-server/deployment.yaml | 4 +++- charts/argo-cd/templates/argocd-server/deployment.yaml | 8 ++++++-- charts/argo-cd/templates/dex/deployment.yaml | 8 ++++++-- charts/argo-cd/templates/redis/deployment.yaml | 8 ++++++-- 8 files changed, 32 insertions(+), 12 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 72042538..17f73eb4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.2 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.3 +version: 5.34.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Align with upstream dex initContainers + description: Allow to disable containerSecurityContext diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index c56bf0b3..26b9d2f5 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -255,8 +255,10 @@ spec: failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} securityContext: - {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} workingDir: /home/argocd volumeMounts: {{- with .Values.controller.volumeMounts }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 9033f5b4..f3ce127a 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -182,8 +182,10 @@ spec: {{- end }} resources: {{- toYaml .Values.applicationSet.resources | nindent 12 }} + {{- with .Values.applicationSet.containerSecurityContext }} securityContext: - {{- toYaml .Values.applicationSet.containerSecurityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: {{- with .Values.applicationSet.extraVolumeMounts }} {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index d49944fd..d3f21b02 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -80,8 +80,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.notifications.resources | nindent 12 }} + {{- with .Values.notifications.containerSecurityContext }} securityContext: - {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} workingDir: /app volumeMounts: - name: tls-certs diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 4f2c45bd..759dc587 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -273,8 +273,10 @@ spec: failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.repoServer.resources | nindent 10 }} + {{- with .Values.repoServer.containerSecurityContext }} securityContext: - {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.repoServer.lifecycle }} lifecycle: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 7ce72e80..62436af7 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -334,8 +334,10 @@ spec: failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.server.resources | nindent 10 }} + {{- with .Values.server.containerSecurityContext }} securityContext: - {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.server.lifecycle }} lifecycle: {{- toYaml . | nindent 10 }} @@ -346,8 +348,10 @@ spec: imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }} resources: {{- toYaml .Values.server.extensions.resources | nindent 10 }} + {{- with .Values.server.extensions.containerSecurityContext }} securityContext: - {{- toYaml .Values.server.extensions.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: - name: extensions mountPath: /tmp/extensions/ diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 2acf4242..c623315f 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -117,8 +117,10 @@ spec: {{- end }} resources: {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} securityContext: - {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: {{- with .Values.dex.volumeMounts }} {{- toYaml . | nindent 8 }} @@ -148,8 +150,10 @@ spec: name: dexconfig resources: {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} securityContext: - {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.dex.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index fc0bebbd..bfe7c480 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -75,8 +75,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.redis.resources | nindent 10 }} + {{- with .Values.redis.containerSecurityContext }} securityContext: - {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.redis.volumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} @@ -99,8 +101,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.redis.exporter.resources | nindent 10 }} + {{- with .Values.redis.exporter.containerSecurityContext }} securityContext: - {{- toYaml .Values.redis.exporter.containerSecurityContext | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- end }} {{- with .Values.redis.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} From a0d45ae19ab29cd4acb61841629b40f12cf83a68 Mon Sep 17 00:00:00 2001 From: Alex Street Date: Wed, 24 May 2023 18:23:12 -0500 Subject: [PATCH 184/768] chore(argo-cd): Upgrade Argo CD to v2.7.3 (#2075) Signed-off-by: leif013 --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 17f73eb4..423dbb44 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.2 +appVersion: v2.7.3 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.4 +version: 5.34.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Allow to disable containerSecurityContext + - kind: changed + description: Upgrade Argo CD to v2.7.3 From 23b94151c6f3120834167e280016e6fff5949e74 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 25 May 2023 21:30:48 +0900 Subject: [PATCH 185/768] chore(argo-workflows): Enable to configure Service Monitor port (#2076) --- charts/argo-workflows/Chart.yaml | 10 +++------- .../controller/workflow-controller-servicemonitor.yaml | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 84e49d84..0a0018c2 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.28.0 +version: 0.28.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,9 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for Google ManagedCertificate on GKE - - kind: added - description: Add support for Google FrontendConfig on GKE - - kind: added - description: Add support for Google BackendConfig on GKE + - kind: changed + description: Enable to configure Service Monitor port diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index e5e8307f..6643d634 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -12,7 +12,7 @@ metadata: spec: endpoints: {{- if .Values.controller.metricsConfig.enabled }} - - port: metrics + - port: {{ .Values.controller.metricsConfig.servicePortName }} path: {{ .Values.controller.metricsConfig.path }} interval: 30s {{- with .Values.controller.metricsConfig.relabelings }} From cf3a8eed84ac537f0377daf230a6e5e9a8682874 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Thu, 25 May 2023 23:19:03 -0500 Subject: [PATCH 186/768] chore(argo-workflows): upgrade argo workflows to v3.4.8 (#2077) --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0a0018c2..6ac0cf5c 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.7 +appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.28.1 +version: 0.28.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Enable to configure Service Monitor port + description: Upgrade to Argo Workflows v3.4.8 From 2fbc8566375194009ed491d015f3c78b5b094aba Mon Sep 17 00:00:00 2001 From: Tal Yitzhak Date: Sat, 27 May 2023 17:51:41 +0300 Subject: [PATCH 187/768] feat(argo-rollouts): Fix cluster role missing access in argo rollouts dashboard (#2081) * docs(github): comment out notational pieces of PR template (#1969) github: comment out notational pieces of PR template - the DCO and publishing sentences are not filled out during PRs and are purely notational - comment them out with HTML comments, as is common practice - example from a repo I maintain: https://github.com/ezolenko/rollup-plugin-typescript2/blob/f6db59613a66f58c48310aa8fa785951970b5d6d/.github/issue_template.md?plain=1#L2 - I copied that from other repos too - these comments are still visible to the PR author, just not visible when rendered, keeping the PR more concise Signed-off-by: Anton Gilgur Co-authored-by: Marco Kilchhofer Signed-off-by: Tal Yitzhak * Added missing permissions for argo rollouts dashboard cluster role - for config map, should be able to get Signed-off-by: Tal Yitzhak * Added missing permissions for argo rollouts dashboard cluster role - for config map, should be able to get Signed-off-by: Tal Yitzhak --------- Signed-off-by: Anton Gilgur Signed-off-by: Tal Yitzhak Signed-off-by: Tal Yitzhak Co-authored-by: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Co-authored-by: Marco Kilchhofer Co-authored-by: Tal Yitzhak --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/dashboard/clusterrole.yaml | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 8d87d142..0acb2c64 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.30.0 +version: 2.30.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: ability to annotate controller Deployment + description: Missing get access for configmaps in argo rollouts dashboard service account role diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml index 0d69d67e..cb3e457a 100644 --- a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -71,6 +71,12 @@ rules: verbs: - list - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get - apiGroups: - coordination.k8s.io resources: From ec14ee0e7a9ea108b7b0e8830afc497b3025f7b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 May 2023 21:42:42 +0200 Subject: [PATCH 188/768] chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5 (#2084) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/29b1f65c5e92e24fe6b6647da1eaabe529cec70f...0225834cc549ee0ca93cb085b92954821a145866) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Kilchhofer --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7f5cbfa5..02aea3a6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3 + uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5 with: sarif_file: results.sarif From 32b86a7c31d989851b384afe9f76187ea480ea10 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 May 2023 14:58:10 -0500 Subject: [PATCH 189/768] chore(deps): bump actions/labeler from 4.0.3 to 4.0.4 (#2082) --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index f75d7f82..1078a9bb 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b # v4.0.3 + - uses: actions/labeler@0776a679364a9a16110aac8d0f40f5e11009e327 # v4.0.4 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From fb4a8949ec6222f0033562382b413a8b4fc65e73 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 May 2023 22:32:07 +0200 Subject: [PATCH 190/768] chore(deps): bump actions/setup-python from 4.6.0 to 4.6.1 (#2083) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/57ded4d7d5e986d7296eab16560982c6dd7c923b...bd6b4b6205c4dbad673328db7b31b7fab9e241c0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Kilchhofer Co-authored-by: Jason Meridth --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index e7e35f8a..b750cc2c 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: 3.9 From 438f7a26b7518ec1fc4133f12f58cb0b8d1a2765 Mon Sep 17 00:00:00 2001 From: Milos Hauser <16776599+hau21um@users.noreply.github.com> Date: Mon, 29 May 2023 06:29:30 +0200 Subject: [PATCH 191/768] feat(argo-cd): Adding "appProtocol: HTTPS" to HTTPS service port of argocd-server. (#1955) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/service.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 423dbb44..0f570ca3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.3 kubeVersion: ">=1.22.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.5 +version: 5.34.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.3 + - kind: added + description: Option to set appProtocol for Argocd server https service port diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 5a31f0b8..b9881f88 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -31,6 +31,9 @@ spec: {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttps }} {{- end }} + {{- with .Values.server.service.servicePortHttpsAppProtocol }} + appProtocol: {{ . }} + {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} {{- if eq .Values.server.service.type "LoadBalancer" }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 2906eb82..cbe46d2e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1768,6 +1768,8 @@ server: servicePortHttpName: http # -- Server service https port name, can be used to route traffic via istio servicePortHttpsName: https + # -- Server service https port appProtocol. (should be upper case - i.e. HTTPS) + # servicePortHttpsAppProtocol: HTTPS # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from From 2f410bb794101e2afdb714c6540c8ef09d73d5e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jun 2023 09:09:01 -0500 Subject: [PATCH 192/768] chore(deps): bump pascalgn/size-label-action from 0.4.3 to 0.5.0 (#2092) --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 1078a9bb..1b6d3699 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@1619680c5ac1ef360b944bb56a57587ba4aa2af8 # v0.4.3 + - uses: pascalgn/size-label-action@37a5ad4ae20ea8032abf169d953bcd661fd82cd3 # v0.5.0 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 17d1d046a8f855bb67e0903f7a0c280ea3150d9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jun 2023 09:10:22 -0500 Subject: [PATCH 193/768] chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#2091) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 02aea3a6..4a207269 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5 + uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 with: sarif_file: results.sarif From 5fb6688bcbeef2b7b1e1ed8a96d4eb7d172e5c1d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 3 Jun 2023 23:40:50 +0900 Subject: [PATCH 194/768] chore(argo-workflows): Declare SSO configuration explicitly on values.yaml (#2089) Signed-off-by: yu-croco Co-authored-by: Jason Meridth --- charts/argo-workflows/Chart.yaml | 4 +- charts/argo-workflows/README.md | 16 ++++- .../workflow-controller-config-map.yaml | 44 ++++++------- .../server/server-cluster-roles.yaml | 10 ++- charts/argo-workflows/values.yaml | 65 ++++++++++++------- 5 files changed, 82 insertions(+), 57 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6ac0cf5c..8f899e6c 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.28.2 +version: 0.29.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade to Argo Workflows v3.4.8 + description: Declare SSO configuration explicitly on values.yaml diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index b5612a16..f46d10e0 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -302,7 +302,21 @@ Fields to note: | server.servicePort | int | `2746` | Service port for server | | server.servicePortName | string | `""` | Service port name | | server.serviceType | string | `"ClusterIP"` | Service type for server pods | -| server.sso | object | `{}` | SSO configuration when SSO is specified as a server auth mode. | +| server.sso.clientId.key | string | `"client-id"` | Key of secret to retrieve the app OIDC client ID | +| server.sso.clientId.name | string | `"argo-server-sso"` | Name of secret to retrieve the app OIDC client ID | +| server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | +| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | +| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | +| server.sso.enabled | bool | `false` | Create SSO configuration | +| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | +| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | +| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | +| server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | +| server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | +| server.sso.redirectUrl | string | `"https://argo/oauth2/callback"` | | +| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | +| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | +| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | | server.tolerations | list | `[]` | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | | server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d30db859..ef39ddc7 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -126,37 +126,35 @@ data: {{- if .Values.controller.workflowDefaults }} workflowDefaults: {{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} - {{- with .Values.server.sso }} + {{- if .Values.server.sso.enabled }} sso: - issuer: {{ .issuer }} + issuer: {{ .Values.server.sso.issuer }} clientId: - name: {{ .clientId.name }} - key: {{ .clientId.key }} + name: {{ .Values.server.sso.clientId.name }} + key: {{ .Values.server.sso.clientId.key }} clientSecret: - name: {{ .clientSecret.name }} - key: {{ .clientSecret.key }} - redirectUrl: {{ .redirectUrl }} - {{- with .rbac }} + name: {{ .Values.server.sso.clientSecret.name }} + key: {{ .Values.server.sso.clientSecret.key }} + redirectUrl: {{ .Values.server.sso.redirectUrl }} rbac: - enabled: {{ .enabled }} + enabled: {{ .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.scopes }} + scopes: {{ toYaml . | nindent 8 }} {{- end }} - {{- if .scopes }} - scopes: {{ toYaml .scopes | nindent 8 }} + {{- with .Values.server.sso.issuerAlias }} + issuerAlias: {{ toYaml . }} {{- end }} - {{- if .issuerAlias }} - issuerAlias: {{ .issuerAlias }} + {{- with .Values.server.sso.sessionExpiry }} + sessionExpiry: {{ toYaml . }} {{- end }} - {{- if .sessionExpiry }} - sessionExpiry: {{ .sessionExpiry }} + {{- with .Values.server.sso.customGroupClaimName }} + customGroupClaimName: {{ toYaml . }} {{- end }} - {{- if .customGroupClaimName }} - customGroupClaimName: {{ .customGroupClaimName }} + {{- with .Values.server.sso.userInfoPath }} + userInfoPath: {{ toYaml . }} {{- end }} - {{- if .userInfoPath }} - userInfoPath: {{ .userInfoPath }} - {{- end }} - {{- if .insecureSkipVerify }} - insecureSkipVerify: {{ .insecureSkipVerify }} + {{- with .Values.server.sso.insecureSkipVerify }} + insecureSkipVerify: {{ toYaml . }} {{- end }} {{- end }} {{- with .Values.controller.workflowRestrictions }} @@ -184,4 +182,4 @@ data: {{- end }} {{- with .Values.controller.podGCDeleteDelayDuration }} podGCDeleteDelayDuration: {{ . }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 96f12bfa..2a52d956 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -38,7 +38,7 @@ rules: verbs: - get - list -{{- if .Values.server.sso }} +{{- if .Values.server.sso.enabled }} - apiGroups: - "" resources: @@ -54,7 +54,7 @@ rules: - secrets verbs: - create - {{- if .Values.server.sso.rbac }} + {{- if .Values.server.sso.rbac.enabled }} - apiGroups: - "" resources: @@ -73,11 +73,9 @@ rules: - get - list - watch -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} - {{- with .Values.server.sso.rbac.secretWhitelist }} +{{- if and .Values.server.sso.enabled .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.rbac.secretWhitelist }} resourceNames: {{- toYaml . | nindent 4 }} - {{- end }} {{- end }} {{- end }} - apiGroups: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index b65fd4f8..64a81d92 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -618,35 +618,50 @@ server: # -- Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true - # -- SSO configuration when SSO is specified as a server auth mode. - sso: {} - ## All the values are required. SSO is activated by adding --auth-mode=sso - ## to the server command line. - # - ## The root URL of the OIDC identity provider. - # issuer: https://accounts.google.com - ## Name of a secret and a key in it to retrieve the app OIDC client ID from. - # clientId: - # name: argo-server-sso - # key: client-id - ## Name of a secret and a key in it to retrieve the app OIDC client secret from. - # clientSecret: - # name: argo-server-sso - # key: client-secret - ## The OIDC redirect URL. Should be in the form /oauth2/callback. - # redirectUrl: https://argo/oauth2/callback - # rbac: - # enabled: true + # SSO configuration when SSO is specified as a server auth mode. + sso: + # -- Create SSO configuration + ## SSO is activated by adding --auth-mode=sso to the server command line. + enabled: false + # -- The root URL of the OIDC identity provider + issuer: https://accounts.google.com + clientId: + # -- Name of secret to retrieve the app OIDC client ID + name: argo-server-sso + # -- Key of secret to retrieve the app OIDC client ID + key: client-id + clientSecret: + # -- Name of a secret to retrieve the app OIDC client secret + name: argo-server-sso + # -- Key of a secret to retrieve the app OIDC client secret + key: client-secret + # - The OIDC redirect URL. Should be in the form /oauth2/callback. + redirectUrl: https://argo/oauth2/callback + rbac: + # -- Adds ServiceAccount Policy to server (Cluster)Role. + enabled: true + # -- Whitelist to allow server to fetch Secrets ## When present, restricts secrets the server can read to a given list. ## You can use it to restrict the server to only be able to access the ## service account token secrets that are associated with service accounts ## used for authorization. - # secretWhitelist: [] - ## Scopes requested from the SSO ID provider. The 'groups' scope requests - ## group membership information, which is usually used for authorization - ## decisions. - # scopes: - # - groups + secretWhitelist: [] + # -- Scopes requested from the SSO ID provider + ## The 'groups' scope requests group membership information, which is usually used for authorization decisions. + scopes: [] + # - groups + # -- Define how long your login is valid for (in hours) + ## If omitted, defaults to 10h. + sessionExpiry: "" + # -- Alternate root URLs that can be included for some OIDC providers + issuerAlias: "" + # -- Override claim name for OIDC groups + customGroupClaimName: "" + # -- Specify the user info endpoint that contains the groups claim + ## Configure this if your OIDC provider provides groups information only using the user-info endpoint (e.g. Okta) + userInfoPath: "" + # -- Skip TLS verification for the HTTP client + insecureSkipVerify: false # -- Extra containers to be added to the server deployment extraContainers: [] From 3a7e4b1de7908a39cb979358d1562daa582cde2c Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 4 Jun 2023 20:07:40 +0900 Subject: [PATCH 195/768] feat(argo-rollouts): Support Traffic Router Plugins (#2090) Signed-off-by: yu-croco Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + charts/argo-rollouts/templates/controller/configmap.yaml | 3 +++ charts/argo-rollouts/values.yaml | 7 +++++++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 0acb2c64..67175469 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.30.1 +version: 2.31.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Missing get access for configmaps in argo rollouts dashboard service account role + description: Support Traffic Router Plugins diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index a7f8a060..5add40c3 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -111,6 +111,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | +| controller.trafficRouterPlugins | object | `{}` | Configures 3rd party traffic router plugins for controller | | controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container | | controller.volumes | list | `[]` | Additional volumes to add to the controller pod | | podAnnotations | object | `{}` | Annotations for the all deployed pods | diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml index 8eb2bbe2..1978b2b6 100644 --- a/charts/argo-rollouts/templates/controller/configmap.yaml +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -10,3 +10,6 @@ data: {{- with .Values.controller.metricProviderPlugins }} {{- toYaml . | nindent 2 }} {{- end }} + {{- with .Values.controller.trafficRouterPlugins }} + {{- toYaml . | nindent 2 }} + {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 6a533eaf..b81ee53a 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -194,6 +194,13 @@ controller: # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + # -- Configures 3rd party traffic router plugins for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/ + trafficRouterPlugins: {} + # trafficRouterPlugins: |- + # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + serviceAccount: # -- Specifies whether a service account should be created create: true From 5771a0697794f592a10eae3215981205a3077e98 Mon Sep 17 00:00:00 2001 From: Alexandre Joris Date: Mon, 5 Jun 2023 16:15:07 +0200 Subject: [PATCH 196/768] fix(argo-workflows): Fixed gcs keyFormat template example in values.yaml (#2085) * fix(argo-workflows): #2073: Fixed gcs keyFormat template example in values.yaml Signed-off-by: Alexandre Joris * bumped chart version to v0.28.3 ; added artifacthub.io/changes changelog Signed-off-by: Alexandre Joris * fixed Chart.yaml trailing spaces Signed-off-by: Alexandre Joris * chore(deps): bump pascalgn/size-label-action from 0.4.3 to 0.5.0 (#2092) Signed-off-by: Alexandre Joris * chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#2091) Signed-off-by: Alexandre Joris * chore(argo-workflows): Declare SSO configuration explicitly on values.yaml (#2089) Signed-off-by: yu-croco Co-authored-by: Jason Meridth Signed-off-by: Alexandre Joris * feat(argo-rollouts): Support Traffic Router Plugins (#2090) Signed-off-by: yu-croco Co-authored-by: Jason Meridth Signed-off-by: Alexandre Joris --------- Signed-off-by: Alexandre Joris Signed-off-by: yu-croco Signed-off-by: Alexandre Joris Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jason Meridth Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 8f899e6c..44ba1899 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.29.0 +version: 0.29.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Declare SSO configuration explicitly on values.yaml + - kind: fixed + description: Fixed GCS keyFormat template example in values.yaml diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 64a81d92..8c442d97 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -724,7 +724,7 @@ artifactRepository: # @default -- `{}` (See [values.yaml]) gcs: {} # bucket: -argo - # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}" + # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" # serviceAccountKeySecret is a secret selector. # It references the k8s secret named 'my-gcs-credentials'. # This secret is expected to have have the key 'serviceAccountKey', From a6a7468973946d00533ecbb07db7e475382333e3 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 5 Jun 2023 23:28:10 +0900 Subject: [PATCH 197/768] chore(argo-cd): Upgrade supported Kubernetes version to v1.23.0 (#2087) * chore(argo-cd): Upgrade supported Kubernetes version to 1.23.0 due to Amazon EKS EoL Signed-off-by: yu-croco * chore(argo-cd): modify changelog Signed-off-by: yu-croco * fix(argo-cd): simpler description Signed-off-by: yu-croco * fix(argo-cd): reflect review point Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: Jason Meridth --- charts/argo-cd/Chart.yaml | 8 ++++---- charts/argo-cd/README.md | 8 +++++++- charts/argo-cd/README.md.gotmpl | 7 +++++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0f570ca3..5be3308f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 appVersion: v2.7.3 -kubeVersion: ">=1.22.0-0" +kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.34.6 +version: 5.35.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Option to set appProtocol for Argocd server https service port + - kind: changed + description: Upgrade supported Kubernetes version to 1.23.0 due to Amazon EKS EoL diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 1fa388ed..bd3796fc 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,11 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.35.0 +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + ### 5.31.0 The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. @@ -356,7 +361,7 @@ server: ## Prerequisites -- Kubernetes: `>=1.22.0-0` +- Kubernetes: `>=1.23.0-0` - Helm v3.0.0+ ## Installing the Chart @@ -1215,3 +1220,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 92d7f354..6b5efffc 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,12 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.35.0 +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + + ### 5.31.0 The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. @@ -552,3 +558,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks From 2538371fecba8e3bc7a161f6484e3d752f71d1e1 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 6 Jun 2023 13:34:59 +0900 Subject: [PATCH 198/768] chore(argo-cd): Upgrade Argo CD to v2.7.4 (#2095) --- charts/argo-cd/Chart.yaml | 8 +++++--- charts/argo-cd/values.yaml | 5 ++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5be3308f..b6dfe773 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.3 +appVersion: v2.7.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.35.0 +version: 5.35.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,6 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade supported Kubernetes version to 1.23.0 due to Amazon EKS EoL + description: Upgrade Argo CD to v2.7.4 + - kind: added + description: Update knownHosts diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index cbe46d2e..531b2360 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -315,8 +315,11 @@ configs: # -- Known hosts to be added to the known host list by default. # @default -- See [values.yaml] knownHosts: | - bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl From 49c2ca254826742217167ba2d0147a6eea562144 Mon Sep 17 00:00:00 2001 From: Joe Lee Date: Wed, 7 Jun 2023 16:52:02 +0800 Subject: [PATCH 199/768] feat(argo-cd): Add "global.env" for all deployed containers (#2096) * add global env for argo-cd Signed-off-by: Joe Lee * update readme Signed-off-by: Joe Lee * fix typo Signed-off-by: Joe Lee * feat(argo-cd): Add "global.env" for all deployed containers Signed-off-by: Joe Lee * update doc Signed-off-by: Joe Lee * remove note Signed-off-by: Joe Lee * update changes Signed-off-by: Joe Lee --------- Signed-off-by: Joe Lee --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 1 + .../argocd-application-controller/statefulset.yaml | 2 +- .../argo-cd/templates/argocd-applicationset/deployment.yaml | 2 +- .../argo-cd/templates/argocd-notifications/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- charts/argo-cd/templates/dex/deployment.yaml | 2 +- charts/argo-cd/templates/redis/deployment.yaml | 4 ++-- charts/argo-cd/values.yaml | 3 +++ 10 files changed, 14 insertions(+), 12 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b6dfe773..1c26de8d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.35.1 +version: 5.36.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.4 - kind: added - description: Update knownHosts + description: Add .Values.global.env for all deployed containers diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bd3796fc..f5a6a886 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -407,6 +407,7 @@ NAME: my-release | global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | +| global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | | global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all Argo CD deployments | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 26b9d2f5..b671e245 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -99,7 +99,7 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} name: {{ .Values.controller.name }} env: - {{- with .Values.controller.env }} + {{- with (concat .Values.global.env .Values.controller.env) }} {{- toYaml . | nindent 10 }} {{- end }} - name: ARGOCD_CONTROLLER_REPLICAS diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index f3ce127a..3ae8410c 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -79,7 +79,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} env: - {{- with .Values.applicationSet.extraEnv }} + {{- with (concat .Values.global.env .Values.applicationSet.extraEnv) }} {{- toYaml . | nindent 12 }} {{- end }} - name: NAMESPACE diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index d3f21b02..8df6c8bb 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -66,7 +66,7 @@ spec: {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} - {{- with .Values.notifications.extraEnv }} + {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} env: {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 759dc587..f438c8b5 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -77,7 +77,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: - {{- with .Values.repoServer.env }} + {{- with (concat .Values.global.env .Values.repoServer.env) }} {{- toYaml . | nindent 10 }} {{- end }} {{- if .Values.openshift.enabled }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 62436af7..cc928981 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -74,7 +74,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: - {{- with .Values.server.env }} + {{- with (concat .Values.global.env .Values.server.env) }} {{- toYaml . | nindent 10 }} {{- end }} - name: ARGOCD_SERVER_INSECURE diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index c623315f..ce9741d2 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -70,7 +70,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: - {{- with .Values.dex.env }} + {{- with (concat .Values.global.env .Values.dex.env) }} {{- toYaml . | nindent 10 }} {{- end }} - name: ARGOCD_DEX_SERVER_DISABLE_TLS diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index bfe7c480..ffdaed88 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -61,7 +61,7 @@ spec: {{- with .Values.redis.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.redis.env }} + {{- with (concat .Values.global.env .Values.redis.env) }} env: {{- toYaml . | nindent 8 }} {{- end }} @@ -92,7 +92,7 @@ spec: value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} - {{- with .Values.redis.exporter.env }} + {{- with (concat .Values.global.env .Values.redis.exporter.env) }} {{- toYaml . | nindent 8 }} {{- end }} ports: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 531b2360..c2dd9b52 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -144,6 +144,9 @@ global: # maxSurge: 25% # maxUnavailable: 25% + # -- Environment variables to pass to all deployed Deployments + env: [] + ## Argo Configs configs: # General Argo CD configuration From e7c3090cbfee94128f42568b749a36a38296a6ab Mon Sep 17 00:00:00 2001 From: Simon Hewitt Date: Wed, 7 Jun 2023 20:48:05 -0700 Subject: [PATCH 200/768] feat(argo-workflows): Add support for UI columns configuration (#2098) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ charts/argo-workflows/README.md.gotmpl | 1 + .../controller/workflow-controller-config-map.yaml | 3 +++ charts/argo-workflows/values.yaml | 3 +++ 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 44ba1899..5cfc70f7 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.29.1 +version: 0.29.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed GCS keyFormat template example in values.yaml + - kind: added + description: Add support for UI columns configuration diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index f46d10e0..6a19bba0 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -134,6 +134,7 @@ Fields to note: |-----|------|---------|-------------| | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | +| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | | controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | | controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment | @@ -357,6 +358,7 @@ Fields to note: [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index ab8554f5..8316e9a0 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -191,6 +191,7 @@ Fields to note: [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [links]: https://argoproj.github.io/argo-workflows/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index ef39ddc7..22033e4c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -163,6 +163,9 @@ data: {{- with .Values.controller.links }} links: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.controller.columns }} + columns: {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.controller.navColor }} navColor: {{ . }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 8c442d97..410ce958 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -305,6 +305,9 @@ controller: # -- Configure Argo Server to show custom [links] ## Ref: https://argoproj.github.io/argo-workflows/links/ links: [] + # -- Configure Argo Server to show custom [columns] + ## Ref: https://github.com/argoproj/argo-workflows/pull/10693 + columns: [] # -- Set ui navigation bar background color navColor: "" clusterWorkflowTemplates: From 9a79f32cd488a97ee0f95d55da05eba397d4a2ad Mon Sep 17 00:00:00 2001 From: ausias-armesto Date: Fri, 9 Jun 2023 00:52:13 +0200 Subject: [PATCH 201/768] fix(argo-cd): Allow specify redis config file (#2100) * fix(argo-cd): Allow specify redis config file Signed-off-by: ausias-armesto * fix(argo-cd): Bump version Signed-off-by: ausias-armesto --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis/deployment.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1c26de8d..aaf5fab2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.0 +version: 5.36.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add .Values.global.env for all deployed containers + - kind: fixed + description: Allow to specify redis.conf file diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index ffdaed88..419e5f31 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -54,13 +54,13 @@ spec: image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.image.imagePullPolicy }} args: + {{- with .Values.redis.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} - --save - "" - --appendonly - "no" - {{- with .Values.redis.extraArgs }} - {{- toYaml . | nindent 8 }} - {{- end }} {{- with (concat .Values.global.env .Values.redis.env) }} env: {{- toYaml . | nindent 8 }} From f8f282266cf91b6e38c8ad42b837925234ff41cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Jun 2023 22:41:04 +0900 Subject: [PATCH 202/768] chore(deps): bump actions/checkout from 3.5.2 to 3.5.3 (#2104) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e5e7e5ab8b370d6c329ec480221332ada57f0ab...c85c95e3d7251135ab7dc9ce3241c5835cc595a9) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index b750cc2c..c96b4b85 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 58d7d22d..c1d94025 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4a207269..f78b9466 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false From 04d88b65b633724646303b5a3562b74e85700c9c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Jun 2023 23:24:11 +0900 Subject: [PATCH 203/768] chore(deps): bump actions/labeler from 4.0.4 to 4.1.0 (#2103) Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.4 to 4.1.0. - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/0776a679364a9a16110aac8d0f40f5e11009e327...9fcb2c2f5584144ca754f8bfe8c6f81e77753375) --- updated-dependencies: - dependency-name: actions/labeler dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 1b6d3699..93cc6b01 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@0776a679364a9a16110aac8d0f40f5e11009e327 # v4.0.4 + - uses: actions/labeler@9fcb2c2f5584144ca754f8bfe8c6f81e77753375 # v4.1.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 783439b71482bdf68ecefa92a349f337e6f2491f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Jun 2023 23:27:52 +0900 Subject: [PATCH 204/768] chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 (#2102) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.13.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/83f0fe6c4988d98a455712a27f0255212bba9bd4...cdcdbb579706841c47f7063dda365e292e5cad7a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f78b9466..6cdcfd55 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 with: sarif_file: results.sarif From aec5d9d7230a53d1b1cb7651dfe6ff13feb2e2ee Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 16 Jun 2023 23:55:17 -0500 Subject: [PATCH 205/768] chore(argo-cd): upgrade argo-cd to v2.7.5 (#2108) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index aaf5fab2..4746db47 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.4 +appVersion: v2.7.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.1 +version: 5.36.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Allow to specify redis.conf file + - kind: changed + description: Upgrade Argo CD to v2.7.5 From 68f24d146c3c08e64117d98e3d58a6f073ec27a5 Mon Sep 17 00:00:00 2001 From: Lukas Jost Date: Mon, 19 Jun 2023 05:31:38 +0200 Subject: [PATCH 206/768] chore(github): Generate release notes (#2115) chore: Generate release notes Signed-off-by: Lukas Jost --- .github/configs/cr.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml index a0d425dc..154dbfbf 100644 --- a/.github/configs/cr.yaml +++ b/.github/configs/cr.yaml @@ -6,3 +6,7 @@ sign: true key: Argo Helm maintainers # keyring: # Set via env variable CR_KEYRING # passphrase-file: # Set via env variable CR_PASSPHRASE_FILE + +# Enable automatic generation of release notes using GitHubs release notes generator. +# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes +generate-release-notes: true From eb968668f84c7fbffeeaf67e84f59e283338b0d8 Mon Sep 17 00:00:00 2001 From: patrickli-foxtel <123523506+patrickli-foxtel@users.noreply.github.com> Date: Tue, 20 Jun 2023 10:05:25 +1000 Subject: [PATCH 207/768] fix(argo-cd): helm lint error when `extraObjects` is defined (#2116) Fix helm lint error when `extraObjects` is defined Signed-off-by: Patrick Li --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/extra-manifests.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4746db47..36e500d4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.2 +version: 5.36.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.5 + - kind: fixed + description: Fix helm lint error when `extraObjects` is defined diff --git a/charts/argo-cd/templates/extra-manifests.yaml b/charts/argo-cd/templates/extra-manifests.yaml index f17b1a93..fc9a76b8 100644 --- a/charts/argo-cd/templates/extra-manifests.yaml +++ b/charts/argo-cd/templates/extra-manifests.yaml @@ -1,6 +1,6 @@ {{ range .Values.extraObjects }} --- -{{- if typeIs "string" . }} +{{ if typeIs "string" . }} {{- tpl . $ }} {{- else }} {{- tpl (toYaml .) $ }} From 7959fee689ec3a72df5c1d966044c3d93e8f414a Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 20 Jun 2023 22:07:27 +0900 Subject: [PATCH 208/768] chore(argo-cd): Add `app.kubernetes.io/version` label (#2122) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_common.tpl | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 36e500d4..3afd1948 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.3 +version: 5.36.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix helm lint error when `extraObjects` is defined + - kind: added + description: Add `app.kubernetes.io/version` label diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index bf0c1e84..54423f99 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -46,6 +46,7 @@ helm.sh/chart: {{ include "argo-cd.chart" .context }} {{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argocd +app.kubernetes.io/version: {{ include "argo-cd.defaultTag" .context }} {{- with .context.Values.global.additionalLabels }} {{ toYaml . }} {{- end }} @@ -123,7 +124,7 @@ nodeAffinity: {{/* Common deployment strategy definition -- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite +- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite */}} {{- define "argo-cd.strategy" -}} {{- $preset := . -}} From db0484fe5182d81a91624eb5d3306d137f93433b Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 21 Jun 2023 13:27:33 +0900 Subject: [PATCH 209/768] chore(argo-cd): Upgrade Argo CD to v2.7.6 (#2123) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3afd1948..35494d4d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.5 +appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.4 +version: 5.36.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add `app.kubernetes.io/version` label + - kind: changed + description: Upgrade Argo CD to v2.7.6 From c44f10eb379a620dcbdec8bf62d88bb1d62e4919 Mon Sep 17 00:00:00 2001 From: ceguimaraes <36728438+ceguimaraes@users.noreply.github.com> Date: Wed, 21 Jun 2023 22:41:34 +1000 Subject: [PATCH 210/768] fix(argo-events): add managed namespace configuration (#2121) --- charts/argo-events/Chart.yaml | 8 +++++--- charts/argo-events/README.md | 1 + .../templates/argo-events-controller/deployment.yaml | 4 ++++ charts/argo-events/values.yaml | 2 ++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index c35d0f96..bfb82ea1 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.6 +appVersion: v1.8.0 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.3.3 +version: 2.4.0 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: changed + description: Upgrade Argo Events to v1.8.0 - kind: added - description: Introduce chart signing + description: Add managed namespace configuration diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index f06f9d3a..0abf2c31 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -127,6 +127,7 @@ done | controller.podLabels | object | `{}` | Labels to be added to events controller pods | | controller.priorityClassName | string | `""` | Priority class for the events controller pods | | controller.rbac.enabled | bool | `true` | Create events controller RBAC | +| controller.rbac.managedNamespace | string | `""` | Additional namespace to be monitored by the controller | | controller.rbac.namespaced | bool | `false` | Restrict events controller to operate only in a single namespace instead of cluster-wide scope. | | controller.rbac.rules | list | `[]` | Additional user rules for event controller's rbac | | controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index 9b7ace1b..a3614c73 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -48,6 +48,10 @@ spec: {{- if .Values.controller.rbac.namespaced }} - --namespaced {{- end }} + {{- if .Values.controller.rbac.managedNamespace }} + - --managed-namespace + - {{ .Values.controller.rbac.managedNamespace }} + {{- end }} {{- with .Values.controller.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 89a7323d..faba6939 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -138,6 +138,8 @@ controller: enabled: true # -- Restrict events controller to operate only in a single namespace instead of cluster-wide scope. namespaced: false + # -- Additional namespace to be monitored by the controller + managedNamespace: "" # -- Additional user rules for event controller's rbac rules: [] From b8c29f7db6ba38126551c1789a78763e702cde62 Mon Sep 17 00:00:00 2001 From: Tero Ahonen <85343093+teroahonen-vungle@users.noreply.github.com> Date: Wed, 21 Jun 2023 17:54:04 +0300 Subject: [PATCH 211/768] fix(argo-cd): Default applicationSet metrics port to 8085 (#2125) Change applicationSet controller metrics port to 8085 Signed-off-by: Tero Ahonen Co-authored-by: Tero Ahonen --- charts/argo-cd/Chart.yaml | 4 +++- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 35494d4d..7c5c20e7 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.5 +version: 5.36.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -28,3 +28,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: Upgrade Argo CD to v2.7.6 + - kind: changed + description: applicationSet.containerPorts.metrics to 8085 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f5a6a886..6d2e0b89 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1044,7 +1044,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | -| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | +| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c2dd9b52..2c3fe694 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2506,7 +2506,7 @@ applicationSet: # ApplicationSet controller container ports containerPorts: # -- Metrics container port - metrics: 8080 + metrics: 8085 # -- Probe container port probe: 8081 # -- Webhook container port From 172ce600a1d686d3de1ba4967a07a8bbe7c121f1 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Fri, 23 Jun 2023 15:59:14 +0200 Subject: [PATCH 212/768] fix(argo-cd): Revert "Default applicationSet metrics port to 8085" (#2130) Signed-off-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7c5c20e7..edb176c7 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.6 +version: 5.36.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,6 +27,6 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.7.6 + description: Adapt `applicationSet.containerPorts.metrics` to 8080 (revert previous release) - kind: changed - description: applicationSet.containerPorts.metrics to 8085 + description: Adapt `applicationSet.metrics.service.servicePort` to 8080 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6d2e0b89..cde67925 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1044,7 +1044,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | -| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port | +| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | @@ -1075,7 +1075,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | -| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port | +| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port | | applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 2c3fe694..d1687b53 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2433,7 +2433,7 @@ applicationSet: # -- Metrics service labels labels: {} # -- Metrics service port - servicePort: 8085 + servicePort: 8080 # -- Metrics service port name portName: http-metrics serviceMonitor: @@ -2506,7 +2506,7 @@ applicationSet: # ApplicationSet controller container ports containerPorts: # -- Metrics container port - metrics: 8085 + metrics: 8080 # -- Probe container port probe: 8081 # -- Webhook container port From 490ffa574c0917def580efafa94e810e28ce02cb Mon Sep 17 00:00:00 2001 From: frauniki Date: Sat, 24 Jun 2023 01:35:01 +0900 Subject: [PATCH 213/768] fix(argo-workflows): Change argo-workflows-server crb creation conditions (#2124) Change server's crb creation conditions Signed-off-by: frauniki Co-authored-by: Jason Meridth Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/templates/server/server-crb.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 5cfc70f7..331998be 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.29.2 +version: 0.29.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for UI columns configuration + - kind: fixed + description: Modify to allow ClusterRoleBinding to be created even if the server's ServiceAccount is not created diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index ec4f6435..e8d6511d 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.server.enabled .Values.server.serviceAccount.create .Values.server.rbac.create -}} +{{- if and .Values.server.enabled .Values.server.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 {{- if .Values.singleNamespace }} kind: RoleBinding From 4ff88759c9acc9b0b77ffae239c9b6c88a552432 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Jun 2023 08:18:56 -0500 Subject: [PATCH 214/768] chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#2131) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6cdcfd55..066d3c57 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 + uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 with: results_file: results.sarif results_format: sarif From f1526ec558709387080e5967d1475f8e7d64eef7 Mon Sep 17 00:00:00 2001 From: toyamagu <83329336+toyamagu-2021@users.noreply.github.com> Date: Sun, 25 Jun 2023 07:28:46 +0900 Subject: [PATCH 215/768] fix(argo-workflows): artifactRepository will not be configured by default (#2132) (#2134) --- charts/argo-workflows/Chart.yaml | 4 +- .../ci/enable-artifact-repo-values.yaml | 46 +++++++++++++++++++ .../workflow-controller-config-map.yaml | 8 ++-- charts/argo-workflows/values.yaml | 22 ++++----- 4 files changed, 64 insertions(+), 16 deletions(-) create mode 100644 charts/argo-workflows/ci/enable-artifact-repo-values.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 331998be..b12335a5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.29.3 +version: 0.30.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Modify to allow ClusterRoleBinding to be created even if the server's ServiceAccount is not created + description: artifactRepository will not be configured by default diff --git a/charts/argo-workflows/ci/enable-artifact-repo-values.yaml b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml new file mode 100644 index 00000000..c20a5775 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml @@ -0,0 +1,46 @@ +# Test with artifact repository +crds: + keep: false + +useStaticCredentials: true +artifactRepository: + archiveLogs: false + s3: + accessKeySecret: + name: "{{ .Release.Name }}-minio" + key: accesskey + secretKeySecret: + name: "{{ .Release.Name }}-minio" + key: secretkey + insecure: false + bucket: + endpoint: + region: + roleARN: + useSDKCreds: true + encryptionOptions: + enableEncryption: true + gcs: + bucket: project-argo + keyFormat: "{{ `{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}` }}" + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey + azure: + endpoint: https://mystorageaccountname.blob.core.windows.net + container: my-container-name + blobNameFormat: path/in/container + useSDKCreds: true + accountKeySecret: + name: my-azure-storage-credentials + key: account-access-key + +customArtifactRepository: + artifactory: + repoUrl: https://artifactory.example.com/raw + usernameSecret: + name: artifactory-creds + key: username + passwordSecret: + name: artifactory-creds + key: password diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 22033e4c..680b436f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -55,6 +55,7 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} + {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }} artifactRepository: {{- if .Values.artifactRepository.archiveLogs }} archiveLogs: {{ .Values.artifactRepository.archiveLogs }} @@ -65,7 +66,7 @@ data: {{- with .Values.artifactRepository.azure }} azure: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} - {{- if and (not .Values.artifactRepository.gcs) (not .Values.artifactRepository.azure) }} + {{- if .Values.artifactRepository.s3 }} s3: {{- if .Values.useStaticCredentials }} accessKeySecret: @@ -95,8 +96,9 @@ data: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - {{- if .Values.customArtifactRepository }} - {{- toYaml .Values.customArtifactRepository | nindent 6 }} + {{- if .Values.customArtifactRepository }} + {{- toYaml .Values.customArtifactRepository | nindent 6 }} + {{- end }} {{- end }} {{- if .Values.controller.metricsConfig.enabled }} metricsConfig: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 410ce958..21970f43 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -705,17 +705,17 @@ artifactRepository: archiveLogs: false # -- Store artifact in a S3-compliant object store # @default -- See [values.yaml] - s3: - # Note the `key` attribute is not the actual secret, it's the PATH to - # the contents in the associated secret, as defined by the `name` attribute. - accessKeySecret: - name: "{{ .Release.Name }}-minio" - key: accesskey - secretKeySecret: - name: "{{ .Release.Name }}-minio" - key: secretkey - # insecure will disable TLS. Primarily used for minio installs not configured with TLS - insecure: false + s3: {} + # # Note the `key` attribute is not the actual secret, it's the PATH to + # # the contents in the associated secret, as defined by the `name` attribute. + # accessKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: accesskey + # secretKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: secretkey + # # insecure will disable TLS. Primarily used for minio installs not configured with TLS + # insecure: false # bucket: # endpoint: # region: From 4d0ae17c2f8e40c60e7775c5d21ddaabdc03380e Mon Sep 17 00:00:00 2001 From: Josh Baird Date: Mon, 26 Jun 2023 10:31:20 -0400 Subject: [PATCH 216/768] feat(argo-cd): Conditionally create the argocd-cmd-params-cm ConfigMap (#2129) * Add conditional for params cm. Signed-off-by: Josh Baird * Add value for create. Signed-off-by: Josh Baird * Update CHANGELOG. Signed-off-by: Josh Baird * Extra space. Signed-off-by: Josh Baird * Update docs. Signed-off-by: Josh Baird * Extra space. Signed-off-by: Josh Baird * Bump to 5.36.9 Signed-off-by: Josh Baird --------- Signed-off-by: Josh Baird --- charts/argo-cd/Chart.yaml | 8 +++----- charts/argo-cd/README.md | 1 + .../templates/argocd-configs/argocd-cmd-params-cm.yaml | 2 ++ charts/argo-cd/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index edb176c7..ee6d023c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.7 +version: 5.36.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Adapt `applicationSet.containerPorts.metrics` to 8080 (revert previous release) - - kind: changed - description: Adapt `applicationSet.metrics.service.servicePort` to 8080 + - kind: added + description: Added `configs.params.create` value to the argo-cd chart diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index cde67925..dbf3f012 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -464,6 +464,7 @@ NAME: my-release | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | | configs.params."server.x.frame.options" | string | `"sameorigin"` | Set X-Frame-Options header in HTTP responses to value. To disable, set to "". | | configs.params.annotations | object | `{}` | Annotations to be added to the argocd-cmd-params-cm ConfigMap | +| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | | configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | | configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | | configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml index 18fead9b..9d60d932 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.params.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -13,3 +14,4 @@ metadata: {{- end }} data: {{- include "argo-cd.config.params" . | trim | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d1687b53..c7129bab 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -217,6 +217,10 @@ configs: # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: + # -- Create the argocd-cmd-params-cm configmap + # If false, it is expected the configmap will be created by something else. + create: true + # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap annotations: {} From 78e99e991119b5e982a0de6eea8c3609409033a5 Mon Sep 17 00:00:00 2001 From: Josh Baird Date: Mon, 26 Jun 2023 10:53:40 -0400 Subject: [PATCH 217/768] feat(argo-cd): Add support for configuring argo-notifications log level and format (#2127) * Add env vars for notification logging. Signed-off-by: Josh Baird * Indent. Signed-off-by: Josh Baird * Update CHANGELOG. Signed-off-by: Josh Baird * Bump chart version. Signed-off-by: Josh Baird * Remove extra line. Signed-off-by: Josh Baird * Bump to 5.6.38. Signed-off-by: Josh Baird --------- Signed-off-by: Josh Baird --- charts/argo-cd/Chart.yaml | 4 ++-- .../argocd-notifications/deployment.yaml | 18 +++++++++++++++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ee6d023c..48461100 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.9 +version: 5.36.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added `configs.params.create` value to the argo-cd chart + description: Add `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL` and `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT` env vars to argo-notifications Deployment diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 8df6c8bb..d2eca77f 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -66,10 +66,22 @@ spec: {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} - {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} env: - {{- toYaml . | nindent 12 }} - {{- end }} + {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} From 675803c02dc5390440b9b13a089b4ad45e7645bb Mon Sep 17 00:00:00 2001 From: dchien234 Date: Fri, 30 Jun 2023 00:02:15 +0800 Subject: [PATCH 218/768] fix(argo-cd): fix gRPC service target port (#2138) * fix(argo-cd): update grpc service to use proper targetPort Signed-off-by: d.chien * fix(argo-cd): update Chart changelog Signed-off-by: d.chien --------- Signed-off-by: d.chien --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/aws/service.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 48461100..d000da10 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.10 +version: 5.36.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL` and `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT` env vars to argo-notifications Deployment + - kind: changed + description: Change `targetPort` to use proper `.Values.server.containerPorts.server` value in argo-cd/argo-server for grpc Service so that AWS ALB will not fail the health check for this extra Service. diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index 02c543d5..e9032f92 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -13,11 +13,11 @@ spec: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP port: {{ .Values.server.service.servicePortHttp }} - targetPort: server + targetPort: {{ .Values.server.containerPorts.server }} - name: {{ .Values.server.service.servicePortHttpsName }} protocol: TCP port: {{ .Values.server.service.servicePortHttps }} - targetPort: server + targetPort: {{ .Values.server.containerPorts.server }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None From 8213fc37c0a98a0479637d52d9730c4c4a62f7e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jul 2023 08:39:17 -0500 Subject: [PATCH 219/768] chore(deps): bump actions/labeler from 4.1.0 to 4.2.0 (#2140) --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 93cc6b01..18a87c50 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@9fcb2c2f5584144ca754f8bfe8c6f81e77753375 # v4.1.0 + - uses: actions/labeler@0967ca812e7fdc8f5f71402a1b486d5bd061fe20 # v4.2.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 7c3553de9d973594369389c5256235af455e79f2 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 2 Jul 2023 12:16:30 +0900 Subject: [PATCH 220/768] chore(argo-cd): Added note about Kubernetes Compatibility Matrix (#2141) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 3 +++ charts/argo-cd/README.md.gotmpl | 3 +++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d000da10..eacaef39 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.11 +version: 5.36.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Change `targetPort` to use proper `.Values.server.containerPorts.server` value in argo-cd/argo-server for grpc Service so that AWS ALB will not fail the health check for this extra Service. + - kind: added + description: Added note about Kubernetes Compatibility Matrix diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index dbf3f012..9c2d3c4a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -362,6 +362,8 @@ server: ## Prerequisites - Kubernetes: `>=1.23.0-0` + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ ## Installing the Chart @@ -1223,3 +1225,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 [EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 6b5efffc..f1dea7f2 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -363,6 +363,8 @@ server: ## Prerequisites - {{ template "chart.kubeVersionLine" . }} + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ ## Installing the Chart @@ -559,3 +561,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 [EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions From 167c112bcbbebfd4b0c18d38c9bbb063fab7f78b Mon Sep 17 00:00:00 2001 From: Elad Shmitanka Date: Sun, 2 Jul 2023 11:07:17 +0300 Subject: [PATCH 221/768] fix(argo-cd): Add usages to ArgoCD server certificate (#2143) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-server/certificate.yaml | 4 ++++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index eacaef39..bec859df 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.12 +version: 5.36.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added note about Kubernetes Compatibility Matrix + description: Support for setting server certificate usages diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 9c2d3c4a..907cd0fe 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -688,6 +688,7 @@ NAME: my-release | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | +| server.certificate.usages | list | `[]` | Usages for the certificate | | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | | server.certificateSecret.crt | string | `""` | Certificate data | | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index eec82ae6..1ec9bb02 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -30,4 +30,8 @@ spec: privateKey: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.certificate.usages }} + usages: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c7129bab..63588ea9 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1743,6 +1743,9 @@ server: algorithm: RSA # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. size: 2048 + # -- Usages for the certificate + ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage + usages: [] # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server From b9f610e319ee725ac602303714b774c4cc7c1be8 Mon Sep 17 00:00:00 2001 From: Laurent Lavaud Date: Mon, 3 Jul 2023 19:55:01 +0200 Subject: [PATCH 222/768] fix(argo-cd): Update `argo-cd.strategy` template (#2144) - Convert `$preset.type` to string to prevent an "incompatible types for comparison" when no strategy are defined Signed-off-by: Laurent Lavaud --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_common.tpl | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bec859df..91e3285e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.13 +version: 5.36.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support for setting server certificate usages + - kind: fixed + description: Update argo-cd.strategy template diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index 54423f99..f8c84c9c 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -128,9 +128,9 @@ Common deployment strategy definition */}} {{- define "argo-cd.strategy" -}} {{- $preset := . -}} -{{- if (eq $preset.type "Recreate") }} +{{- if (eq (toString $preset.type) "Recreate") }} type: Recreate -{{- else if (eq $preset.type "RollingUpdate") }} +{{- else if (eq (toString $preset.type) "RollingUpdate") }} type: RollingUpdate {{- with $preset.rollingUpdate }} rollingUpdate: From 5c4506b4810eda6583cd89443903956d9c4df6ab Mon Sep 17 00:00:00 2001 From: Atkins Date: Tue, 4 Jul 2023 17:22:19 +0800 Subject: [PATCH 223/768] feat(argo-cd): remove necessary create entry in `argocd-cmd-params-cm` ConfigMap (#2146) fix(argo-cd): remove necessary `create` entry in `argocd-cmd-params-cm` ConfigMap Signed-off-by: Atkins Chang --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 91e3285e..c84c0f90 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.14 +version: 5.36.15 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update argo-cd.strategy template + description: Remove necessary `create` entry in `argocd-cmd-params-cm` ConfigMap diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 2338d1c0..2786d6ed 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -207,7 +207,7 @@ applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.r Merge Argo Params Configuration with Preset Configuration */}} {{- define "argo-cd.config.params" -}} -{{- $config := omit .Values.configs.params "annotations" }} +{{- $config := omit .Values.configs.params "create" "annotations" }} {{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}} {{- range $key, $value := mergeOverwrite $preset $config }} {{ $key }}: {{ toString $value | toYaml }} From 5f55ef2c4cc16d4c91faaf1bdb7e0c1d7385435a Mon Sep 17 00:00:00 2001 From: Laurent Lavaud Date: Tue, 4 Jul 2023 16:07:03 +0200 Subject: [PATCH 224/768] feat(argo-cd): Update appset deployment template (#2145) - add cmd-params checksum annotation to the applicationSet deployment to trigger an automated rollout when changed. Signed-off-by: Laurent Lavaud Signed-off-by: Laurent Lavaud --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-applicationset/deployment.yaml | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c84c0f90..513438a5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.36.15 +version: 5.37.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Remove necessary `create` entry in `argocd-cmd-params-cm` ConfigMap + - kind: added + description: add applicationSet deployment cmd-params checksum diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 3ae8410c..0e00e28d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -24,12 +24,13 @@ spec: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} template: metadata: - {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }} annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }} {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }} From 5e5bad5262ecad870b70d73df2465182b1e86f3d Mon Sep 17 00:00:00 2001 From: Andre Krueger <32708635+1337andre@users.noreply.github.com> Date: Thu, 6 Jul 2023 10:25:47 +0200 Subject: [PATCH 225/768] chore(argo-cd): Upgrade Argo CD to v2.7.7 (#2147) Signed-off-by: Andre Krueger <32708635+1337andre@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 513438a5..cbc97da1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.6 +appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.37.0 +version: 5.37.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: add applicationSet deployment cmd-params checksum + - kind: changed + description: Upgrade Argo CD to v2.7.7 From 4f6f25198e9ebb8085c3c2a561d6750205dcb0bd Mon Sep 17 00:00:00 2001 From: Venkata Mutyala Date: Mon, 10 Jul 2023 01:14:16 -0700 Subject: [PATCH 226/768] feat(argo-cd): upgrade dexIDP from 2.36.0 -> 2.37.0 (#2155) feat: upgrade dexIDP from 2.36.0 -> 2.37.0 Signed-off-by: Venkata Mutyala --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index cbc97da1..32e6dfa6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.37.1 +version: 5.38.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.7.7 + description: Upgrade dexidp from v2.36.0 to v2.37.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 907cd0fe..51db4870 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -857,7 +857,7 @@ server: | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.36.0"` | Dex image tag | +| dex.image.tag | string | `"v2.37.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 63588ea9..08f3404a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -928,7 +928,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.36.0 + tag: v2.37.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From 5ec59e90fa8f03229b8c49fe6cf50fb79572b1bf Mon Sep 17 00:00:00 2001 From: gussan <83329336+toyamagu-2021@users.noreply.github.com> Date: Tue, 11 Jul 2023 21:07:08 +0900 Subject: [PATCH 227/768] feat(argo-workflows): Add support for artifactRepositoryRef (#2135) Signed-off-by: tomoki-yamaguchi Co-authored-by: Aikawa Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +- charts/argo-workflows/README.md | 1 + .../ci/enable-artifact-repo-ref.yaml | 41 ++++++++++++ .../artifact-repository-ref-cm.yaml | 19 ++++++ charts/argo-workflows/values.yaml | 63 ++++++++++++++++++- 5 files changed, 124 insertions(+), 6 deletions(-) create mode 100644 charts/argo-workflows/ci/enable-artifact-repo-ref.yaml create mode 100644 charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index b12335a5..ade0d8b5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.30.0 +version: 0.31.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: artifactRepository will not be configured by default + - kind: added + description: Add support for artifactRepositoryRef diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 6a19bba0..b445df25 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -331,6 +331,7 @@ Fields to note: | artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage | | artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store | | artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store | +| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). Each map key is the name of configmap | | customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) | | useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) | diff --git a/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml new file mode 100644 index 00000000..54c6c523 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml @@ -0,0 +1,41 @@ +artifactRepositoryRef: + # 1st ConfigMap + artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # 1st data + default-v1-s3-artifact-repository: + archiveLogs: true + s3: + bucket: my-bucket + endpoint: minio:9000 + insecure: true + accessKeySecret: + name: my-minio-cred + key: accesskey + secretKeySecret: + name: my-minio-cred + key: secretkey + # 2nd data + oss-artifact-repository: + archiveLogs: false + oss: + endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + bucket: $mybucket + accessKeySecret: + name: $mybucket-credentials + key: accessKey + secretKeySecret: + name: $mybucket-credentials + key: secretKey + # 2nd ConfigMap + another-artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: gcs + gcs: + archiveLogs: false + bucket: my-bucket + keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey diff --git a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml new file mode 100644 index 00000000..ce7cd55b --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml @@ -0,0 +1,19 @@ +{{- range $cm_name, $cm_val := .Values.artifactRepositoryRef }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $cm_name }} + namespace: {{ $.Release.Namespace | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }} + {{- with $cm_val.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{- range $data_key, $data_val := (omit $cm_val "annotations") }} + {{- $data_key | nindent 2 }}: | + {{- toYaml $data_val | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 21970f43..cd992c10 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -161,9 +161,13 @@ controller: # Only valid for 2.7+ ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/ workflowDefaults: {} - # spec: - # ttlStrategy: - # secondsAfterCompletion: 84600 + # spec: + # ttlStrategy: + # secondsAfterCompletion: 84600 + # # Ref: https://argoproj.github.io/argo-workflows/artifact-repository-ref/ + # artifactRepositoryRef: + # configMap: my-artifact-repository # default is "artifact-repositories" + # key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map. # -- Number of workflow workers workflowWorkers: # 32 @@ -770,6 +774,59 @@ customArtifactRepository: {} # name: artifactory-creds # key: password +# -- The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). +# Each map key is the name of configmap +# @default -- `{}` (See [values.yaml]) +artifactRepositoryRef: {} + # # -- 1st ConfigMap + # # If you want to use this config map by default, name it "artifact-repositories". + # # Otherwise, you can provide a reference to a + # # different config map in `artifactRepositoryRef.configMap`. + # artifact-repositories: + # # -- v3.0 and after - if you want to use a specific key, put that key into this annotation. + # annotations: + # workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # # 1st data of configmap. See above artifactRepository or customArtifactRepository. + # default-v1-s3-artifact-repository: + # archiveLogs: false + # s3: + # bucket: my-bucket + # endpoint: minio:9000 + # insecure: true + # accessKeySecret: + # name: my-minio-cred + # key: accesskey + # secretKeySecret: + # name: my-minio-cred + # key: secretkey + # # 2nd data + # oss-artifact-repository: + # archiveLogs: false + # oss: + # endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + # bucket: $mybucket + # # accessKeySecret and secretKeySecret are secret selectors. + # # It references the k8s secret named 'bucket-workflow-artifect-credentials'. + # # This secret is expected to have have the keys 'accessKey' + # # and 'secretKey', containing the base64 encoded credentials + # # to the bucket. + # accessKeySecret: + # name: $mybucket-credentials + # key: accessKey + # secretKeySecret: + # name: $mybucket-credentials + # key: secretKey + # # 2nd ConfigMap + # another-artifact-repositories: + # annotations: + # workflows.argoproj.io/default-artifact-repository: gcs + # gcs: + # bucket: my-bucket + # keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey + emissary: # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. ## See more: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary From 2fb60497519698eda8f217bf9fd3534b85c1704e Mon Sep 17 00:00:00 2001 From: Amit Ben Ami Date: Tue, 11 Jul 2023 16:01:02 +0300 Subject: [PATCH 228/768] feat(argo-cd): adding annotations option for `Certificate` (#2156) * feat(certificate): adding annotations options for the `Certificate` resources Signed-off-by: Amit Ben Ami * feat: bumping the chart version Signed-off-by: Amit Ben Ami --------- Signed-off-by: Amit Ben Ami Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 3 +++ .../templates/argocd-applicationset/certificate.yaml | 6 ++++++ charts/argo-cd/templates/argocd-server/certificate.yaml | 6 ++++++ charts/argo-cd/values.yaml | 7 +++++++ 5 files changed, 25 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 32e6dfa6..d0fcc045 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.38.0 +version: 5.38.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade dexidp from v2.36.0 to v2.37.0 + - kind: added + description: Adding the option to set `annotations` for `Certificate` resources diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 51db4870..048a62e9 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -407,6 +407,7 @@ NAME: my-release | global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | | global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | | global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | +| global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments | @@ -676,6 +677,7 @@ NAME: my-release | server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] | | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | | server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | | server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | | server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | @@ -1036,6 +1038,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | | applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index 505a70fc..f3b7d5d1 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -2,6 +2,12 @@ apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} kind: Certificate metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 1ec9bb02..716c38ea 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -2,6 +2,12 @@ apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} kind: Certificate metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 08f3404a..b6216977 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -147,6 +147,9 @@ global: # -- Environment variables to pass to all deployed Deployments env: [] + # -- Annotations for the all deployed Certificates + certificateAnnotations: {} + ## Argo Configs configs: # General Argo CD configuration @@ -1743,6 +1746,8 @@ server: algorithm: RSA # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. size: 2048 + # -- Annotations to be applied to the Server Certificate + annotations: {} # -- Usages for the certificate ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage usages: [] @@ -2681,6 +2686,8 @@ applicationSet: algorithm: RSA # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. size: 2048 + # -- Annotations to be applied to the ApplicationSet Certificate + annotations: {} ## Notifications controller notifications: From 047ba6b24df9977ec773ca5cf0f00a70565e5c06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Sell=C3=A9s=20Rosa?= <1088313+Fsero@users.noreply.github.com> Date: Tue, 11 Jul 2023 17:39:35 +0200 Subject: [PATCH 229/768] feat(argocd-apps): add permitOnlyProjectScopedClusters flag (#2149) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabián Sellés Rosa <1088313+Fsero@users.noreply.github.com> --- charts/argocd-apps/Chart.yaml | 4 ++-- charts/argocd-apps/templates/projects.yaml | 3 +++ charts/argocd-apps/values.yaml | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index fc733b22..8eeb0888 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.2.0 +version: 1.3.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Rollout strategy for ApplicationSet + description: add permitOnlyProjectScopedClusters flag to Projects defaulting to false diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index f747d1b6..f4c273e8 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -22,6 +22,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- with .permitOnlyProjectScopedClusters }} + permitOnlyProjectScopedClusters: {{ . }} + {{- end }} description: {{ .description }} {{- with .sourceRepos }} sourceRepos: diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 500849df..0c329dfe 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -48,6 +48,7 @@ projects: [] # namespace: argocd # additionalLabels: {} # additionalAnnotations: {} +# permitOnlyProjectScopedClusters: false # finalizers: # - resources-finalizer.argocd.argoproj.io # description: Example Project From e15b7b70185f56ae98b372eca367b437d6feb271 Mon Sep 17 00:00:00 2001 From: Angelo Ross Date: Thu, 13 Jul 2023 11:05:13 -0300 Subject: [PATCH 230/768] feat(argo-cd): Allow configuring Dex's init image resources separately (#2161) Allow configuring Dex's init image resources separately Signed-off-by: Angelo Ross --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/dex/deployment.yaml | 2 +- charts/argo-cd/values.yaml | 9 +++++++++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d0fcc045..bd9a8de4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.38.1 +version: 5.39.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Adding the option to set `annotations` for `Certificate` resources + description: Allow configuring Dex's init image resources separately diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 048a62e9..deaad2ba 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -864,6 +864,7 @@ server: | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | | dex.initImage.repository | string | `""` (defaults to global.image.repository) | Argo CD init image repository | +| dex.initImage.resources | object | `{}` (defaults to dex.resources) | Argo CD init image resources | | dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag | | dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 | | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index ce9741d2..abca6e14 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -149,7 +149,7 @@ spec: - mountPath: /tmp name: dexconfig resources: - {{- toYaml .Values.dex.resources | nindent 10 }} + {{- toYaml (default .Values.dex.resources .Values.dex.initImage.resources) | nindent 10 }} {{- with .Values.dex.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b6216977..83ecff3e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -951,6 +951,15 @@ dex: # -- Argo CD init image imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" + # -- Argo CD init image resources + # @default -- `{}` (defaults to dex.resources) + resources: {} + # requests: + # cpu: 5m + # memory: 96Mi + # limits: + # cpu: 10m + # memory: 144Mi # -- Environment variables to pass to the Dex server env: [] From a7b65a37f999dc4c647611f1311c55eee16318e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 15:37:43 +0900 Subject: [PATCH 231/768] chore(deps): bump helm/kind-action from 1.7.0 to 1.8.0 (#2163) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/fa81e57adff234b2908110485695db0f181f3c67...dda0770415bac9fc20092cacbc54aa298604d140) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index c96b4b85..c7c22af1 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0 + uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From 3821d6309fb480143b833f2a68034a51630ead9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 15:39:22 +0900 Subject: [PATCH 232/768] chore(deps): bump actions/labeler from 4.2.0 to 4.3.0 (#2164) Bumps [actions/labeler](https://github.com/actions/labeler) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/0967ca812e7fdc8f5f71402a1b486d5bd061fe20...ac9175f8a1f3625fd0d4fb234536d26811351594) --- updated-dependencies: - dependency-name: actions/labeler dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 18a87c50..d22ac750 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@0967ca812e7fdc8f5f71402a1b486d5bd061fe20 # v4.2.0 + - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 6dab4fa326a1beb1a468ac5d4eb69aabd0942587 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 15:53:14 +0900 Subject: [PATCH 233/768] chore(deps): bump actions/setup-python from 4.6.1 to 4.7.0 (#2165) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.1 to 4.7.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/bd6b4b6205c4dbad673328db7b31b7fab9e241c0...61a6322f88396a6271a6ee3565807d608ecaddd1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index c7c22af1..bd8d2255 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 + uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 with: python-version: 3.9 From e053486fab0d0363e631d0742779d0af79a97b15 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Mon, 17 Jul 2023 11:56:13 +0200 Subject: [PATCH 234/768] fix(argo-cd): Ensure `app.kubernetes.io/version` label is valid (#2148) Signed-off-by: Mathieu Parent --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_common.tpl | 9 ++++++++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bd9a8de4..b87afdd3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.39.0 +version: 5.39.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Allow configuring Dex's init image resources separately + - kind: fixed + description: Ensure `app.kubernetes.io/version` label is valid diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl index f8c84c9c..4173876c 100644 --- a/charts/argo-cd/templates/_common.tpl +++ b/charts/argo-cd/templates/_common.tpl @@ -38,6 +38,13 @@ Create Argo CD app version {{- default .Chart.AppVersion .Values.global.image.tag }} {{- end -}} +{{/* +Return valid version label +*/}} +{{- define "argo-cd.versionLabelValue" -}} +{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "argo-cd.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }} +{{- end -}} + {{/* Common labels */}} @@ -46,7 +53,7 @@ helm.sh/chart: {{ include "argo-cd.chart" .context }} {{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argocd -app.kubernetes.io/version: {{ include "argo-cd.defaultTag" .context }} +app.kubernetes.io/version: {{ include "argo-cd.versionLabelValue" .context }} {{- with .context.Values.global.additionalLabels }} {{ toYaml . }} {{- end }} From afccb2e5d469c61b327d6f47001297b5ba079422 Mon Sep 17 00:00:00 2001 From: Zach Swanson <1272954+zswanson@users.noreply.github.com> Date: Mon, 17 Jul 2023 08:20:47 -0400 Subject: [PATCH 235/768] feat(argo-cd): allow configurable hpa metrics (#2166) * allow configurable HPA metrics Signed-off-by: Zach Swanson * update docs Signed-off-by: Zach Swanson * Update chart version and changelog Signed-off-by: Zach Swanson Signed-off-by: Zach Swanson * Fix values/readme reference to repo server Signed-off-by: Zach Swanson --------- Signed-off-by: Zach Swanson Signed-off-by: Zach Swanson Signed-off-by: Zach Swanson <1272954+zswanson@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/argocd-repo-server/hpa.yaml | 4 ++++ charts/argo-cd/templates/argocd-server/hpa.yaml | 4 ++++ charts/argo-cd/values.yaml | 6 ++++++ 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b87afdd3..3736bba1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.39.1 +version: 5.40.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Ensure `app.kubernetes.io/version` label is valid + - kind: changed + description: Allow configurable metrics in server and repoServer HPAs diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index deaad2ba..863ae8bb 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -576,6 +576,7 @@ NAME: my-release | repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | +| repoServer.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD repo server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | | repoServer.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the repo server [HPA] | | repoServer.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the repo server [HPA] | | repoServer.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the repo server [HPA] | @@ -673,6 +674,7 @@ NAME: my-release | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | +| server.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | | server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo CD server [HPA] | | server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] | | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index 2cba8324..ef3d5e80 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -14,6 +14,9 @@ spec: minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} metrics: + {{- if .Values.repoServer.autoscaling.metrics }} + {{- toYaml .Values.repoServer.autoscaling.metrics | nindent 4 }} + {{- else }} {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: @@ -38,6 +41,7 @@ spec: type: Utilization {{- end }} {{- end }} + {{- end }} {{- with .Values.repoServer.autoscaling.behavior }} behavior: {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index cbc17c31..c19b8943 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -14,6 +14,9 @@ spec: minReplicas: {{ .Values.server.autoscaling.minReplicas }} maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} metrics: + {{- if .Values.server.autoscaling.metrics }} + {{ toYaml .Values.server.autoscaling.metrics | nindent 4 }} + {{- else }} {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: @@ -38,6 +41,7 @@ spec: type: Utilization {{- end }} {{- end }} + {{- end}} {{- with .Values.server.autoscaling.behavior }} behavior: {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 83ecff3e..38f9b2d7 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1476,6 +1476,9 @@ server: # - type: Pods # value: 2 # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] ## Argo CD server Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ @@ -2043,6 +2046,9 @@ repoServer: # - type: Pods # value: 2 # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD repo server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] ## Repo server Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ From c2f813ec6241b016a6907238c87eadf8a9feb505 Mon Sep 17 00:00:00 2001 From: Alex Souslik Date: Tue, 18 Jul 2023 09:51:14 +0300 Subject: [PATCH 236/768] feat(argo-cd): make ServiceMonitor deployment conditional on CRD existence (#2154) * made ServiceMonitor deployment conditional on CRD existence Signed-off-by: alex-souslik-hs * remove non ArgoCD changes Signed-off-by: alex-souslik-hs * add newline Signed-off-by: Alex Souslik * Change chage description Signed-off-by: Alex Souslik * Update charts/argo-cd/Chart.yaml Co-authored-by: Marco Kilchhofer Signed-off-by: Alex Souslik --------- Signed-off-by: alex-souslik-hs Signed-off-by: Alex Souslik Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 4 ++-- .../argocd-application-controller/servicemonitor.yaml | 2 +- .../templates/argocd-applicationset/servicemonitor.yaml | 2 +- .../templates/argocd-notifications/servicemonitor.yaml | 2 +- .../argo-cd/templates/argocd-repo-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/argocd-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/dex/servicemonitor.yaml | 2 +- charts/argo-cd/templates/redis/servicemonitor.yaml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3736bba1..1b8a0ae1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.40.0 +version: 5.41.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Allow configurable metrics in server and repoServer HPAs + description: Make ServiceMonitor deployment conditional on CRD existence diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 10ba7767..3ce0c10d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index bb814a25..b3554675 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -1,5 +1,5 @@ {{- if .Values.applicationSet.enabled }} -{{- if and .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index de3cc5a3..18849886 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index aec96461..c41520b7 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 65d102e3..f876a1a1 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 21d12be2..00f2a238 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 46a7e32c..6f036a80 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -1,5 +1,5 @@ {{- $redisHa := (index .Values "redis-ha") -}} -{{- if and .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled .Values.redis.metrics.serviceMonitor.enabled -}} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled .Values.redis.metrics.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: From 5f46ee820fd19e0b24c50f71aa9169be59192eac Mon Sep 17 00:00:00 2001 From: smcavallo Date: Wed, 19 Jul 2023 18:26:08 -0400 Subject: [PATCH 237/768] feat(argo-cd): Upgrade argocd to v2.7.8 (#2173) Signed-off-by: smcavallo --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1b8a0ae1..72c178b1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.7 +appVersion: v2.7.8 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.41.0 +version: 5.41.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Make ServiceMonitor deployment conditional on CRD existence + description: Update to app version 2.7.8 From 000d8c71285f60c7fccc8e40bfab805da7dddebb Mon Sep 17 00:00:00 2001 From: Takuma Kume Date: Fri, 21 Jul 2023 02:26:23 +0900 Subject: [PATCH 238/768] feat(argo-rollouts): Upgrade Argo Rollouts to v1.5.1 (#2174) --- charts/argo-rollouts/Chart.yaml | 8 ++++---- charts/argo-rollouts/templates/crds/rollout-crd.yaml | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 67175469..62ab9f05 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.5.0 +appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.0 +version: 2.31.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support Traffic Router Plugins + - kind: changed + description: Update to app version 1.5.1 diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 0fafbab3..45f59ee0 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3328,7 +3328,6 @@ spec: type: string required: - arn - - fullName - name type: object loadBalancer: @@ -3341,7 +3340,6 @@ spec: type: string required: - arn - - fullName - name type: object stableTargetGroup: @@ -3354,7 +3352,6 @@ spec: type: string required: - arn - - fullName - name type: object type: object From 137bb9e177f85f63a8c1214c17ec82830f069760 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Thu, 20 Jul 2023 18:19:59 -0500 Subject: [PATCH 239/768] chore(argo-workflows): Upgrade to 3.4.9 (#2175) chore(argo-workflow): Upgrade to 3.4.9 - [ ] update CRD changes Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index ade0d8b5..96912cf2 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.8 +appVersion: v3.4.9 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.31.0 +version: 0.32.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for artifactRepositoryRef + - kind: changed + description: Upgrade to Argo Workflows v3.4.9 From 83e5d83492f18c301fe62eebb56e6db98757cabb Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Sat, 22 Jul 2023 15:46:38 +0200 Subject: [PATCH 240/768] feat(argocd-apps): syncOptions for applications (#2176) Signed-off-by: Mathieu Parent Co-authored-by: Aikawa --- charts/argocd-apps/Chart.yaml | 4 ++-- charts/argocd-apps/templates/applications.yaml | 4 ++++ charts/argocd-apps/values.yaml | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 8eeb0888..cc690f7f 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.3.0 +version: 1.4.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: add permitOnlyProjectScopedClusters flag to Projects defaulting to false + description: syncOptions for applications diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml index df0ea5eb..0cf3420b 100644 --- a/charts/argocd-apps/templates/applications.yaml +++ b/charts/argocd-apps/templates/applications.yaml @@ -37,6 +37,10 @@ spec: syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .syncOptions }} + syncOptions: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .revisionHistoryLimit }} revisionHistoryLimit: {{ . }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 0c329dfe..9311a44c 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -30,6 +30,8 @@ applications: [] # automated: # prune: false # selfHeal: false +# syncOptions: +# - CreateNamespace=true # revisionHistoryLimit: null # ignoreDifferences: # - group: apps From 0453552b320712d20be65d9ba3f56644842dd84c Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 23 Jul 2023 13:25:51 +0900 Subject: [PATCH 241/768] fix(argocd-apps): fix indent of syncOptions (#2181) --- charts/argocd-apps/Chart.yaml | 4 ++-- charts/argocd-apps/ci/applications-values.yaml | 2 ++ charts/argocd-apps/templates/applications.yaml | 4 ---- charts/argocd-apps/values.yaml | 4 ++-- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index cc690f7f..5494db99 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.4.0 +version: 1.4.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added + - kind: fixed description: syncOptions for applications diff --git a/charts/argocd-apps/ci/applications-values.yaml b/charts/argocd-apps/ci/applications-values.yaml index 9d8b21bf..28a627ff 100644 --- a/charts/argocd-apps/ci/applications-values.yaml +++ b/charts/argocd-apps/ci/applications-values.yaml @@ -20,6 +20,8 @@ applications: automated: prune: false selfHeal: false + syncOptions: + - ApplyOutOfSyncOnly=true revisionHistoryLimit: null ignoreDifferences: - group: apps diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml index 0cf3420b..df0ea5eb 100644 --- a/charts/argocd-apps/templates/applications.yaml +++ b/charts/argocd-apps/templates/applications.yaml @@ -37,10 +37,6 @@ spec: syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .syncOptions }} - syncOptions: - {{- toYaml . | nindent 4 }} - {{- end }} {{- with .revisionHistoryLimit }} revisionHistoryLimit: {{ . }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 9311a44c..a7996369 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -30,8 +30,8 @@ applications: [] # automated: # prune: false # selfHeal: false -# syncOptions: -# - CreateNamespace=true +# syncOptions: +# - CreateNamespace=true # revisionHistoryLimit: null # ignoreDifferences: # - group: apps From f2da20bb753a7d9f28157f0ba39d6db62922431e Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Sun, 23 Jul 2023 19:48:47 -0400 Subject: [PATCH 242/768] chore(github): use table for Emeritus (#2182) - to matches how `argoproj` lists Alumni (https://github.com/argoproj/argoproj/blob/6011d3e17300d4b642a1ab5bdb3551c5f6da9021/MAINTAINERS.md?plain=1#L11) - though it has more details including role and affiliation. could do that here too, but I don't know what all those are, so left those columns out - fortunately everyone's name was listed on their profile, so just copy+paste those! - confirmed that all links work Signed-off-by: Anton Gilgur --- EMERITUS.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/EMERITUS.md b/EMERITUS.md index 2c299690..c0ff9674 100644 --- a/EMERITUS.md +++ b/EMERITUS.md @@ -4,9 +4,11 @@ These are the people who have been approvers in the past, and have since retired We thank them for their service to the project. -* @oliverbaehler -* @stefansedich -* @paguos -* @yann-soubeyrand -* @davidkarlsen -* @jbehling +| Emeritus | GitHub ID | +| -------- | --------- | +| Oliver Bähler | [oliverbaehler](https://github.com/oliverbaehler) | +| Stefan Sedich | [stefansedich](https://github.com/stefansedich) | +| Pablo Osinaga | [paguos](https://github.com/paguos) | +| Yann Soubeyrand | [yann-soubeyrand](https://github.com/yann-soubeyrand) | +| David J. M. Karlsen | [davidkarlsen](https://github.com/davidkarlsen) | +| John Behling | [jbehling](https://github.com/jbehling) | From 5f1d08de0b0f10a650d09609abf17b22816430d5 Mon Sep 17 00:00:00 2001 From: Artur Date: Tue, 25 Jul 2023 03:22:46 +0300 Subject: [PATCH 243/768] fix(argo-rollouts): Use annotation cont metrics (#2184) * fix(argo-rollouts): Use annotation cont metrics Signed-off-by: Artur Mudrykh * fix(argo-rollouts): add changes and bump version Signed-off-by: Artur Mudrykh * fix chart.yaml Signed-off-by: Artur Mudrykh --------- Signed-off-by: Artur Mudrykh Co-authored-by: Artur Mudrykh --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 1 + .../argo-rollouts/templates/controller/metrics-service.yaml | 5 ++++- charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 62ab9f05..c073adcb 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.1 +version: 2.31.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Update to app version 1.5.1 + - kind: fixed + description: Fix use prometheus metrics service diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 5add40c3..4e028779 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -91,6 +91,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.service.annotations | object | `{}` | Service annotations | | controller.metrics.service.port | int | `8090` | Metrics service port | | controller.metrics.service.portName | string | `"metrics"` | Metrics service port name | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | diff --git a/charts/argo-rollouts/templates/controller/metrics-service.yaml b/charts/argo-rollouts/templates/controller/metrics-service.yaml index e04d326a..671a0837 100644 --- a/charts/argo-rollouts/templates/controller/metrics-service.yaml +++ b/charts/argo-rollouts/templates/controller/metrics-service.yaml @@ -7,8 +7,11 @@ metadata: labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} - {{- with .Values.serviceAnnotations }} annotations: + {{- with .Values.serviceAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.service.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index b81ee53a..f9d8e1cf 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -127,6 +127,8 @@ controller: portName: metrics # -- Metrics service port port: 8090 + # -- Service annotations + annotations: {} serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false From 278a32671bebe8ea503b7d73619b3cdf389105a2 Mon Sep 17 00:00:00 2001 From: Venkata Mutyala Date: Mon, 24 Jul 2023 19:09:41 -0700 Subject: [PATCH 244/768] chore(argo-cd): Upgrade Argo CD to v2.7.9 (#2186) feat(argo-cd): Upgrade argocd to v2.7.9 Signed-off-by: Venkata Mutyala --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 72c178b1..79b9fb03 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.8 +appVersion: v2.7.9 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.41.1 +version: 5.41.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Update to app version 2.7.8 + description: Update to app version v2.7.9 From 98da71eb87def0ea9cb57dfe86e17c6256407cd0 Mon Sep 17 00:00:00 2001 From: Andy Cobaugh Date: Thu, 27 Jul 2023 09:57:46 -0400 Subject: [PATCH 245/768] feat(argo-workflows): allow setting executor args (#2177) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-config-map.yaml | 5 ++++- charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 96912cf2..681b73b9 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.9 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.32.0 +version: 0.32.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade to Argo Workflows v3.4.9 + - kind: added + description: Add support for executor args diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index b445df25..eb57fe44 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -230,6 +230,7 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| +| executor.args | list | `[]` | Passes arguments to the executor processes | | executor.env | list | `[]` | Adds environment variables for the executor. | | executor.image.pullPolicy | string | `""` | Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`. | | executor.image.registry | string | `"quay.io"` | Registry to use for the Workflow Executors | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 680b436f..d4728a30 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -42,12 +42,15 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} + {{- if or .Values.executor.resources .Values.executor.env .Values.executor.args .Values.executor.securityContext}} executor: imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.executor.image.pullPolicy }} {{- with .Values.executor.resources }} resources: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.executor.args }} + args: {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.executor.env }} env: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index cd992c10..bfc3ce3f 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -382,6 +382,8 @@ executor: pullPolicy: "" # -- Resource limits and requests for the Workflow Executors resources: {} + # -- Passes arguments to the executor processes + args: [] # -- Adds environment variables for the executor. env: [] # -- sets security context for the executor container From c358b5e71f8a9259d937c9bb1a6a34c9f1f478d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?carlos=20gonz=C3=A1lez?= Date: Thu, 27 Jul 2023 23:44:15 +0200 Subject: [PATCH 246/768] feat(argo-cd): add labels to notifications secret (#2191) (#2192) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: carlos gonzález --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../argocd-configs/argocd-notifications-secret.yaml | 3 +++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 79b9fb03..bb918178 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.9 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.41.2 +version: 5.42.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Update to app version v2.7.9 + - kind: added + description: Extra secret labels with .Values.notifications.secret.labels diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 863ae8bb..79d134b6 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1195,6 +1195,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | +| notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret | | notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | notifications.serviceAccount.create | bool | `true` | Create notifications controller service account | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index cde4d555..75027ed5 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.notifications.secret.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 38f9b2d7..aa071644 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2795,6 +2795,9 @@ notifications: # -- key:value pairs of annotations to be added to the secret annotations: {} + # -- key:value pairs of labels to be added to the secret + labels: {} + # -- Generic key:value pairs to be inserted into the secret ## Can be used for templates, notification services etc. Some examples given below. ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ From 4ebeac0d8c89582f81cd9ab2daee1b158ad01cbf Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 1 Aug 2023 14:57:18 +0900 Subject: [PATCH 247/768] chore(argo-cd): Upgrade Argo CD to v2.7.10 (#2197) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bb918178..a78601a5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.9 +appVersion: v2.7.10 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.42.0 +version: 5.42.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Extra secret labels with .Values.notifications.secret.labels + - kind: changed + description: Upgrade Argo CD to v2.7.10 From 962342fe2acef6022ac5c1a3eb352b336308b3eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20SANCHEZ?= Date: Tue, 1 Aug 2023 11:07:17 +0200 Subject: [PATCH 248/768] fix(argo-rollouts): fix helm lint error when extraObjects is defined (#2196) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix(extra-manifests): fix helm lint error when extraObjecrts is defined Signed-off-by: Grégory SANCHEZ Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/extra-manifests.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index c073adcb..1846575d 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.2 +version: 2.31.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fix use prometheus metrics service + description: Fix helm lint error when `extraObjects` is defined diff --git a/charts/argo-rollouts/templates/extra-manifests.yaml b/charts/argo-rollouts/templates/extra-manifests.yaml index f17b1a93..fc9a76b8 100644 --- a/charts/argo-rollouts/templates/extra-manifests.yaml +++ b/charts/argo-rollouts/templates/extra-manifests.yaml @@ -1,6 +1,6 @@ {{ range .Values.extraObjects }} --- -{{- if typeIs "string" . }} +{{ if typeIs "string" . }} {{- tpl . $ }} {{- else }} {{- tpl (toYaml .) $ }} From f0ac0b7cf400f9f00005e9436de41881a584547d Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sat, 5 Aug 2023 12:16:40 +0200 Subject: [PATCH 249/768] fix(argo-cd): Template configuration keys as a string instead of map (#2205) --- charts/argo-cd/Chart.yaml | 6 ++--- charts/argo-cd/templates/_helpers.tpl | 37 +++++++++++++++------------ 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a78601a5..8a4769ac 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.7.10 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.42.1 +version: 5.42.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.10 + - kind: fixed + description: Templates for global presets properly renders keys as a string instead of map diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 2786d6ed..c4c814da 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -162,9 +162,11 @@ Create the name of the notifications service account to use Argo Configuration Preset Values (Incluenced by Values configuration) */}} {{- define "argo-cd.config.cm.presets" -}} +{{- $presets := dict -}} {{- if .Values.configs.styles -}} -ui.cssurl: "./custom/custom.styles.css" +{{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} +{{- toYaml $presets }} {{- end -}} {{/* @@ -183,24 +185,25 @@ Merge Argo Configuration with Preset Configuration {{/* Argo Params Default Configuration Presets +NOTE: Configuration keys must be stored as dict because YAML treats dot as separator */}} {{- define "argo-cd.config.params.presets" -}} -repo.server: "{{ include "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}" -server.repo.server.strict.tls: {{ .Values.repoServer.certificateSecret.enabled | toString }} -{{- with include "argo-cd.redis.server" . }} -redis.server: {{ . | quote }} -{{- end }} -{{- if .Values.dex.enabled }} -server.dex.server: {{ include "argo-cd.dex.server" . | quote }} -server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }} -{{- end }} -{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" }} -{{ $component }}.log.format: {{ $.Values.global.logging.format | quote }} -{{ $component }}.log.level: {{ $.Values.global.logging.level | quote }} -{{- end }} -{{- if .Values.applicationSet.enabled }} -applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.replicaCount | int64) 1 }} -{{- end }} +{{- $presets := dict -}} +{{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}} +{{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}} +{{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}} +{{- if .Values.dex.enabled -}} +{{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}} +{{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}} +{{- end -}} +{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}} +{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} +{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} +{{- end -}} +{{- if .Values.applicationSet.enabled -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt (.Values.applicationSet.replicaCount | int64) 1) -}} +{{- end -}} +{{- toYaml $presets }} {{- end -}} {{/* From eae0bdd87117c2eb5e4f666196b6886f13b3f999 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 5 Aug 2023 19:26:24 +0900 Subject: [PATCH 250/768] fix(argo-rollouts): Add required ingress permission (#2207) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/controller/clusterrole.yaml | 1 + charts/argo-rollouts/templates/controller/role.yaml | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 1846575d..8cc669fb 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.3 +version: 2.31.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fix helm lint error when `extraObjects` is defined + description: Add required ingress permission diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 964daed3..ab0f7ee1 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -135,6 +135,7 @@ rules: - get - list - watch + - update - patch # job access needed for analysis template job metrics - apiGroups: diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index e3b80672..eb69db62 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -136,6 +136,7 @@ rules: - get - list - watch + - update - patch # job access needed for analysis template job metrics - apiGroups: From ebd1ad5103d3f352a4317fab935b305c91a1b9f3 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 8 Aug 2023 15:11:34 +0900 Subject: [PATCH 251/768] chore(argo-cd): Upgrade Argo CD to v2.7.11 (#2210) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8a4769ac..1e77b9db 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.10 +appVersion: v2.7.11 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.42.2 +version: 5.42.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Templates for global presets properly renders keys as a string instead of map + - kind: changed + description: Upgrade Argo CD to v2.7.11 From 4eae23b5806a97a5e081b0f3f877b9e3b5bf9cf1 Mon Sep 17 00:00:00 2001 From: Engin Diri Date: Tue, 8 Aug 2023 16:08:58 +0200 Subject: [PATCH 252/768] feat(github): add Helm OCI support (#2209) Signed-off-by: Engin Diri --- .github/workflows/publish.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c1d94025..c2d1dc24 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,6 +4,8 @@ on: push: branches: - main + paths: + - "charts/**" permissions: contents: read @@ -12,6 +14,7 @@ jobs: publish: permissions: contents: write # for helm/chart-releaser-action to push chart release and create a release + packages: write # to push OCI chart package to GitHub Registry runs-on: ubuntu-latest steps: - name: Checkout @@ -60,3 +63,20 @@ jobs: config: "./.github/configs/cr.yaml" env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Login to GHCR + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push chart to GHCR + run: | + shopt -s nullglob + for pkg in .cr-release-packages/*.tgz; do + if [ -z "${pkg:-}" ]; then + break + fi + helm push "${pkg}" oci://ghcr.io/${{ github.repository }} + done From 3e35b0c7f7d758d553b17f369cc5940484ef5d89 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 8 Aug 2023 16:35:41 +0200 Subject: [PATCH 253/768] feat(argo-cd): Upgrade Argo CD to 2.8.0 (#2170) Signed-off-by: Petr Drastil Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 2 +- .../statefulset.yaml | 12 + .../argocd-applicationset/deployment.yaml | 73 +- .../argocd-repo-server/deployment.yaml | 12 + .../templates/argocd-server/deployment.yaml | 12 + .../templates/crds/crd-application.yaml | 168 +- .../templates/crds/crd-applicationset.yaml | 2002 +++++++++++++++++ charts/argo-cd/values.yaml | 2 +- 9 files changed, 2264 insertions(+), 25 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1e77b9db..f85b8bb3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.7.11 +appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.42.3 +version: 5.43.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.7.11 + description: Upgrade Argo CD to 2.8.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 79d134b6..305f0923 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -461,7 +461,7 @@ NAME: my-release | configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | -| configs.params."server.enable.gzip" | bool | `false` | Enable GZIP compression | +| configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | | configs.params."server.insecure" | bool | `false` | Run server without TLS | | configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index b671e245..8faac38d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -236,6 +236,18 @@ spec: name: argocd-cmd-params-cm key: application.namespaces optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 0e00e28d..4da1597c 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -93,12 +93,6 @@ spec: key: applicationsetcontroller.enable.leader.election name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.namespace - name: argocd-cmd-params-cm - optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -111,6 +105,12 @@ spec: key: applicationsetcontroller.policy name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG valueFrom: configMapKeyRef: @@ -147,6 +147,54 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.concurrent.reconciliations.max + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} @@ -199,6 +247,8 @@ spec: name: gpg-keys - mountPath: /app/config/gpg/keys name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls - mountPath: /tmp name: tmp {{- with .Values.applicationSet.extraContainers }} @@ -248,6 +298,17 @@ spec: emptyDir: {} - name: tmp emptyDir: {} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt {{- with .Values.applicationSet.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index f438c8b5..b9959018 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -108,6 +108,18 @@ spec: name: argocd-cmd-params-cm key: reposerver.parallelism.limit optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.metrics.listen.address + optional: true - name: ARGOCD_REPO_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index cc928981..e3f322cb 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -263,6 +263,18 @@ spec: name: argocd-cmd-params-cm key: server.http.cookie.maxnumber optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true - name: ARGOCD_SERVER_OTLP_ADDRESS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index cbb480e6..b4d13a15 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -297,8 +297,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -586,8 +593,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -992,8 +1006,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1272,8 +1293,15 @@ spec: type: array values: description: Values specifies Helm values to be passed to - helm template, typically defined as a block + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1438,7 +1466,7 @@ spec: as part of automated sync (default: false)' type: boolean selfHeal: - description: 'SelfHeal specifes whether to revert resources + description: 'SelfHeal specifies whether to revert resources back to their desired state upon modification in the cluster (default: false)' type: boolean @@ -1502,7 +1530,7 @@ spec: conditions items: description: ApplicationCondition contains details about an application - condition, which is usally an error or warning + condition, which is usually an error or warning properties: lastTransitionTime: description: LastTransitionTime is the time the condition was @@ -1521,6 +1549,10 @@ spec: - type type: object type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string health: description: Health contains information about the application's current health status @@ -1700,8 +1732,15 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -1993,8 +2032,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2431,8 +2478,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over + Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2740,8 +2794,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined - as a block + as a block. ValuesObject takes precedence + over Values, so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -2951,6 +3012,19 @@ spec: syncResult: description: SyncResult is the result of a Sync operation properties: + managedNamespaceMetadata: + description: ManagedNamespaceMetadata contains the current + sync state of managed namespace metadata + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object resources: description: Resources contains a list of sync result items for each individual resource in a sync operation @@ -3153,8 +3227,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3457,8 +3539,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -3728,6 +3817,42 @@ spec: and must be set to the Kubernetes control plane API type: string type: object + ignoreDifferences: + description: IgnoreDifferences is a reference to the application's + ignored differences used for comparison + items: + description: ResourceIgnoreDifferences contains resource + filter and list of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array source: description: Source is a reference to the application's source used for comparison @@ -3866,8 +3991,16 @@ spec: type: array values: description: Values specifies Helm values to be passed - to helm template, typically defined as a block + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") @@ -4170,8 +4303,15 @@ spec: values: description: Values specifies Helm values to be passed to helm template, typically defined as - a block + a block. ValuesObject takes precedence over Values, + so use one or the other. type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true version: description: Version is the Helm version to use for templating ("3") diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index ad35b062..fa0d926a 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -40,6 +40,8 @@ spec: type: object spec: properties: + applyNestedSelectors: + type: boolean generators: items: properties: @@ -235,6 +237,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -412,6 +417,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -748,6 +756,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -925,6 +936,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1265,6 +1279,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1442,6 +1459,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1586,6 +1606,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -1758,6 +1782,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -1935,6 +1962,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2279,6 +2309,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2456,6 +2489,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2792,6 +2828,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -2969,6 +3008,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3309,6 +3351,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3486,6 +3531,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3630,6 +3678,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -3802,6 +3854,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -3979,6 +4034,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4130,8 +4188,595 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -4168,6 +4813,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -4227,6 +4874,8 @@ spec: properties: api: type: string + insecure: + type: boolean labels: items: type: string @@ -4411,6 +5060,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4588,6 +5240,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -4735,6 +5390,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -4891,6 +5566,8 @@ spec: type: string includeSubgroups: type: boolean + insecure: + type: boolean tokenRef: properties: key: @@ -5067,6 +5744,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5244,6 +5924,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5388,6 +6071,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -5574,6 +6261,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -5751,6 +6441,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6095,6 +6788,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6272,6 +6968,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6608,6 +7307,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -6785,6 +7487,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7125,6 +7830,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7302,6 +8010,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7446,6 +8157,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object required: - repoURL - revision @@ -7618,6 +8333,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7795,6 +8513,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -7946,8 +8667,595 @@ spec: x-kubernetes-preserve-unknown-fields: true merge: x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -7984,6 +9292,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -8043,6 +9353,8 @@ spec: properties: api: type: string + insecure: + type: boolean labels: items: type: string @@ -8227,6 +9539,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8404,6 +9719,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -8551,6 +9869,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -8707,6 +10045,8 @@ spec: type: string includeSubgroups: type: boolean + insecure: + type: boolean tokenRef: properties: key: @@ -8883,6 +10223,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9060,6 +10403,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9204,6 +10550,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -9394,6 +10744,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9571,6 +10924,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -9719,8 +11075,595 @@ spec: - generators - mergeKeys type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object pullRequest: properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object bitbucketServer: properties: api: @@ -9757,6 +11700,8 @@ spec: properties: branchMatch: type: string + targetBranchMatch: + type: string type: object type: array gitea: @@ -9816,6 +11761,8 @@ spec: properties: api: type: string + insecure: + type: boolean labels: items: type: string @@ -10000,6 +11947,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10177,6 +12127,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10324,6 +12277,26 @@ spec: type: object scmProvider: properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object azureDevOps: properties: accessTokenRef: @@ -10480,6 +12453,8 @@ spec: type: string includeSubgroups: type: boolean + insecure: + type: boolean tokenRef: properties: key: @@ -10656,6 +12631,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10833,6 +12811,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -10977,6 +12958,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object selector: properties: @@ -11005,6 +12990,10 @@ spec: type: array goTemplate: type: boolean + goTemplateOptions: + items: + type: string + type: array preservedFields: properties: annotations: @@ -11045,6 +13034,13 @@ spec: type: object syncPolicy: properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string preserveResourcesOnDeletion: type: boolean type: object @@ -11208,6 +13204,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object @@ -11385,6 +13384,9 @@ spec: type: array values: type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true version: type: string type: object diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index aa071644..fb1db35c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -253,7 +253,7 @@ configs: # -- Disable Argo CD RBAC for user authentication server.disable.auth: false # -- Enable GZIP compression - server.enable.gzip: false + server.enable.gzip: true # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin From b9c7b3104a8957a221362dab7e3d4daab989a9dd Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Tue, 8 Aug 2023 19:03:57 -0500 Subject: [PATCH 254/768] fix(argo-rollouts): add CI for enabling extra objects for argo-rollouts (#2198) * fix(argo-rollouts): add CI for enabling extra objects for argo-rollouts Add CI for extra objects Signed-off-by: jmeridth * fix: rename extra objects ci file to have -values suffix Signed-off-by: jmeridth --------- Signed-off-by: jmeridth Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 6 +++--- .../ci/enable-extra-objects-values.yaml | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 charts/argo-rollouts/ci/enable-extra-objects-values.yaml diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 8cc669fb..0bf8dfcb 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.4 +version: 2.31.5 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add required ingress permission + - kind: added + description: Add CI example for extra objects diff --git a/charts/argo-rollouts/ci/enable-extra-objects-values.yaml b/charts/argo-rollouts/ci/enable-extra-objects-values.yaml new file mode 100644 index 00000000..8d18ecd3 --- /dev/null +++ b/charts/argo-rollouts/ci/enable-extra-objects-values.yaml @@ -0,0 +1,14 @@ +# Test with extraObjects enabled +# Do not deploy the CRDs as they are already present from the previous test +installCRDs: false + +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: datadog + type: Opaque + data: + address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com + api-key: dGVzdC1hcGkta2V5Cg== # test-api-key + app-key: dGVzdC1hcHAta2V5Cg== # test-app-key From 51e22106314012c2b4e620ad90b59340b5afb39e Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 9 Aug 2023 10:19:54 +0200 Subject: [PATCH 255/768] fix(argo-cd): Fix global log level configuration (#2213) fix(argo-cd) - Fix global log level configuration Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_helpers.tpl | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f85b8bb3..6140b2cb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.0 +version: 5.43.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to 2.8.0 + - kind: fixed + description: Fixed global log level configuration diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index c4c814da..05852686 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -198,7 +198,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- end -}} {{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}} {{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} -{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} +{{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} {{- end -}} {{- if .Values.applicationSet.enabled -}} {{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt (.Values.applicationSet.replicaCount | int64) 1) -}} From 4b7dcd0d31531f44a275729e86880d52c75323ed Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 9 Aug 2023 10:35:48 +0200 Subject: [PATCH 256/768] chore(argo-cd): Change applicationSet replicaCount to replicas (#2214) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 8 +++++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/templates/NOTES.txt | 3 +++ .../templates/argocd-applicationset/deployment.yaml | 2 +- charts/argo-cd/values.yaml | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6140b2cb..821de850 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.1 +version: 5.43.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed global log level configuration + - kind: changed + description: Renamed applicationSet.replicaCount to replicas + - kind: deprecated + description: Option applicationSet.replicaCount diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 305f0923..45a97eb5 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1113,7 +1113,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | applicationSet.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| applicationSet.replicaCount | int | `1` | The number of ApplicationSet controller pods to run | +| applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | | applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index d79d95f0..afd18a1b 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -73,6 +73,9 @@ DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations {{- if hasKey .Values.configs "tlsCerts" }} DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates {{- end }} +{{- if .Values.applicationSet.replicaCount }} +DEPRECATED option applicationSet.replicaCount - Use applicationSet.replicas +{{- end }} {{- if .Values.applicationSet.logFormat }} DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 4da1597c..d8fb8cbc 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -17,7 +17,7 @@ spec: strategy: {{- trim . | nindent 4 }} {{- end }} - replicas: {{ .Values.applicationSet.replicaCount }} + replicas: {{ .Values.applicationSet.replicas | default .Values.applicationSet.replicaCount }} revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fb1db35c..341cf8da 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2373,7 +2373,7 @@ applicationSet: name: applicationset-controller # -- The number of ApplicationSet controller pods to run - replicaCount: 1 + replicas: 1 ## ApplicationSet controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ From 23708c6a30e059aa2896dbedc4a4ec52d7674ff7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Can=C3=A9vet?= Date: Thu, 10 Aug 2023 00:18:37 +0200 Subject: [PATCH 257/768] fix(argo-cd): add missing permissions to run actions (#2212) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mickaël Canévet --- charts/argo-cd/Chart.yaml | 8 +++----- .../argo-cd/templates/argocd-server/clusterrole.yaml | 12 ++++++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 821de850..fc7614e1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.2 +version: 5.43.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Renamed applicationSet.replicaCount to replicas - - kind: deprecated - description: Option applicationSet.replicaCount + - kind: fixed + description: add missing permissions to run actions diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 0f26d470..3d2c44b5 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -45,4 +45,16 @@ rules: - list - update - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create {{- end }} From a64615414d61500835a3de0723a8a9e099540ade Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Thu, 10 Aug 2023 21:14:54 -0400 Subject: [PATCH 258/768] fix(argo-workflows): Server only needs `get` Secrets (#2211) - as of https://github.com/argoproj/argo-workflows/commit/aa366db345d794f0d330336d51eb2a88f14ebbe6, the Server no longer needs `list` or `watch` and only uses `get` - this was released as part of [v3.4.0](https://github.com/argoproj/argo-workflows/blob/master/CHANGELOG.md#v340-rc1-2022-08-09), and the current version of the chart uses v3.4.9 (per `Chart.yaml#appVersion`) - `update` is not needed either for SSO secret - manifests RBAC: https://github.com/argoproj/argo-workflows/blob/a68ea0feabc87c09d5e13d12e6f0d1a61adc5b16/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml#L18 - SSO source code only uses [`create`](https://github.com/argoproj/argo-workflows/blob/20d0923611f1df6b7147c3547aeeff6b6bfecf18/server/auth/sso/sso.go#L140) and [`get`](https://github.com/argoproj/argo-workflows/blob/20d0923611f1df6b7147c3547aeeff6b6bfecf18/server/auth/sso/sso.go#L151) - (also some `get`s above that for [`clientID`](https://github.com/argoproj/argo-workflows/blob/20d0923611f1df6b7147c3547aeeff6b6bfecf18/server/auth/sso/sso.go#L127) and [`clientSecret`](https://github.com/argoproj/argo-workflows/blob/20d0923611f1df6b7147c3547aeeff6b6bfecf18/server/auth/sso/sso.go#L106) as well) Signed-off-by: Anton Gilgur Co-authored-by: Aikawa Co-authored-by: Jason Meridth --- charts/argo-workflows/Chart.yaml | 6 +++--- .../templates/server/server-cluster-roles.yaml | 3 --- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 681b73b9..c9ae07a5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.9 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.32.1 +version: 0.32.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for executor args + - kind: fixed + description: Removed Secrets list and watch from Server RBAC diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 2a52d956..56d4dcaa 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -47,7 +47,6 @@ rules: - sso verbs: - get - - update - apiGroups: - "" resources: @@ -71,8 +70,6 @@ rules: - secrets verbs: - get - - list - - watch {{- if and .Values.server.sso.enabled .Values.server.sso.rbac.enabled }} {{- with .Values.server.sso.rbac.secretWhitelist }} resourceNames: {{- toYaml . | nindent 4 }} From 4e0698ec43f63267e63d741f9bcb8c8489c53859 Mon Sep 17 00:00:00 2001 From: Ali Reza Date: Tue, 15 Aug 2023 10:57:28 +0200 Subject: [PATCH 259/768] docs(argo-cd): Rename comment of repositoryCredentials to credentialTemplates (#2219) Rename comment of repositoryCredentials to credentialTemplates Signed-off-by: Ali Reza --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fc7614e1..6865acb0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.3 +version: 5.43.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: add missing permissions to run actions + description: Rename comment of repositoryCredentials to credentialTemplates diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 341cf8da..d748234e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -476,7 +476,7 @@ configs: # -- Repositories list to be used by applications ## Creates a secret for each key/value specified below to create repositories - ## Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredentials". + ## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates". repositories: {} # istio-helm-repo: # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts From 3737457b0fd8e3f05da8aec80da86911be24fcf6 Mon Sep 17 00:00:00 2001 From: Nick Kampe Date: Wed, 16 Aug 2023 02:01:43 -0500 Subject: [PATCH 260/768] feat(argo-rollouts): update servicemonitor.yaml to allow for namespace to be set (#2222) * Update servicemonitor.yaml to allow for namespace to be set Signed-off-by: Nick Kampe * Update README.md Signed-off-by: Nick Kampe * Update values.yaml Signed-off-by: Nick Kampe * Update Chart.yaml Signed-off-by: Nick Kampe * Update Chart.yaml Signed-off-by: Nick Kampe * Alphabetized namespace addition in README Signed-off-by: Nick Kampe --------- Signed-off-by: Nick Kampe --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + charts/argo-rollouts/templates/controller/servicemonitor.yaml | 2 +- charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 0bf8dfcb..2aba36f1 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.5.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.5 +version: 2.31.6 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Add CI example for extra objects + description: Add ability to set namespace on ServiceMonitor resource diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 4e028779..b9198998 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -98,6 +98,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Namespace to be used for the ServiceMonitor | | controller.metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping | | controller.nodeSelector | object | `{}` | [Node selector] | | controller.pdb.annotations | object | `{}` | Annotations to be added to controller [Pod Disruption Budget] | diff --git a/charts/argo-rollouts/templates/controller/servicemonitor.yaml b/charts/argo-rollouts/templates/controller/servicemonitor.yaml index 62713764..d7ab901e 100644 --- a/charts/argo-rollouts/templates/controller/servicemonitor.yaml +++ b/charts/argo-rollouts/templates/controller/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argo-rollouts.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index f9d8e1cf..b711ee37 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -132,6 +132,8 @@ controller: serviceMonitor: # -- Enable a prometheus ServiceMonitor enabled: false + # -- Namespace to be used for the ServiceMonitor + namespace: "" # -- Labels to be added to the ServiceMonitor additionalLabels: {} # -- Annotations to be added to the ServiceMonitor From 92b2724b0fa82186bb13c452947c216cc04bd5f0 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Wed, 16 Aug 2023 06:00:35 -0500 Subject: [PATCH 261/768] chore(argo-workflows): Upgrade to Argo Workflows v3.4.10 (#2220) --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index c9ae07a5..6413a658 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.9 +appVersion: v3.4.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.32.2 +version: 0.32.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Removed Secrets list and watch from Server RBAC + - kind: changed + description: Upgrade to Argo Workflows v3.4.10 From dc56fa63f3baceaf2684fe0874e6851d9f3451cb Mon Sep 17 00:00:00 2001 From: Fuochi Date: Thu, 17 Aug 2023 14:08:03 +0200 Subject: [PATCH 262/768] feat(argo-workflows): add imagePullSecret for workflow sa (#2226) Signed-off-by: Fuochi --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/controller/workflow-sa.yaml | 4 ++++ charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6413a658..6741d7e0 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.32.3 +version: 0.33.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade to Argo Workflows v3.4.10 + - kind: added + description: add imagePullSecret for workflow sa diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index eb57fe44..ef78bc5b 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -127,6 +127,7 @@ Fields to note: | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created | | workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account | | workflow.serviceAccount.name | string | `"argo-workflow"` | Service account which is used to run workflows | +| workflow.serviceAccount.pullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` | ### Workflow Controller diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml index 8928b32e..273487c4 100644 --- a/charts/argo-workflows/templates/controller/workflow-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -17,5 +17,9 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with $.Values.workflow.serviceAccount.pullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index bfc3ce3f..a9c827e7 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -54,6 +54,8 @@ workflow: annotations: {} # -- Service account which is used to run workflows name: "argo-workflow" + # -- Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` + pullSecrets: [] rbac: # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) From a9acf935ab3abc442f41ccadd0a62e94ec1cd205 Mon Sep 17 00:00:00 2001 From: Jeongwon Song <46633758+jsong336@users.noreply.github.com> Date: Sat, 19 Aug 2023 01:59:46 -0400 Subject: [PATCH 263/768] chore(argo-workflows): update comment for azure artifact repository blobNameFormat (#2229) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6741d7e0..1c60fbb4 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.33.0 +version: 0.33.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: add imagePullSecret for workflow sa + - kind: fixed + description: fixed comment in values.yaml for blobNameFormat field diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index a9c827e7..d6d22464 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -752,7 +752,7 @@ artifactRepository: azure: {} # endpoint: https://mystorageaccountname.blob.core.windows.net # container: my-container-name - # blob: path/in/container + # blobNameFormat: path/in/container ## accountKeySecret is a secret selector. ## It references the k8s secret named 'my-azure-storage-credentials'. ## This secret is expected to have have the key 'account-access-key', From 7dcc174402d4a81dcdd6324bd7be095a3c52a921 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 23 Aug 2023 12:52:03 +0900 Subject: [PATCH 264/768] chore(argo-cd): Upgrade Argo CD to v2.8.1 (#2230) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6865acb0..a9ecf561 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.0 +appVersion: v2.8.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.4 +version: 5.43.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Rename comment of repositoryCredentials to credentialTemplates + - kind: changed + description: Upgrade Argo CD to v2.8.1 From 58999c1aae652baeef4df169a5a758cabebdadf7 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 25 Aug 2023 17:45:53 +0900 Subject: [PATCH 265/768] chore(argo-cd): Upgrade Argo CD to v2.8.2 (#2231) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a9ecf561..01d4e8e1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.1 +appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.5 +version: 5.43.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.8.1 + description: Upgrade Argo CD to v2.8.2 From 86d92b95964e31c2f7ef071e6cd3dcc72be52f16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joonas=20Ven=C3=A4l=C3=A4inen?= <38143731+joonvena@users.noreply.github.com> Date: Fri, 25 Aug 2023 13:52:04 +0300 Subject: [PATCH 266/768] fix(argo-cd): Fix applicationSet HA examples in README.md (#2232) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Joonas Venäläinen --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/README.md.gotmpl | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 01d4e8e1..4fa32c98 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.6 +version: 5.43.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.8.2 + - kind: fixed + description: Fix applicationSet HA examples in README.md diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 45a97eb5..04a78ca4 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -42,7 +42,7 @@ repoServer: minReplicas: 2 applicationSet: - replicaCount: 2 + replicas: 2 ``` ### HA mode without autoscaling @@ -61,7 +61,7 @@ repoServer: replicas: 2 applicationSet: - replicaCount: 2 + replicas: 2 ``` ### Synchronizing Changes from Original Repository diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index f1dea7f2..dce6d922 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -41,7 +41,7 @@ repoServer: minReplicas: 2 applicationSet: - replicaCount: 2 + replicas: 2 ``` ### HA mode without autoscaling @@ -60,7 +60,7 @@ repoServer: replicas: 2 applicationSet: - replicaCount: 2 + replicas: 2 ``` ### Synchronizing Changes from Original Repository From 75221849eb5888768515c4ead5702bd4f683f118 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Aug 2023 20:23:07 +0200 Subject: [PATCH 267/768] chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#2234) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/c85c95e3d7251135ab7dc9ce3241c5835cc595a9...f43a0e5ff2bd294095638e18286ca9a3d1956744) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index bd8d2255..a78bf610 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c2d1dc24..9ad42ed7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 066d3c57..3f00b6dd 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: persist-credentials: false From 2fc1fd04a01d98c6fb40b8fbad9fa01d1be2a477 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sun, 27 Aug 2023 04:20:39 +0200 Subject: [PATCH 268/768] chore(argo-cd): Upgrade redis-exporter to 1.53.0 (#2236) Signed-off-by: Petr Drastil Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4fa32c98..dc245d83 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.7 +version: 5.43.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix applicationSet HA examples in README.md + - kind: changed + description: Upgrade redis-exporter to 1.53.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 04a78ca4..ee37a2b7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -942,7 +942,7 @@ server: | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | @@ -1003,7 +1003,7 @@ The main options are listed here: | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d748234e..fb2ca38d 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1182,7 +1182,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.45.0 + tag: 1.53.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1388,7 +1388,7 @@ redis-ha: # -- Repository to use for the redis-exporter image: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.45.0 + tag: 1.53.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false From 6797f01c1b564132670cf687ba010c72d5800de0 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sun, 27 Aug 2023 21:07:17 +0200 Subject: [PATCH 269/768] chore(argo-cd): Remove support for legacy cert-manager APIs (#2238) * chore(argo-cd): Remove support for legacy cert-manager APIs Signed-off-by: Petr Drastil * Bump minor version Signed-off-by: Petr Drastil --------- Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 - charts/argo-cd/templates/NOTES.txt | 3 +++ charts/argo-cd/templates/_versions.tpl | 18 ------------------ .../argocd-applicationset/certificate.yaml | 2 +- .../templates/argocd-server/certificate.yaml | 2 +- charts/argo-cd/values.yaml | 2 -- 7 files changed, 8 insertions(+), 26 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index dc245d83..37d6e1ae 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.43.8 +version: 5.44.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade redis-exporter to 1.53.0 + - kind: removed + description: Support for cert-manager APIs prior K8s 1.22 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ee37a2b7..bf76f1d6 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -384,7 +384,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | -| apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of cert-manager resources rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index afd18a1b..18b9a1a1 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -121,6 +121,9 @@ REMOVED option redis.containerPort - Use redis.containerPorts {{- if .Values.redis.metrics.containerPort }} REMOVED option redis.metrics.containerPort - Use redis.containerPorts {{- end }} +{{- if .Values.apiVersionOverrides.certmanager }} +REMOVED option apiVersionOverrides.certmanager - API v1 is only possible option after K8s 1.22 +{{- end }} In order to access the server UI you have the following options: diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl index 8240c4b0..b8fcc32e 100644 --- a/charts/argo-cd/templates/_versions.tpl +++ b/charts/argo-cd/templates/_versions.tpl @@ -19,24 +19,6 @@ Return the appropriate apiVersion for autoscaling {{- end -}} {{- end -}} -{{/* -Return the appropriate apiVersion for cert-manager -*/}} -{{- define "argo-cd.apiVersion.cert-manager" -}} -{{- if .Values.apiVersionOverrides.certmanager -}} -{{- print .Values.apiVersionOverrides.certmanager -}} -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" -}} -{{- print "cert-manager.io/v1" -}} -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" -}} -{{- print "cert-manager.io/v1beta1" -}} -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" -}} -{{- print "cert-manager.io/v1alpha3" -}} -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" -}} -{{- print "cert-manager.io/v1alpha2" -}} -{{- else -}} -{{- print "certmanager.k8s.io/v1alpha1" -}} -{{- end -}} -{{- end -}} {{/* Return the appropriate apiVersion for GKE resources diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index f3b7d5d1..76e63eb3 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -1,5 +1,5 @@ {{- if .Values.applicationSet.certificate.enabled -}} -apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} +apiVersion: cert-manager.io/v1 kind: Certificate metadata: {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 716c38ea..74066ef8 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -1,5 +1,5 @@ {{- if .Values.server.certificate.enabled -}} -apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }} +apiVersion: cert-manager.io/v1 kind: Certificate metadata: {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fb2ca38d..81b96ad8 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -12,8 +12,6 @@ kubeVersionOverride: "" # If you want to template helm charts but cannot access k8s API server # you can set api versions here apiVersionOverrides: - # -- String to override apiVersion of cert-manager resources rendered by this helm chart - certmanager: "" # cert-manager.io/v1 # -- String to override apiVersion of GKE resources rendered by this helm chart cloudgoogle: "" # cloud.google.com/v1 # -- String to override apiVersion of autoscaling rendered by this helm chart From 224a227fa49b00fabfb535825c9bd5648f16a30a Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Mon, 28 Aug 2023 10:12:29 +0200 Subject: [PATCH 270/768] chore(argo-cd): Remove support for autoscaling/v1 (#2237) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 ++-- charts/argo-cd/README.md | 5 ++- charts/argo-cd/templates/NOTES.txt | 3 ++ charts/argo-cd/templates/_versions.tpl | 14 -------- .../templates/argocd-repo-server/hpa.yaml | 34 +++++++------------ .../argo-cd/templates/argocd-server/hpa.yaml | 34 +++++++------------ charts/argo-cd/values.yaml | 4 --- 7 files changed, 35 insertions(+), 65 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 37d6e1ae..4c262f65 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.44.0 +version: 5.45.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,6 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: removed - description: Support for cert-manager APIs prior K8s 1.22 + description: Option apiVersionOverrides.autoscaling as v2 is now GA + - kind: removed + description: Codebase for autoscaling/v1 API diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bf76f1d6..125fcf69 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -383,7 +383,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | @@ -572,7 +571,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | -| repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | +| repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | | repoServer.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD repo server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | @@ -670,7 +669,7 @@ NAME: my-release | server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate | | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | -| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | +| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | | server.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 18b9a1a1..1b626796 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -121,6 +121,9 @@ REMOVED option redis.containerPort - Use redis.containerPorts {{- if .Values.redis.metrics.containerPort }} REMOVED option redis.metrics.containerPort - Use redis.containerPorts {{- end }} +{{- if .Values.apiVersionOverrides.autoscaling }} +REMOVED option apiVersionOverrides.autoscaling - API autoscaling/v2 is GA from 1.23 +{{- end }} {{- if .Values.apiVersionOverrides.certmanager }} REMOVED option apiVersionOverrides.certmanager - API v1 is only possible option after K8s 1.22 {{- end }} diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl index b8fcc32e..5d65fcd6 100644 --- a/charts/argo-cd/templates/_versions.tpl +++ b/charts/argo-cd/templates/_versions.tpl @@ -6,20 +6,6 @@ Return the target Kubernetes version {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} {{- end }} -{{/* -Return the appropriate apiVersion for autoscaling -*/}} -{{- define "argo-cd.apiVersion.autoscaling" -}} -{{- if .Values.apiVersionOverrides.autoscaling -}} -{{- print .Values.apiVersionOverrides.autoscaling -}} -{{- else if semverCompare "<1.23-0" (include "argo-cd.kubeVersion" .) -}} -{{- print "autoscaling/v2beta1" -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - - {{/* Return the appropriate apiVersion for GKE resources */}} diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index ef3d5e80..ce6ed371 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -1,46 +1,38 @@ {{- if .Values.repoServer.autoscaling.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.autoscaling" . }} +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }} - name: {{ template "argo-cd.repoServer.fullname" . }}-hpa + name: {{ include "argo-cd.repoServer.fullname" . }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} metrics: - {{- if .Values.repoServer.autoscaling.metrics }} - {{- toYaml .Values.repoServer.autoscaling.metrics | nindent 4 }} + {{- with .Values.repoServer.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} {{- else }} - {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} + {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ . }} - {{- else }} target: - averageUtilization: {{ . }} type: Utilization - {{- end }} - {{- end }} - {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu - {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ . }} - {{- else }} target: - averageUtilization: {{ . }} type: Utilization - {{- end }} - {{- end }} + averageUtilization: {{ . }} + {{- end }} {{- end }} {{- with .Values.repoServer.autoscaling.behavior }} behavior: diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index c19b8943..a509e569 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -1,47 +1,39 @@ {{- if .Values.server.autoscaling.enabled }} -apiVersion: {{ include "argo-cd.apiVersion.autoscaling" . }} +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-hpa" .Values.server.name)) | nindent 4 }} - name: {{ template "argo-cd.server.fullname" . }}-hpa + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} minReplicas: {{ .Values.server.autoscaling.minReplicas }} maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} metrics: - {{- if .Values.server.autoscaling.metrics }} - {{ toYaml .Values.server.autoscaling.metrics | nindent 4 }} + {{- with .Values.server.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} {{- else }} - {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ . }} - {{- else }} target: - averageUtilization: {{ . }} type: Utilization - {{- end }} - {{- end }} - {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu - {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} - targetAverageUtilization: {{ . }} - {{- else }} target: - averageUtilization: {{ . }} type: Utilization - {{- end }} + averageUtilization: {{ . }} + {{- end }} {{- end }} - {{- end}} {{- with .Values.server.autoscaling.behavior }} behavior: {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 81b96ad8..77501eb8 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -14,8 +14,6 @@ kubeVersionOverride: "" apiVersionOverrides: # -- String to override apiVersion of GKE resources rendered by this helm chart cloudgoogle: "" # cloud.google.com/v1 - # -- String to override apiVersion of autoscaling rendered by this helm chart - autoscaling: "" # autoscaling/v2 # -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles @@ -1460,7 +1458,6 @@ server: # -- Average memory utilization percentage for the Argo CD server [HPA] targetMemoryUtilizationPercentage: 50 # -- Configures the scaling behavior of the target in both Up and Down directions. - # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer behavior: {} # scaleDown: # stabilizationWindowSeconds: 300 @@ -2030,7 +2027,6 @@ repoServer: # -- Average memory utilization percentage for the repo server [HPA] targetMemoryUtilizationPercentage: 50 # -- Configures the scaling behavior of the target in both Up and Down directions. - # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer behavior: {} # scaleDown: # stabilizationWindowSeconds: 300 From 57da3549afc43c12d261768e69a6316db7b59e0d Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 3 Sep 2023 20:15:15 -0500 Subject: [PATCH 271/768] chore(argo-events): Upgrade argo-events to 1.8.1 (#2247) https://github.com/argoproj/argo-events/releases/tag/v1.8.1 Signed-off-by: jmeridth --- charts/argo-events/Chart.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index bfb82ea1..b9f441fe 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.8.0 +appVersion: v1.8.1 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.0 +version: 2.4.1 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,6 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Events to v1.8.0 - - kind: added - description: Add managed namespace configuration + description: Upgrade Argo Events to v1.8.1 From cd5b9a06e33b9a7b4b717d2d5e38dee7e16ca20d Mon Sep 17 00:00:00 2001 From: JesseBot Date: Mon, 4 Sep 2023 13:01:36 +0200 Subject: [PATCH 272/768] fix(argo-cd): Update values.yaml - update custom css styles side bar example (#2245) * Update values.yaml - update custom css styles side barexample .nav-bar is no longer the css class name Signed-off-by: JesseBot * Update Chart.yaml - update patch version for values.yaml comment update Signed-off-by: JesseBot * Update Chart.yaml - update change log Signed-off-by: JesseBot --------- Signed-off-by: JesseBot --- charts/argo-cd/Chart.yaml | 8 +++----- charts/argo-cd/values.yaml | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4c262f65..18d2d2b4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.0 +version: 5.45.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: removed - description: Option apiVersionOverrides.autoscaling as v2 is now GA - - kind: removed - description: Codebase for autoscaling/v1 API + - kind: fixed + description: fixed example for configs.styles to be sidebar instead of nav-bar diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 77501eb8..e0a60543 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -539,7 +539,7 @@ configs: ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ styles: "" # styles: | - # .nav-bar { + # .sidebar { # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); # } From 2557347583f98a34cbe2da83ec30fda68023b982 Mon Sep 17 00:00:00 2001 From: Gustav Kofoed Clausen Date: Thu, 7 Sep 2023 14:23:20 +0200 Subject: [PATCH 273/768] chore(argo-rollouts): Upgrade Argo Rollouts to v1.6.0 (#2252) * chore(argo-rollouts): Upgrade Argo Rollouts to v1.6.0 Signed-off-by: Gustav Kofoed Clausen * chore(argo-rollouts): Update CRDs to matching version Signed-off-by: Gustav Kofoed Clausen --------- Signed-off-by: Gustav Kofoed Clausen Co-authored-by: Gustav Kofoed Clausen --- charts/argo-rollouts/Chart.yaml | 8 +- .../templates/crds/analysis-run-crd.yaml | 63 +++++++++++++- .../templates/crds/analysis-template-crd.yaml | 63 +++++++++++++- .../crds/cluster-analysis-template-crd.yaml | 63 +++++++++++++- .../templates/crds/experiment-crd.yaml | 34 +++++++- .../templates/crds/rollout-crd.yaml | 85 ++++++++++++++++++- 6 files changed, 306 insertions(+), 10 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 2aba36f1..457f76a0 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.5.1 +appVersion: v1.6.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.31.6 +version: 2.32.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add ability to set namespace on ServiceMonitor resource + - kind: changed + description: Upgrade Argo Rollouts to v1.6.0 diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index bc2e61db..7324e908 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -310,6 +310,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic suspend: type: boolean template: @@ -372,6 +373,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -418,10 +420,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -453,6 +457,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -476,6 +481,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -519,6 +525,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -542,6 +549,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -583,6 +591,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -606,6 +615,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -649,6 +659,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -672,6 +683,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -717,6 +729,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -726,6 +739,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -741,6 +755,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -752,6 +767,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -767,6 +783,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -776,6 +793,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1316,6 +1334,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1325,6 +1344,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1340,6 +1360,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1351,6 +1372,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1366,6 +1388,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1375,6 +1398,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1889,6 +1913,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1921,6 +1946,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1930,6 +1956,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1945,6 +1972,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1956,6 +1984,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1971,6 +2000,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1980,6 +2010,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2628,6 +2659,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2775,8 +2807,37 @@ spec: properties: address: type: string + authentication: + properties: + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean query: type: string + timeout: + format: int64 + type: integer type: object skywalking: properties: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 2c73c5c9..93479097 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -306,6 +306,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic suspend: type: boolean template: @@ -368,6 +369,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -414,10 +416,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -449,6 +453,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -472,6 +477,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -515,6 +521,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -538,6 +545,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -579,6 +587,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -602,6 +611,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -645,6 +655,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -668,6 +679,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -713,6 +725,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -722,6 +735,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -737,6 +751,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -748,6 +763,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -763,6 +779,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -772,6 +789,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1312,6 +1330,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1321,6 +1340,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1336,6 +1356,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1347,6 +1368,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1362,6 +1384,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1371,6 +1394,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1885,6 +1909,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1917,6 +1942,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1926,6 +1952,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1941,6 +1968,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1952,6 +1980,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1967,6 +1996,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1976,6 +2006,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2624,6 +2655,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2771,8 +2803,37 @@ spec: properties: address: type: string + authentication: + properties: + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean query: type: string + timeout: + format: int64 + type: integer type: object skywalking: properties: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 612608de..66977374 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -306,6 +306,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic suspend: type: boolean template: @@ -368,6 +369,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -414,10 +416,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -449,6 +453,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -472,6 +477,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -515,6 +521,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -538,6 +545,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -579,6 +587,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -602,6 +611,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -645,6 +655,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -668,6 +679,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -713,6 +725,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -722,6 +735,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -737,6 +751,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -748,6 +763,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -763,6 +779,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -772,6 +789,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1312,6 +1330,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1321,6 +1340,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1336,6 +1356,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1347,6 +1368,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1362,6 +1384,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1371,6 +1394,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1885,6 +1909,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1917,6 +1942,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1926,6 +1952,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1941,6 +1968,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1952,6 +1980,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1967,6 +1996,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1976,6 +2006,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2624,6 +2655,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -2771,8 +2803,37 @@ spec: properties: address: type: string + authentication: + properties: + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean query: type: string + timeout: + format: int64 + type: integer type: object skywalking: properties: diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index acf98935..2f60d415 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -158,6 +158,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic service: properties: name: @@ -223,6 +224,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -269,10 +271,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -304,6 +308,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -327,6 +332,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -370,6 +376,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -393,6 +400,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -434,6 +442,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -457,6 +466,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -500,6 +510,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -523,6 +534,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -568,6 +580,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -577,6 +590,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -592,6 +606,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -603,6 +618,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -618,6 +634,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -627,6 +644,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1167,6 +1185,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1176,6 +1195,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1191,6 +1211,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1202,6 +1223,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1217,6 +1239,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1226,6 +1249,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1740,6 +1764,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1772,6 +1797,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1781,6 +1807,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1796,6 +1823,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1807,6 +1835,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1822,6 +1851,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1831,6 +1861,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2479,6 +2510,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 45f59ee0..7faf3790 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.12.1 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -118,6 +118,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic strategy: properties: blueGreen: @@ -624,6 +625,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic service: properties: name: @@ -742,6 +744,10 @@ spec: type: string ingress: type: string + ingresses: + items: + type: string + type: array rootService: type: string servicePort: @@ -759,7 +765,6 @@ spec: - enabled type: object required: - - ingress - servicePort type: object ambassador: @@ -1003,6 +1008,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -1049,10 +1055,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -1084,6 +1092,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -1107,6 +1116,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1150,6 +1160,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -1173,6 +1184,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1214,6 +1226,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -1237,6 +1250,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1280,6 +1294,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: properties: matchExpressions: @@ -1303,6 +1318,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -1348,6 +1364,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1357,6 +1374,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1372,6 +1390,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1383,6 +1402,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1398,6 +1418,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1407,6 +1428,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1947,6 +1969,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1956,6 +1979,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1971,6 +1995,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1982,6 +2007,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1997,6 +2023,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -2006,6 +2033,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2520,6 +2548,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -2552,6 +2581,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -2561,6 +2591,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -2576,6 +2607,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -2587,6 +2619,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -2602,6 +2635,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -2611,6 +2645,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -3259,6 +3294,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: items: type: string @@ -3330,6 +3366,8 @@ spec: - arn - name type: object + ingress: + type: string loadBalancer: properties: arn: @@ -3355,6 +3393,49 @@ spec: - name type: object type: object + albs: + items: + properties: + canaryTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + ingress: + type: string + loadBalancer: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + stableTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + type: object + type: array availableReplicas: format: int32 type: integer From 258efc9a0c4c5d6bdd13339489f2689018652218 Mon Sep 17 00:00:00 2001 From: Tamas Szasz Date: Thu, 7 Sep 2023 16:52:17 +0300 Subject: [PATCH 274/768] fix(argo-cd): Make the PathType configurable when using single ingress resource in AWS (#2251) * Make the PathType configurable when using single ingress resource in AWS Signed-off-by: Tamas * update chart version and doc Signed-off-by: Tamas * Fix reference to value in range Signed-off-by: Tamas --------- Signed-off-by: Tamas Co-authored-by: Tamas --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 18d2d2b4..18c029e2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.1 +version: 5.45.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: fixed example for configs.styles to be sidebar instead of nav-bar + description: do not hardcode the pathtype of the grpc ingress rule when using a single ingress resource in aws alb diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 98ec1cb1..a142bb66 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -39,7 +39,7 @@ spec: {{- range $p := $paths }} {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }} - path: {{ $p }} - pathType: Prefix + pathType: {{ $.Values.server.ingressGrpc.pathType }} backend: service: name: {{ template "argo-cd.server.fullname" $ }}-grpc From 3bb85b7d3eb0dfec12f195b5afc06b3bda70b5c3 Mon Sep 17 00:00:00 2001 From: Alexej Disterhoft Date: Fri, 8 Sep 2023 02:08:37 +0200 Subject: [PATCH 275/768] chore(argo-cd): Upgrade Argo CD to v2.8.3 (#2254) Signed-off-by: Alexej Disterhoft --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 18c029e2..76534308 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.2 +appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.2 +version: 5.45.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: do not hardcode the pathtype of the grpc ingress rule when using a single ingress resource in aws alb + - kind: changed + description: Upgrade Argo CD to v2.8.3 From 925cd8454ca2c648273e303c06f9f7560ffdc2f1 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 8 Sep 2023 13:10:55 +0900 Subject: [PATCH 276/768] chore(argo-workflows): Upgrade Argo Workflows to v3.4.11 (#2255) --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 1c60fbb4..60dd66c8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.10 +appVersion: v3.4.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.33.1 +version: 0.33.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: fixed comment in values.yaml for blobNameFormat field + - kind: changed + description: Upgrade Argo Workflows to v3.4.11 From 95310f995b24226b2532d28d57f2b6de8687738b Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 8 Sep 2023 23:02:25 +0900 Subject: [PATCH 277/768] fix(argo-cd): Restart Repo Server and Application Controller as following the change of Argo CD CM (#2235) * fix(argo-cd): Restart Repo Server and Application Controller as following the change of Argo CD CM Signed-off-by: yu-croco * fix(argo-cd): Aligne condition to argocd-cm Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/statefulset.yaml | 3 +++ charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 3 +++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 76534308..345a2ae1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.3 +version: 5.45.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.8.3 + - kind: fixed + description: Restart Repo Server and Application Controller as following the change of Argo CD CM diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 8faac38d..3583a2b7 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -23,6 +23,9 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index b9959018..61fb545a 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -30,6 +30,9 @@ spec: {{- if .Values.repoServer.certificateSecret.enabled }} checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }} {{- end }} + {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} From 34663ae9e6528098cc54a4465634154d48b14fce Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 8 Sep 2023 16:58:05 +0200 Subject: [PATCH 278/768] docs(argo-cd): Document scheduling parameters for redis-ha (#2253) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 10 ++++++++++ charts/argo-cd/values.yaml | 37 +++++++++++++++++++++++++++++++------ 3 files changed, 44 insertions(+), 9 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 345a2ae1..39ecaeb6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.4 +version: 5.45.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Restart Repo Server and Application Controller as following the change of Argo CD CM + - kind: added + description: Documented scheduling parameters for redis-ha diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 125fcf69..49abfcea 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -998,17 +998,27 @@ The main options are listed here: | Key | Type | Default | Description | |-----|------|---------|-------------| +| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | +| redis-ha.affinity | object | `{}` | Assign custom [affinity] rules to the Redis pods. | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | +| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | +| redis-ha.haproxy.affinity | object | `{}` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | +| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | +| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | +| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | +| redis-ha.image.repository | string | `"redis"` | Redis repository | | redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | +| redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | | redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | | redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index e0a60543..a9ab7ad6 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1371,12 +1371,17 @@ redis: # -- Prometheus ServiceMonitor annotations annotations: {} -# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true) -# the custom redis deployment is omitted -# Check the redis-ha chart for more properties +## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` +# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml redis-ha: # -- Enables the Redis HA subchart and disables the custom Redis single node deployment enabled: false + ## Redis image + image: + # -- Redis repository + repository: redis + # -- Redis tag + tag: 7.0.11-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar @@ -1388,6 +1393,7 @@ redis-ha: persistentVolume: # -- Configures persistence on Redis nodes enabled: false + ## Redis specific configuration options redis: # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated masterGroupName: argocd @@ -1397,16 +1403,35 @@ redis-ha: # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled # @default -- `'""'` save: '""' + ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. haproxy: # -- Enabled HAProxy LoadBalancing/Proxy enabled: true metrics: # -- HAProxy enable prometheus metric scraping enabled: true - image: - # -- Redis tag - tag: 7.0.11-alpine + # -- Whether the haproxy pods should be forced to run on separate nodes. + hardAntiAffinity: true + # -- Additional affinities to add to the haproxy pods. + additionalAffinities: {} + # -- Assign custom [affinity] rules to the haproxy pods. + affinity: {} + # -- [Tolerations] for use with node taints for haproxy pods. + tolerations: [] + # -- Whether the Redis server pods should be forced to run on separate nodes. + hardAntiAffinity: true + + # -- Additional affinities to add to the Redis server pods. + additionalAffinities: {} + + # -- Assign custom [affinity] rules to the Redis pods. + affinity: {} + + # -- [Tolerations] for use with node taints for Redis pods. + tolerations: [] + + # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: # -- Enable Redis HA topology spread constraints From eebb8c8d489ea41ce5ba388a14208c8e05cff67a Mon Sep 17 00:00:00 2001 From: Andrew Hamilton Date: Sat, 9 Sep 2023 01:55:47 -0700 Subject: [PATCH 279/768] feat(argo-cd): adds toggle for helm-working-dir (#2249) - Adds a toggle to be able to turn off the helm-working-dir for the repo server deployment. Using a shared helm repo storage directory can cause issues when multiple helm commands are being run in parallel. The repo server also has the ability to rebuild the repos and do updates in the normal flow for checking the status of an application so it won't cause issues if it's disabled. Signed-off-by: Andrew Hamilton --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 6 ++++++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 39ecaeb6..fcbd0642 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.45.5 +version: 5.46.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Documented scheduling parameters for redis-ha + description: added a toggle for the shared Helm working directory diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 49abfcea..5b780b0b 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -655,6 +655,7 @@ NAME: my-release | repoServer.serviceAccount.name | string | `""` | Repo server service account name | | repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server | +| repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory | | repoServer.volumeMounts | list | `[]` | Additional volumeMounts to the repo server main container | | repoServer.volumes | list | `[]` | Additional volumes to the repo server pod | diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 61fb545a..3080c79f 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -231,12 +231,14 @@ spec: key: reposerver.enable.git.submodule name: argocd-cmd-params-cm optional: true + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir + {{- end }} {{- with .Values.repoServer.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -255,8 +257,10 @@ spec: name: gpg-keyring - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - mountPath: /helm-working-dir name: helm-working-dir + {{- end }} - mountPath: /home/argocd/cmp-server/plugins name: plugins - mountPath: /tmp @@ -349,8 +353,10 @@ spec: {{- with .Values.repoServer.volumes }} {{- toYaml . | nindent 6 }} {{- end }} + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: helm-working-dir emptyDir: {} + {{- end }} - name: plugins emptyDir: {} - name: var-files diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index a9ab7ad6..22dcfcc6 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2177,6 +2177,9 @@ repoServer: # - name: cmp-tmp # emptyDir: {} + # -- Toggle the usage of a ephemeral Helm working directory + useEphemeralHelmWorkingDir: true + # -- Annotations to be added to repo server Deployment deploymentAnnotations: {} From 738fe78d2096b6543114b1d94d5dba6157b78adf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Sep 2023 18:39:19 +0900 Subject: [PATCH 280/768] chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 (#2258) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/f43a0e5ff2bd294095638e18286ca9a3d1956744...3df4ab11eba7bda6032a0b82a6bb43b11571feac) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index a78bf610..52e4746b 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9ad42ed7..0c8f7cbf 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3f00b6dd..86ff1a7b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: persist-credentials: false From 366114b3db06170065a80eeb773c010ad7f251d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Sep 2023 18:40:59 +0900 Subject: [PATCH 281/768] chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#2259) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/0b7f8abb1508181956e8e162db84b466c27e18ce...a8a3f3ad30e3422c9c7b888a15615d19a852ae32) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 86ff1a7b..8a924219 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif From db76bbed97c6be2248446debdc00e1c75cb6f3f5 Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Sat, 9 Sep 2023 21:57:17 -0400 Subject: [PATCH 282/768] docs(argo-workflows): add an HA section (#2183) * feat(argo-workflows): add a sample HA config - a `values-ha.yaml` as an example for how one would set-up HA according to the Argo Workflows docs Signed-off-by: Anton Gilgur * docs(argo-workflows): add an HA section - plus add a test for HA, which the docs link to as an example - link back to [upstream docs](https://argoproj.github.io/argo-workflows/high-availability/) as well - follow the same basic structure as the [Argo CD chart for HA](https://github.com/argoproj/argo-helm/blob/3e35b0c7f7d758d553b17f369cc5940484ef5d89/charts/argo-cd/README.md?plain=1#L17) - as asked in review Signed-off-by: Anton Gilgur --------- Signed-off-by: Anton Gilgur Signed-off-by: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 5 +++++ charts/argo-workflows/README.md.gotmpl | 5 +++++ charts/argo-workflows/ci/ha-values.yaml | 23 +++++++++++++++++++++++ 4 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 charts/argo-workflows/ci/ha-values.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 60dd66c8..85de8f7e 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.33.2 +version: 0.33.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.4.11 + - kind: fixed + description: Add HA docs and example diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index ef78bc5b..732baecd 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -75,6 +75,11 @@ For full list of changes, please check ArtifactHub [changelog]. ## Usage Notes +### High Availability + +This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. +Please see the upstream [Operator Manual's High Availability page](https://argoproj.github.io/argo-workflows/high-availability/) to understand how to scale Argo Workflows in depth. + ### Workflow controller This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 8316e9a0..60aa62af 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -75,6 +75,11 @@ For full list of changes, please check ArtifactHub [changelog]. ## Usage Notes +### High Availability + +This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. +Please see the upstream [Operator Manual's High Availability page](https://argoproj.github.io/argo-workflows/high-availability/) to understand how to scale Argo Workflows in depth. + ### Workflow controller This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. diff --git a/charts/argo-workflows/ci/ha-values.yaml b/charts/argo-workflows/ci/ha-values.yaml new file mode 100644 index 00000000..3dfbb572 --- /dev/null +++ b/charts/argo-workflows/ci/ha-values.yaml @@ -0,0 +1,23 @@ +# Sample values for High Availability configuration, following https://argoproj.github.io/argo-workflows/high-availability/ + +controller: + # in v3.0+, a second controller can be ran as a hot-standby: https://argoproj.github.io/argo-workflows/high-availability/#workflow-controller + replicas: 2 # should be strictly greater than PDB minAvailable + # enable PDB with at least one Pod + pdb: + # -- Configure [Pod Disruption Budget] for the controller pods + enabled: true + minAvailable: 1 + +server: + # enable HPA with at least two Pods + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server + enabled: true + # -- Minimum number of replicas for the Argo Server [HPA] + minReplicas: 2 # should be strictly greater than PDB minAvailable + # enable PDB with at least one Pod + pdb: + # -- Configure [Pod Disruption Budget] for the controller pods + enabled: true + minAvailable: 1 From 95f56b534c69b33190f0db106a93e6781a7b6ed4 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 11 Sep 2023 22:24:21 +0900 Subject: [PATCH 283/768] fix(argo-cd): Migrate leftover of applicationSet.replicaCount to applicationSet.replicas (#2261) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/_helpers.tpl | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fcbd0642..291f33dc 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.0 +version: 5.46.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: added a toggle for the shared Helm working directory + - kind: fixed + description: Migrate leftover of applicationSet.replicaCount to applicationSet.replicas diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 05852686..b5d62a6a 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -201,7 +201,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} {{- end -}} {{- if .Values.applicationSet.enabled -}} -{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt (.Values.applicationSet.replicaCount | int64) 1) -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} {{- end -}} {{- toYaml $presets }} {{- end -}} From d51d3c6b692e9729869bb1180bcaa7b18ef1f771 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Mon, 11 Sep 2023 19:32:56 -0400 Subject: [PATCH 284/768] docs(argo-cd): improve changelog (#2262) * clarify 5.19.0 changes * revise wording Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/README.md.gotmpl | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 291f33dc..82e892e2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.1 +version: 5.46.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Migrate leftover of applicationSet.replicaCount to applicationSet.replicas + - kind: changed + description: Improve readme migration notes diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5b780b0b..abb6be29 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -106,7 +106,7 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. ### 5.35.0 -This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. @@ -126,7 +126,7 @@ This versions adds `global.affinity` options that are used as a presets. Overrid ### 5.19.0 -This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. ### 5.13.0 diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index dce6d922..5dc048b4 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -105,7 +105,7 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. ### 5.35.0 -This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with Amazon EKS calendar, because many of AWS users and conservative approach. +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. @@ -126,7 +126,7 @@ This versions adds `global.affinity` options that are used as a presets. Overrid ### 5.19.0 -This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections. +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. ### 5.13.0 From bf1e4f2dde154a91e97c325748ca7e3681988cc9 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Wed, 13 Sep 2023 09:48:41 -0400 Subject: [PATCH 285/768] fix(github): Fix changelog spelling of versions (#2263) Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Co-authored-by: Aikawa --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1f7745b5..d67ddefc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -64,7 +64,7 @@ Each release for each chart must be immutable. Any change to a chart (even just ### Chart Versioning -Currently we require a chart version bump for every change to a chart, including updating information for older verions. This may change in the future. +Currently we require a chart version bump for every change to a chart, including updating information for older versions. This may change in the future. ### Artifact Hub Annotations From 44ddf5986426379f120f111a91a69db95c2c4498 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 14 Sep 2023 13:33:34 +0900 Subject: [PATCH 286/768] chore(argo-cd): Upgrade Argo CD to v2.8.4 (#2268) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/clusterrole.yaml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 82e892e2..b56bf88f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.3 +appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.2 +version: 5.46.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Improve readme migration notes + description: Upgrade Argo CD to v2.8.4 diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 3d2c44b5..838016fa 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -48,6 +48,7 @@ rules: - apiGroups: - batch resources: + {{/* supports triggering jobs from UI */}} - jobs verbs: - create @@ -56,5 +57,6 @@ rules: resources: - workflows verbs: + {{/* supports triggering workflows from UI */}} - create {{- end }} From 736b82433918304b086aaa4401f84f366eecd8b9 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 15 Sep 2023 19:47:59 +0900 Subject: [PATCH 287/768] fix(argo-cd): Align redis-ha's affinity type to upstream due to warnings (#2270) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b56bf88f..49d2233c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.3 +version: 5.46.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.8.4 + - kind: fixed + description: Align redis-ha's affinity type to upstream due to warnings diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index abb6be29..bb51d130 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1000,13 +1000,13 @@ The main options are listed here: | Key | Type | Default | Description | |-----|------|---------|-------------| | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | -| redis-ha.affinity | object | `{}` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | -| redis-ha.haproxy.affinity | object | `{}` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 22dcfcc6..fb078ac6 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1415,7 +1415,7 @@ redis-ha: # -- Additional affinities to add to the haproxy pods. additionalAffinities: {} # -- Assign custom [affinity] rules to the haproxy pods. - affinity: {} + affinity: | # -- [Tolerations] for use with node taints for haproxy pods. tolerations: [] @@ -1426,7 +1426,7 @@ redis-ha: additionalAffinities: {} # -- Assign custom [affinity] rules to the Redis pods. - affinity: {} + affinity: | # -- [Tolerations] for use with node taints for Redis pods. tolerations: [] From 8d00bec86ebb64f2bbd428e3aaaf535e708ed5e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Sep 2023 07:15:00 -0500 Subject: [PATCH 288/768] chore(deps): bump docker/login-action from 2.2.0 to 3.0.0 (#2271) --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0c8f7cbf..07319d36 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -65,7 +65,7 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GHCR - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ghcr.io username: ${{ github.actor }} From 5626d0536f6f3e43273d2efa3b98641e29dcb4aa Mon Sep 17 00:00:00 2001 From: Mats Willemsen <60099717+ma-ts@users.noreply.github.com> Date: Mon, 18 Sep 2023 15:21:36 +0200 Subject: [PATCH 289/768] fix(argo-cd): make ServiceMonitor annotations in ArgoCD server conditional (#2273) * fix: add argocd servicemonitor annotations conditionally Signed-off-by: Mats Willemsen * chore(argo-cd): add changelog Signed-off-by: Mats Willemsen --------- Signed-off-by: Mats Willemsen --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/servicemonitor.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 49d2233c..9b423e8f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.4 +version: 5.46.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Align redis-ha's affinity type to upstream due to warnings + description: fixed issue with argocd-server servicemonitor annotation attribute being added even when no annotations where defined diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index f876a1a1..d036a8e1 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -12,10 +12,10 @@ metadata: {{- with .Values.server.metrics.serviceMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.metrics.serviceMonitor.annotations }} annotations: - {{- range $key, $value := .Values.server.metrics.serviceMonitor.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - port: {{ .Values.server.metrics.service.portName }} From 7a17fc2dc9688ce4db918079c13c83d8bd84c3d4 Mon Sep 17 00:00:00 2001 From: sibucan Date: Tue, 19 Sep 2023 05:01:42 -0400 Subject: [PATCH 290/768] fix(argo-cd): Add checksum for CMP ConfigMap in repo-server Pod annotations (#2275) Add checksum for CMP ConfigMap in repo-server This helm chart defines the plugins as ConfigMaps -- according to the docs, when the CM is modified, the repo-server Pod must be restarted to have the sidecars pick up the latest changes: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#debugging-a-cmp The changes in this helm chart allow for a checksum to be calculated from the ConfigMap and added as a Pod annotation so whenever the CM values are modified, the Pod is restarted automatically. Signed-off-by: sibucan --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9b423e8f..20d4f52a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.5 +version: 5.46.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: fixed issue with argocd-server servicemonitor annotation attribute being added even when no annotations where defined + description: fixed repo-server deployment not restarting when a cmp configmap is modified diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 3080c79f..ea54e79d 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -33,6 +33,9 @@ spec: {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} {{- end }} + {{- if .Values.configs.cmp.create }} + checksum/cmp-cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmp-cm.yaml") . | sha256sum }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} From 2a5bbf5cefdf8546bbf612ecf59c898996492142 Mon Sep 17 00:00:00 2001 From: Pieter <110168856+Pionerd@users.noreply.github.com> Date: Fri, 22 Sep 2023 17:39:58 +0200 Subject: [PATCH 291/768] fix(argo-cd): Redis to 7.0.13 to fix CVE-2022-48174 (#2279) * Redis to 7.0.13 Signed-off-by: Pieter van der Giessen * changelog Signed-off-by: Pieter van der Giessen --------- Signed-off-by: Pieter van der Giessen --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 20d4f52a..1bfed795 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.6 +version: 5.46.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: fixed repo-server deployment not restarting when a cmp configmap is modified + - kind: security + description: updated redis dependency to 7.0.13-alpine to fix CVE-2022-48174 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bb51d130..16661971 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -947,7 +947,7 @@ server: | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.11-alpine"` | Redis tag | +| redis.image.tag | string | `"7.0.13-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.metrics.enabled | bool | `false` | Deploy metrics service | @@ -1013,7 +1013,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.0.11-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fb078ac6..fed4e97c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1162,7 +1162,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.11-alpine + tag: 7.0.13-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1381,7 +1381,7 @@ redis-ha: # -- Redis repository repository: redis # -- Redis tag - tag: 7.0.11-alpine + tag: 7.0.13-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar From 03c1be1c6d92eae55a77b4d691dcdb470f8c68c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Sep 2023 20:45:16 +0900 Subject: [PATCH 292/768] chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 (#2280) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/3df4ab11eba7bda6032a0b82a6bb43b11571feac...8ade135a41bc03ea155e62e844d188df1ea18608) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 52e4746b..719651ed 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 07319d36..99f0698d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8a924219..a02eda74 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: persist-credentials: false From 82081bce8ca4491a2a03e08dc04eec4f72c635cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Sep 2023 22:53:47 -0500 Subject: [PATCH 293/768] chore(deps): bump amannn/action-semantic-pull-request from 5.2.0 to 5.3.0 (#2284) --- .github/workflows/pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 2d45de12..be77f1ae 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0 + - uses: amannn/action-semantic-pull-request@47b15d52c5c30e94a17ec87eb8dd51ff5221fed9 # v5.3.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From e9f6b1a8b48c499b8124df1b7d1db33dad979974 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Oct 2023 07:19:01 -0500 Subject: [PATCH 294/768] chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#2290) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a02eda74..b1dc3b04 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 + uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 with: results_file: results.sarif results_format: sarif From 37069f92c953a7e1da2e281d4fdab9b368b737da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Oct 2023 07:37:13 -0500 Subject: [PATCH 295/768] chore(deps): bump actions/setup-python from 4.7.0 to 4.7.1 (#2289) --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 719651ed..9ac90a30 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.9 From 052454f23392d957e8374aaffc5005baba211bd5 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 12 Oct 2023 11:50:51 +0200 Subject: [PATCH 296/768] fix(argo-cd): Sync redis / redis-ha readOnlyRootFilesystem from upstream (#2294) Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/values.yaml | 10 ++++++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1bfed795..5f437944 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.7 +version: 5.46.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: security - description: updated redis dependency to 7.0.13-alpine to fix CVE-2022-48174 + - kind: fixed + description: Sync redis / redis-ha readOnlyRootFilesystem=true option from upstream. This was part of Argo CD 2.8.0. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 16661971..b2101038 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1001,12 +1001,14 @@ The main options are listed here: |-----|------|---------|-------------| | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fed4e97c..b029dfaa 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1279,6 +1279,7 @@ redis: # -- Redis container-level security context # @default -- See [values.yaml] containerSecurityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -1416,8 +1417,13 @@ redis-ha: additionalAffinities: {} # -- Assign custom [affinity] rules to the haproxy pods. affinity: | + # -- [Tolerations] for use with node taints for haproxy pods. tolerations: [] + # -- HAProxy container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true # -- Whether the Redis server pods should be forced to run on separate nodes. hardAntiAffinity: true @@ -1445,6 +1451,10 @@ redis-ha: # -- Enforcement policy, hard or soft # @default -- `""` (defaults to `ScheduleAnyway`) whenUnsatisfiable: "" + # -- Redis HA statefulset container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true # External Redis parameters externalRedis: From 2730dc24c7ad69b98d3206705a5ebf5cb34dd96b Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 12 Oct 2023 23:14:41 +0900 Subject: [PATCH 297/768] feat(argo-workflows): Configure declarative server auth mode (#2291) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 5 +++-- .../templates/server/server-deployment.yaml | 3 +++ charts/argo-workflows/values.yaml | 16 +++++++--------- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 85de8f7e..3b1a60bd 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.4.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.33.3 +version: 0.34.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add HA docs and example + - kind: changed + description: Configure declarative server auth mode. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 732baecd..d5485a58 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -256,6 +256,7 @@ Fields to note: | server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` | Assign custom [affinity] rules | +| server.authMode | string | `""` | Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well. | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] | @@ -267,7 +268,7 @@ Fields to note: | server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. | | server.deploymentAnnotations | object | `{}` | optional map of annotations to be applied to the ui Deployment | | server.enabled | bool | `true` | Deploy the Argo Server | -| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary, such as for disabling authentication. | +| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary. | | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | | server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment | @@ -315,7 +316,7 @@ Fields to note: | server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | | server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | | server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | -| server.sso.enabled | bool | `false` | Create SSO configuration | +| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. | | server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | | server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index b2e50967..cea885da 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -52,6 +52,9 @@ spec: {{- with .Values.server.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} + {{- if .Values.server.authMode }} + - "--auth-mode={{ .Values.server.authMode }}" + {{- end }} - "--secure={{ .Values.server.secure }}" {{- if .Values.singleNamespace }} - "--namespaced" diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index d6d22464..1d1e60b8 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -522,14 +522,13 @@ server: # - name: FOO # value: "bar" - # -- Extra arguments to provide to the Argo server binary, such as for disabling authentication. + # -- Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well. + ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/ + authMode: "" + + # -- Extra arguments to provide to the Argo server binary. + ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options extraArgs: [] - # If you want to disable authentication for purposes such as: - # - local dev-mode without authentication - # - gateway authentication through some other service such as KeyCloak - # uncomment the lines below and comment out the default empty list `extraArgs: []` above: - # extraArgs: - # - --auth-mode=server logging: # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) @@ -631,8 +630,7 @@ server: # SSO configuration when SSO is specified as a server auth mode. sso: - # -- Create SSO configuration - ## SSO is activated by adding --auth-mode=sso to the server command line. + # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. enabled: false # -- The root URL of the OIDC identity provider issuer: https://accounts.google.com From df9ee892b50b930e9ddd541b15298d7a59c80a4e Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 13 Oct 2023 16:59:02 -0500 Subject: [PATCH 298/768] chore(argo-workflows): Upgrade argo-workflows to 3.5.0 (#2228) Diff based on the rc1 branch currently here [3.4.10...3.5.0](https://github.com/argoproj/argo-workflows/compare/v3.4.10...v3.5.0) Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 6 +++--- .../crds/argoproj.io_workflowtaskresults.yaml | 13 +++++++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 3b1a60bd..79c898f5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.4.11 +appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.34.0 +version: 0.35.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Configure declarative server auth mode. + description: Upgrade to Argo Workflows v3.4.10 diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml index e9bb93f6..861f1df8 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml @@ -441,6 +441,8 @@ spec: type: object securityToken: type: string + useSDKCreds: + type: boolean required: - key type: object @@ -470,6 +472,17 @@ spec: type: object bucket: type: string + caSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object createBucketIfNotPresent: properties: objectLocking: From 8c72bed7796333c6f50277b58987721f5f6d818b Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Tue, 17 Oct 2023 17:40:33 +0200 Subject: [PATCH 299/768] feat(argo-workflows): Added commonLabels (#2300) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/_helpers.tpl | 3 +++ charts/argo-workflows/values.yaml | 3 +++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 79c898f5..babc96c5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.35.0 +version: 0.36.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade to Argo Workflows v3.4.10 + - kind: added + description: added support for commonLabels diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index d5485a58..31582fc4 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -108,6 +108,7 @@ Fields to note: |-----|------|---------|-------------| | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| commonLabels | object | `{}` | Labels to set on all resources | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index f81e6fc4..0713264f 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -79,6 +79,9 @@ helm.sh/chart: {{ include "argo-workflows.chart" .context }} {{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argo-workflows +{{- with .context.Values.commonLabels }} +{{ toYaml .}} +{{- end }} {{- end }} {{/* diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 1d1e60b8..8d98b37e 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -26,6 +26,9 @@ nameOverride: # -- String to fully override "argo-workflows.fullname" template fullnameOverride: +# -- Labels to set on all resources +commonLabels: {} + # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" From 575ee244b23fa96b9dc3f118fb97f5a6c5f76863 Mon Sep 17 00:00:00 2001 From: Jonathan Raymond Date: Tue, 17 Oct 2023 17:53:16 -0600 Subject: [PATCH 300/768] fix(argo-workflows): add all crds to aggregate-roles template (#2301) fix: add all crds to aggregate-roles Signed-off-by: Jonathan Raymond --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-aggregate-roles.yaml | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index babc96c5..c90d5446 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.36.0 +version: 0.36.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: added support for commonLabels + - kind: fixed + description: added all crds to aggregate-roles diff --git a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml index 977bb86b..ca2ae93e 100644 --- a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -20,6 +20,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - get - list @@ -46,6 +52,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - create - delete @@ -79,6 +91,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - create - delete From 579b91fde33ef8e469817a3507853d8fb8058632 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Oct 2023 07:48:41 -0500 Subject: [PATCH 301/768] chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#2304) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 9ac90a30..bd97afe9 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 99f0698d..9d3a170f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b1dc3b04..64dd515a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false From 14e2e32bedf186c088da0804c262298ca771bc2f Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 24 Oct 2023 19:06:28 +0900 Subject: [PATCH 302/768] chore(argo-workflows): Add sample of PostgreSQL ssl entries in values.yaml (#2307) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index c90d5446..4b42b7a5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.36.1 +version: 0.36.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: added all crds to aggregate-roles + - kind: added + description: Add sample of PostgreSQL ssl entries in values.yaml diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 8d98b37e..84cd8aef 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -161,6 +161,10 @@ controller: # passwordSecret: # name: argo-postgres-config # key: password + # ssl: true + # # sslMode must be one of: disable, require, verify-ca, verify-full + # # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq + # sslMode: require # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. # Only valid for 2.7+ From a67424d0c43cf0231d77fb1e086fba0a686094f7 Mon Sep 17 00:00:00 2001 From: Ujin <592652+evgeniy-khatko@users.noreply.github.com> Date: Tue, 24 Oct 2023 08:34:49 -0400 Subject: [PATCH 303/768] feat(argo-workflows): Updated supported workers parameters (#2297) * feat(argo-workflows): Updated supported workers parameters Change ------ Based on argo-workflows [scaling documents](https://argoproj.github.io/argo-workflows/scaling/) it's possible to set following workers values: `--workflow-workers`, `--workflow-ttl-workers`, `--pod-cleanup-workers` and statring 3.5 `--cron-workflow-workers`. This change allows chart consumers to take advatage of _all_ these parameters. Testing ------- ``` helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep workers helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep -A1 workers - "--workflow-workers" - "10" helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep -A1 workers - "--workflow-workers" - "10" - "--workflow-ttl-workers" - "20" helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep -A1 workers - "--workflow-workers" - "10" - "--workflow-ttl-workers" - "20" - "--pod-cleanup-workers" - "30" helm upgrade argowf charts/argo-workflows -n argo --values charts/argo-workflows/values.yaml --create-namespace --debug | grep -A70 "Source: argo-workflows/templates/controller/workflow-controller-deployment.yaml" | grep -A1 workers - "--workflow-workers" - "10" - "--workflow-ttl-workers" - "20" - "--pod-cleanup-workers" - "30" - "--cron-workflow-workers" - "40" ``` Signed-off-by: Evgeny Khatko Signed-off-by: Evgeny Khatko * Addressing PR feedback. Signed-off-by: Evgeny Khatko * newline Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> * Update Chart.yaml Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> * Update Chart.yaml Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> --------- Signed-off-by: Evgeny Khatko Signed-off-by: Evgeny Khatko Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> Co-authored-by: Evgeny Khatko Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 3 +++ .../controller/workflow-controller-deployment.yaml | 12 ++++++++++++ charts/argo-workflows/values.yaml | 7 +++++++ 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 4b42b7a5..44d16bab 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.36.2 +version: 0.37.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add sample of PostgreSQL ssl entries in values.yaml + - kind: changed + description: Updated supported scaling parameters based on https://argoproj.github.io/argo-workflows/scaling/ diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 31582fc4..03811169 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -142,6 +142,7 @@ Fields to note: | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | +| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ | | controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | | controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment | @@ -182,6 +183,7 @@ Fields to note: | controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods | | controller.persistence | object | `{}` | enable persistence using postgres | | controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods | +| controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers | | controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. | | controller.podGCGracePeriodSeconds | string | `30` seconds (Kubernetes default) | Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. | | controller.podLabels | object | `{}` | Optional labels to add to the controller pods | @@ -221,6 +223,7 @@ Fields to note: | controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ | | controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. | | controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ | +| controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers | | controller.workflowWorkers | string | `nil` | Number of workflow workers | ### Workflow Main Container diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index c391bee8..132d7f8c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -60,6 +60,18 @@ spec: - "--workflow-workers" - {{ . | quote }} {{- end }} + {{- with .Values.controller.workflowTTLWorkers }} + - "--workflow-ttl-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.podCleanupWorkers }} + - "--pod-cleanup-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.cronWorkflowWorkers }} + - "--cron-workflow-workers" + - {{ . | quote }} + {{- end }} {{- with .Values.controller.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 84cd8aef..cae5f749 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -180,6 +180,13 @@ controller: # -- Number of workflow workers workflowWorkers: # 32 + # -- Number of workflow TTL workers + workflowTTLWorkers: # 4 + # -- Number of pod cleanup workers + podCleanupWorkers: # 4 + # -- Number of cron workflow workers + # Only valid for 3.5+ + cronWorkflowWorkers: # 8 # -- Restricts the Workflows that the controller will process. # Only valid for 2.9+ workflowRestrictions: {} From 804af65b38dd1c4a27a3df5fb478d18c126a6e24 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Tue, 24 Oct 2023 07:39:37 -0500 Subject: [PATCH 304/768] fix(argo-rollouts): controller replicas count comparison (#2309) --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/templates/controller/deployment.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 457f76a0..ddc6582b 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.0 +version: 2.32.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Rollouts to v1.6.0 + - kind: fixed + description: Use integer instead of float for controller replicas diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 966491c8..23dc14cb 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -48,7 +48,7 @@ spec: {{- if not .Values.clusterInstall }} - --namespaced {{- end }} - {{- if gt .Values.controller.replicas 1.0 }} + {{- if gt (int .Values.controller.replicas) 1 }} - --leader-elect {{- end }} {{- with .Values.controller.extraArgs }} From a41b70b59cf2ff7e9495969e041d853c8e06ba0d Mon Sep 17 00:00:00 2001 From: gussan <83329336+toyamagu-2021@users.noreply.github.com> Date: Fri, 27 Oct 2023 18:43:52 +0900 Subject: [PATCH 305/768] feat(argo-cd): add terminationGracePeriodSeconds (#2310) Signed-off-by: toyamagu-2021 --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 7 +++++++ .../statefulset.yaml | 3 +++ .../argocd-applicationset/deployment.yaml | 3 +++ .../argocd-notifications/deployment.yaml | 3 +++ .../argocd-repo-server/deployment.yaml | 3 +++ .../templates/argocd-server/deployment.yaml | 3 +++ charts/argo-cd/templates/dex/deployment.yaml | 3 +++ .../argo-cd/templates/redis/deployment.yaml | 3 +++ charts/argo-cd/values.yaml | 21 +++++++++++++++++++ 10 files changed, 52 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5f437944..7302ce5e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.46.8 +version: 5.47.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Sync redis / redis-ha readOnlyRootFilesystem=true option from upstream. This was part of Argo CD 2.8.0. + - kind: added + description: add terminationGracePeriodSeconds diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b2101038..d870dbdc 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -561,6 +561,7 @@ NAME: my-release | controller.serviceAccount.labels | object | `{}` | Labels applied to created service account | | controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name | | controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container | @@ -653,6 +654,7 @@ NAME: my-release | repoServer.serviceAccount.create | bool | `true` | Create repo server service account | | repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | | repoServer.serviceAccount.name | string | `""` | Repo server service account name | +| repoServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server | | repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory | @@ -807,6 +809,7 @@ NAME: my-release | server.serviceAccount.create | bool | `true` | Create server service account | | server.serviceAccount.labels | object | `{}` | Labels applied to created service account | | server.serviceAccount.name | string | `"argocd-server"` | Server service account name | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | | server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | @@ -915,6 +918,7 @@ server: | dex.servicePortHttp | int | `5556` | Service port for HTTP access | | dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access | | dex.servicePortMetrics | int | `5558` | Service port for metrics access | +| dex.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex | | dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | @@ -986,6 +990,7 @@ server: | redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod | | redis.serviceAccount.name | string | `""` | Service account name for redis pod | | redis.servicePort | int | `6379` | Redis service port | +| redis.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis | | redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container | @@ -1136,6 +1141,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | | applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account | | applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name | +| applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | | applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations | @@ -1214,6 +1220,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name | | notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions | | notifications.templates | object | `{}` | The notification template is used to generate the notification content | +| notifications.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 3583a2b7..31bce299 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -52,6 +52,9 @@ spec: {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} containers: - args: diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index d8fb8cbc..ed161d53 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -52,6 +52,9 @@ spec: {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.applicationSet.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} containers: - name: {{ .Values.applicationSet.name }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index d2eca77f..633e1943 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -51,6 +51,9 @@ spec: {{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.notifications.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }} containers: - name: {{ .Values.notifications.name }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index ea54e79d..515984d7 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -62,6 +62,9 @@ spec: {{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.repoServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }} containers: - name: {{ .Values.repoServer.name }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index e3f322cb..983121a9 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -53,6 +53,9 @@ spec: {{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }} containers: - name: {{ .Values.server.name }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index abca6e14..9f782c8d 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -55,6 +55,9 @@ spec: {{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.dex.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} containers: - name: {{ .Values.dex.name }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 419e5f31..3f272d02 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -48,6 +48,9 @@ spec: {{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} {{- end }} + {{- if .Values.redis.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} + {{- end }} serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }} containers: - name: {{ .Values.redis.name }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b029dfaa..0352ef2e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -731,6 +731,9 @@ controller: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Priority class for the application controller pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" @@ -1074,6 +1077,9 @@ dex: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + serviceAccount: # -- Create dex service account create: true @@ -1313,6 +1319,9 @@ redis: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + serviceAccount: # -- Create a service account for the redis pod create: false @@ -1718,6 +1727,9 @@ server: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Priority class for the Argo CD server pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" @@ -2261,6 +2273,9 @@ repoServer: # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- [Node selector] # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} @@ -2618,6 +2633,9 @@ applicationSet: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- [Node selector] # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} @@ -2931,6 +2949,9 @@ notifications: drop: - ALL + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- [Node selector] # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} From 9193d8592949969e7d05e24e066b77ada6a50b9e Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 28 Oct 2023 16:28:44 +0900 Subject: [PATCH 306/768] chore(argo-cd): Upgrade Argo CD to v2.8.5 (#2313) --- charts/argo-cd/Chart.yaml | 8 ++++---- .../templates/argocd-notifications/deployment.yaml | 8 +++++++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7302ce5e..06de55fb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.4 +appVersion: v2.8.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.47.0 +version: 5.48.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: add terminationGracePeriodSeconds + - kind: changed + description: Upgrade Argo CD to v2.8.5 diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 633e1943..edee786a 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -78,13 +78,19 @@ spec: configMapKeyRef: key: notificationscontroller.log.level name: argocd-cmd-params-cm - optional: true + optional: true - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT valueFrom: configMapKeyRef: key: notificationscontroller.log.format name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} From 25d7b519bc7fc37d2820721cd648f3a3403d0e38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 28 Oct 2023 14:21:37 +0200 Subject: [PATCH 307/768] chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#2314) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 64dd515a..3273e72d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif From 0cc17965301b838977c8b1cca2cbf86969c889a0 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Mon, 30 Oct 2023 09:51:56 +0100 Subject: [PATCH 308/768] fix(argo-cd): Update Bitbucket SSH key (#2317) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 06de55fb..ac473f03 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.48.0 +version: 5.48.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.8.5 + description: Update Bitbucket.org SSH key diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 0352ef2e..802e512c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -326,7 +326,7 @@ configs: [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= From 94c0a0a246771e0d1996de4759d3dba036407b27 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 30 Oct 2023 16:42:32 +0200 Subject: [PATCH 309/768] feat(argo-cd): add notification cluster role (#2315) * Add notification cluster role Signed-off-by: drfaust92 * Add notification cluster role Signed-off-by: drfaust92 * Add notification cluster role Signed-off-by: drfaust92 * Add notification cluster role Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 --- charts/argo-cd/Chart.yaml | 6 ++--- charts/argo-cd/README.md | 1 + .../argocd-notifications/clusterrole.yaml | 22 +++++++++++++++++++ .../clusterrolebinding.yaml | 16 ++++++++++++++ charts/argo-cd/values.yaml | 6 +++++ 5 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-notifications/clusterrole.yaml create mode 100644 charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ac473f03..eaa7c2c6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.48.1 +version: 5.49.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Update Bitbucket.org SSH key + - kind: added + description: Add notification cluster role support diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d870dbdc..e0e25025 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1160,6 +1160,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml new file mode 100644 index 00000000..1d2e0fd7 --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +rules: + {{- with .Values.notifications.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} + {{- end }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - get + - list + - watch + - update + - patch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml new file mode 100644 index 00000000..1b47bf12 --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.notifications.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.notificationsServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 802e512c..4ec93222 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2997,6 +2997,12 @@ notifications: # -- Whether helm chart creates notifications controller config map create: true + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- List of custom rules for the notifications controller's ClusterRole resource + rules: [] + # -- Contains centrally managed global application subscriptions ## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/ subscriptions: [] From 4f5c75fbc7513d0359e11208e24df51474493686 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Mon, 30 Oct 2023 12:42:39 -0500 Subject: [PATCH 310/768] fix(argo-rollouts): Update AnalysisRun CRD to match upstream (#2320) --- charts/argo-rollouts/Chart.yaml | 4 +- .../templates/crds/analysis-run-crd.yaml | 51 ++++++++++++++++++- 2 files changed, 51 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index ddc6582b..6d343fdc 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.1 +version: 2.32.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Use integer instead of float for controller replicas + description: Update AnalysisRun CRD to match upstream diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 7324e908..1dddfa7d 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -189,13 +189,22 @@ spec: datadog: properties: apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: type: string interval: + default: 5m type: string + queries: + additionalProperties: + type: string + type: object query: type: string - required: - - query type: object graphite: properties: @@ -2809,6 +2818,19 @@ spec: type: string authentication: properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object sigv4: properties: profile: @@ -2857,6 +2879,31 @@ spec: type: object web: properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object body: type: string headers: From 2eb537dde00f9bc6d250ea349ad85a709565cce0 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Tue, 31 Oct 2023 12:21:05 -0500 Subject: [PATCH 311/768] fix(github): update chart testing action due to failure (#2324) Getting failure when running chart testing action pulling v2.0.0 from sigstore Updating action to see if this helps Signed-off-by: jmeridth --- .github/workflows/lint-and-test.yml | 4 ++-- scripts/lint.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index bd97afe9..b6da136f 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -38,10 +38,10 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 + uses: helm/chart-testing-action@b43128a8b25298e1e7b043b78ea6613844e079b1 # v2.6.0 with: # Note: Also update in scripts/lint.sh - version: v3.7.1 + version: v3.10.0 - name: List changed charts id: list-changed diff --git a/scripts/lint.sh b/scripts/lint.sh index b44a6cee..6061adb5 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -9,7 +9,7 @@ echo -e "\n-- Linting all Helm Charts --\n" docker run \ -v "$SRCROOT:/workdir" \ --entrypoint /bin/sh \ - quay.io/helmpack/chart-testing:v3.7.1 \ + quay.io/helmpack/chart-testing:v3.10.0 \ -c cd /workdir \ ct lint \ --config .github/configs/ct-lint.yaml \ From 733d84a42398cc1a1a6dea8bf75b2a7a2bf3101f Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Tue, 31 Oct 2023 17:48:55 +0000 Subject: [PATCH 312/768] chore(argo-cd): Upgrade Argo CD to v2.8.6 (#2323) * chore(argo-cd): Upgrade Argo CD to v2.8.6 Signed-off-by: Tim Collins * fix: drop unrecognized helm timeout Signed-off-by: jmeridth --------- Signed-off-by: Tim Collins Signed-off-by: Jason Meridth Signed-off-by: jmeridth Co-authored-by: Jason Meridth --- .github/configs/ct-lint.yaml | 1 - charts/argo-cd/Chart.yaml | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/configs/ct-lint.yaml b/.github/configs/ct-lint.yaml index 1e66067a..99cb8b3c 100644 --- a/.github/configs/ct-lint.yaml +++ b/.github/configs/ct-lint.yaml @@ -7,7 +7,6 @@ chart-dirs: - charts chart-repos: - dandydeveloper=https://dandydeveloper.github.io/charts/ -helm-extra-args: "--timeout 600s" validate-chart-schema: false validate-maintainers: true validate-yaml: true diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index eaa7c2c6..8114ee70 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.5 +appVersion: v2.8.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.49.0 +version: 5.50.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add notification cluster role support + - kind: changed + description: Upgrade Argo CD to v2.8.6 From 4afebb25f60aeeadb7c4365ab2fc1824185d0aa8 Mon Sep 17 00:00:00 2001 From: Denis Kadyshev Date: Thu, 2 Nov 2023 16:43:50 +0700 Subject: [PATCH 313/768] fix(argo-cd): Create notifications clusterrole and clusterrolebinding when enabled (#2326) * Create clusterrole for nitifications only when notifications enabled Signed-off-by: Denis Kadyshev * Create clusterrolebinding for nitifications only when notifications enbaled Signed-off-by: Denis Kadyshev * Bump version in Chart.yaml Signed-off-by: Denis Kadyshev * Update Chart.yaml Signed-off-by: Denis Kadyshev * Update Chart.yaml Signed-off-by: Denis Kadyshev --------- Signed-off-by: Denis Kadyshev --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-notifications/clusterrole.yaml | 2 +- .../templates/argocd-notifications/clusterrolebinding.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8114ee70..d986c987 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.8.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.50.0 +version: 5.50.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.8.6 + - kind: fixed + description: Create notifications clusterrole and clusterrolebinding when enabled diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml index 1d2e0fd7..927d30a0 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml index 1b47bf12..3dba71a2 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: From d170cdb2df6c9a78fff7f7ec3240be7cf046afea Mon Sep 17 00:00:00 2001 From: Max! Date: Fri, 3 Nov 2023 21:39:05 +0100 Subject: [PATCH 314/768] fix(argo-workflows): Fix outdated URL in values.yaml comments (#2328) * fix outdated link branch link Branch was renamed prior, redirects to main now Signed-off-by: Max! * Update Chart.yaml Signed-off-by: Max! * add to changelog Signed-off-by: Max! --------- Signed-off-by: Max! --- charts/argo-workflows/Chart.yaml | 4 +++- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 44d16bab..53d392c2 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.37.0 +version: 0.37.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -18,3 +18,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: Updated supported scaling parameters based on https://argoproj.github.io/argo-workflows/scaling/ + - kind: changed + description: Updated a url in values.yaml comments. diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index cae5f749..8d3c830d 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -124,7 +124,7 @@ controller: # -- Service metrics port name servicePortName: metrics # -- ServiceMonitor relabel configs to apply to samples before scraping - ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig relabelings: [] # -- ServiceMonitor metric relabel configs to apply to samples before ingestion ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint From a98dd96059a3c49c587ec56deba028642ac7f9ca Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 4 Nov 2023 14:57:43 +0900 Subject: [PATCH 315/768] chore(argo-workflows): Upgrade Argo Workflows to v3.5.1 (#2329) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 53d392c2..aa941d42 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.0 +appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.37.1 +version: 0.38.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,6 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Updated supported scaling parameters based on https://argoproj.github.io/argo-workflows/scaling/ - - kind: changed - description: Updated a url in values.yaml comments. + description: Upgrade Argo Workflows to v3.5.1 From 16f4c26e9cca37f3354056ae6d581bc74adf8c0c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 4 Nov 2023 06:42:32 -0500 Subject: [PATCH 316/768] chore(deps): bump amannn/action-semantic-pull-request from 5.3.0 to 5.4.0 (#2330) chore(deps): bump amannn/action-semantic-pull-request Bumps [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/47b15d52c5c30e94a17ec87eb8dd51ff5221fed9...e9fabac35e210fea40ca5b14c0da95a099eff26f) --- updated-dependencies: - dependency-name: amannn/action-semantic-pull-request dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index be77f1ae..256b1c38 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@47b15d52c5c30e94a17ec87eb8dd51ff5221fed9 # v5.3.0 + - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From 9f8f48386923bd7d7086798be709b3267f99f247 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 4 Nov 2023 06:43:58 -0500 Subject: [PATCH 317/768] chore(deps): bump helm/chart-releaser-action from 1.5.0 to 1.6.0 (#2331) Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/be16258da8010256c6e82849661221415f031968...a917fd15b20e8b64b94d9158ad54cd6345335584) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9d3a170f..7c0e768b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -58,7 +58,7 @@ jobs: PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" - name: Run chart-releaser - uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 + uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 with: config: "./.github/configs/cr.yaml" env: From 8b17cdf924a047fb8b7c6aa819f87dbae7477492 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 4 Nov 2023 06:46:02 -0500 Subject: [PATCH 318/768] chore(deps): bump helm/chart-testing-action from 2.6.0 to 2.6.1 (#2332) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/b43128a8b25298e1e7b043b78ea6613844e079b1...e6669bcd63d7cb57cb4380c33043eebe5d111992) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index b6da136f..c2102b61 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -38,7 +38,7 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@b43128a8b25298e1e7b043b78ea6613844e079b1 # v2.6.0 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 with: # Note: Also update in scripts/lint.sh version: v3.10.0 From f634cf6e9c35458756a7a3b74e83a8c7c14398a8 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Mon, 6 Nov 2023 13:54:34 +0100 Subject: [PATCH 319/768] feat(argo-cd): Upgrade Argo CD to 2.9.0 (#2318) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 8 +- .../argocd-applicationset/deployment.yaml | 12 + .../argocd-repo-server/deployment.yaml | 12 + .../templates/argocd-server/clusterrole.yaml | 1 + .../templates/crds/crd-application.yaml | 389 ++++- .../templates/crds/crd-applicationset.yaml | 1471 +++++++++++++++++ 6 files changed, 1883 insertions(+), 10 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d986c987..fa544eff 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.6 +appVersion: v2.9.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.50.1 +version: 5.51.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Create notifications clusterrole and clusterrolebinding when enabled + - kind: changed + description: Upgrade Argo CD to v2.9.0 diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index ed161d53..b704650a 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -90,6 +90,18 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 515984d7..90941428 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -231,6 +231,18 @@ spec: key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.disable.helm.manifest.max.extracted.size + optional: true - name: ARGOCD_GIT_MODULES_ENABLED valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 838016fa..44d50515 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -40,6 +40,7 @@ rules: - argoproj.io resources: - applications + - applicationsets verbs: - get - list diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index b4d13a15..03401574 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -359,6 +359,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -657,6 +688,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -797,7 +859,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -805,8 +868,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster and - must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. type: string type: object ignoreDifferences: @@ -1067,6 +1131,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -1355,6 +1450,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -1796,6 +1922,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -2097,6 +2254,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -2542,6 +2730,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -2860,6 +3079,38 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize + patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -3292,6 +3543,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -3603,6 +3885,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -3804,7 +4117,8 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name + target cluster by its symbolic name. This must be set + if Server is not set. type: string namespace: description: Namespace specifies the target namespace @@ -3813,8 +4127,9 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. type: string type: object ignoreDifferences: @@ -4056,6 +4371,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications @@ -4367,6 +4713,37 @@ spec: description: Namespace sets the namespace that Kustomize adds to all resources type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: description: Replicas is a list of Kustomize Replicas override specifications diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index fa0d926a..8d7409e5 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -269,6 +269,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -449,6 +479,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -788,6 +848,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -968,6 +1058,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -1311,6 +1431,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -1491,6 +1641,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -1814,6 +1994,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -1994,6 +2204,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -2341,6 +2581,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -2521,6 +2791,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -2860,6 +3160,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -3040,6 +3370,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -3383,6 +3743,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -3563,6 +3953,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -3886,6 +4306,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -4066,6 +4516,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -4399,6 +4879,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -4579,6 +5089,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -5092,6 +5632,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -5272,6 +5842,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -5564,6 +6164,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -5578,6 +6180,8 @@ spec: - key - secretName type: object + topic: + type: string required: - group type: object @@ -5776,6 +6380,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -5956,6 +6590,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -6293,6 +6957,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -6473,6 +7167,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -6820,6 +7544,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -7000,6 +7754,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -7339,6 +8123,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -7519,6 +8333,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -7862,6 +8706,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -8042,6 +8916,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -8365,6 +9269,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -8545,6 +9479,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -8878,6 +9842,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -9058,6 +10052,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -9571,6 +10595,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -9751,6 +10805,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -10043,6 +11127,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -10057,6 +11143,8 @@ spec: - key - secretName type: object + topic: + type: string required: - group type: object @@ -10255,6 +11343,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -10435,6 +11553,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -10776,6 +11924,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -10956,6 +12134,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -11286,6 +12494,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -11466,6 +12704,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -11979,6 +13247,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -12159,6 +13457,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -12451,6 +13779,8 @@ spec: type: string group: type: string + includeSharedProjects: + type: boolean includeSubgroups: type: boolean insecure: @@ -12465,6 +13795,8 @@ spec: - key - secretName type: object + topic: + type: string required: - group type: object @@ -12663,6 +13995,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -12843,6 +14205,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -12994,12 +14386,31 @@ spec: items: type: string type: array + ignoreApplicationDifferences: + items: + properties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + name: + type: string + type: object + type: array preservedFields: properties: annotations: items: type: string type: array + labels: + items: + type: string + type: array type: object strategy: properties: @@ -13236,6 +14647,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: @@ -13416,6 +14857,36 @@ spec: type: string namespace: type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array replicas: items: properties: From 622aee3850af8a0a3b4c7298fcc23e42f49cd799 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Mon, 6 Nov 2023 09:10:35 -0600 Subject: [PATCH 320/768] chore(github): Updated security documentation and CLOMonitor exemptions (#2333) * Updated security documentation and CLOMonitor exemptions Signed-off-by: Eddie Knight * Added license scanning exepmtion Signed-off-by: Eddie Knight * Added best practices badge to README Signed-off-by: Eddie Knight --------- Signed-off-by: Eddie Knight Co-authored-by: Jason Meridth --- .clomonitor.yml | 6 ++++++ CONTRIBUTING.md | 2 ++ README.md | 1 + SECURITY-INSIGHTS.yml | 23 +++++++++++++++++++++++ 4 files changed, 32 insertions(+) create mode 100644 SECURITY-INSIGHTS.yml diff --git a/.clomonitor.yml b/.clomonitor.yml index 9f1fff8c..c75e8a7b 100644 --- a/.clomonitor.yml +++ b/.clomonitor.yml @@ -7,6 +7,12 @@ exemptions: reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI) - check: sbom reason: "Tracking Helm dependencies is not yet a stable practice." + - check: self_assessment + reason: "Refer to self assessments supplied by the codebases Argo Helm supports." + - check: signed_releases + reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only." + - check: license_scanning + reason: "Temporary exemption: pending response from CNCF Service Desk" # TODO: # License scanning information diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d67ddefc..f9861dcb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -47,6 +47,8 @@ Any breaking changes to a chart (backwards incompatible) require: ### New Application Versions +Helm charts are intended to be created for all non-patched releases of Argo CD, Workflows, Rollouts, and Events. Associated dependencies, such as Redis, will use the version recommended by the associated release. + When selecting new application versions ensure you make the following changes: * `values.yaml`: Bump all instances of the container image version diff --git a/README.md b/README.md index b29bb3d1..0c5c6798 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo) [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm) +[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7942/badge)](https://www.bestpractices.dev/projects/7942) Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command: diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml new file mode 100644 index 00000000..a983c4f1 --- /dev/null +++ b/SECURITY-INSIGHTS.yml @@ -0,0 +1,23 @@ +header: + schema-version: '1.0.0' + expiration-date: '2024-11-04T10:00:00.000Z' + project-url: https://github.com/argoproj/argo-helm +project-lifecycle: + status: active + bug-fixes-only: false + core-maintainers: + - https://github.com/mkilchhofer + - https://github.com/jmeridth +contribution-policy: + accepts-pull-requests: true + accepts-automated-pull-requests: true +distribution-points: + - https://github.com/argoproj/argo-helm/blob/main/SECURITY.md +vulnerability-reporting: + accepts-vulnerability-reports: true + email-contact: cncf-argo-maintainers@lists.cncf.io + security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md + comment: Please refer to the security policy for reporting information prior to using the email contact. +dependencies: + env-dependencies-policy: + policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions From 9840ebedc640e8f30e0f9223ff10dd9284af543e Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 9 Nov 2023 01:04:58 +0900 Subject: [PATCH 321/768] fix(argo-workflows): Accept multi auth mode for server (#2336) * fix(argo-workflows): Accept multi auth mode for server Signed-off-by: yu-croco * chore(argo-workflows): improve description of authMode Signed-off-by: yu-croco * chore(argo-workflows): keep the older value valid for now as compatibility. Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 3 ++- charts/argo-workflows/templates/NOTES.txt | 4 ++++ .../argo-workflows/templates/server/server-deployment.yaml | 3 +++ charts/argo-workflows/values.yaml | 7 +++++-- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index aa941d42..79929c7d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.38.0 +version: 0.39.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.5.1 + - kind: fixed + description: Accept multi auth mode for server. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 03811169..e3498867 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -260,7 +260,8 @@ Fields to note: | server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | | server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` | Assign custom [affinity] rules | -| server.authMode | string | `""` | Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well. | +| server.authMode | string | `""` | Deprecated; use server.authModes instead. | +| server.authModes | list | `[]` | A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] | diff --git a/charts/argo-workflows/templates/NOTES.txt b/charts/argo-workflows/templates/NOTES.txt index b4933a7d..43c1c8f8 100644 --- a/charts/argo-workflows/templates/NOTES.txt +++ b/charts/argo-workflows/templates/NOTES.txt @@ -1,3 +1,7 @@ +{{- if .Values.server.authMode }} +DEPRECATED option server.authMode - Use server.authModes +{{- end }} + 1. Get Argo Server external IP/domain by running: kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index cea885da..38c6072b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -55,6 +55,9 @@ spec: {{- if .Values.server.authMode }} - "--auth-mode={{ .Values.server.authMode }}" {{- end }} + {{- range .Values.server.authModes }} + - "--auth-mode={{ . }}" + {{- end }} - "--secure={{ .Values.server.secure }}" {{- if .Values.singleNamespace }} - "--namespaced" diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 8d3c830d..10a0e5a4 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -536,10 +536,13 @@ server: # - name: FOO # value: "bar" - # -- Auth Mode is available from `server` , `client` or `sso`. If you chose `sso` , please configure `.Values.server.sso` as well. - ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/ + # -- Deprecated; use server.authModes instead. authMode: "" + # -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. + ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/ + authModes: [] + # -- Extra arguments to provide to the Argo server binary. ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options extraArgs: [] From d3d9e7de238e0dab0b45d01535658173c51af3f7 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Wed, 8 Nov 2023 14:09:44 -0600 Subject: [PATCH 322/768] chore(github): Add yu-cruco to * in CODEOWNERS (#2338) chore: Add yu-cruco to * in CODEOWNERS yu-cruco is now a maintainer and will be notified on all PRs - [x] moved CODEOWNERS into .github folder where it belongs Signed-off-by: jmeridth --- CODEOWNERS => .github/CODEOWNERS | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) rename CODEOWNERS => .github/CODEOWNERS (68%) diff --git a/CODEOWNERS b/.github/CODEOWNERS similarity index 68% rename from CODEOWNERS rename to .github/CODEOWNERS index f7432a77..05c993b9 100644 --- a/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,14 +1,6 @@ -# All -* @mkilchhofer @jmeridth +* @mkilchhofer @jmeridth @yu-croco -# Argo Workflows /charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 - -# Argo CD /charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 - -# Argo Events /charts/argo-events/ @pdrastil @jmeridth @tico24 - -# Argo Rollouts /charts/argo-rollouts/ @jmeridth From 3f2654d24aacc35af23a664392438c0e5954c60d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 10 Nov 2023 21:41:09 +0900 Subject: [PATCH 323/768] fix(argo-cd): Add permission for Applications in any namespace (#2341) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/README.md.gotmpl | 1 + charts/argo-cd/templates/argocd-server/clusterrole.yaml | 3 +++ charts/argo-cd/values.yaml | 6 ++++++ 5 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fa544eff..ac684be9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.0 +version: 5.51.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.9.0 + - kind: fixed + description: Add configurations for Applications in any namespace diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index e0e25025..7b79080e 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -449,6 +449,7 @@ NAME: my-release | configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | | configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | +| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | @@ -1253,3 +1254,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [tini]: https://github.com/argoproj/argo-cd/pull/12707 [EKS EoL]: https://endoflife.date/amazon-eks [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions +[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 5dc048b4..b8ffa4fb 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -562,3 +562,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [tini]: https://github.com/argoproj/argo-cd/pull/12707 [EKS EoL]: https://endoflife.date/amazon-eks [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions +[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 44d50515..bd10316b 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -21,6 +21,9 @@ rules: - events verbs: - list + {{- if (index .Values.configs.params "application.namespaces") }} + - create + {{- end }} - apiGroups: - "" resources: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 4ec93222..49dd4e70 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -263,6 +263,12 @@ configs: # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false + # -- Enables [Applications in any namespace] + ## List of additional namespaces where applications may be created in and reconciled from. + ## The namespace where Argo CD is installed to will always be allowed. + ## Set comma-separated list. (e.g. app-team-one, app-team-two) + application.namespaces: "" + # Argo CD RBAC policy configuration ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md rbac: From 84c433962338329141010a9f5b8de1d8c919fff4 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 15 Nov 2023 14:59:16 +0900 Subject: [PATCH 324/768] chore(argo-cd): Upgrade Argo CD to v2.9.1 (#2344) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ac684be9..9a721124 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.0 +appVersion: v2.9.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.1 +version: 5.51.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add configurations for Applications in any namespace + - kind: changed + description: Upgrade Argo CD to v2.9.1 From a29d2165ac9ecc0f168b61cd54b945016a182d5a Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Wed, 15 Nov 2023 12:00:23 +0200 Subject: [PATCH 325/768] chore(argo-rollouts): Bump rollouts to 1.6.1 (#2345) * Bump rollouts to 1.6.2 Signed-off-by: drfaust92 * Bump to 1.6.1 Signed-off-by: drfaust92 * Bump to 1.6.1 Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 6d343fdc..6b49176d 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.0 +appVersion: v1.6.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.2 +version: 2.32.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Update AnalysisRun CRD to match upstream + - kind: changed + description: Upgrade Argo Rollouts to v1.6.1 From d98747224e9200760e7a1684f14c197d5b3c0cec Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Wed, 15 Nov 2023 15:09:30 +0200 Subject: [PATCH 326/768] chore(argo-rollouts): Bump rollouts to 1.6.2 (#2347) --- charts/argo-rollouts/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 6b49176d..6999850f 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.1 +appVersion: v1.6.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.3 +version: 2.32.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Rollouts to v1.6.1 + description: Upgrade Argo Rollouts to v1.6.2 From 737b9724de6e829207ab48caa4b4b0a672840e78 Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Wed, 15 Nov 2023 13:17:09 +0000 Subject: [PATCH 327/768] fix(argo-workflows): Add parameters for tuning revisionHistoryLimit and emptyDir volumes (#2346) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 3 +++ .../controller/workflow-controller-deployment.yaml | 1 + .../argo-workflows/templates/server/server-deployment.yaml | 3 ++- charts/argo-workflows/values.yaml | 7 +++++++ 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 79929c7d..327adb89 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.0 +version: 0.39.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Accept multi auth mode for server. + - kind: added + description: Add parameters for tuning revisionHistoryLimit and emptyDir volumes. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index e3498867..a5f70341 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -197,6 +197,7 @@ Fields to note: | controller.resourceRateLimit | object | `{}` | Globally limits the rate at which pods are created. This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of parallel nodes. | | controller.resources | object | `{}` | Resource limits and requests for the controller | | controller.retentionPolicy | object | `{}` | Workflow retention by number of workflows | +| controller.revisionHistoryLimit | int | `10` | The number of revisions to keep. | | controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.create | bool | `true` | Create a service account for the controller | @@ -304,6 +305,7 @@ Fields to note: | server.rbac.create | bool | `true` | Adds Role and RoleBinding for the server. | | server.replicas | int | `1` | The number of server pods to run | | server.resources | object | `{}` | Resource limits and requests for the server | +| server.revisionHistoryLimit | int | `10` | The number of revisions to keep. | | server.secure | bool | `false` | Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. | | server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context | | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | @@ -331,6 +333,7 @@ Fields to note: | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | +| server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. | | server.tolerations | list | `[]` | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | | server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 132d7f8c..3db5f971 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -12,6 +12,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 38c6072b..182d3169 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -15,6 +15,7 @@ spec: {{- if not .Values.server.autoscaling.enabled }} replicas: {{ .Values.server.replicas }} {{- end }} + revisionHistoryLimit: {{ .Values.server.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} @@ -112,7 +113,7 @@ spec: {{- end }} volumes: - name: tmp - emptyDir: {} + {{- toYaml .Values.server.tmpVolume | nindent 8 }} {{- with .Values.server.volumes }} {{- toYaml . | nindent 6}} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 10a0e5a4..7a5f04e0 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -295,6 +295,8 @@ controller: volumes: [] # -- The number of controller pods to run replicas: 1 + # -- The number of revisions to keep. + revisionHistoryLimit: 10 pdb: # -- Configure [Pod Disruption Budget] for the controller pods @@ -472,6 +474,8 @@ server: resources: {} # -- The number of server pods to run replicas: 1 + # -- The number of revisions to keep. + revisionHistoryLimit: 10 ## Argo Server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server @@ -555,6 +559,9 @@ server: # -- Set the logging format (one of: `text`, `json`) format: "text" + # -- Volume to be mounted in Pods for temporary files. + tmpVolume: + emptyDir: {} # -- Additional volume mounts to the server main container. volumeMounts: [] # -- Additional volumes to the server pod. From 9496f2f1e6f5b2bf7d4149b09a787ee404868924 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 15 Nov 2023 22:32:49 +0900 Subject: [PATCH 328/768] fix(argo-workflows): Align version label (#2342) * fix(argo-workflows): Aligne version label Signed-off-by: yu-croco * fix(argo-workflows): fix typo Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 +++--- .../templates/controller/workflow-controller-service.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 327adb89..f5275105 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.1 +version: 0.39.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add parameters for tuning revisionHistoryLimit and emptyDir volumes. + - kind: fixed + description: Align version label diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 5ade3d40..1959eb2e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -6,7 +6,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - app.kubernetes.io/version: {{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag | trunc 63 | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} {{- with .Values.controller.serviceLabels }} {{ toYaml . | nindent 4 }} {{- end }} From 4c256348e85d0d2419504b0ab4eed3852b8e42ae Mon Sep 17 00:00:00 2001 From: Kripu Khadka <84505567+Kripu77@users.noreply.github.com> Date: Wed, 15 Nov 2023 19:23:26 +0545 Subject: [PATCH 329/768] docs(github): typo fix in security.md (#2343) * typo fix Signed-off-by: Kripu Khadka * Revert "typo fix" This reverts commit b02b2fb766508226eda658eb870a9216a76fed3e. Signed-off-by: Kripu Khadka * typo fix in SECURITY.md Signed-off-by: Kripu Khadka <84505567+Kripu77@users.noreply.github.com> Signed-off-by: Kripu Khadka --------- Signed-off-by: Kripu Khadka Signed-off-by: Kripu Khadka <84505567+Kripu77@users.noreply.github.com> Co-authored-by: Aikawa --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 7c30259c..f4fb6002 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ ## Supported Versions and Upstream Reporting -Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy docueent to find out how to report the security issue. +Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy document to find out how to report the security issue. * [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md) * [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md) From a78556018dc70fa78fb6c4b65fc66489a8e555a7 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Thu, 16 Nov 2023 12:31:53 +0000 Subject: [PATCH 330/768] chore(argo-workflows): Remove xip url from test to avoid confusion (#2350) * chore(argo-workflows): Remove xip url from test to avoid confusion Signed-off-by: Tim Collins * Bump version Signed-off-by: Tim Collins * More bumpings Signed-off-by: Tim Collins * Tim can't type Signed-off-by: Tim Collins * Swap to example.com - rfc2606 Signed-off-by: Tim Collins --------- Signed-off-by: Tim Collins --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/ci/enable-ingress-values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index f5275105..0e3a49a5 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.2 +version: 0.39.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Align version label + - kind: changed + description: Modify test host url to avoid user confusion diff --git a/charts/argo-workflows/ci/enable-ingress-values.yaml b/charts/argo-workflows/ci/enable-ingress-values.yaml index 05dae886..bfcc37c3 100644 --- a/charts/argo-workflows/ci/enable-ingress-values.yaml +++ b/charts/argo-workflows/ci/enable-ingress-values.yaml @@ -5,4 +5,4 @@ server: ingress: enabled: true hosts: - - argo-workflows.127.0.0.1.xip.io + - argo-workflows.example.com From 14887dd57d15255b567108bd1d890ed0cf025aeb Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Sun, 19 Nov 2023 23:18:57 +0100 Subject: [PATCH 331/768] chore(argo-cd): Replace non-existing examples with official example domain (#2352) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9a721124..038ae63c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.2 +version: 5.51.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.9.1 + description: Replace non-existing examples with official example domain (RFC 2606) diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 49dd4e70..c4480e6c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -410,7 +410,7 @@ configs: ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters clusterCredentials: [] # - name: mycluster - # server: https://mycluster.com + # server: https://mycluster.example.com # labels: {} # annotations: {} # config: @@ -419,7 +419,7 @@ configs: # insecure: false # caData: "" # - name: mycluster2 - # server: https://mycluster2.com + # server: https://mycluster2.example.com # labels: {} # annotations: {} # namespaces: namespace1,namespace2 @@ -430,7 +430,7 @@ configs: # insecure: false # caData: "" # - name: mycluster3-project-scoped - # server: https://mycluster3.com + # server: https://mycluster3.example.com # labels: {} # annotations: {} # project: my-project1 From c18365288937157459c2fda20d5a0cdeb6478abb Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 21 Nov 2023 03:49:41 +0900 Subject: [PATCH 332/768] chore(argo-cd): Upgrade Argo CD to v2.9.2 (#2353) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 038ae63c..f0100f7f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.1 +appVersion: v2.9.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.3 +version: 5.51.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Replace non-existing examples with official example domain (RFC 2606) + description: Upgrade Argo CD to v2.9.2 From 7f95a5f9f0cf777ad564c5d90c973e17bde1b7bc Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Mon, 27 Nov 2023 07:30:08 +0100 Subject: [PATCH 333/768] chore(github): Update SECURITY-INSIGHTS.yml to include security-contacts (#2356) --- SECURITY-INSIGHTS.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml index a983c4f1..e3a6aeed 100644 --- a/SECURITY-INSIGHTS.yml +++ b/SECURITY-INSIGHTS.yml @@ -11,13 +11,28 @@ project-lifecycle: contribution-policy: accepts-pull-requests: true accepts-automated-pull-requests: true + automated-tools-list: + - automated-tool: dependabot + action: allowed + path: + - / + contributing-policy: https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md + code-of-conduct: https://github.com/cncf/foundation/blob/master/code-of-conduct.md distribution-points: - - https://github.com/argoproj/argo-helm/blob/main/SECURITY.md + - https://argoproj.github.io/argo-helm + - https://artifacthub.io/packages/search?org=argoproj&repo=argo +security-contacts: + - type: website + value: https://github.com/argoproj/argo-helm/security/advisories/new + primary: true vulnerability-reporting: accepts-vulnerability-reports: true email-contact: cncf-argo-maintainers@lists.cncf.io security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md - comment: Please refer to the security policy for reporting information prior to using the email contact. + comment: | + Our preferred contact method related to vulnerabilities is the Security tab on GitHub. + Click the button "Report a vulnerability" to open the advisory form. + Please refer to the security policy for reporting information prior to using the email contact. dependencies: env-dependencies-policy: policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions From 7261decaf8c15cc644ff8b0d8e5b3b9633a6a17d Mon Sep 17 00:00:00 2001 From: qa-florian-wende <113123884+qa-florian-wende@users.noreply.github.com> Date: Mon, 27 Nov 2023 18:44:58 +0100 Subject: [PATCH 334/768] feat(argo-workflows): Make workflow controller ConfigMap optional (#2354) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ charts/argo-workflows/templates/_helpers.tpl | 7 +++++++ .../controller/workflow-controller-config-map.yaml | 4 +++- .../controller/workflow-controller-deployment.yaml | 2 +- .../argo-workflows/templates/server/server-deployment.yaml | 2 +- charts/argo-workflows/values.yaml | 6 ++++++ 7 files changed, 23 insertions(+), 6 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0e3a49a5..3e93c1f6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.1 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.3 +version: 0.39.4 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Modify test host url to avoid user confusion + - kind: added + description: Make configMap optional and allow its name to be overridden diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index a5f70341..64bd8191 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -142,6 +142,8 @@ Fields to note: | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | +| controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | +| controller.configMap.name | string | `""` | ConfigMap name | | controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ | | controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 0713264f..0d170ec9 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -97,6 +97,13 @@ app.kubernetes.io/component: {{ .component }} {{- end }} {{- end }} +{{/* +Create the name of the controller configMap +*/}} +{{- define "argo-workflows.controller.config-map.name" -}} +{{- .Values.controller.configMap.name | default (printf "%s-%s" (include "argo-workflows.controller.fullname" .) "configmap") | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the server service account to use */}} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d4728a30..bff3e121 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -1,7 +1,8 @@ +{{- if .Values.controller.configMap.create }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "argo-workflows.controller.fullname" . }}-configmap + name: {{ template "argo-workflows.controller.config-map.name" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} @@ -191,3 +192,4 @@ data: {{- with .Values.controller.podGCDeleteDelayDuration }} podGCDeleteDelayDuration: {{ . }} {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 3db5f971..2cc8a903 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -45,7 +45,7 @@ spec: command: [ "workflow-controller" ] args: - "--configmap" - - "{{ template "argo-workflows.controller.fullname" . }}-configmap" + - "{{ template "argo-workflows.controller.config-map.name" . }}" - "--executor-image" - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}" - "--loglevel" diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 182d3169..f44fa57d 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -49,7 +49,7 @@ spec: {{- toYaml .Values.server.securityContext | nindent 12 }} args: - server - - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap + - --configmap={{ template "argo-workflows.controller.config-map.name" . }} {{- with .Values.server.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 7a5f04e0..a1a101d5 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -91,6 +91,12 @@ controller: # -- Allows controller to create and update ConfigMaps. Enables memoization feature writeConfigMaps: false + configMap: + # -- Create a ConfigMap for the controller + create: true + # -- ConfigMap name + name: "" + # -- Limits the maximum number of incomplete workflows in a namespace namespaceParallelism: # -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224 From cabe63d2b65ef6708567c249e676fce069815b6d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 28 Nov 2023 06:12:50 +0900 Subject: [PATCH 335/768] chore(argo-workflows): Upgrade Argo Workflows to v3.5.2 (#2357) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 3e93c1f6..d71407c9 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.1 +appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.4 +version: 0.39.5 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Make configMap optional and allow its name to be overridden + - kind: changed + description: Upgrade Argo Workflows to v3.5.2 From f5201e76ad3bd83bc9f093baf8a398ae15ad3f7e Mon Sep 17 00:00:00 2001 From: Abdulla Abdurakhmanov Date: Wed, 29 Nov 2023 14:34:39 +0100 Subject: [PATCH 336/768] fix(argo-rollouts): Update all rollout CRDs to match upstream (#2361) Signed-off-by: Abdulla Abdurakhmanov --- charts/argo-rollouts/Chart.yaml | 4 +- .../templates/crds/analysis-template-crd.yaml | 51 ++++++++++++++++++- .../crds/cluster-analysis-template-crd.yaml | 51 ++++++++++++++++++- 3 files changed, 100 insertions(+), 6 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 6999850f..933cc9d3 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.4 +version: 2.32.5 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Rollouts to v1.6.2 + description: Upgrade Argo Rollouts CRDs to match them mainstream from v1.6.2 diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 93479097..d97a6ce9 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -185,13 +185,22 @@ spec: datadog: properties: apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: type: string interval: + default: 5m type: string + queries: + additionalProperties: + type: string + type: object query: type: string - required: - - query type: object graphite: properties: @@ -2805,6 +2814,19 @@ spec: type: string authentication: properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object sigv4: properties: profile: @@ -2853,6 +2875,31 @@ spec: type: object web: properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object body: type: string headers: diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 66977374..335f06a2 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -185,13 +185,22 @@ spec: datadog: properties: apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: type: string interval: + default: 5m type: string + queries: + additionalProperties: + type: string + type: object query: type: string - required: - - query type: object graphite: properties: @@ -2805,6 +2814,19 @@ spec: type: string authentication: properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object sigv4: properties: profile: @@ -2853,6 +2875,31 @@ spec: type: object web: properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object body: type: string headers: From f4eb968c22dadd9ff40f0836dcaf14008e34d831 Mon Sep 17 00:00:00 2001 From: Andre Marcelo-Tanner Date: Wed, 29 Nov 2023 13:39:59 -0500 Subject: [PATCH 337/768] docs(argo-cd): Add migration guide to README for Config Management Plugins (#2360) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 12 ++++++++++-- charts/argo-cd/README.md.gotmpl | 12 ++++++++++-- 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f0100f7f..8853d5a3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.4 +version: 5.51.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.9.2 + - kind: added + description: "[docs] Added migration steps to README for Config Management Plugins settings available since 5.26.0" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7b79080e..fa869975 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -115,14 +115,22 @@ The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. +### 5.26.0 + +This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. +Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics. + +To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`. +You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also. + ### 5.24.0 -This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). Default `global.affinity` rules can be disabled when `none` value is used for the preset. ### 5.22.0 -This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. +This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. ### 5.19.0 diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index b8ffa4fb..7df79078 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -115,14 +115,22 @@ The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. +### 5.26.0 + +This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. +Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics. + +To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`. +You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also. + ### 5.24.0 -This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). Default `global.affinity` rules can be disabled when `none` value is used for the preset. ### 5.22.0 -This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. +This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. ### 5.19.0 From d62aafdf629e66e23af98405698c9d0fc0f83e6c Mon Sep 17 00:00:00 2001 From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Date: Thu, 30 Nov 2023 15:14:55 -0500 Subject: [PATCH 338/768] docs(github): remove unnecessary qualifier in README (#2364) docs: remove unnecessary qualifier in README I think the sentence applies to all Argo projects. Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c5c6798..3d57db36 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ Some users would prefer to install the CRDs _outside_ of the chart. You can disa Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Our CRDs have been moved to `/templates` to address this design decision. -If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: +If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: Example: From 152c04f827d08b9e53fdf2f52ef773551c2e3707 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 2 Dec 2023 20:03:24 +0900 Subject: [PATCH 339/768] chore(argo-cd): Upgrade Argo CD to v2.9.3 (#2365) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8853d5a3..594dd161 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.2 +appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.5 +version: 5.51.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: "[docs] Added migration steps to README for Config Management Plugins settings available since 5.26.0" + - kind: changed + description: Upgrade Argo CD to v2.9.3 From 2c046f9a9a647ff1b53a81c0defcc311af95974d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 5 Dec 2023 14:55:10 +0900 Subject: [PATCH 340/768] fix(argo-workflows): Add missing permission to workflow role (#2367) --- charts/argo-workflows/Chart.yaml | 6 +++--- .../argo-workflows/templates/controller/workflow-role.yaml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index d71407c9..9ef6fce8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.5 +version: 0.39.6 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.5.2 + - kind: fixed + description: Add missing permission to workflow role diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 51050d0f..80309119 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -38,6 +38,7 @@ rules: - workflowtaskresults verbs: - create + - patch - apiGroups: - argoproj.io resources: From 690e83be66297fd776f69bf0b44633e91f1e7388 Mon Sep 17 00:00:00 2001 From: Vlad Losev Date: Wed, 6 Dec 2023 23:23:14 -0800 Subject: [PATCH 341/768] fix(argo-workflows): Fix OAuth redirect URL autoconfig. (#2369) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 2 +- charts/argo-workflows/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 9ef6fce8..f5e725d3 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.6 +version: 0.39.7 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Add missing permission to workflow role + description: Fixes OAuth redirect URL autoconfig. diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 64bd8191..c8e5f5f8 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -331,7 +331,7 @@ Fields to note: | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | | server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | | server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | -| server.sso.redirectUrl | string | `"https://argo/oauth2/callback"` | | +| server.sso.redirectUrl | string | `""` | | | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index a1a101d5..9a5fa859 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -675,7 +675,7 @@ server: # -- Key of a secret to retrieve the app OIDC client secret key: client-secret # - The OIDC redirect URL. Should be in the form /oauth2/callback. - redirectUrl: https://argo/oauth2/callback + redirectUrl: "" rbac: # -- Adds ServiceAccount Policy to server (Cluster)Role. enabled: true From d0e0ce792837ade3c49ce3540d843a3b639350ca Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Thu, 7 Dec 2023 09:06:01 +0000 Subject: [PATCH 342/768] feat(github): Use renovate to create PRs when upstream releases (#2358) * feat(github): Use renovate to create PRs when upstream releases Signed-off-by: Tim Collins * add write permissions Signed-off-by: Tim Collins * remove the 'v' in the chart version Signed-off-by: Tim Collins * switch to digests for actions Signed-off-by: Tim Collins --------- Signed-off-by: Tim Collins --- .github/workflows/chart-version-bump.yml | 53 ++++++++++++++ renovate.json | 91 ++++++++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100644 .github/workflows/chart-version-bump.yml create mode 100644 renovate.json diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml new file mode 100644 index 00000000..d09ff045 --- /dev/null +++ b/.github/workflows/chart-version-bump.yml @@ -0,0 +1,53 @@ +## Used on Renovate PRs to bump the chart version and add a changelog entry +## Reference: https://github.com/stefanzweifel/git-auto-commit-action +## Reference: https://github.com/marketplace/actions/changed-files +name: 'Chart Version Bump and Changelog' + +on: + pull_request: + types: + - labeled + +permissions: + contents: write + +jobs: + helm-bumper: + if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@https://github.com/tj-actions/changed-files/commit/1c938490c880156b746568a518594309cfb3f66b # v40.2.1 + with: + files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml + - name: "Bump Version and Changelog" + run: | + chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)" + echo "Changed chart name is: $chartName" + echo "----------------------------------------" + + parentDir="charts/${chartName}" + + # Bump the chart version by one patch version + version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}') + major=$(echo $version | cut -d. -f1) + minor=$(echo $version | cut -d. -f2) + patch=$(echo $version | cut -d. -f3) + patch=$(expr $patch + 1) + sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml + + # Add a changelog entry + appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}') + sed -i -e '/^ artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml + echo " artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml + echo " - kind: changed" >> ${parentDir}/Chart.yaml + echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml + cat ${parentDir}/Chart.yaml + - name: "Commit and push changes" + uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 + with: + commit_options: '--signoff' diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..12c7f3ea --- /dev/null +++ b/renovate.json @@ -0,0 +1,91 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "kubernetes": { + "fileMatch": ["\\.yaml$", "\\.yml$"] + }, + "extends": [ + "config:base", + "docker:enableMajor" + ], + "labels": ["renovate"], + "includePaths": [ + "**/charts/argo-workflows/Chart.yaml", + "**/charts/argo-cd/Chart.yaml", + "**/charts/argo-events/Chart.yaml", + "**/charts/argo-rollouts/Chart.yaml", + "**/charts/argocd-image-updater/Chart.yaml" + ], + "regexManagers": [ + { + "fileMatch": ["charts/argo-workflows/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-workflows", + "datasourceTemplate": "github-releases" + }, + { + "fileMatch": ["charts/argo-cd/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-cd", + "datasourceTemplate": "github-releases" + }, + { + "fileMatch": ["charts/argo-events/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-events", + "datasourceTemplate": "github-releases" + }, + { + "fileMatch": ["charts/argo-rollouts/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-rollouts", + "datasourceTemplate": "github-releases" + }, + { + "fileMatch": ["charts/argocd-image-updater/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj-labs/argocd-image-updater", + "datasourceTemplate": "github-releases" + } + ], + "packageRules": [ + { + "matchPackagePatterns": ["argoproj/argo-workflows"], + "commitMessagePrefix": "chore(argo-workflows):" + }, + { + "matchPackagePatterns": ["argoproj/argo-cd"], + "commitMessagePrefix": "chore(argo-cd):" + }, + { + "matchPackagePatterns": ["argoproj/argo-events"], + "commitMessagePrefix": "chore(argo-events):" + }, + { + "matchPackagePatterns": ["argoproj/argo-rollouts"], + "commitMessagePrefix": "chore(argo-rollouts):" + }, + { + "matchPackagePatterns": ["argoproj-labs/argocd-image-updater"], + "commitMessagePrefix": "chore(argocd-image-updater):" + }, + { + "matchPackagePatterns": ["redis-ha"], + "enabled": false + } + ] +} From 6cf99a08c81f4672a696eff85b58692e20fa367f Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 7 Dec 2023 21:23:52 +0900 Subject: [PATCH 343/768] chore(github): Add yu-croco to CODEOWNERS of argo-events and argo-rollouts (#2372) Signed-off-by: yu-croco --- .github/CODEOWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 05c993b9..c0d0ab9d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,5 +2,5 @@ /charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 /charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 -/charts/argo-events/ @pdrastil @jmeridth @tico24 -/charts/argo-rollouts/ @jmeridth +/charts/argo-events/ @pdrastil @jmeridth @tico24 @yu-croco +/charts/argo-rollouts/ @jmeridth @yu-croco From 83c3bc811565e68bada5d095dd58d4e822640552 Mon Sep 17 00:00:00 2001 From: yyzxw <34639446+yyzxw@users.noreply.github.com> Date: Fri, 8 Dec 2023 01:49:59 +0800 Subject: [PATCH 344/768] feat(argo-rollouts): add rollout plugin contour rbac (#2371) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + .../templates/controller/clusterrole.yaml | 12 ++++++++++++ charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 933cc9d3..09b46332 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.5 +version: 2.32.6 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Rollouts CRDs to match them mainstream from v1.6.2 + description: Add Contour plugin RBAC. diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index b9198998..e74afaca 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -65,6 +65,7 @@ For full list of changes please check ArtifactHub [changelog]. | providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider | | providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | | providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | +| providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` | | providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | | providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | | providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index ab0f7ee1..56afb5cb 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -255,5 +255,17 @@ rules: - get - update {{- end }} +{{- if .Values.providerRBAC.providers.contour }} + # Access needed when using the Contour provider +- apiGroups: + - projectcontour.io + resources: + - httpproxies + verbs: + - get + - list + - watch + - update +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index b711ee37..34c5a286 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -262,6 +262,8 @@ providerRBAC: traefik: true # -- Adds RBAC rules for the Apisix provider apisix: true + # -- Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` + contour: true dashboard: # -- Deploy dashboard server From c3c588038daa7c550bbd977c1298a1fd3f42d7c8 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 7 Dec 2023 20:11:53 +0100 Subject: [PATCH 345/768] fix(github): Copy-pasta error on Action digest (#2373) Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Aikawa --- .github/workflows/chart-version-bump.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index d09ff045..44c77bb8 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -19,11 +19,13 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 + - name: Get changed files id: changed-files - uses: tj-actions/changed-files@https://github.com/tj-actions/changed-files/commit/1c938490c880156b746568a518594309cfb3f66b # v40.2.1 + uses: tj-actions/changed-files@1c938490c880156b746568a518594309cfb3f66b # v40.2.1 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml + - name: "Bump Version and Changelog" run: | chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)" @@ -47,6 +49,7 @@ jobs: echo " - kind: changed" >> ${parentDir}/Chart.yaml echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml cat ${parentDir}/Chart.yaml + - name: "Commit and push changes" uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 with: From c7df8c14e6c6c807794ab2240ed67dc91b3de161 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:56:40 +0000 Subject: [PATCH 346/768] fix(github): Include PAT to trigger CI jobs on auto-push (#2376) Signed-off-by: Tim Collins --- .github/workflows/chart-version-bump.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 44c77bb8..f8aa07b2 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -18,6 +18,7 @@ jobs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: + token: ${{ secrets.PAT }} fetch-depth: 0 - name: Get changed files From 4a0f512f70d68ecd4dbb63c74b97e3c28f0c2828 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Dec 2023 15:06:40 +0000 Subject: [PATCH 347/768] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.3 (#2374) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.3 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: tico24 --- charts/argo-rollouts/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 09b46332..c0f40f88 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.2 +appVersion: v1.6.3 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.6 +version: 2.32.7 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Add Contour plugin RBAC. + description: Bump argo-rollouts to v1.6.3 From a9e31c82fd63f42c8e56fe9bb8f19d583be83e69 Mon Sep 17 00:00:00 2001 From: Neile Havens Date: Fri, 8 Dec 2023 16:44:59 -0600 Subject: [PATCH 348/768] feat(argo-workflows): Add support for sso filterGroupsRegex (#2379) According to https://argoproj.github.io/argo-workflows/argo-server-sso/#filtering-groups Resolves #2378 Signed-off-by: Neile Havens --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-config-map.yaml | 3 +++ charts/argo-workflows/values.yaml | 5 +++++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index f5e725d3..49cebfbc 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.7 +version: 0.39.8 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixes OAuth redirect URL autoconfig. + - kind: changed + description: Add support for sso filterGroupsRegex according to https://argoproj.github.io/argo-workflows/argo-server-sso/#filtering-groups diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index c8e5f5f8..2b24e2be 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -326,6 +326,7 @@ Fields to note: | server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | | server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | | server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. | +| server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider | | server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | | server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index bff3e121..d311441c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -162,6 +162,9 @@ data: {{- with .Values.server.sso.insecureSkipVerify }} insecureSkipVerify: {{ toYaml . }} {{- end }} + {{- with .Values.server.sso.filterGroupsRegex }} + filterGroupsRegex: {{ toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- with .Values.controller.workflowRestrictions }} workflowRestrictions: {{- toYaml . | nindent 6 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 9a5fa859..1624cc4e 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -701,6 +701,11 @@ server: userInfoPath: "" # -- Skip TLS verification for the HTTP client insecureSkipVerify: false + # -- Filter the groups returned by the OIDC provider + ## A logical "OR" is used between each regex in the list + filterGroupsRegex: [] + # - ".*argo-wf.*" + # - ".*argo-workflow.*" # -- Extra containers to be added to the server deployment extraContainers: [] From 97c3589eec2374b3b88800918f1e9a650b46dae0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Dec 2023 15:40:06 +0100 Subject: [PATCH 349/768] chore(deps): bump actions/setup-python from 4.7.1 to 5.0.0 (#2382) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.1 to 5.0.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236...0a5c61591373683505ea898e09a3ea4f39ef2b9c) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index c2102b61..79782374 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: 3.9 From eeffeb407d10e6e66d2c86115a139f1f1037fa8c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Dec 2023 11:35:53 -0600 Subject: [PATCH 350/768] chore(deps): bump actions/stale from 8.0.0 to 9.0.0 (#2380) --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index b0356dc7..d0813423 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale From da261d0a38c020a4fe37dd61b59a069678a14875 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Dec 2023 20:45:04 +0100 Subject: [PATCH 351/768] chore(deps): bump actions/labeler from 4.3.0 to 5.0.0 (#2381) * chore(deps): bump actions/labeler from 4.3.0 to 5.0.0 Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0. - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/ac9175f8a1f3625fd0d4fb234536d26811351594...8558fd74291d67161a8a78ce36a881fa63b766a9) --- updated-dependencies: - dependency-name: actions/labeler dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * chore: Update labeler.yaml to work with v5 Signed-off-by: Marco Maurer * fix: Adapt glob for argo-cd chart Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: dependabot[bot] Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Maurer Co-authored-by: Jason Meridth --- .github/configs/labeler.yaml | 18 ++++++++++++------ .github/workflows/pr-sizing.yml | 2 +- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/configs/labeler.yaml b/.github/configs/labeler.yaml index acd6f219..80b72ba8 100644 --- a/.github/configs/labeler.yaml +++ b/.github/configs/labeler.yaml @@ -1,17 +1,23 @@ argo-cd: - - charts/argo-cd/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-cd/** argo-events: - - charts/argo-events/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-events/** argo-rollouts: - - charts/argo-rollouts/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-rollouts/** argo-workflows: - - charts/argo-workflows/**/* + - changed-files: + - any-glob-to-any-file: charts/argo-workflows/** argocd-image-updater: - - charts/argocd-image-updater/**/* + - changed-files: + - any-glob-to-any-file: charts/argocd-image-updater/** argocd-apps: - - charts/argocd-apps/**/* + - changed-files: + - any-glob-to-any-file: charts/argocd-apps/** diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index d22ac750..01af9781 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -16,7 +16,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" From e07f69fee66b214719acc032401e26d36f839c77 Mon Sep 17 00:00:00 2001 From: workwithprashant <60788667+workwithprashant@users.noreply.github.com> Date: Tue, 12 Dec 2023 00:27:39 -0600 Subject: [PATCH 352/768] fix(argo-workflows): fix helm lint error when extraObjects is defined (#2384) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/extra-manifests.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 49cebfbc..e0e1c1b9 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.8 +version: 0.39.9 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Add support for sso filterGroupsRegex according to https://argoproj.github.io/argo-workflows/argo-server-sso/#filtering-groups + description: "fix(argo-workflows): fix helm lint error when extraObjects is defined and same fix as one done for argo-cd #2116" diff --git a/charts/argo-workflows/templates/extra-manifests.yaml b/charts/argo-workflows/templates/extra-manifests.yaml index f17b1a93..fc9a76b8 100644 --- a/charts/argo-workflows/templates/extra-manifests.yaml +++ b/charts/argo-workflows/templates/extra-manifests.yaml @@ -1,6 +1,6 @@ {{ range .Values.extraObjects }} --- -{{- if typeIs "string" . }} +{{ if typeIs "string" . }} {{- tpl . $ }} {{- else }} {{- tpl (toYaml .) $ }} From d9e5b727e3d11160c868213004ed0c0890c8166d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Dec 2023 07:59:21 +0100 Subject: [PATCH 353/768] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.4 (#2385) --- charts/argo-rollouts/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index c0f40f88..aaa143fa 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.3 +appVersion: v1.6.4 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.7 +version: 2.32.8 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.6.3 + description: Bump argo-rollouts to v1.6.4 From 9ca3f06dcf84a7bed3ee09032e33e1705b9edf48 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Thu, 14 Dec 2023 07:56:27 +0000 Subject: [PATCH 354/768] feat(argo-workflows): add hostAliases to server (#2387) * workflow server hostalises Signed-off-by: drfaust92 * Update Chart.yaml Signed-off-by: Ilia Lazebnik * workflow server hostalises Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 Signed-off-by: Ilia Lazebnik --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../argo-workflows/templates/server/server-deployment.yaml | 4 ++++ charts/argo-workflows/values.yaml | 6 ++++++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index e0e1c1b9..acd175a7 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.39.9 +version: 0.40.0 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: "fix(argo-workflows): fix helm lint error when extraObjects is defined and same fix as one done for argo-cd #2116" + description: "feat(argo-workflows): add hostAliases to server" diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 2b24e2be..070bdbf2 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -280,6 +280,7 @@ Fields to note: | server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | | server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment | +| server.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | server.image.registry | string | `"quay.io"` | Registry to use for the server | | server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server | | server.image.tag | string | `""` | Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. | diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index f44fa57d..b3aa3728 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -37,6 +37,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.server.extraInitContainers }} initContainers: {{- tpl (toYaml .) $ | nindent 8 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 1624cc4e..e6440439 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -458,6 +458,12 @@ server: # -- Service port name servicePortName: "" # http + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files + hostAliases: [] + # - ip: 10.20.30.40 + # hostnames: + # - git.myhostname + serviceAccount: # -- Create a service account for the server create: true From bce77fa998d60cd30fc9b2c9c5c75f1c1208c45b Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Thu, 14 Dec 2023 08:39:20 +0000 Subject: [PATCH 355/768] feat(argo-rollouts): allow setting log config for rollouts (#2386) * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 * allow setting log config for rollouts Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 3 +++ charts/argo-rollouts/templates/controller/deployment.yaml | 3 +++ charts/argo-rollouts/values.yaml | 7 +++++++ 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index aaa143fa..d2a4a898 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.4 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.32.8 +version: 2.33.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.6.4 + description: Allow setting log config for rollouts diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index e74afaca..9b368a5a 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -90,6 +90,9 @@ For full list of changes please check ArtifactHub [changelog]. | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | | controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | +| controller.logging.kloglevel | string | `"0"` | Set the klog logging level | +| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | | controller.metrics.service.annotations | object | `{}` | Service annotations | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 23dc14cb..9b8f456e 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -45,6 +45,9 @@ spec: args: - --healthzPort={{ .Values.controller.containerPorts.healthz }} - --metricsport={{ .Values.controller.containerPorts.metrics }} + - "--loglevel={{ .Values.controller.logging.level }}" + - "--logformat={{ .Values.controller.logging.format }}" + - "--kloglevel={{ .Values.controller.logging.kloglevel }}" {{- if not .Values.clusterInstall }} - --namespaced {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 34c5a286..6eb48b9c 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -55,6 +55,13 @@ controller: tolerations: [] # -- Assign custom [affinity] rules to the deployment affinity: {} + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the klog logging level + kloglevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" # -- Assign custom [TopologySpreadConstraints] rules to the controller ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ From 77a4196fc31294b7abeb1d4d30df136f2b77a675 Mon Sep 17 00:00:00 2001 From: Neile Havens Date: Fri, 15 Dec 2023 01:45:22 -0600 Subject: [PATCH 356/768] fix(argo-workflows): Remove duplication in aggregated admin ClusterRole (#2389) Signed-off-by: Neile Havens --- charts/argo-workflows/Chart.yaml | 6 +++--- .../templates/controller/workflow-aggregate-roles.yaml | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index acd175a7..ddd48e24 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.0 +version: 0.40.1 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: "feat(argo-workflows): add hostAliases to server" + - kind: fixed + description: "Remove duplication in aggregated admin ClusterRole" diff --git a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml index ca2ae93e..2a407b1b 100644 --- a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -83,8 +83,6 @@ rules: - workflows/finalizers - workfloweventbindings - workfloweventbindings/finalizers - - workflowtasksets - - workflowtasksets/finalizers - workflowtemplates - workflowtemplates/finalizers - cronworkflows From b13acd0814653ca4574c5053cc2e3b7e3b095599 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Dec 2023 14:02:29 -0600 Subject: [PATCH 357/768] chore(deps): bump tj-actions/changed-files from 40.2.1 to 40.2.2 (#2391) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index f8aa07b2..eeb38df9 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@1c938490c880156b746568a518594309cfb3f66b # v40.2.1 + uses: tj-actions/changed-files@94549999469dbfa032becf298d95c87a14c34394 # v40.2.2 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 7f1b25402bb23681c479dc20c6c69caf49a10159 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 17 Dec 2023 00:22:40 +0100 Subject: [PATCH 358/768] chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#2392) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3273e72d..e86279fa 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 with: name: SARIF file path: results.sarif From f9e2a94bb6d1f20f42374c42c62f86e8e37b2ba9 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Fri, 22 Dec 2023 14:07:05 +0200 Subject: [PATCH 359/768] feat(argo-rollouts): add args for dashboard logs (#2388) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 2 ++ charts/argo-rollouts/templates/dashboard/deployment.yaml | 3 +++ charts/argo-rollouts/values.yaml | 5 +++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index d2a4a898..a879e08c 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.4 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.33.0 +version: 2.34.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Allow setting log config for rollouts + description: Allow setting log config for rollouts dashboard diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 9b368a5a..23f25df7 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -153,6 +153,8 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.ingress.pathType | string | `"Prefix"` | Dashboard ingress path type | | dashboard.ingress.paths | list | `["/"]` | Dashboard ingress paths | | dashboard.ingress.tls | list | `[]` | Dashboard ingress tls | +| dashboard.logging.kloglevel | string | `"0"` | Set the klog logging level | +| dashboard.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | dashboard.nodeSelector | object | `{}` | [Node selector] | | dashboard.pdb.annotations | object | `{}` | Annotations to be added to dashboard [Pod Disruption Budget] | | dashboard.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the dashboard | diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index cae24888..de7f525b 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -45,6 +45,9 @@ spec: - image: "{{ .Values.dashboard.image.registry }}/{{ .Values.dashboard.image.repository }}:{{ default .Chart.AppVersion .Values.dashboard.image.tag }}" imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }} args: + - dashboard + - "--loglevel={{ .Values.dashboard.logging.level }}" + - "--kloglevel={{ .Values.dashboard.logging.kloglevel }}" {{- with .Values.dashboard.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 6eb48b9c..e7a5f133 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -289,6 +289,11 @@ dashboard: tolerations: [] # -- Assign custom [affinity] rules to the deployment affinity: {} + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the klog logging level + kloglevel: "0" # -- Assign custom [TopologySpreadConstraints] rules to the dashboard server ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ From 91f48f37cdb84884dc100753fb1012d293a37800 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Dec 2023 14:44:48 +0100 Subject: [PATCH 360/768] chore(deps): bump tj-actions/changed-files from 40.2.2 to 40.2.3 (#2398) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index eeb38df9..22cf61a1 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@94549999469dbfa032becf298d95c87a14c34394 # v40.2.2 + uses: tj-actions/changed-files@56284d80811fb5963a972b438f2870f175e5b7c8 # v40.2.3 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From c962ee500c06af4213d911a8947f3055949cd45b Mon Sep 17 00:00:00 2001 From: Josia Date: Sat, 23 Dec 2023 19:28:35 -0500 Subject: [PATCH 361/768] fix(argo-workflows): Prevent extra whitespace in controller ConfigMap (#2399) Signed-off-by: Josia --- charts/argo-workflows/Chart.yaml | 4 ++-- .../templates/controller/workflow-controller-config-map.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index ddd48e24..69b84a11 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.1 +version: 0.40.2 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: "Remove duplication in aggregated admin ClusterRole" + description: "Prevent extra whitespace in controller ConfigMap" diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d311441c..d3ad349b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -145,7 +145,7 @@ data: rbac: enabled: {{ .Values.server.sso.rbac.enabled }} {{- with .Values.server.sso.scopes }} - scopes: {{ toYaml . | nindent 8 }} + scopes: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.server.sso.issuerAlias }} issuerAlias: {{ toYaml . }} @@ -163,7 +163,7 @@ data: insecureSkipVerify: {{ toYaml . }} {{- end }} {{- with .Values.server.sso.filterGroupsRegex }} - filterGroupsRegex: {{ toYaml . | nindent 8 }} + filterGroupsRegex: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} {{- with .Values.controller.workflowRestrictions }} From 410e73af93a4aab3aad47614f8cac58d54ae798a Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 24 Dec 2023 15:13:52 +0900 Subject: [PATCH 362/768] chore(argo-workflows): Add instruction for SSO (#2401) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 6 ++++++ charts/argo-workflows/README.md.gotmpl | 6 ++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 69b84a11..15950d66 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.2 +version: 0.40.3 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: "Prevent extra whitespace in controller ConfigMap" + - kind: added + description: Add instruction for SSO diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 070bdbf2..81e65359 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -56,6 +56,11 @@ spec: args: [ "hello world" ] ``` +### Argo Workflows Server SSO +In order to enable SSO, please configure `.Values.server.sso` and `.Values.server.authMode`. + +In order to manage access levels, you can optionally add RBAC to SSO. Please refer [SSO RBAC] for more details. + ## Installing the Chart To install the chart with the release name `my-release`: @@ -387,3 +392,4 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog +[SSO RBAC]: https://argoproj.github.io/argo-workflows/argo-server-sso/#sso-rbac diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 60aa62af..aa296179 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -56,6 +56,11 @@ spec: args: [ "hello world" ] ``` +### Argo Workflows Server SSO +In order to enable SSO, please configure `.Values.server.sso` and `.Values.server.authMode`. + +In order to manage access levels, you can optionally add RBAC to SSO. Please refer [SSO RBAC] for more details. + ## Installing the Chart To install the chart with the release name `my-release`: @@ -204,3 +209,4 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog +[SSO RBAC]: https://argoproj.github.io/argo-workflows/argo-server-sso/#sso-rbac From 29c7f27b3f8b529c6756f510553aaedf58f992e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Dec 2023 09:29:42 -0600 Subject: [PATCH 363/768] chore(deps): bump tj-actions/changed-files from 40.2.3 to 41.0.1 (#2405) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 22cf61a1..30bd26ee 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@56284d80811fb5963a972b438f2870f175e5b7c8 # v40.2.3 + uses: tj-actions/changed-files@716b1e13042866565e00e85fd4ec490e186c4a2f # v41.0.1 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 9b0c33fb496dccdfd98d27c9dfa700fd6c8ded46 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 31 Dec 2023 02:02:10 +0900 Subject: [PATCH 364/768] feat(argo-cd): Use new Argo CD extension mechanism (#2406) --- charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 13 ++- charts/argo-cd/README.md.gotmpl | 6 + charts/argo-cd/ci/extension-values.yaml | 14 +++ charts/argo-cd/templates/aggregate-roles.yaml | 9 -- .../templates/argocd-server/deployment.yaml | 26 +++-- .../argo-cd/templates/argocd-server/role.yaml | 3 - .../argo-cd/templates/crds/crd-extension.yaml | 107 ------------------ charts/argo-cd/values.yaml | 28 +++-- 9 files changed, 68 insertions(+), 142 deletions(-) create mode 100644 charts/argo-cd/ci/extension-values.yaml delete mode 100644 charts/argo-cd/templates/crds/crd-extension.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 594dd161..e955494c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.51.6 +version: 5.52.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo CD to v2.9.3 + description: Use new Argo CD extension mechanism diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index fa869975..919149b5 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.52.0 +Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. +If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. + ### 5.35.0 This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. @@ -718,10 +722,11 @@ NAME: my-release | server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | -| server.extensions.enabled | bool | `false` | Enable support for Argo UI extensions | +| server.extensions.enabled | bool | `false` | Enable support for Argo CD extensions | +| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | -| server.extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | Repository to use for extensions image | -| server.extensions.image.tag | string | `"v0.2.1"` | Tag to use for extensions image | +| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.1"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | @@ -1263,3 +1268,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [EKS EoL]: https://endoflife.date/amazon-eks [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace +[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice +[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 7df79078..ba94725f 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.52.0 +Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. +If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. + ### 5.35.0 This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. @@ -571,3 +575,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [EKS EoL]: https://endoflife.date/amazon-eks [Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace +[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice +[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer diff --git a/charts/argo-cd/ci/extension-values.yaml b/charts/argo-cd/ci/extension-values.yaml new file mode 100644 index 00000000..0896ca4c --- /dev/null +++ b/charts/argo-cd/ci/extension-values.yaml @@ -0,0 +1,14 @@ +# Test Argo CD extension +crds: + keep: false +# Ref: https://github.com/argoproj-labs/argocd-extension-metrics?tab=readme-ov-file#install-ui-extension +server: + extensions: + enabled: true + extensionList: + - name: extension-metrics + env: + - name: EXTENSION_URL + value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz + - name: EXTENSION_CHECKSUM_URL + value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt diff --git a/charts/argo-cd/templates/aggregate-roles.yaml b/charts/argo-cd/templates/aggregate-roles.yaml index b3893922..ba93d548 100644 --- a/charts/argo-cd/templates/aggregate-roles.yaml +++ b/charts/argo-cd/templates/aggregate-roles.yaml @@ -14,9 +14,6 @@ rules: {{- if .Values.applicationSet.enabled }} - applicationsets {{- end }} - {{- if .Values.server.extensions.enabled }} - - argocdextensions - {{- end }} - appprojects verbs: - get @@ -39,9 +36,6 @@ rules: {{- if .Values.applicationSet.enabled }} - applicationsets {{- end }} - {{- if .Values.server.extensions.enabled }} - - argocdextensions - {{- end }} - appprojects verbs: - create @@ -69,9 +63,6 @@ rules: {{- if .Values.applicationSet.enabled }} - applicationsets {{- end }} - {{- if .Values.server.extensions.enabled }} - - argocdextensions - {{- end }} - appprojects verbs: - create diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 983121a9..c56ea680 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -357,13 +357,22 @@ spec: lifecycle: {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.server.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- if or .Values.server.initContainers (and .Values.server.extensions.enabled .Values.server.extensions.extensionList) }} + initContainers: + {{- with .Values.server.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} {{- if .Values.server.extensions.enabled }} - - name: argocd-extensions - image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }} - imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }} + {{- range .Values.server.extensions.extensionList }} + - name: {{ .name }} + image: {{ $.Values.server.extensions.image.repository }}:{{ $.Values.server.extensions.image.tag }} + imagePullPolicy: {{ default $.Values.global.image.imagePullPolicy $.Values.server.extensions.image.imagePullPolicy }} resources: - {{- toYaml .Values.server.extensions.resources | nindent 10 }} - {{- with .Values.server.extensions.containerSecurityContext }} + {{- toYaml $.Values.server.extensions.resources | nindent 10 }} + {{- with $.Values.server.extensions.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} {{- end }} @@ -372,13 +381,10 @@ spec: mountPath: /tmp/extensions/ - name: tmp mountPath: /tmp + env: + {{- toYaml .env | nindent 10 }} {{- end }} - {{- with .Values.server.extraContainers }} - {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- with .Values.server.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }} affinity: diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 6bfe32a4..adc6f014 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -27,9 +27,6 @@ rules: - applicationsets {{- end }} - appprojects - {{- if .Values.server.extensions.enabled }} - - argocdextensions - {{- end }} verbs: - create - get diff --git a/charts/argo-cd/templates/crds/crd-extension.yaml b/charts/argo-cd/templates/crds/crd-extension.yaml deleted file mode 100644 index 30fbce70..00000000 --- a/charts/argo-cd/templates/crds/crd-extension.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if and .Values.crds.install .Values.server.extensions.enabled }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - {{- if .Values.crds.keep }} - "helm.sh/resource-policy": keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - controller-gen.kubebuilder.io/version: v0.4.1 - labels: - app.kubernetes.io/name: argocdextensions.argoproj.io - app.kubernetes.io/part-of: argocd - {{- with .Values.crds.additionalLabels }} - {{- toYaml . | nindent 4}} - {{- end }} - name: argocdextensions.argoproj.io -spec: - group: argoproj.io - names: - kind: ArgoCDExtension - listKind: ArgoCDExtensionList - plural: argocdextensions - singular: argocdextension - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ArgoCDExtension is the Schema for the argocdextensions API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ArgoCDExtensionSpec defines the desired state of ArgoCDExtension - properties: - sources: - description: Sources specifies where the extension should come from - items: - description: ExtensionSource specifies where the extension should - be sourced from - properties: - git: - description: Git is specified if the extension should be sourced - from a git repository - properties: - revision: - description: Revision specifies the revision of the Repository - to fetch - type: string - url: - description: URL specifies the Git repository URL to fetch - type: string - type: object - web: - description: Web is specified if the extension should be sourced - from a web file - properties: - url: - description: URK specifies the remote file URL - type: string - type: object - type: object - type: array - required: - - sources - type: object - status: - description: ArgoCDExtensionStatus defines the observed state of ArgoCDExtension - properties: - conditions: - items: - properties: - message: - description: Message contains human-readable message indicating - details about condition - type: string - status: - description: Boolean status describing if the condition is currently - true - type: string - type: - description: Type is an ArgoCDExtension condition type - type: string - required: - - message - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true -{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c4480e6c..bc93065e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1574,29 +1574,41 @@ server: # -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container lifecycle: {} - ## Argo UI extensions + ## Argo CD extensions ## This function in tech preview stage, do expect instability or breaking changes in newer versions. - ## Ref: https://github.com/argoproj-labs/argocd-extensions + ## Ref: https://github.com/argoproj-labs/argocd-extension-installer extensions: - # -- Enable support for Argo UI extensions + # -- Enable support for Argo CD extensions enabled: false - ## Argo UI extensions image + ## Argo CD extension installer image image: - # -- Repository to use for extensions image - repository: "ghcr.io/argoproj-labs/argocd-extensions" - # -- Tag to use for extensions image - tag: "v0.2.1" + # -- Repository to use for extension installer image + repository: "quay.io/argoprojlabs/argocd-extension-installer" + # -- Tag to use for extension installer image + tag: "v0.0.1" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" + # -- Extensions for Argo CD + # @default -- `[]` (See [values.yaml]) + ## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension + extensionList: [] + # - name: extension-metrics + # env: + # - name: EXTENSION_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz + # - name: EXTENSION_CHECKSUM_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt + # -- Server UI extensions container-level security context # @default -- See [values.yaml] containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false + runAsUser: 1000 seccompProfile: type: RuntimeDefault capabilities: From 107bd3bc537eb4d611907c09809ebadea73936ed Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 5 Jan 2024 13:56:59 +0100 Subject: [PATCH 365/768] chore(argo-cd): DRY cleanup of ServiceAccounts (#2409) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 14 +++++++------- .../clusterrolebinding.yaml | 2 +- .../argocd-application-controller/rolebinding.yaml | 8 ++++---- .../serviceaccount.yaml | 14 +++++++------- .../argocd-application-controller/statefulset.yaml | 2 +- .../argocd-applicationset/deployment.yaml | 2 +- .../argocd-applicationset/rolebinding.yaml | 6 +++--- .../argocd-applicationset/serviceaccount.yaml | 14 +++++++------- .../argocd-notifications/clusterrolebinding.yaml | 2 +- .../templates/argocd-notifications/deployment.yaml | 2 +- .../argocd-notifications/rolebinding.yaml | 6 +++--- .../argocd-notifications/serviceaccount.yaml | 14 +++++++------- .../argocd-repo-server/clusterrolebinding.yaml | 2 +- .../templates/argocd-repo-server/deployment.yaml | 2 +- .../templates/argocd-repo-server/rolebinding.yaml | 8 ++++---- .../argocd-repo-server/serviceaccount.yaml | 14 +++++++------- .../argocd-server/clusterrolebinding.yaml | 2 +- .../templates/argocd-server/deployment.yaml | 2 +- .../templates/argocd-server/rolebinding.yaml | 6 +++--- .../templates/argocd-server/serviceaccount.yaml | 14 +++++++------- charts/argo-cd/templates/dex/deployment.yaml | 2 +- charts/argo-cd/templates/dex/rolebinding.yaml | 8 ++++---- charts/argo-cd/templates/dex/serviceaccount.yaml | 8 ++++---- charts/argo-cd/templates/redis/deployment.yaml | 2 +- charts/argo-cd/templates/redis/serviceaccount.yaml | 8 ++++---- 26 files changed, 84 insertions(+), 84 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e955494c..91dcac84 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.52.0 +version: 5.52.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Use new Argo CD extension mechanism + description: DRY cleanup of ServiceAccounts diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index b5d62a6a..97ba5c25 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -11,7 +11,7 @@ to 63 chars and it includes 10 chars of hash and a separating '-'. {{/* Create the name of the controller service account to use */}} -{{- define "argo-cd.controllerServiceAccountName" -}} +{{- define "argo-cd.controller.serviceAccountName" -}} {{- if .Values.controller.serviceAccount.create -}} {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} {{- else -}} @@ -40,7 +40,7 @@ Create Dex server endpoint {{/* Create the name of the dex service account to use */}} -{{- define "argo-cd.dexServiceAccountName" -}} +{{- define "argo-cd.dex.serviceAccountName" -}} {{- if .Values.dex.serviceAccount.create -}} {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} {{- else -}} @@ -78,7 +78,7 @@ Return Redis server endpoint {{/* Create the name of the redis service account to use */}} -{{- define "argo-cd.redisServiceAccountName" -}} +{{- define "argo-cd.redis.serviceAccountName" -}} {{- if .Values.redis.serviceAccount.create -}} {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }} {{- else -}} @@ -96,7 +96,7 @@ Create argocd server name and version as used by the chart label. {{/* Create the name of the Argo CD server service account to use */}} -{{- define "argo-cd.serverServiceAccountName" -}} +{{- define "argo-cd.server.serviceAccountName" -}} {{- if .Values.server.serviceAccount.create -}} {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }} {{- else -}} @@ -114,7 +114,7 @@ Create argocd repo-server name and version as used by the chart label. {{/* Create the name of the repo-server service account to use */}} -{{- define "argo-cd.repoServerServiceAccountName" -}} +{{- define "argo-cd.repoServer.serviceAccountName" -}} {{- if .Values.repoServer.serviceAccount.create -}} {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }} {{- else -}} @@ -132,7 +132,7 @@ Create argocd application set name and version as used by the chart label. {{/* Create the name of the application set service account to use */}} -{{- define "argo-cd.applicationSetServiceAccountName" -}} +{{- define "argo-cd.applicationSet.serviceAccountName" -}} {{- if .Values.applicationSet.serviceAccount.create -}} {{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }} {{- else -}} @@ -150,7 +150,7 @@ Create argocd notifications name and version as used by the chart label. {{/* Create the name of the notifications service account to use */}} -{{- define "argo-cd.notificationsServiceAccountName" -}} +{{- define "argo-cd.notifications.serviceAccountName" -}} {{- if .Values.notifications.serviceAccount.create -}} {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }} {{- else -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 39ee80a6..9ebe80ad 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -12,6 +12,6 @@ roleRef: name: {{ include "argo-cd.controller.fullname" . }} subjects: - kind: ServiceAccount - name: {{ include "argo-cd.controllerServiceAccountName" . }} + name: {{ include "argo-cd.controller.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml index 5f07f109..9a87f771 100644 --- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -1,15 +1,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index fe56d376..1b9619d6 100644 --- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.controllerServiceAccountName" . }} + name: {{ include "argo-cd.controller.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.controller.serviceAccount.annotations }} + {{- with .Values.controller.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.controller.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - {{- range $key, $value := .Values.controller.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- with .Values.controller.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 31bce299..6d1d3e2f 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -55,7 +55,7 @@ spec: {{- if .Values.controller.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} containers: - args: - /usr/local/bin/argocd-application-controller diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index b704650a..655e8f19 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -55,7 +55,7 @@ spec: {{- if .Values.applicationSet.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }} containers: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml index 8a70526c..a012f1ed 100644 --- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -2,16 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.applicationSet.fullname" . }} + name: {{ include "argo-cd.applicationSet.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.applicationSet.fullname" . }} + name: {{ include "argo-cd.applicationSet.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.applicationSetServiceAccountName" . }} + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index a196626e..7c0cf017 100644 --- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.applicationSetServiceAccountName" . }} + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.applicationSet.serviceAccount.annotations }} + {{- with .Values.applicationSet.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} - {{- range $key, $value := .Values.applicationSet.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- with .Values.applicationSet.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml index 3dba71a2..cfdba38a 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -11,6 +11,6 @@ roleRef: name: {{ include "argo-cd.notifications.fullname" . }} subjects: - kind: ServiceAccount - name: {{ include "argo-cd.notificationsServiceAccountName" . }} + name: {{ include "argo-cd.notifications.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index edee786a..2ed9f1e8 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -54,7 +54,7 @@ spec: {{- if .Values.notifications.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }} containers: - name: {{ .Values.notifications.name }} image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} diff --git a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml index 7bc6e1d1..32324190 100644 --- a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml @@ -2,16 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.notifications.fullname" . }} + name: {{ include "argo-cd.notifications.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.notifications.fullname" . }} + name: {{ include "argo-cd.notifications.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.notificationsServiceAccountName" . }} + name: {{ include "argo-cd.notifications.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml index aa824242..8f58ff8d 100644 --- a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.notificationsServiceAccountName" . }} + name: {{ include "argo-cd.notifications.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.notifications.serviceAccount.annotations }} + {{- with .Values.notifications.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.notifications.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} - {{- range $key, $value := .Values.notifications.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- with .Values.notifications.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index c3e21edb..ba156d24 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -12,6 +12,6 @@ roleRef: name: {{ include "argo-cd.repoServer.fullname" . }} subjects: - kind: ServiceAccount - name: {{ include "argo-cd.repoServerServiceAccountName" . }} + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 90941428..a9565a2e 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -65,7 +65,7 @@ spec: {{- if .Values.repoServer.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }} containers: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml index 8834b778..ea4baded 100644 --- a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -2,16 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.repoServerServiceAccountName" . }} + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index 7b26928f..945483fa 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.repoServerServiceAccountName" . }} + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.repoServer.serviceAccount.annotations }} + {{- with .Values.repoServer.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - {{- range $key, $value := .Values.repoServer.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- range $key, $value := .Values.repoServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 72e4d450..27fd13d6 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -12,6 +12,6 @@ roleRef: name: {{ include "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: {{ include "argo-cd.serverServiceAccountName" . }} + name: {{ include "argo-cd.server.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index c56ea680..a09b5656 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -56,7 +56,7 @@ spec: {{- if .Values.server.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }} containers: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} diff --git a/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-server/rolebinding.yaml index 93b1fa94..61276d60 100644 --- a/charts/argo-cd/templates/argocd-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} @@ -11,5 +11,5 @@ roleRef: name: {{ template "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index 5d03aaf6..12f571fd 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -3,17 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.serverServiceAccountName" . }} + name: {{ include "argo-cd.server.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.server.serviceAccount.annotations }} + {{- with .Values.server.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.server.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- range $key, $value := .Values.server.serviceAccount.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- range $key, $value := .Values.server.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 9f782c8d..c8e2c929 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -58,7 +58,7 @@ spec: {{- if .Values.dex.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} + serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} diff --git a/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/argo-cd/templates/dex/rolebinding.yaml index 08da1544..30b92c06 100644 --- a/charts/argo-cd/templates/dex/rolebinding.yaml +++ b/charts/argo-cd/templates/dex/rolebinding.yaml @@ -2,16 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.dex.fullname" . }} + name: {{ include "argo-cd.dex.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.dex.fullname" . }} + name: {{ include "argo-cd.dex.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.dexServiceAccountName" . }} + name: {{ include "argo-cd.dex.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index 65abd57c..66bf3076 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.dexServiceAccountName" . }} + name: {{ include "argo-cd.dex.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.dex.serviceAccount.annotations }} + {{- with .Values.dex.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.dex.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 3f272d02..b3182245 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -51,7 +51,7 @@ spec: {{- if .Values.redis.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} {{- end }} - serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }} + serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }} containers: - name: {{ .Values.redis.name }} image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml index 503fb434..f45ece13 100644 --- a/charts/argo-cd/templates/redis/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.redisServiceAccountName" . }} + name: {{ include "argo-cd.redis.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- if .Values.redis.serviceAccount.annotations }} + {{- with .Values.redis.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.redis.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- end }} From 51bb7f98069940ff6c053915f04b30bf5f546153 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 6 Jan 2024 00:28:42 +0900 Subject: [PATCH 366/768] fix(argocd-image-updater): Update outdated link on README (#2414) * fixed(argocd-image-updater): Update outdated link on README Signed-off-by: yu-croco * fix: correct "ArgoCD" to "Argo CD" Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argocd-image-updater/Chart.yaml | 8 ++++-- charts/argocd-image-updater/README.md | 30 +++++++++++--------- charts/argocd-image-updater/README.md.gotmpl | 20 +++++++------ charts/argocd-image-updater/values.yaml | 10 +++---- 4 files changed, 39 insertions(+), 29 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 665f4bad..203c6206 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.1 +version: 0.9.2 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,5 +18,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Introduce chart signing + - kind: fixed + description: Update outdated link on README + - kind: changed + description: Refactor README diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 5d5c7253..148a5073 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm helm install argocd-image-updater argo/argocd-image-updater ``` -You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). +You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart). ## Prerequisites @@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc ## Configuration options -In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). +In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page]. -All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance: ```yaml config: @@ -35,12 +35,12 @@ config: plaintext: true ``` -Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. +Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so. -### ArgoCD API key +### Argo CD API key If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation. -Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/). +Please also read [Configuration of Container Registries]. ```yaml config: @@ -52,7 +52,7 @@ If you specify a token value the secret will be created. ### Registries -ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): +Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]): - Docker Hub - Google Container Registry @@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in - GitHub Container Registry - GitHub Docker Packages -If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. +If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. @@ -74,16 +74,16 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.applicationsAPIKind | string | `""` | API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) | | config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | | config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. | -| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. | +| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. | | config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address | -| config.argocd.token | string | `""` | If specified, the secret with ArgoCD API key will be created. | +| config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | | config.disableKubeEvents | bool | `false` | Disable kubernetes events | | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | | config.gitCommitTemplate | string | `""` | Changing the Git commit message | | config.gitCommitUser | string | `""` | Username to use for Git commits | -| config.logLevel | string | `"info"` | ArgoCD Image Update log level | -| config.registries | list | `[]` | ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | -| config.sshConfig | object | `{}` | ArgoCD Image Updater ssh client parameter configuration. | +| config.logLevel | string | `"info"` | Argo CD Image Update log level | +| config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | +| config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | | fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | @@ -125,3 +125,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server +[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags +[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/ +[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112 diff --git a/charts/argocd-image-updater/README.md.gotmpl b/charts/argocd-image-updater/README.md.gotmpl index bbd2e1b5..68ddd814 100644 --- a/charts/argocd-image-updater/README.md.gotmpl +++ b/charts/argocd-image-updater/README.md.gotmpl @@ -14,7 +14,7 @@ helm repo add argo https://argoproj.github.io/argo-helm helm install argocd-image-updater argo/argocd-image-updater ``` -You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). +You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart). ## Prerequisites @@ -22,9 +22,9 @@ You will also need to run through the [secret setup documentation](https://argoc ## Configuration options -In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). +In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page]. -All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance: ```yaml config: @@ -35,12 +35,12 @@ config: plaintext: true ``` -Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. +Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so. -### ArgoCD API key +### Argo CD API key If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation. -Please also read [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/). +Please also read [Configuration of Container Registries]. ```yaml config: @@ -52,7 +52,7 @@ If you specify a token value the secret will be created. ### Registries -ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): +Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]): - Docker Hub - Google Container Registry @@ -60,7 +60,7 @@ ArgoCD Image Updater natively supports the following registries (as mentioned in - GitHub Container Registry - GitHub Docker Packages -If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. +If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. @@ -71,3 +71,7 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server +[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags +[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/ +[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112 diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 90498e26..4d490572 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -77,9 +77,9 @@ config: serverAddress: "" # -- If specified, the certificate of the Argo CD API server is not verified. insecure: false - # -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. + # -- If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. plaintext: false - # -- If specified, the secret with ArgoCD API key will be created. + # -- If specified, the secret with Argo CD API key will be created. token: "" # -- Disable kubernetes events @@ -94,10 +94,10 @@ config: # -- Changing the Git commit message gitCommitTemplate: "" - # -- ArgoCD Image Update log level + # -- Argo CD Image Update log level logLevel: "info" - # -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) + # -- Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) registries: [] # - name: Docker Hub # api_url: https://registry-1.docker.io @@ -122,7 +122,7 @@ config: # credentials: ext:/scripts/auth1.sh # credsexpire: 10h - # -- ArgoCD Image Updater ssh client parameter configuration. + # -- Argo CD Image Updater ssh client parameter configuration. sshConfig: {} # config: | From d1389a90b9906c5ad419b53ced3250ed4208f7ca Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 6 Jan 2024 13:17:33 +0900 Subject: [PATCH 367/768] chore(argo-workflows): Update doc for Argo Workflows server authentication (#2411) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 15 +++++++-------- charts/argo-workflows/README.md.gotmpl | 16 ++++++++-------- 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 15950d66..2bfb706d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.3 +version: 0.40.4 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add instruction for SSO + - kind: changed + description: Update doc for Argo Workflows server authentication diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 81e65359..3a2a91d7 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -56,11 +56,6 @@ spec: args: [ "hello world" ] ``` -### Argo Workflows Server SSO -In order to enable SSO, please configure `.Values.server.sso` and `.Values.server.authMode`. - -In order to manage access levels, you can optionally add RBAC to SSO. Please refer [SSO RBAC] for more details. - ## Installing the Chart To install the chart with the release name `my-release`: @@ -89,9 +84,12 @@ Please see the upstream [Operator Manual's High Availability page](https://argop This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. -### Workflow server authentication +### Argo Workflows server authentication -By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting. +Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means. +Please refer to [Argo Server Auth Mode] for more details. + +Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details. ## Values @@ -392,4 +390,5 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog -[SSO RBAC]: https://argoproj.github.io/argo-workflows/argo-server-sso/#sso-rbac +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/ diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index aa296179..4d1ec4d5 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -56,11 +56,6 @@ spec: args: [ "hello world" ] ``` -### Argo Workflows Server SSO -In order to enable SSO, please configure `.Values.server.sso` and `.Values.server.authMode`. - -In order to manage access levels, you can optionally add RBAC to SSO. Please refer [SSO RBAC] for more details. - ## Installing the Chart To install the chart with the release name `my-release`: @@ -89,9 +84,13 @@ Please see the upstream [Operator Manual's High Availability page](https://argop This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. -### Workflow server authentication +### Argo Workflows server authentication + +Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means. +Please refer to [Argo Server Auth Mode] for more details. + +Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details. -By default, the chart requires some kind of authentication mechanism. This adopts the [default behaviour from the Argo project](https://github.com/argoproj/argo-workflows/pull/5211) itself. However, for local development purposes, or cases where your gateway authentication is covered by some other means, you can set the authentication mode for the Argo server by setting the `server.extraArgs: [--auth-mode=server]`. There are a few additional comments in the values.yaml file itself, including commented-out settings to disable authentication on the server UI itself using the same `--auth-mode=server` setting. ## Values @@ -209,4 +208,5 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog -[SSO RBAC]: https://argoproj.github.io/argo-workflows/argo-server-sso/#sso-rbac +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/ From 9892e505f17a24fd13e1aef8248222e141887201 Mon Sep 17 00:00:00 2001 From: Brian Gottfried Date: Sat, 6 Jan 2024 22:30:45 -0600 Subject: [PATCH 368/768] feat(argo-rollouts): Add rollout plugin gloo platform rbac (#2404) * feat(argo-rollouts): Add rollout plugin gloo platform rbac Signed-off-by: Brian Gottfried * feat(argo-rollouts): Add rollout plugin gloo platform rbac information to README Signed-off-by: Brian Gottfried --------- Signed-off-by: Brian Gottfried Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 1 + .../argo-rollouts/templates/controller/clusterrole.yaml | 9 +++++++++ charts/argo-rollouts/templates/controller/role.yaml | 9 +++++++++ charts/argo-rollouts/values.yaml | 2 ++ 5 files changed, 24 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index a879e08c..caf26b58 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.4 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.0 +version: 2.34.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Allow setting log config for rollouts dashboard + - kind: added + description: Added Gloo Platform provider RBAC rules diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 23f25df7..3627de83 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -66,6 +66,7 @@ For full list of changes please check ArtifactHub [changelog]. | providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | | providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | | providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` | +| providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` | | providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | | providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | | providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 56afb5cb..35fd8215 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -267,5 +267,14 @@ rules: - watch - update {{- end }} +{{- if .Values.providerRBAC.providers.glooPlatform }} + # Access needed when using the Gloo Platform provider +- apiGroups: + - networking.gloo.solo.io + resources: + - routetables + verbs: + - '*' +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index eb69db62..dc656cde 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -256,5 +256,14 @@ rules: - get - update {{- end }} +{{- if .Values.providerRBAC.providers.glooPlatform }} + # Access needed when using the Gloo Platform provider +- apiGroups: + - networking.gloo.solo.io + resources: + - routetables + verbs: + - '*' +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index e7a5f133..19ab340e 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -271,6 +271,8 @@ providerRBAC: apisix: true # -- Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` contour: true + # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` + glooPlatform: true dashboard: # -- Deploy dashboard server From 3a2645782ceaac12a19d630cd870dcf202cee9a2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 10:14:11 +0000 Subject: [PATCH 369/768] chore(argo-events): Update dependency argoproj/argo-events to v1.9.0 (#2417) * chore(argo-events): Update dependency argoproj/argo-events to v1.9.0 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-events/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index b9f441fe..d219afc7 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.8.1 +appVersion: v1.9.0 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.1 +version: 2.4.2 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade Argo Events to v1.8.1 + description: Bump argo-events to v1.9.0 From 5aaa79be36e9a283a75a148d85ee44b41858e768 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 11 Jan 2024 16:20:25 +0900 Subject: [PATCH 370/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.3 (#2419) * chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.3 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 2bfb706d..54b893cf 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.2 +appVersion: v3.5.3 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.4 +version: 0.40.5 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Update doc for Argo Workflows server authentication + description: Bump argo-workflows to v3.5.3 From 1cc80bfe107ccf24379ba71cf024311c8240ee89 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Jan 2024 09:09:25 -0600 Subject: [PATCH 371/768] chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 (#2421) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e86279fa..76b0264c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: SARIF file path: results.sarif From 524089b9dfbcd78b26ec78a502dbe9ce1e1f6df7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 14 Jan 2024 17:10:59 +0900 Subject: [PATCH 372/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.4 (#2422) * chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.4 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 54b893cf..ed2e3048 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.3 +appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.5 +version: 0.40.6 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.5.3 + description: Bump argo-workflows to v3.5.4 From e6de8c47b9afaeb55aee532f35f9ed01c1323abb Mon Sep 17 00:00:00 2001 From: Aman Gupta Date: Mon, 15 Jan 2024 14:42:39 +0530 Subject: [PATCH 373/768] docs(argo-cd): Fix policy.csv block (#2423) * Minor Changes to policy.csv block Added Missing ':' Signed-off-by: Aman Gupta * Update Chart.yaml Signed-off-by: Aman Gupta * Update Changelog Signed-off-by: Aman Gupta --------- Signed-off-by: Aman Gupta --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 91dcac84..42cfbcc2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.52.1 +version: 5.52.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: DRY cleanup of ServiceAccounts + - kind: fixed + description: Missing colon for policy.csv block diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index bc93065e..8b725375 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -291,7 +291,7 @@ configs: # p, subject, resource, action, object, effect # Role definitions and bindings are in the form: # g, subject, inherited-subject - # policy.csv | + # policy.csv: | # p, role:org-admin, applications, *, */*, allow # p, role:org-admin, clusters, get, *, allow # p, role:org-admin, repositories, *, *, allow From d5b942a873af4fe0826d099895efa4fed476ecce Mon Sep 17 00:00:00 2001 From: Lucas Fernando Cardoso Nunes Date: Wed, 17 Jan 2024 04:56:17 -0300 Subject: [PATCH 374/768] docs(argo-workflows): fix wrong `artifactRepository` identations on values.yaml (#2426) * fix: wrong `artifactRepository` identations on values.yaml on `artifactRepository.gcs` the following 3 keys were in the same level: - `.serviceAccountKeySecret` - `.name` - `.key` Signed-off-by: Lucas Fernando Cardoso Nunes * Update Chart.yaml Signed-off-by: Lucas Fernando Cardoso Nunes --------- Signed-off-by: Lucas Fernando Cardoso Nunes --- charts/argo-workflows/Chart.yaml | 6 ++-- charts/argo-workflows/values.yaml | 58 +++++++++++++++---------------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index ed2e3048..f529072b 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.6 +version: 0.40.7 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.4 + - kind: fixed + description: Wrong identation in artifactRepository block diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index e6440439..570f5986 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -769,41 +769,41 @@ artifactRepository: # roleARN: # useSDKCreds: true # encryptionOptions: - # enableEncryption: true + # enableEncryption: true # -- Store artifact in a GCS object store # @default -- `{}` (See [values.yaml]) gcs: {} - # bucket: -argo - # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" - # serviceAccountKeySecret is a secret selector. - # It references the k8s secret named 'my-gcs-credentials'. - # This secret is expected to have have the key 'serviceAccountKey', - # containing the base64 encoded credentials - # to the bucket. - # - # If it's running on GKE and Workload Identity is used, - # serviceAccountKeySecret is not needed. - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey + # bucket: -argo + # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" + # # serviceAccountKeySecret is a secret selector. + # # It references the k8s secret named 'my-gcs-credentials'. + # # This secret is expected to have have the key 'serviceAccountKey', + # # containing the base64 encoded credentials + # # to the bucket. + # # + # # If it's running on GKE and Workload Identity is used, + # # serviceAccountKeySecret is not needed. + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey # -- Store artifact in Azure Blob Storage # @default -- `{}` (See [values.yaml]) azure: {} - # endpoint: https://mystorageaccountname.blob.core.windows.net - # container: my-container-name - # blobNameFormat: path/in/container - ## accountKeySecret is a secret selector. - ## It references the k8s secret named 'my-azure-storage-credentials'. - ## This secret is expected to have have the key 'account-access-key', - ## containing the base64 encoded credentials to the storage account. - ## If a managed identity has been assigned to the machines running the - ## workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity) - ## then accountKeySecret is not needed, and useSDKCreds should be - ## set to true instead: - # useSDKCreds: true - # accountKeySecret: - # name: my-azure-storage-credentials - # key: account-access-key + # endpoint: https://mystorageaccountname.blob.core.windows.net + # container: my-container-name + # blobNameFormat: path/in/container + # # accountKeySecret is a secret selector. + # # It references the k8s secret named 'my-azure-storage-credentials'. + # # This secret is expected to have have the key 'account-access-key', + # # containing the base64 encoded credentials to the storage account. + # # If a managed identity has been assigned to the machines running the + # # workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity) + # # then accountKeySecret is not needed, and useSDKCreds should be + # # set to true instead: + # useSDKCreds: true + # accountKeySecret: + # name: my-azure-storage-credentials + # key: account-access-key # -- The section of custom artifact repository. # Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) From e37093f273b1843a78e01268ca55777670f6b8a8 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 18 Jan 2024 15:21:37 +0900 Subject: [PATCH 375/768] feat(argocd-image-updater): Support extra K8s manifests (#2429) * feat(argocd-image-updater): Support extra K8s manifests Signed-off-by: yu-croco * chore(argocd-image-updater): add CI for extraObjects Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argocd-image-updater/Chart.yaml | 8 ++--- charts/argocd-image-updater/README.md | 1 + .../ci/enable-extra-objects-values.yaml | 14 +++++++++ .../templates/extra-manifests.yaml | 8 +++++ charts/argocd-image-updater/values.yaml | 29 +++++++++++++++++++ 5 files changed, 55 insertions(+), 5 deletions(-) create mode 100644 charts/argocd-image-updater/ci/enable-extra-objects-values.yaml create mode 100644 charts/argocd-image-updater/templates/extra-manifests.yaml diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 203c6206..613f76aa 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.2 +version: 0.9.3 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,7 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Update outdated link on README - - kind: changed - description: Refactor README + - kind: added + description: Support extra K8s manifests diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 148a5073..c62e480f 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -86,6 +86,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | +| extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater | | fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | | image.pullPolicy | string | `"Always"` | Default image pull policy | | image.repository | string | `"quay.io/argoprojlabs/argocd-image-updater"` | Default image repository | diff --git a/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml b/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml new file mode 100644 index 00000000..8d18ecd3 --- /dev/null +++ b/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml @@ -0,0 +1,14 @@ +# Test with extraObjects enabled +# Do not deploy the CRDs as they are already present from the previous test +installCRDs: false + +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: datadog + type: Opaque + data: + address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com + api-key: dGVzdC1hcGkta2V5Cg== # test-api-key + app-key: dGVzdC1hcHAta2V5Cg== # test-app-key diff --git a/charts/argocd-image-updater/templates/extra-manifests.yaml b/charts/argocd-image-updater/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/charts/argocd-image-updater/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 4d490572..f06edf3b 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -42,6 +42,35 @@ extraEnv: [] # - name: AWS_REGION # value: "us-west-1" +# -- Extra K8s manifests to deploy for argocd-image-updater +## Note: Supports use of custom Helm templates +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argocd-image-updater-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argocd-image-updater" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argocd-image-updater-secrets-store + # type: Opaque + # labels: + # app.kubernetes.io/part-of: argocd + # -- Init containers to add to the image updater pod initContainers: [] # - name: download-tools From 508162f1cc9852ccfbac6fb46b8e7c180d95d298 Mon Sep 17 00:00:00 2001 From: Michele Sacchetti Date: Thu, 18 Jan 2024 14:56:33 +0100 Subject: [PATCH 376/768] feat(argo-cd): Add optional mapping of argocd-repo-server emptydir to custom volumes (#2410) * Add optional volumes to replace emptydir Provide user-driven option to replace emptydir volumes with desired solution Signed-off-by: Michele Sacchetti * existingVolumes default values provide default values with empy object to ensure default behavior is backward-compatible Signed-off-by: Michele Sacchetti * Update Chart.yaml bump version Signed-off-by: Michele Sacchetti * Update Chart.yaml add changelog Signed-off-by: Michele Sacchetti * fix docs fix docs on new entry Signed-off-by: Michele Sacchetti * fix readme Signed-off-by: Michele Sacchetti * Update README.md.gotmpl Signoff commit Signed-off-by: Michele Sacchetti * fix readme Signed-off-by: Michele Sacchetti * fixCamelCase Signed-off-by: Michele Sacchetti --------- Signed-off-by: Michele Sacchetti --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 5 +++++ charts/argo-cd/README.md.gotmpl | 4 ++++ .../argocd-repo-server/deployment.yaml | 20 +++++++++++++++++++ charts/argo-cd/values.yaml | 18 +++++++++++++++++ 5 files changed, 50 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 42cfbcc2..6986775f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.52.2 +version: 5.53.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Missing colon for policy.csv block + - kind: added + description: Optionally map argocd-repo-server emptydir volumes on custom volumes diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 919149b5..ed421bb4 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,6 +105,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.53.0 + +Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() + ### 5.52.0 Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. @@ -609,6 +613,7 @@ NAME: my-release | repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | | repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | +| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes | | repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | | repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | | repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index ba94725f..bb296e6a 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,6 +104,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 5.53.0 + +Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() + ### 5.52.0 Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index a9565a2e..2a18df6c 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -373,14 +373,30 @@ spec: {{- end }} {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: helm-working-dir + {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}} + {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: plugins + {{- if .Values.repoServer.existingVolumes.plugins -}} + {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} - name: var-files + {{- if .Values.repoServer.existingVolumes.varFiles -}} + {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} - name: tmp + {{- if .Values.repoServer.existingVolumes.tmp -}} + {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} - name: ssh-known-hosts configMap: name: argocd-ssh-known-hosts-cm @@ -391,7 +407,11 @@ spec: configMap: name: argocd-gpg-keys-cm - name: gpg-keyring + {{- if .Values.repoServer.existingVolumes.gpgKeyring -}} + {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8b725375..ab8c7d0a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2217,6 +2217,24 @@ repoServer: # - name: cmp-tmp # emptyDir: {} + # -- Volumes to be used in replacement of emptydir on default volumes + existingVolumes: {} + # gpgKeyring: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-keyring + # helmWorkingDir: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-workdir + # tmp: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-tmp + # varFiles: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-varfiles + # plugins: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-plugins + # -- Toggle the usage of a ephemeral Helm working directory useEphemeralHelmWorkingDir: true From 0a851b87efd35640084a5aae09dc1103b0b3aad8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 06:48:24 +0100 Subject: [PATCH 377/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.9.4 (#2434) --- charts/argo-cd/Chart.yaml | 8 ++++---- .../templates/argocd-application-controller/role.yaml | 10 +++++++++- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6986775f..38cdee65 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.3 +appVersion: v2.9.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.0 +version: 5.53.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Optionally map argocd-repo-server emptydir volumes on custom volumes + - kind: changed + description: Bump argo-cd to v2.9.4 diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index 56ef17b5..ea550e1f 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -34,4 +34,12 @@ rules: - events verbs: - create - - list \ No newline at end of file + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch From f2fa2ce9cb5e031225c360e53d32775ca9966a1d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 20:19:53 +0000 Subject: [PATCH 378/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.9.5 (#2436) --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 38cdee65..bd8560da 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.4 +appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.1 +version: 5.53.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.9.4 + description: Bump argo-cd to v2.9.5 From cc5b21f9adf064b1a60ee466ec727106f092badc Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 20 Jan 2024 21:07:38 +0900 Subject: [PATCH 379/768] docs(argo-cd): Add reference for Argo CD extensions (#2438) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/values.yaml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bd8560da..33fc7c71 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.2 +version: 5.53.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.9.5 + - kind: added + description: Add reference for Argo CD extensions. diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ab8c7d0a..3863513d 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1577,6 +1577,8 @@ server: ## Argo CD extensions ## This function in tech preview stage, do expect instability or breaking changes in newer versions. ## Ref: https://github.com/argoproj-labs/argocd-extension-installer + ## When you enable extensions, you need to configure RBAC of logged in Argo CD user. + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource extensions: # -- Enable support for Argo CD extensions enabled: false From 1b5f7874227c3d4cd66f540cd471860a4a0e8003 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Jan 2024 06:49:38 -0600 Subject: [PATCH 380/768] chore(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 (#2441) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 76b0264c..ebce033b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 with: name: SARIF file path: results.sarif From be7ed3d232e6369e03c8600a44fea6fcb32aa0be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Jan 2024 06:52:58 -0600 Subject: [PATCH 381/768] chore(deps): bump tj-actions/changed-files from 41.0.1 to 42.0.0 (#2440) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 30bd26ee..3f62f59b 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@716b1e13042866565e00e85fd4ec490e186c4a2f # v41.0.1 + uses: tj-actions/changed-files@ae82ed4ae04587b665efad2f206578aa6f0e8539 # v42.0.0 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 9e31be4a603eabab31df4b570df6e727c9ff9991 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 21 Jan 2024 22:35:46 +0900 Subject: [PATCH 382/768] feat(argo-cd): Support Azure DevOps webhook Secret (#2439) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/argocd-configs/argocd-secret.yaml | 4 ++++ charts/argo-cd/values.yaml | 6 ++++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 33fc7c71..7bd023e1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.3 +version: 5.53.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Add reference for Argo CD extensions. + description: Support Azure DevOps webhook Secret diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ed421bb4..22218736 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -493,6 +493,8 @@ NAME: my-release | configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret | | configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password | | configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` | +| configs.secret.azureDevops.password | string | `""` | Shared secret password for authenticating Azure DevOps webhook events | +| configs.secret.azureDevops.username | string | `""` | Shared secret username for authenticating Azure DevOps webhook events | | configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events | | configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events | | configs.secret.createSecret | bool | `true` | Create the argocd-secret | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 1e69bcea..3011904a 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -34,6 +34,10 @@ data: {{- with .Values.configs.secret.gogsSecret }} webhook.gogs.secret: {{ . | b64enc }} {{- end }} + {{- with .Values.configs.secret.azureDevops }} + webhook.azuredevops.username: {{ .username }} + webhook.azuredevops.password: {{ .password | b64enc }} + {{- end }} {{- with .Values.configs.secret.argocdServerTlsConfig }} tls.key: {{ .key | b64enc }} tls.crt: {{ .crt | b64enc }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 3863513d..df03a58f 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -516,6 +516,12 @@ configs: bitbucketUUID: "" # -- Shared secret for authenticating Gogs webhook events gogsSecret: "" + ## Azure DevOps + azureDevops: + # -- Shared secret username for authenticating Azure DevOps webhook events + username: "" + # -- Shared secret password for authenticating Azure DevOps webhook events + password: "" # -- add additional secrets to be added to argocd-secret ## Custom secrets. Useful for injecting SSO secrets into environment variables. From 53620e31022d27d0580e23ad600304e6be616130 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 22 Jan 2024 19:14:32 +0900 Subject: [PATCH 383/768] fix(argo-cd): Fix fail to render `.Values.configs.secret.azureDevops` (#2443) * fix(argo-cd): Fix fail to render `.Values.configs.secret.azureDevops` Signed-off-by: yu-croco * chore(argo-cd): Remove unnecessary comment Signed-off-by: yu-croco * fix(argo-cd): base64 username Signed-off-by: yu-croco * fix(argo-cd): correct syntax Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-configs/argocd-secret.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7bd023e1..bf53fe4f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.4 +version: 5.53.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support Azure DevOps webhook Secret + - kind: fixed + description: Fix fail to render `.Values.configs.secret.azureDevops` diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 3011904a..4561440a 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} {{- end }} type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} # Setting a blank data again will wipe admin password/key/cert data: {{- with .Values.configs.secret.githubSecret }} @@ -34,9 +34,9 @@ data: {{- with .Values.configs.secret.gogsSecret }} webhook.gogs.secret: {{ . | b64enc }} {{- end }} - {{- with .Values.configs.secret.azureDevops }} - webhook.azuredevops.username: {{ .username }} - webhook.azuredevops.password: {{ .password | b64enc }} + {{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }} + webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }} + webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }} {{- end }} {{- with .Values.configs.secret.argocdServerTlsConfig }} tls.key: {{ .key | b64enc }} From 5ac542fabb7db08f52f1551ccbcfc99f274596a6 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 22 Jan 2024 22:09:08 +0900 Subject: [PATCH 384/768] chore(argo-cd): Provide Casbin matcher explicitly (#2445) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/values.yaml | 3 +++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bf53fe4f..c204c098 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.5 +version: 5.53.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix fail to render `.Values.configs.secret.azureDevops` + - kind: added + description: Provide Casbin matcher explicitly diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 22218736..cab5f054 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -485,6 +485,7 @@ NAME: my-release | configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | | configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | | configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | +| configs.rbac."policy.matchMode" | string | `"glob"` | Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. | | configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | | configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. | | configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index df03a58f..84da62d2 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -303,6 +303,9 @@ configs: # The scope value can be a string, or a list of strings. scopes: "[groups]" + # -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. + policy.matchMode: "glob" + # GnuPG public keys for commit verification ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ gpg: From c734875b81faa0e07bd567ebef4bb345d67a7d8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Estrela?= <6763969+joaoestrela@users.noreply.github.com> Date: Mon, 22 Jan 2024 23:54:49 +0000 Subject: [PATCH 385/768] chore(argo-cd): Change redis repository to public.ecr.aws (#2446) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: João Estrela --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c204c098..10451acf 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.6 +version: 5.53.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Provide Casbin matcher explicitly + - kind: changed + description: Change redis repository to public.ecr.aws diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index cab5f054..0fe0c966 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1041,7 +1041,7 @@ The main options are listed here: | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | -| redis-ha.image.repository | string | `"redis"` | Redis repository | +| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | | redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 84da62d2..6ad0d4bf 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1404,7 +1404,7 @@ redis-ha: ## Redis image image: # -- Redis repository - repository: redis + repository: public.ecr.aws/docker/library/redis # -- Redis tag tag: 7.0.13-alpine ## Prometheus redis-exporter sidecar From 9e70f24c64ee5fda44ce6c2edeeaa5bd73b8d7da Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Tue, 23 Jan 2024 01:07:30 +0000 Subject: [PATCH 386/768] docs(argo-cd): Update docs with the correct default for application.instanceLabelKey (#2447) docs: Update docs with the correct default for application.instanceLabelKey Signed-off-by: Matt Dainty --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 10451acf..ab8d07cd 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.7 +version: 5.53.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Change redis repository to public.ecr.aws + description: Updated documented default value for application.instanceLabelKey. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 0fe0c966..88280075 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -450,7 +450,7 @@ NAME: my-release |-----|------|---------|-------------| | configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | -| configs.cm."application.instanceLabelKey" | string | Defaults to app.kubernetes.io/instance | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6ad0d4bf..58560eb5 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -161,7 +161,6 @@ configs: url: "" # -- The name of tracking label used by Argo CD for resource pruning - # @default -- Defaults to app.kubernetes.io/instance application.instanceLabelKey: argocd.argoproj.io/instance # -- Enable logs RBAC enforcement From 03c26fc21f804060559ee78f9b21459d6a513667 Mon Sep 17 00:00:00 2001 From: James Slater <844263+SlaterByte@users.noreply.github.com> Date: Wed, 24 Jan 2024 18:57:56 -0500 Subject: [PATCH 387/768] fix(argo-workflows): Fix trailing whitespace in controller ConfigMap (#2451) This commit addresses two places where trailing whitespace may be generated in the workflow-controller ConfigMap. When the value `.resourceRateLimit` is not null, a trailing whitespace is added after "resourceRateLimit:". This commit trims that whitespace. When the value `.sso.redirectUrl` is left as the default of empty string, a trailing whitespace is left after "redirectUrl:" as this value is not quoted. This commit pipes this value through `quote` to ensure this whitespace is no longer trailing and instead followed by `"` pair. The main motivation of this commit is to generate a workflow-controller ConfigMap that is properly pretty-printed, which trailing whitespace prevents. Signed-off-by: James Slater Co-authored-by: James Slater --- charts/argo-workflows/Chart.yaml | 4 ++-- .../templates/controller/workflow-controller-config-map.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index f529072b..50f60329 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.7 +version: 0.40.8 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Wrong identation in artifactRepository block + description: Remove trailing whitespace from `.resourceRateLimit` when value is set and `.sso.redirectUrl` when value is an empty string. diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d3ad349b..2d5ebdd0 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -19,7 +19,7 @@ data: parallelism: {{ .Values.controller.parallelism }} {{- end }} {{- if .Values.controller.resourceRateLimit }} - resourceRateLimit: {{ toYaml .Values.controller.resourceRateLimit | nindent 6 }} + resourceRateLimit: {{- toYaml .Values.controller.resourceRateLimit | nindent 6 }} {{- end }} {{- with .Values.controller.namespaceParallelism }} namespaceParallelism: {{ . }} @@ -141,7 +141,7 @@ data: clientSecret: name: {{ .Values.server.sso.clientSecret.name }} key: {{ .Values.server.sso.clientSecret.key }} - redirectUrl: {{ .Values.server.sso.redirectUrl }} + redirectUrl: {{ .Values.server.sso.redirectUrl | quote }} rbac: enabled: {{ .Values.server.sso.rbac.enabled }} {{- with .Values.server.sso.scopes }} From bc89bb5dd6b4c71e5eea38bffe808307ea76ea28 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 25 Jan 2024 16:07:29 +0900 Subject: [PATCH 388/768] docs(argocd-apps): Add deprecated note for Argo CD Extensions (#2449) * docs(argocd-apps): Add deprecated note for Argo CD Extensions Signed-off-by: yu-croco * fix(argocd-apps): Remove broken CI Signed-off-by: yu-croco * chore(argocd-apps): Bump minor version due to deprecation Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/README.md | 2 +- charts/argocd-apps/ci/extensions-values.yaml | 12 ------------ charts/argocd-apps/values.yaml | 2 +- 4 files changed, 5 insertions(+), 17 deletions(-) delete mode 100644 charts/argocd-apps/ci/extensions-values.yaml diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 5494db99..ecc79c3e 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.4.1 +version: 1.5.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: syncOptions for applications + - kind: deprecated + description: Add deprecated note for Argo CD Extensions diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md index 0e5bbbe2..2cc1541f 100644 --- a/charts/argocd-apps/README.md +++ b/charts/argocd-apps/README.md @@ -30,7 +30,7 @@ $ helm install my-release argo/argocd-apps |-----|------|---------|-------------| | applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | | applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | -| extensions | list | `[]` (See [values.yaml]) | Deploy Argo UI Extensions within this helm release | +| extensions | list | `[]` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | | itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | | projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | diff --git a/charts/argocd-apps/ci/extensions-values.yaml b/charts/argocd-apps/ci/extensions-values.yaml deleted file mode 100644 index 15a9fa73..00000000 --- a/charts/argocd-apps/ci/extensions-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Test with extensions - -extensions: - - name: example - namespace: default - additionalLabels: {} - additionalAnnotations: {} - sources: - - git: - url: https://github.com/argoproj-labs/argocd-example-extension.git - - web: - url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index a7996369..fb31bde1 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -219,7 +219,7 @@ itemTemplates: [] # server: '{{`{{cluster}}`}}' # namespace: guestbook -# -- Deploy Argo UI Extensions within this helm release +# -- DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. # @default -- `[]` (See [values.yaml]) ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. ## Ref: https://github.com/argoproj-labs/argocd-extensions From 9bb5330eb8157c55fd34371c5056b5532fccb753 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 26 Jan 2024 00:31:11 -0600 Subject: [PATCH 389/768] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.5 (#2453) --- charts/argo-rollouts/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index caf26b58..38882433 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.4 +appVersion: v1.6.5 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.1 +version: 2.34.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added Gloo Platform provider RBAC rules + - kind: changed + description: Bump argo-rollouts to v1.6.5 From 1de9659d1c3f8086a9c130d4bd80647e2ac556bf Mon Sep 17 00:00:00 2001 From: Ishan Sharma <38211728+ishuar@users.noreply.github.com> Date: Fri, 26 Jan 2024 08:35:45 +0100 Subject: [PATCH 390/768] fix(argo-cd): Fix Repo server `serviceaccount` label template (#2454) Signed-off-by: ishuar Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/serviceaccount.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ab8d07cd..5cb85cc2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.8 +version: 5.53.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Updated documented default value for application.instanceLabelKey. + - kind: fixed + description: Fixed labels template for ArgoCD server service account. diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index 12f571fd..a8efe1e5 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- range $key, $value := .Values.server.serviceAccount.labels }} + {{- with .Values.server.serviceAccount.labels }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} From a2c964045a81b81477804b38f38be20c3c1af185 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 27 Jan 2024 06:02:37 +0900 Subject: [PATCH 391/768] docs(argo-workflows): Add MySQL persistence support explicitly on README (#2448) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 +- charts/argo-workflows/values.yaml | 14 +++++++++++++- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 50f60329..778b83f7 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.8 +version: 0.40.9 icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Remove trailing whitespace from `.resourceRateLimit` when value is set and `.sso.redirectUrl` when value is an empty string. + - kind: added + description: Add MySQL persistence support explicitly on README diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 3a2a91d7..fa730ddc 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -186,7 +186,7 @@ Fields to note: | controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] | | controller.parallelism | string | `nil` | parallelism dictates how many workflows can be running at the same time | | controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods | -| controller.persistence | object | `{}` | enable persistence using postgres | +| controller.persistence | object | `{}` | enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. | | controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods | | controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers | | controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. | diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 570f5986..101aafba 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -146,7 +146,8 @@ controller: capabilities: drop: - ALL - # -- enable persistence using postgres + # -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. + ## Ref: https://argo-workflows.readthedocs.io/en/latest/workflow-archive/ persistence: {} # connectionPool: # maxIdleConns: 100 @@ -171,6 +172,17 @@ controller: # # sslMode must be one of: disable, require, verify-ca, verify-full # # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq # sslMode: require + # mysql: + # host: localhost + # port: 3306 + # database: argo + # tableName: argo_workflows + # userNameSecret: + # name: argo-mysql-config + # key: username + # passwordSecret: + # name: argo-mysql-config + # key: password # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. # Only valid for 2.7+ From a31b3f02de21d6273bcd92e1a22bae4fa5155c25 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Jan 2024 05:55:28 -0600 Subject: [PATCH 392/768] chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#2457) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ebce033b..45338c22 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: name: SARIF file path: results.sarif From b40ec3246783703920d82c7b6defc4ab1775db3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Jan 2024 09:27:37 -0600 Subject: [PATCH 393/768] chore(deps): bump tj-actions/changed-files from 42.0.0 to 42.0.2 (#2458) --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 3f62f59b..43b6b5ba 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@ae82ed4ae04587b665efad2f206578aa6f0e8539 # v42.0.0 + uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 47102d9768ff2a4cd1657e017a7df8631950b0b5 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 29 Jan 2024 22:58:33 +0900 Subject: [PATCH 394/768] fix(argo-cd): Restart argocd-server when argocd-cm CM is updated (#2459) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/deployment.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5cb85cc2..3c17096f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.9 +version: 5.53.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed labels template for ArgoCD server service account. + description: Restart argocd-server when argocd-cm CM is updated diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index a09b5656..fc1e3f7e 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -27,6 +27,9 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} From 3b7a005ce359b3cc1a23b4ac4ce2ea760b847e09 Mon Sep 17 00:00:00 2001 From: Imran Ismail Date: Tue, 30 Jan 2024 13:34:04 +1300 Subject: [PATCH 395/768] feat(argocd-apps): support ignoreApplicationDifferences for appsets (#2442) * feat(argocd-apps): support ignoreApplicationDifferences Signed-off-by: imranismail * chore: bump version Signed-off-by: Imran Ismail --------- Signed-off-by: imranismail Signed-off-by: Imran Ismail Co-authored-by: Aikawa --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/ci/applicationsets-values.yaml | 4 ++++ charts/argocd-apps/templates/applicationsets.yaml | 4 ++++ charts/argocd-apps/values.yaml | 4 ++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index ecc79c3e..693b73d5 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.5.0 +version: 1.6.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: deprecated - description: Add deprecated note for Argo CD Extensions + - kind: added + description: ability to specify ignoreApplicationDifferences for applicationsets diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index 6142b1bb..e4f9101b 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -13,6 +13,10 @@ applicationsets: directories: - path: guestbook - path: kustomize-* + # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync + ignoreApplicationDifferences: + - jsonPointers: + - /spec/syncPolicy template: metadata: name: '{{path.basename}}' diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index 0d3a47e9..d3fcdd69 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -27,6 +27,10 @@ spec: {{- toYaml . | nindent 4 }} {{- end }} {{- with .strategy }} + {{- with .ignoreApplicationDifferences }} + ignoreApplicationDifferences: + {{- toYaml . | nindent 4 }} + {{- end }} strategy: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index fb31bde1..87874dad 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -106,6 +106,10 @@ applicationsets: [] # directories: # - path: guestbook # - path: kustomize-* +# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync +# ignoreApplicationDifferences: +# - jsonPointers: +# - /spec/syncPolicy # # Progressive Syncs is an experimental feature and it must be explicitly enabled # # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs # strategy: From 1f824314d48591fb14ea633ac324594e850d651e Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Tue, 30 Jan 2024 12:46:30 +0200 Subject: [PATCH 396/768] feat(argo-cd): bump redis deps to fix cves (#2466) * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 8 ++++---- charts/argo-cd/values.yaml | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3c17096f..46942075 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.10 +version: 5.53.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Restart argocd-server when argocd-cm CM is updated + - kind: security + description: updated redis and redis exporter images to fix some cves diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 88280075..0244b6d7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -967,13 +967,13 @@ server: | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | | redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.13-alpine"` | Redis tag | +| redis.image.tag | string | `"7.0.15-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.metrics.enabled | bool | `false` | Deploy metrics service | @@ -1032,7 +1032,7 @@ The main options are listed here: | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | @@ -1042,7 +1042,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.0.15-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 58560eb5..dce6df2f 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1182,7 +1182,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.13-alpine + tag: 7.0.15-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1198,7 +1198,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.53.0 + tag: 1.57.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1405,7 +1405,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.13-alpine + tag: 7.0.15-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar @@ -1413,7 +1413,7 @@ redis-ha: # -- Repository to use for the redis-exporter image: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.53.0 + tag: 1.57.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false From 8b98cf177a6a1bd0900004435ac782cee0a66ce6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20G=C3=A4rtner?= Date: Tue, 30 Jan 2024 17:58:02 +0100 Subject: [PATCH 397/768] fix(argo-cd): bump dex image version to fix cves (#2468) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: René Gärtner --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 46942075..3cbebd17 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.11 +version: 5.53.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: security - description: updated redis and redis exporter images to fix some cves + description: updated dex image version to fix cves diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 0244b6d7..c8420005 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -885,7 +885,7 @@ server: | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.37.0"` | Dex image tag | +| dex.image.tag | string | `"v2.38.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index dce6df2f..7b8976b3 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -944,7 +944,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.37.0 + tag: v2.38.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From dc738a111b11862afff31279655683c497c815cb Mon Sep 17 00:00:00 2001 From: Imran Ismail Date: Fri, 2 Feb 2024 22:37:27 +1300 Subject: [PATCH 398/768] fix(argocd-apps): move ignoreApplicationDifferences block up a level (#2471) Signed-off-by: imranismail --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/templates/applicationsets.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 693b73d5..811c39e8 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.6.0 +version: 1.6.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: ability to specify ignoreApplicationDifferences for applicationsets + - kind: fixed + description: move ignoreApplicationDifferences block up a level to fix render diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index d3fcdd69..10560075 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -26,11 +26,11 @@ spec: generators: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .strategy }} {{- with .ignoreApplicationDifferences }} ignoreApplicationDifferences: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} From 865f45211942624f33927ce9d8b2d60d69a206b1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 2 Feb 2024 23:50:17 +0100 Subject: [PATCH 399/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.9.6 (#2473) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3cbebd17..e311b5c2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.5 +appVersion: v2.9.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.12 +version: 5.53.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: security - description: updated dex image version to fix cves + - kind: changed + description: Bump argo-cd to v2.9.6 From 186065e31f82319a87c56ae626c9ed0c7018e750 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 2 Feb 2024 18:44:56 -0600 Subject: [PATCH 400/768] docs(argo-workflows): update documentation links to readthedocs (#2472) argo-workflows docs moved from github pages to readthedocs Signed-off-by: jmeridth Co-authored-by: Aikawa --- CONTRIBUTING.md | 2 +- charts/argo-workflows/Chart.yaml | 8 ++++---- charts/argo-workflows/README.md | 10 +++++----- charts/argo-workflows/README.md.gotmpl | 8 ++++---- charts/argo-workflows/ci/ha-values.yaml | 4 ++-- charts/argo-workflows/values.yaml | 18 +++++++++--------- 6 files changed, 25 insertions(+), 25 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f9861dcb..c20486f6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -124,7 +124,7 @@ helm install charts/argo-workflows -n argo argo version ``` -Follow [these](https://argoproj.github.io/argo-workflows/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow. +Follow [these](https://argo-workflows.readthedocs.io/en/stable/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow. ### Testing Argo CD Changes diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 778b83f7..048385d4 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,8 +3,8 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.9 -icon: https://argoproj.github.io/argo-workflows/assets/logo.png +version: 0.40.10 +icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: - https://github.com/argoproj/argo-workflows @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add MySQL persistence support explicitly on README + - kind: fixed + description: Update argo-workflows documentation links to readthedocs diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index fa730ddc..75ecb19a 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -78,7 +78,7 @@ For full list of changes, please check ArtifactHub [changelog]. ### High Availability This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. -Please see the upstream [Operator Manual's High Availability page](https://argoproj.github.io/argo-workflows/high-availability/) to understand how to scale Argo Workflows in depth. +Please see the upstream [Operator Manual's High Availability page](https://argo-workflows.readthedocs.io/en/stable/high-availability/) to understand how to scale Argo Workflows in depth. ### Workflow controller @@ -354,7 +354,7 @@ Fields to note: | artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage | | artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store | | artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store | -| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). Each map key is the name of configmap | +| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). Each map key is the name of configmap | | customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) | | useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) | @@ -381,7 +381,7 @@ Fields to note: [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters -[links]: https://argoproj.github.io/argo-workflows/links/ +[links]: https://argo-workflows.readthedocs.io/en/stable/links/ [columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ @@ -390,5 +390,5 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog -[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/ -[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/ +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/stable/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl index 4d1ec4d5..69838b5a 100644 --- a/charts/argo-workflows/README.md.gotmpl +++ b/charts/argo-workflows/README.md.gotmpl @@ -78,7 +78,7 @@ For full list of changes, please check ArtifactHub [changelog]. ### High Availability This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. -Please see the upstream [Operator Manual's High Availability page](https://argoproj.github.io/argo-workflows/high-availability/) to understand how to scale Argo Workflows in depth. +Please see the upstream [Operator Manual's High Availability page](https://argo-workflows.readthedocs.io/en/stable/high-availability/) to understand how to scale Argo Workflows in depth. ### Workflow controller @@ -199,7 +199,7 @@ Fields to note: [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters -[links]: https://argoproj.github.io/argo-workflows/links/ +[links]: https://argo-workflows.readthedocs.io/en/stable/links/ [columns]: https://github.com/argoproj/argo-workflows/pull/10693 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ [Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ @@ -208,5 +208,5 @@ Fields to note: [TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml [changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog -[SSO RBAC]: https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/ -[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/latest/argo-server-auth-mode/ +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/stable/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ diff --git a/charts/argo-workflows/ci/ha-values.yaml b/charts/argo-workflows/ci/ha-values.yaml index 3dfbb572..2f495169 100644 --- a/charts/argo-workflows/ci/ha-values.yaml +++ b/charts/argo-workflows/ci/ha-values.yaml @@ -1,7 +1,7 @@ -# Sample values for High Availability configuration, following https://argoproj.github.io/argo-workflows/high-availability/ +# Sample values for High Availability configuration, following https://argo-workflows.readthedocs.io/en/stable/high-availability/ controller: - # in v3.0+, a second controller can be ran as a hot-standby: https://argoproj.github.io/argo-workflows/high-availability/#workflow-controller + # in v3.0+, a second controller can be ran as a hot-standby: https://argo-workflows.readthedocs.io/en/stable/high-availability/#workflow-controller replicas: 2 # should be strictly greater than PDB minAvailable # enable PDB with at least one Pod pdb: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 101aafba..5ec3bac2 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -147,7 +147,7 @@ controller: drop: - ALL # -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. - ## Ref: https://argo-workflows.readthedocs.io/en/latest/workflow-archive/ + ## Ref: https://argo-workflows.readthedocs.io/en/stable/workflow-archive/ persistence: {} # connectionPool: # maxIdleConns: 100 @@ -186,12 +186,12 @@ controller: # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. # Only valid for 2.7+ - ## See more: https://argoproj.github.io/argo-workflows/default-workflow-specs/ + ## See more: https://argo-workflows.readthedocs.io/en/stable/default-workflow-specs/ workflowDefaults: {} # spec: # ttlStrategy: # secondsAfterCompletion: 84600 - # # Ref: https://argoproj.github.io/argo-workflows/artifact-repository-ref/ + # # Ref: https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/ # artifactRepositoryRef: # configMap: my-artifact-repository # default is "artifact-repositories" # key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map. @@ -343,7 +343,7 @@ controller: priorityClassName: "" # -- Configure Argo Server to show custom [links] - ## Ref: https://argoproj.github.io/argo-workflows/links/ + ## Ref: https://argo-workflows.readthedocs.io/en/stable/links/ links: [] # -- Configure Argo Server to show custom [columns] ## Ref: https://github.com/argoproj/argo-workflows/pull/10693 @@ -556,7 +556,7 @@ server: # -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. ## See the following documentation for more details on secure mode: - ## https://argoproj.github.io/argo-workflows/tls/ + ## https://argo-workflows.readthedocs.io/en/stable/tls/ secure: false # -- Extra environment variables to provide to the argo-server container @@ -568,11 +568,11 @@ server: authMode: "" # -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. - ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/ + ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ authModes: [] # -- Extra arguments to provide to the Argo server binary. - ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options + ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server/#options extraArgs: [] logging: @@ -829,7 +829,7 @@ customArtifactRepository: {} # name: artifactory-creds # key: password -# -- The section of [artifact repository ref](https://argoproj.github.io/argo-workflows/artifact-repository-ref/). +# -- The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). # Each map key is the name of configmap # @default -- `{}` (See [values.yaml]) artifactRepositoryRef: {} @@ -884,7 +884,7 @@ artifactRepositoryRef: {} emissary: # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. - ## See more: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary + ## See more: https://argo-workflows.readthedocs.io/en/stable/workflow-executors/#emissary-emissary images: [] # argoproj/argosay:v2: # cmd: [/argosay] From 4a50afcc77ed8e06b076d69f220b21f9b186f069 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 5 Feb 2024 08:25:42 +0200 Subject: [PATCH 401/768] chore(argo-cd): refresh from upstream (#2474) * refresh from upstream Signed-off-by: drfaust92 * refresh from upstream Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 --- charts/argo-cd/Chart.yaml | 4 +-- .../argocd-notifications/clusterrole.yaml | 33 +++++++++++++++++-- .../templates/argocd-server/deployment.yaml | 6 ++++ .../argo-cd/templates/crds/crd-project.yaml | 8 +++-- 4 files changed, 44 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e311b5c2..67714f08 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.13 +version: 5.53.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.9.6 + description: refresh from upstream diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml index 927d30a0..793bb5d3 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -10,13 +10,42 @@ rules: {{- toYaml . | nindent 2 }} {{- end }} - apiGroups: - - "argoproj.io" + - argoproj.io resources: - - "applications" + - applications + - appprojects verbs: - get - list - watch - update - patch + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch + {{- if .Values.notifications.cm.create }} + - apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get + {{- end }} + {{- if .Values.notifications.secret.create }} + - apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index fc1e3f7e..130aa623 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -299,6 +299,12 @@ spec: name: argocd-cmd-params-cm key: server.enable.proxy.extension optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.api.content.types + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index 0a6da4f0..8a6bbd95 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -99,7 +99,8 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name + cluster by its symbolic name. This must be set if Server is + not set. type: string namespace: description: Namespace specifies the target namespace for the @@ -107,8 +108,9 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. type: string type: object type: array From 5da598289d1fb0494a53ccaa1a7f9f0017ad424b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Blondel?= Date: Tue, 6 Feb 2024 14:11:23 +0100 Subject: [PATCH 402/768] feat(argo-cd): Add Probes for redis (#2400) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(argo-cd): Add Probes for redis Signed-off-by: François Blondel * fix: redis: move probes scripts from tpl file into configmap Signed-off-by: François Blondel * Version Bump Signed-off-by: François Blondel * feat: set Redis probes optionnal and disabled by default Signed-off-by: François Blondel --------- Signed-off-by: François Blondel Co-authored-by: François Blondel --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 24 ++++++++ .../argo-cd/templates/redis/deployment.yaml | 58 ++++++++++++++++++- .../templates/redis/health-configmap.yaml | 35 +++++++++++ charts/argo-cd/values.yaml | 58 +++++++++++++++++++ 5 files changed, 176 insertions(+), 5 deletions(-) create mode 100644 charts/argo-cd/templates/redis/health-configmap.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 67714f08..941238ac 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.9.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.53.14 +version: 5.54.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: refresh from upstream + - kind: added + description: Add Probes for redis diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c8420005..95ed6468 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -968,6 +968,18 @@ server: | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | +| redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | +| redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.exporter.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter (optional) | +| redis.exporter.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | @@ -976,6 +988,12 @@ server: | redis.image.tag | string | `"7.0.15-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | +| redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.metrics.enabled | bool | `false` | Deploy metrics service | | redis.metrics.service.annotations | object | `{}` | Metrics service annotations | | redis.metrics.service.clusterIP | string | `"None"` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | @@ -1003,6 +1021,12 @@ server: | redis.podAnnotations | object | `{}` | Annotations to be added to the Redis server pods | | redis.podLabels | object | `{}` | Labels to be added to the Redis server pods | | redis.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for redis pods | +| redis.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index b3182245..94c445c8 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -72,6 +72,32 @@ spec: envFrom: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + {{- end }} ports: - name: redis containerPort: {{ .Values.redis.containerPorts.redis }} @@ -82,8 +108,10 @@ spec: securityContext: {{- toYaml . | nindent 10 }} {{- end }} - {{- with .Values.redis.volumeMounts }} volumeMounts: + - mountPath: /health + name: health + {{- with .Values.redis.volumeMounts }} {{- toYaml . | nindent 10 }} {{- end }} {{- if .Values.redis.exporter.enabled }} @@ -102,6 +130,28 @@ spec: - name: metrics containerPort: {{ .Values.redis.containerPorts.metrics }} protocol: TCP + {{- if .Values.redis.exporter.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.redis.exporter.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.readinessProbe.failureThreshold }} + {{- end }} resources: {{- toYaml .Values.redis.exporter.resources | nindent 10 }} {{- with .Values.redis.exporter.containerSecurityContext }} @@ -139,8 +189,12 @@ spec: {{- end }} {{- end }} {{- end }} - {{- with .Values.redis.volumes }} volumes: + - name: health + configMap: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + defaultMode: 0755 + {{- with .Values.redis.volumes }} {{- toYaml . | nindent 8}} {{- end }} {{- with .Values.redis.dnsConfig }} diff --git a/charts/argo-cd/templates/redis/health-configmap.yaml b/charts/argo-cd/templates/redis/health-configmap.yaml new file mode 100644 index 00000000..fd0ecff7 --- /dev/null +++ b/charts/argo-cd/templates/redis/health-configmap.yaml @@ -0,0 +1,35 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 7b8976b3..b3fc3ef5 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1215,6 +1215,35 @@ redis: drop: - ALL + ## Probes for Redis exporter (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter (optional) + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + # -- Resource limits and requests for redis-exporter sidecar resources: {} # limits: @@ -1244,6 +1273,35 @@ redis: # - secretRef: # name: secret-name + ## Probes for Redis server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + # -- Additional containers to be added to the redis pod ## Note: Supports use of custom Helm templates extraContainers: [] From 0b79f5e5c1beb4912e32c473c5a1f77fbf1f2e8b Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 7 Feb 2024 08:10:12 +0100 Subject: [PATCH 403/768] feat(argo-cd): Upgrade Argo CD to 2.10.0 (#2476) * chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.0 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Update CRDs to v2.10.0 Signed-off-by: Petr Drastil * Add variables for new features Signed-off-by: Petr Drastil * Fix version in Chart.yaml Signed-off-by: Petr Drastil --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Petr Drastil Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 +- .../statefulset.yaml | 42 ++++ .../argocd-applicationset/deployment.yaml | 6 + .../argocd-notifications/deployment.yaml | 6 + .../argocd-repo-server/deployment.yaml | 24 +++ .../templates/argocd-server/deployment.yaml | 24 +++ .../templates/crds/crd-application.yaml | 76 +++++++ .../templates/crds/crd-applicationset.yaml | 194 ++++++++++++++++++ .../argo-cd/templates/crds/crd-project.yaml | 2 +- 9 files changed, 377 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 941238ac..09ccbc76 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.9.6 +appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.54.0 +version: 5.55.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add Probes for redis + - kind: changed + description: Upgrade argo-cd to v2.10.0 diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 6d1d3e2f..5a8c3745 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -122,6 +122,18 @@ spec: name: argocd-cm key: timeout.hard.reconciliation optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER valueFrom: configMapKeyRef: @@ -236,6 +248,18 @@ spec: name: argocd-cmd-params-cm key: otlp.address optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -254,6 +278,24 @@ spec: name: argocd-cmd-params-cm key: controller.kubectl.parallelism.limit optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 655e8f19..4a5f75a5 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -210,6 +210,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.allowed.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 2ed9f1e8..f9b766f4 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -91,6 +91,12 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 2a18df6c..c47fb1f7 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -201,6 +201,18 @@ spec: name: argocd-cmd-params-cm key: otlp.address optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -249,6 +261,18 @@ spec: key: reposerver.enable.git.submodule name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 130aa623..08ef3650 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -287,6 +287,18 @@ spec: name: argocd-cmd-params-cm key: otlp.address optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -299,6 +311,18 @@ spec: name: argocd-cmd-params-cm key: server.enable.proxy.extension optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.base.backoff + optional: true - name: ARGOCD_API_CONTENT_TYPES valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 03401574..9869efbb 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -330,6 +330,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for @@ -658,6 +664,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -1103,6 +1115,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps @@ -1421,6 +1439,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize @@ -1892,6 +1916,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -2224,6 +2254,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -2700,6 +2736,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations @@ -3049,6 +3092,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of + kustomize components to add to the kustomization + before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations @@ -3513,6 +3563,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -3855,6 +3911,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -4341,6 +4404,12 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources @@ -4683,6 +4752,13 @@ spec: description: CommonLabels is a list of additional labels to add to rendered manifests type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array forceCommonAnnotations: description: ForceCommonAnnotations specifies whether to force applying common annotations to resources diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 8d7409e5..02623f6c 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -255,6 +255,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -465,6 +469,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -834,6 +842,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1044,6 +1056,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1417,6 +1433,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1627,6 +1647,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -1980,6 +2004,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -2190,6 +2218,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -2567,6 +2599,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -2777,6 +2813,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3146,6 +3186,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3356,6 +3400,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3729,6 +3777,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -3939,6 +3991,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -4292,6 +4348,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -4502,6 +4562,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -4865,6 +4929,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -5075,6 +5143,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -5618,6 +5690,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -5828,6 +5904,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -6366,6 +6446,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -6576,6 +6660,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -6943,6 +7031,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -7153,6 +7245,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -7530,6 +7626,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -7740,6 +7840,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8109,6 +8213,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8319,6 +8427,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8692,6 +8804,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -8902,6 +9018,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -9255,6 +9375,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -9465,6 +9589,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -9828,6 +9956,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -10038,6 +10170,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -10581,6 +10717,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -10791,6 +10931,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -11329,6 +11473,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -11539,6 +11687,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -11910,6 +12062,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -12120,6 +12276,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -12480,6 +12640,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -12690,6 +12854,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -13233,6 +13401,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -13443,6 +13615,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -13981,6 +14157,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -14191,6 +14371,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -14633,6 +14817,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -14843,6 +15031,10 @@ spec: additionalProperties: type: string type: object + components: + items: + type: string + type: array forceCommonAnnotations: type: boolean forceCommonLabels: @@ -15002,6 +15194,8 @@ spec: - metadata - spec type: object + templatePatch: + type: string required: - generators - template diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index 8a6bbd95..38801469 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -14,7 +14,7 @@ metadata: app.kubernetes.io/part-of: argocd {{- with .Values.crds.additionalLabels }} {{- toYaml . | nindent 4}} - {{- end }} + {{- end }} name: appprojects.argoproj.io spec: group: argoproj.io From b8212e0b300e2cf68249802df892dfa561d475f8 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 7 Feb 2024 22:40:05 +0100 Subject: [PATCH 404/768] chore(argo-cd): Remove deprecated features and redesign Ingress (#2407) * chore(argo-cd): Remove deprecated features Signed-off-by: Petr Drastil * Remove wildcard catch all ingress rule Signed-off-by: Petr Drastil * Add ingress extra rules Signed-off-by: Petr Drastil * Remove unnecessary ingress variables Signed-off-by: Petr Drastil * Improve documentation Signed-off-by: Petr Drastil * Replace ingress paths and hosts with single backend service Signed-off-by: Petr Drastil * Use only port number to support all ingress controllers Signed-off-by: Petr Drastil * Minor gRPC fixes Signed-off-by: Petr Drastil * Simplify TLS configuration Signed-off-by: Petr Drastil * Decouple AWS and GKE ALB from generic ingress Signed-off-by: Petr Drastil * Remove map nesting for ApplicationSet ingress Signed-off-by: Petr Drastil * Use example.com domain Signed-off-by: Petr Drastil * Remove fallback for argocd-cm checksum annotation Signed-off-by: Petr Drastil * Add revisionHistoryLimit for controller Signed-off-by: Petr Drastil * Update README Signed-off-by: Petr Drastil * Update README Signed-off-by: Petr Drastil --------- Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 12 +- charts/argo-cd/README.md | 136 +++++-- charts/argo-cd/README.md.gotmpl | 69 ++++ charts/argo-cd/templates/NOTES.txt | 132 +------ charts/argo-cd/templates/_helpers.tpl | 2 +- charts/argo-cd/templates/_versions.tpl | 13 - .../clusterrole.yaml | 3 +- .../clusterrolebinding.yaml | 3 +- .../statefulset.yaml | 35 +- .../argocd-applicationset/deployment.yaml | 16 +- .../argocd-applicationset/ingress.yaml | 64 ++++ .../webhook-ingress.yaml | 73 ---- .../templates/argocd-configs/argocd-cm.yaml | 4 +- .../argocd-configs/argocd-gpg-keys-cm.yaml | 4 +- .../argocd-configs/argocd-rbac-cm.yaml | 6 +- .../argocd-configs/argocd-secret.yaml | 6 +- .../argocd-ssh-known-hosts-cm.yaml | 8 +- .../argocd-configs/argocd-tls-certs-cm.yaml | 8 +- .../argocd-repo-server/clusterrole.yaml | 3 +- .../clusterrolebinding.yaml | 3 +- .../argocd-repo-server/deployment.yaml | 8 - .../templates/argocd-server/aws/ingress.yaml | 71 ++++ .../templates/argocd-server/aws/service.yaml | 6 +- .../templates/argocd-server/clusterrole.yaml | 5 +- .../argocd-server/clusterrolebinding.yaml | 3 +- .../templates/argocd-server/deployment.yaml | 10 +- .../argocd-server/gke/backendconfig.yaml | 10 +- .../argocd-server/gke/frontendconfig.yaml | 8 +- .../templates/argocd-server/gke/ingress.yaml | 69 ++++ .../argocd-server/gke/managedcertificate.yaml | 11 +- .../templates/argocd-server/ingress-grpc.yaml | 70 ++-- .../templates/argocd-server/ingress.yaml | 90 ++--- charts/argo-cd/values.yaml | 358 ++++++++++-------- 33 files changed, 685 insertions(+), 634 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-applicationset/ingress.yaml delete mode 100644 charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml create mode 100644 charts/argo-cd/templates/argocd-server/aws/ingress.yaml create mode 100644 charts/argo-cd/templates/argocd-server/gke/ingress.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 09ccbc76..14b62197 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.55.0 +version: 6.0.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,13 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: removed + description: Support for deprecated features + - kind: removed + description: Wildcard catch all ingress rule + - kind: added + description: Ingress extra rules to allow custom ingress custom rules + - kind: added + description: Dedicated ingress implementation for AWS and GKE Application Load Balancers - kind: changed - description: Upgrade argo-cd to v2.10.0 + description: Support for multiple ingress hosts and paths refactored into `extraHosts` and `extraPaths` diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 95ed6468..862a818e 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -105,15 +105,84 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `.args.` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Specific ingress implementations for cloud providers were decoupled from generic ingress resource. + +To configure AWS Application Load Balancer: + +```yaml +server: + ingress: + enabled: true + controller: aws + annotations: + alb.ingress.kubernetes.io/backend-protocol: HTTPS + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + aws: + backendProtocolVersion: HTTP2 + serviceType: NodePort +``` + +To configure GKE Application Load Balancer: + +```yaml +configs: + params: + "server.insecure": true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true +``` + ### 5.53.0 Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() ### 5.52.0 + Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. ### 5.35.0 + This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. @@ -399,7 +468,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| apiVersionOverrides | object | `{}` | | | crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | @@ -516,7 +585,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | -| controller.args | object | `{}` | DEPRECATED - Application controller commandline flags | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | @@ -575,6 +643,7 @@ NAME: my-release | controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | +| controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | @@ -686,12 +755,6 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | -| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | -| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine | -| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | -| server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate | -| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | | server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | @@ -744,28 +807,37 @@ NAME: my-release | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | | server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | server.ingress.annotations | object | `{}` | Additional ingress annotations | +| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | +| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` | | server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | -| server.ingress.extraPaths | list | `[]` | Additional ingress paths | -| server.ingress.hosts | list | `[]` | List of ingress hosts | -| server.ingress.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| server.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration | +| server.ingress.gke.backendConfig | object | `{}` (See [values.yaml]) | Google [BackendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer | +| server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource | +| server.ingress.hostname | string | `"argocd.example.com"` | Argo CD server hostname | | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | | server.ingress.labels | object | `{}` | Additional ingress labels | +| server.ingress.path | string | `"/"` | The path to Argo CD server | | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| server.ingress.paths | list | `["/"]` | List of ingress paths | -| server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingress.hostname` | | server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] | -| server.ingressGrpc.awsALB.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | -| server.ingressGrpc.awsALB.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | | server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] | -| server.ingressGrpc.extraPaths | list | `[]` | Additional ingress paths for dedicated [gRPC-ingress] | -| server.ingressGrpc.hosts | list | `[]` | List of ingress hosts for dedicated [gRPC-ingress] | -| server.ingressGrpc.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingressGrpc.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] | +| server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.hostname | string | `""` | Argo CD server hostname for dedicated [gRPC-ingress] | | server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] | | server.ingressGrpc.isAWSALB | bool | `false` | Setup up gRPC ingress to work with an AWS ALB | | server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] | +| server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] | | server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| server.ingressGrpc.paths | list | `["/"]` | List of ingress paths for dedicated [gRPC-ingress] | -| server.ingressGrpc.tls | list | `[]` | Ingress TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` | | server.initContainers | list | `[]` | Init containers to add to the server pod | | server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-cd-server container | | server.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | @@ -1101,7 +1173,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | -| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | @@ -1125,7 +1196,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | | applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | -| applicationSet.extraArgs | list | `[]` | List of extra cli args to add | +| applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | | applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | | applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller | | applicationSet.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the ApplicationSet controller | @@ -1135,6 +1206,18 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller | | applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller | | applicationSet.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | If defined, uses a Secret to pull an image from a private Docker registry or repository. | +| applicationSet.ingress.annotations | object | `{}` | Additional ingress annotations | +| applicationSet.ingress.enabled | bool | `false` | Enable an ingress resource for ApplicationSet webhook | +| applicationSet.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration | +| applicationSet.ingress.hostname | string | `"argocd.example.com"` | Argo CD ApplicationSet hostname | +| applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | +| applicationSet.ingress.labels | object | `{}` | Additional ingress labels | +| applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths | +| applicationSet.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| applicationSet.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` | | applicationSet.initContainers | list | `[]` | Init containers to add to the ApplicationSet controller pod | | applicationSet.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | | applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | @@ -1190,15 +1273,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | -| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations | -| applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks | -| applicationSet.webhook.ingress.extraPaths | list | `[]` | Additional ingress paths | -| applicationSet.webhook.ingress.hosts | list | `[]` | List of ingress hosts | -| applicationSet.webhook.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | -| applicationSet.webhook.ingress.labels | object | `{}` | Additional ingress labels | -| applicationSet.webhook.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | -| applicationSet.webhook.ingress.paths | list | `["/api/webhook"]` | List of ingress paths | -| applicationSet.webhook.ingress.tls | list | `[]` | Ingress TLS configuration | ## Notifications diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index bb296e6a..5dc99217 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -104,15 +104,84 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `.args.` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Specific ingress implementations for cloud providers were decoupled from generic ingress resource. + +To configure AWS Application Load Balancer: + +```yaml +server: + ingress: + enabled: true + controller: aws + annotations: + alb.ingress.kubernetes.io/backend-protocol: HTTPS + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + aws: + backendProtocolVersion: HTTP2 + serviceType: NodePort +``` + +To configure GKE Application Load Balancer: + +```yaml +configs: + params: + "server.insecure": true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true +``` + ### 5.53.0 Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() ### 5.52.0 + Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. ### 5.35.0 + This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 1b626796..f2dbdfab 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,133 +1,3 @@ -{{- if .Values.controller.args.statusProcessors }} -DEPRECATED option controller.args.statusProcessors - Use configs.params.controller.status.processors -{{- end }} -{{- if .Values.controller.args.operationProcessors }} -DEPRECATED option controller.args.operationProcessors - Use configs.params.controller.operation.processors -{{- end }} -{{- if .Values.controller.args.appResyncPeriod }} -DEPRECATED option controller.args.appResyncPeriod - Use server.config.timeout.reconciliation -{{- end }} -{{- if .Values.controller.args.appHardResyncPeriod }} -DEPRECATED option controller.args.appHardResyncPeriod - Use server.config.timeout.hard.reconciliation -{{- end }} -{{- if .Values.controller.args.selfHealTimeout }} -DEPRECATED option controller.args.selfHealTimeout - Use configs.params.controller.self.heal.timeout.seconds -{{- end }} -{{- if .Values.controller.args.repoServerTimeoutSeconds }} -DEPRECATED option controller.args.repoServerTimeoutSeconds - Use configs.params.controller.repo.server.timeout.seconds -{{- end }} -{{- if .Values.controller.logFormat }} -DEPRECATED option controller.logFormat - Use configs.params.controller.log.format -{{- end }} -{{- if .Values.controller.logLevel }} -DEPRECATED option controller.logLevel - Use configs.params.controller.log.level -{{- end }} -{{- if .Values.server.logFormat }} -DEPRECATED option server.logFormat - Use configs.params.server.log.format -{{- end }} -{{- if .Values.server.logLevel }} -DEPRECATED option server.logLevel - Use configs.params.server.log.level -{{- end }} -{{- if has "--insecure" .Values.server.extraArgs }} -DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure -{{- end }} -{{- if .Values.repoServer.logFormat }} -DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format -{{- end }} -{{- if .Values.repoServer.logLevel }} -DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level -{{- end }} -{{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }} -DEPRECATED option server.config - Use configs.cm -{{- end }} -{{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }} -DEPRECATED option server.rbacConfig - Use configs.rbac -{{- end }} -{{- if .Values.configs.secret.argocdServerTlsConfig }} -DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret -{{- end }} -{{- if .Values.configs.gpgKeys }} -DEPRECATED option configs.gpgKeys - Use config.gpg.keys -{{- end }} -{{- if .Values.configs.gpgKeysAnnotations }} -DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations -{{- end }} -{{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }} -DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles -{{- end }} -{{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }} -DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles -{{- end }} -{{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }} -DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles -{{- end }} -{{- if .Values.configs.knownHostsAnnotations }} -DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations -{{- end }} -{{- if hasKey .Values.configs "knownHosts" }} -DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts -{{- end }} -{{- if .Values.configs.tlsCertsAnnotations }} -DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations -{{- end }} -{{- if hasKey .Values.configs "tlsCerts" }} -DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates -{{- end }} -{{- if .Values.applicationSet.replicaCount }} -DEPRECATED option applicationSet.replicaCount - Use applicationSet.replicas -{{- end }} -{{- if .Values.applicationSet.logFormat }} -DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format -{{- end }} -{{- if .Values.applicationSet.logLevel }} -DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level -{{- end }} -{{- if .Values.applicationSet.args.policy }} -DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy -{{- end }} -{{- if .Values.applicationSet.args.dryRun }} -DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun -{{- end }} -{{- if .Values.controller.service }} -REMOVED option controller.service - Use controller.metrics -{{- end }} -{{- if .Values.repoServer.copyutil }} -REMOVED option repoSever.copyutil.resources - Use repoServer.resources -{{- end }} -{{- if .Values.applicationSet.args.debug }} -REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug -{{- end }} -{{- if .Values.applicationSet.args.enableLeaderElection }} -REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas -{{- end }} -{{- if .Values.controller.containerPort }} -REMOVED option controller.containerPort - Use controller.containerPorts -{{- end }} -{{- if .Values.server.containerPort }} -REMOVED option server.containerPort - Use server.containerPorts -{{- end }} -{{- if .Values.repoServer.containerPort }} -REMOVED option repoServer.containerPort - Use repoServer.containerPorts -{{- end }} -{{- if .Values.applicationSet.args.metricsAddr }} -REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts -{{- end }} -{{- if .Values.applicationSet.args.probeBindAddr }} -REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts -{{- end }} -{{- if .Values.redis.containerPort }} -REMOVED option redis.containerPort - Use redis.containerPorts -{{- end }} -{{- if .Values.redis.metrics.containerPort }} -REMOVED option redis.metrics.containerPort - Use redis.containerPorts -{{- end }} -{{- if .Values.apiVersionOverrides.autoscaling }} -REMOVED option apiVersionOverrides.autoscaling - API autoscaling/v2 is GA from 1.23 -{{- end }} -{{- if .Values.apiVersionOverrides.certmanager }} -REMOVED option apiVersionOverrides.certmanager - API v1 is only possible option after K8s 1.22 -{{- end }} - In order to access the server UI you have the following options: 1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 @@ -139,7 +9,7 @@ In order to access the server UI you have the following options: - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts -{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}} +{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}} After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 97ba5c25..4898172f 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -173,7 +173,7 @@ Argo Configuration Preset Values (Incluenced by Values configuration) Merge Argo Configuration with Preset Configuration */}} {{- define "argo-cd.config.cm" -}} -{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}} +{{- $config := omit .Values.configs.cm "create" "annotations" -}} {{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}} {{- range $key, $value := mergeOverwrite $preset $config }} {{- $fmted := $value | toString }} diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl index 5d65fcd6..966dad97 100644 --- a/charts/argo-cd/templates/_versions.tpl +++ b/charts/argo-cd/templates/_versions.tpl @@ -5,16 +5,3 @@ Return the target Kubernetes version {{- define "argo-cd.kubeVersion" -}} {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} {{- end }} - -{{/* -Return the appropriate apiVersion for GKE resources -*/}} -{{- define "argo-cd.apiVersions.cloudgoogle" -}} -{{- if .Values.apiVersionOverrides.cloudgoogle -}} -{{- print .Values.apiVersionOverrides.cloudgoogle -}} -{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}} -{{- print "cloud.google.com/v1" -}} -{{- else -}} -{{- print "cloud.google.com/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml index 5ebe00b3..615b56f9 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.controller.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 9ebe80ad..7b6df782 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.controller.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 5a8c3745..c08a4a34 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -13,8 +13,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: replicas: {{ .Values.controller.replicas }} - # TODO: Remove for breaking release as history limit cannot be patched - revisionHistoryLimit: 5 + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} serviceName: {{ include "argo-cd.controller.fullname" . }} selector: matchLabels: @@ -66,38 +65,6 @@ spec: - {{ . }} {{- end }} {{- end }} - {{- with .Values.controller.args.statusProcessors }} - - --status-processors - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.operationProcessors }} - - --operation-processors - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.appResyncPeriod }} - - --app-resync - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.appHardResyncPeriod }} - - --app-hard-resync - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.selfHealTimeout }} - - --self-heal-timeout-seconds - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.args.repoServerTimeoutSeconds }} - - --repo-server-timeout-seconds - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.logFormat }} - - --logformat - - {{ . | quote }} - {{- end }} - {{- with .Values.controller.logLevel }} - - --loglevel - - {{ . | quote }} - {{- end }} {{- with .Values.controller.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 4a5f75a5..96fc3804 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -17,7 +17,7 @@ spec: strategy: {{- trim . | nindent 4 }} {{- end }} - replicas: {{ .Values.applicationSet.replicas | default .Values.applicationSet.replicaCount }} + replicas: {{ .Values.applicationSet.replicas }} revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: @@ -65,20 +65,6 @@ spec: - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} - {{- with .Values.applicationSet.args.policy }} - - --policy={{ . }} - {{- end }} - {{- with .Values.applicationSet.args.dryRun }} - - --dry-run={{ . }} - {{- end }} - {{- with .Values.applicationSet.logFormat }} - - --logformat - - {{ . }} - {{- end }} - {{- with .Values.applicationSet.logLevel }} - - --loglevel - - {{ . }} - {{- end }} {{- with .Values.applicationSet.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml new file mode 100644 index 00000000..ce01e7c6 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -0,0 +1,64 @@ +{{- if and .Values.applicationSet.enabled .Values.applicationSet.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.applicationSet.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + {{- if .Values.applicationSet.ingress.hostname }} + - host: {{ .Values.applicationSet.ingress.hostname }} + http: + paths: + {{- with .Values.applicationSet.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ .Values.applicationSet.ingress.path }} + pathType: {{ $.Values.applicationSet.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" $ }} + port: + number: {{ .Values.applicationSet.service.port }} + {{- end }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default .Values.server.ingress.path .path }} + pathType: {{ default .Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" . }} + port: + number: {{ .Values.applicationSet.service.port }} + {{- end }} + {{- with .Values.applicationSet.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }} + tls: + {{- if .Values.applicationSet.ingress.tls }} + - hosts: + - {{ .Values.applicationSet.ingress.hostname }} + secretName: argocd-application-controller-tls + {{- end }} + {{- with .Values.applicationSet.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml deleted file mode 100644 index d98f9423..00000000 --- a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}} -{{- $servicePort := .Values.applicationSet.service.portName -}} -{{- $paths := .Values.applicationSet.webhook.ingress.paths -}} -{{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}} -{{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} - {{- with .Values.applicationSet.webhook.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.applicationSet.webhook.ingress.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -spec: - {{- with .Values.applicationSet.webhook.ingress.ingressClassName }} - ingressClassName: {{ . }} - {{- end }} - rules: - {{- if .Values.applicationSet.webhook.ingress.hosts }} - {{- range $host := .Values.applicationSet.webhook.ingress.hosts }} - - host: {{ $host }} - http: - paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} - backend: - service: - name: {{ include "argo-cd.applicationSet.fullname" $ }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} - backend: - service: - name: {{ include "argo-cd.applicationSet.fullname" $ }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- with .Values.applicationSet.webhook.ingress.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index 829a6776..c0c8bc86 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -1,4 +1,4 @@ -{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} +{{- if .Values.configs.cm.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -6,7 +6,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }} + {{- with .Values.configs.cm.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml index 982867f9..f94113a2 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -5,13 +5,13 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} - {{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}} + {{- with .Values.configs.gpg.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}} +{{- with .Values.configs.gpg.keys }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index c882cb39..f9b62f76 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -1,4 +1,4 @@ -{{- if (hasKey .Values.server "rbacConfigCreate") | ternary .Values.server.rbacConfigCreate .Values.configs.rbac.create }} +{{- if .Values.configs.rbac.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -6,13 +6,13 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }} + {{- with .Values.configs.rbac.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- with (mergeOverwrite (deepCopy (omit .Values.configs.rbac "create" "annotations")) (.Values.server.rbacConfig | default dict)) }} +{{- with (omit .Values.configs.rbac "create" "annotations") }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 4561440a..9e25e376 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} {{- end }} type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }} # Setting a blank data again will wipe admin password/key/cert data: {{- with .Values.configs.secret.githubSecret }} @@ -38,10 +38,6 @@ data: webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }} webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }} {{- end }} - {{- with .Values.configs.secret.argocdServerTlsConfig }} - tls.key: {{ .key | b64enc }} - tls.crt: {{ .crt | b64enc }} - {{- end }} {{- if .Values.configs.secret.argocdServerAdminPassword }} admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index a7f3abdf..845d219d 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }} + {{- with .Values.configs.ssh.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} @@ -13,11 +13,7 @@ metadata: {{- end }} data: ssh_known_hosts: | - {{- if hasKey .Values.configs "knownHosts" }} - {{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }} - {{- else }} - {{- .Values.configs.ssh.knownHosts | nindent 4 }} - {{- end }} + {{- .Values.configs.ssh.knownHosts | nindent 4 }} {{- with .Values.configs.ssh.extraHosts }} {{- . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index 6a5a95e5..fa6e7433 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -5,19 +5,13 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }} + {{- with .Values.configs.tls.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- if hasKey .Values.configs "tlsCerts" }} - {{- with .Values.configs.tlsCerts }} - {{- toYaml . | nindent 0 }} - {{- end }} -{{- else }} {{- with .Values.configs.tls.certificates }} data: {{- toYaml . | nindent 2 }} {{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml index 21dff1a9..e6efa08a 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index ba156d24..f15b1cec 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index c47fb1f7..2d232591 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -74,14 +74,6 @@ spec: - /usr/local/bin/argocd-repo-server - --port={{ .Values.repoServer.containerPorts.server }} - --metrics-port={{ .Values.repoServer.containerPorts.metrics }} - {{- with .Values.repoServer.logFormat }} - - --logformat - - {{ . | quote }} - {{- end }} - {{- with .Values.repoServer.logLevel }} - - --loglevel - - {{ . | quote }} - {{- end }} {{- with .Values.repoServer.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml new file mode 100644 index 00000000..181e2b9d --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -0,0 +1,71 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingressGrpc.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }}-grpc + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default .Values.server.ingress.path .path }} + pathType: {{ default .Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index e9032f92..376699e3 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -1,9 +1,9 @@ -{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} apiVersion: v1 kind: Service metadata: annotations: - alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }} + alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }} labels: {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-grpc @@ -21,5 +21,5 @@ spec: selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None - type: {{ .Values.server.ingressGrpc.awsALB.serviceType }} + type: {{ .Values.server.ingress.aws.serviceType }} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index bd10316b..f4877980 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.server.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -31,7 +30,7 @@ rules: - pods/log verbs: - get - {{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }} + {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} - apiGroups: - "" resources: diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 27fd13d6..1e5a98fa 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- $config := .Values.server.clusterAdminAccess | default dict -}} -{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 08ef3650..6de12319 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -27,7 +27,7 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} - {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + {{- if .Values.configs.cm.create }} checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} @@ -68,14 +68,6 @@ spec: - /usr/local/bin/argocd-server - --port={{ .Values.server.containerPorts.server }} - --metrics-port={{ .Values.server.containerPorts.metrics }} - {{- with .Values.server.logFormat }} - - --logformat - - {{ . | quote }} - {{- end }} - {{- with .Values.server.logLevel }} - - --loglevel - - {{ . | quote }} - {{- end }} {{- with .Values.server.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml index e2ae3d84..cd040c90 100644 --- a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -1,11 +1,13 @@ -{{- if .Values.server.GKEbackendConfig.enabled }} -apiVersion: {{ include "argo-cd.apiVersions.cloudgoogle" . }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.backendConfig }} +apiVersion: cloud.google.com/v1 kind: BackendConfig metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.backendConfig }} spec: - {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} + {{- toYaml . | nindent 2 }} +{{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml index 31687596..d8b3b1ea 100644 --- a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -1,11 +1,13 @@ -{{- if .Values.server.GKEfrontendConfig.enabled }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.frontendConfig }} apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.frontendConfig }} spec: - {{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} + {{- toYaml . | nindent 2 }} +{{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml new file mode 100644 index 00000000..ffa583e4 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -0,0 +1,69 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + ingressClassName: "gce" + {{- if .Values.server.ingress.gke.managedCertificate.create }} + networking.gke.io/managed-certificates: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- if .Values.server.ingress.gke.frontendConfig }} + networking.gke.io/v1beta1.FrontendConfig: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ .Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default .Values.server.ingress.path .path }} + pathType: {{ default .Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 942c6b3f..569063be 100644 --- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -1,12 +1,15 @@ -{{- if .Values.server.GKEmanagedCertificate.enabled }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.managedCertificate.create }} apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: domains: - {{- with .Values.server.GKEmanagedCertificate.domains }} - {{- toYaml . | nindent 4 }} + - {{ .Values.server.ingress.hostname }} + {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} + {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index b671f86f..c4ce93c3 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,8 +1,7 @@ -{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} -{{- $paths := .Values.server.ingressGrpc.paths -}} -{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} -{{- $pathType := .Values.server.ingressGrpc.pathType -}} +{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} +{{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -24,50 +23,43 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.server.ingressGrpc.hosts }} - {{- range $host := .Values.server.ingressGrpc.hosts }} - - host: {{ $host }} + - host: {{ $hostname }} http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} + {{- with .Values.server.ingressGrpc.extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} + - path: {{ .Values.server.ingressGrpc.path }} + pathType: {{ .Values.server.ingressGrpc.pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" $ }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + {{- range .Values.server.ingressGrpc.extraHosts }} + - host: {{ .name | quote }} + http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} + - path: {{ default .Values.server.ingressGrpc.path .path }} + pathType: {{ default .Values.server.ingressGrpc.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" $ }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- with .Values.server.ingressGrpc.tls }} + {{- end }} + {{- with .Values.server.ingressGrpc.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} tls: - {{- toYaml . | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingressGrpc.tls }} + - hosts: + - {{ $hostname }} + secretName: {{ printf "%s-tls" $hostname }} + {{- end }} + {{- with .Values.server.ingressGrpc.tls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index a142bb66..5d8959e7 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -1,8 +1,6 @@ -{{- if .Values.server.ingress.enabled -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} -{{- $paths := .Values.server.ingress.paths -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -{{- $pathType := .Values.server.ingress.pathType -}} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "generic") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -13,78 +11,54 @@ metadata: {{- with .Values.server.ingress.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.server.ingress.annotations }} + {{- with .Values.server.ingress.annotations }} annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }} - alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: | - [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] - {{- end }} {{- end }} spec: {{- with .Values.server.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.server.ingress.hosts }} - {{- range $host := .Values.server.ingress.hosts }} - - host: {{ $host | quote }} + - host: {{ .Values.server.ingress.hostname }} http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} + {{- with .Values.server.ingress.extraPaths }} + {{- toYaml . | nindent 10 }} {{- end }} - {{- range $p := $paths }} - {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }} - - path: {{ $p }} - pathType: {{ $.Values.server.ingressGrpc.pathType }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} backend: service: - name: {{ template "argo-cd.server.fullname" $ }}-grpc + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end }} - - path: {{ $p }} - pathType: {{ $pathType }} - backend: - service: - name: {{ include "argo-cd.server.fullname" $ }} - port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: paths: - {{- with $extraPaths }} - {{- toYaml . | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: {{ $pathType }} + - path: {{ default .Values.server.ingress.path .path }} + pathType: {{ default .Values.server.ingress.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" $ }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- with .Values.server.ingress.tls }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: - {{- toYaml . | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b3fc3ef5..146dac34 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -11,9 +11,7 @@ kubeVersionOverride: "" # Override APIVersions # If you want to template helm charts but cannot access k8s API server # you can set api versions here -apiVersionOverrides: - # -- String to override apiVersion of GKE resources rendered by this helm chart - cloudgoogle: "" # cloud.google.com/v1 +apiVersionOverrides: {} # -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles @@ -442,16 +440,6 @@ configs: # insecure: false # caData: "" - # DEPRECATED - Moved to configs.ssh.annotations - # knownHostsAnnotations: {} - # DEPRECATED - Moved to configs.ssh.knownHosts - # knownHosts: {} - - # DEPRECATED - Moved to configs.tls.annotations - # tlsCertsAnnotations: {} - # DEPRECATED - Moved to configs.tls.certificates - # tlsCerts: {} - # -- Repository credentials to be used as Templates for other repos ## Creates a secret for each key/value specified below to create repository credentials credentialTemplates: {} @@ -533,12 +521,6 @@ configs: {} # LDAP_PASSWORD: "mypassword" - # -- Argo TLS Data - # DEPRECATED - Use server.certificate or server.certificateSecret - # argocdServerTlsConfig: - # key: '' - # crt: '' - # -- Bcrypt hashed admin password ## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` @@ -595,6 +577,9 @@ controller: # Additional replicas will cause sharding of managed clusters across number of replicas. replicas: 1 + # -- Maximum number of controller revisions that will be maintained in StatefulSet history + revisionHistoryLimit: 5 + ## Application controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -627,22 +612,6 @@ controller: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- DEPRECATED - Application controller commandline flags - args: {} - # DEPRECATED - Use configs.params to override - # # -- define the application controller `--status-processors` - # statusProcessors: "20" - # # -- define the application controller `--operation-processors` - # operationProcessors: "10" - # # -- define the application controller `--app-hard-resync` - # appHardResyncPeriod: "0" - # # -- define the application controller `--app-resync` - # appResyncPeriod: "180" - # # -- define the application controller `--self-heal-timeout-seconds` - # selfHealTimeout: "5" - # # -- define the application controller `--repo-server-timeout-seconds` - # repoServerTimeoutSeconds: "60" - # -- Additional command line arguments to pass to application controller extraArgs: [] @@ -1992,29 +1961,47 @@ server: # -- Automount API credentials for the Service Account automountServiceAccountToken: true + # Argo CD server ingress configuration ingress: # -- Enable an ingress resource for the Argo CD server enabled: false - # -- Additional ingress annotations - annotations: {} + # -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke` + ## Additional configuration might be required in related configuration sections + controller: generic # -- Additional ingress labels labels: {} + # -- Additional ingress annotations + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough + annotations: {} + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # -- Defines which ingress controller will implement the resource ingressClassName: "" - # -- List of ingress hosts - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - hosts: [] - # - argocd.example.com + # -- Argo CD server hostname + ## NOTE: Hostname must be provided if Ingress is enabled + hostname: argocd.example.com + + # -- The path to Argo CD server + path: / - # -- List of ingress paths - paths: - - / # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret `argocd-server-tls` + ## You can create this secret via `certificate` or `certificateSecret` option + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) extraPaths: [] # - path: /* # pathType: Prefix @@ -2024,17 +2011,70 @@ server: # port: # name: use-annotation - # -- Ingress TLS configuration - tls: [] - # - secretName: your-certificate-name - # hosts: - # - argocd.example.com + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + extraRules: [] + # - host: example.example.com + # http: + # path: / + # backend: + # service: + # name: example-svc + # port: + # name: http - # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` - https: false + # -- Additional TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - hosts: + # - argocd.example.com + # secretName: your-certificate-name - # dedicated ingress for gRPC as documented at - # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ + # AWS specific options for Application Load Balancer + # Applies only when `serv.ingress.controller` is set to `aws` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode + aws: + # -- Backend protocol version for the AWS ALB gRPC service + ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features + backendProtocolVersion: HTTP2 + # -- Service type for the AWS ALB gRPC service + ## Can be of type NodePort or ClusterIP depending on which mode you are running. + ## Instance mode needs type NodePort, IP mode needs type ClusterIP + ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic + serviceType: NodePort + + # Google specific options for Google Application Load Balancer + # Applies only when `server.ingress.controller` is set to `gke` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress + gke: + # -- Google [BackendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + backendConfig: {} + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argocd-secret + + # -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + frontendConfig: {} + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + + # Managed GKE certificate for ingress hostname + managedCertificate: + # -- Create ManagedCertificate resource and annotations for Google Load balancer + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + create: true + # -- Additional domains for ManagedCertificate resource + extraDomains: [] + # - argocd.example.com + + # Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts ingressGrpc: # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] enabled: false @@ -2047,32 +2087,27 @@ server: # -- Defines which ingress controller will implement the resource [gRPC-ingress] ingressClassName: "" - awsALB: - # -- Service type for the AWS ALB gRPC service - ## Service Type if isAWSALB is set to true - ## Can be of type NodePort or ClusterIP depending on which mode you are - ## are running. Instance mode needs type NodePort, IP mode needs type - ## ClusterIP - ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic - serviceType: NodePort - # -- Backend protocol version for the AWS ALB gRPC service - ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features - backendProtocolVersion: HTTP2 + # -- Argo CD server hostname for dedicated [gRPC-ingress] + hostname: "" - # -- List of ingress hosts for dedicated [gRPC-ingress] - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - ## - hosts: [] - # - argocd.example.com + # -- Argo CD server ingress path for dedicated [gRPC-ingress] + path: / - # -- List of ingress paths for dedicated [gRPC-ingress] - paths: - - / # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` + ## TLS certificate will be retrieved from a TLS secret with name: `-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: grpc.argocd.example.com + # path: / + # -- Additional ingress paths for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) extraPaths: [] # - path: /* # pathType: Prefix @@ -2082,15 +2117,25 @@ server: # port: # name: use-annotation - # -- Ingress TLS configuration for dedicated [gRPC-ingress] - tls: [] + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + extraRules: [] + # - host: example.example.com + # http: + # path: / + # backend: + # service: + # name: example-svc + # port: + # name: http + + # -- Additional TLS configuration for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) + extraTls: [] # - secretName: your-certificate-name # hosts: # - argocd.example.com - # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` - https: false - # Create a OpenShift Route with SSL passthrough for UI and CLI # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: @@ -2107,38 +2152,6 @@ server: # -- Termination policy of Openshift Route termination_policy: None - GKEbackendConfig: - # -- Enable BackendConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [BackendConfigSpec] - spec: {} - # spec: - # iap: - # enabled: true - # oauthclientCredentials: - # secretName: argocd-secret - - ## Create a Google Managed Certificate for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs - GKEmanagedCertificate: - # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. - enabled: false - # -- Domains for the Google Managed Certificate - domains: - - argocd.example.com - - ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller - ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters - GKEfrontendConfig: - # -- Enable FrontConfig custom resource for Google Kubernetes Engine - enabled: false - # -- [FrontendConfigSpec] - spec: {} - # spec: - # redirectToHttps: - # enabled: true - # responseCodeName: RESPONSE_CODE - ## Repo Server repoServer: # -- Repo server name @@ -2558,16 +2571,7 @@ applicationSet: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- DEPRECATED - ApplicationSet controller command line flags - args: {} - # DEPRECATED - Use configs.params.applicationsetcontroller.policy to override - # -- How application is synced between the generator and the cluster - # policy: sync - # DEPRECATED - Use configs.params.applicationsetcontroller.dryrun to override - # -- Enable dry run mode - # dryRun: false - - # -- List of extra cli args to add + # -- ApplicationSet controller command line flags extraArgs: [] # -- Environment variables to pass to the ApplicationSet controller @@ -2772,51 +2776,6 @@ applicationSet: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" - ## Webhook for the Git Generator - ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) - webhook: - ingress: - # -- Enable an ingress resource for Webhooks - enabled: false - # -- Additional ingress annotations - annotations: {} - # -- Additional ingress labels - labels: {} - # -- Defines which ingress ApplicationSet controller will implement the resource - ingressClassName: "" - - # -- List of ingress hosts - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - hosts: [] - # - argocd-applicationset.example.com - - # -- List of ingress paths - paths: - - /api/webhook - # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` - pathType: Prefix - # -- Additional ingress paths - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - - # -- Ingress TLS configuration - tls: [] - # - secretName: argocd-applicationset-tls - # hosts: - # - argocd-applicationset.example.com - # TLS certificate configuration via cert-manager ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration certificate: @@ -2858,6 +2817,69 @@ applicationSet: # -- Annotations to be applied to the ApplicationSet Certificate annotations: {} + ## Ingress for the Git Generator webhook + ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) + ingress: + # -- Enable an ingress resource for ApplicationSet webhook + enabled: false + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + annotations: {} + + # -- Defines which ingress ApplicationSet controller will implement the resource + ingressClassName: "" + + # -- Argo CD ApplicationSet hostname + ## NOTE: Hostname must be provided if Ingress is enabled + hostname: argocd.example.com + + # -- List of ingress paths + path: /api/webhook + + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret with name:`argocd-application-controller-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + extraRules: [] + # - host: example.example.com + # http: + # path: / + # backend: + # service: + # name: example-svc + # port: + # name: http + + # -- Additional ingress TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - secretName: argocd-applicationset-tls + # hosts: + # - argocd-applicationset.example.com + ## Notifications controller notifications: # -- Enable notifications controller From e785763b59a43b16ed95b25ea1053f1d2f55ba38 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 8 Feb 2024 11:58:53 +0100 Subject: [PATCH 405/768] fix(argo-cd): Fix ingress extraHosts (#2479) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 14 +++------- .../argocd-applicationset/ingress.yaml | 26 +++++++++---------- .../templates/argocd-server/aws/ingress.yaml | 6 ++--- .../templates/argocd-server/gke/ingress.yaml | 6 ++--- .../templates/argocd-server/ingress-grpc.yaml | 6 ++--- .../templates/argocd-server/ingress.yaml | 6 ++--- 6 files changed, 28 insertions(+), 36 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 14b62197..a69f6fb0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.0 +version: 6.0.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,13 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: removed - description: Support for deprecated features - - kind: removed - description: Wildcard catch all ingress rule - - kind: added - description: Ingress extra rules to allow custom ingress custom rules - - kind: added - description: Dedicated ingress implementation for AWS and GKE Application Load Balancers - - kind: changed - description: Support for multiple ingress hosts and paths refactored into `extraHosts` and `extraPaths` + - kind: fixed + description: Fixed rendering of ingress extraHosts sections diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index ce01e7c6..ad2db865 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -28,25 +28,25 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} - path: {{ .Values.applicationSet.ingress.path }} - pathType: {{ $.Values.applicationSet.ingress.pathType }} - backend: - service: - name: {{ include "argo-cd.applicationSet.fullname" $ }} - port: - number: {{ .Values.applicationSet.service.port }} - {{- end }} - {{- range .Values.server.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default .Values.server.ingress.path .path }} - pathType: {{ default .Values.server.ingress.pathType .pathType }} + pathType: {{ .Values.applicationSet.ingress.pathType }} backend: service: name: {{ include "argo-cd.applicationSet.fullname" . }} port: number: {{ .Values.applicationSet.service.port }} {{- end }} + {{- range .Values.applicationSet.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.applicationSet.ingress.path .path }} + pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" $ }} + port: + number: {{ $.Values.applicationSet.service.port }} + {{- end }} {{- with .Values.applicationSet.ingress.extraRules }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index 181e2b9d..940ed427 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -46,11 +46,11 @@ spec: - host: {{ .name | quote }} http: paths: - - path: {{ default .Values.server.ingress.path .path }} - pathType: {{ default .Values.server.ingress.pathType .pathType }} + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" $ }} port: number: {{ $servicePort }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml index ffa583e4..31d98e10 100644 --- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -44,11 +44,11 @@ spec: - host: {{ .name | quote }} http: paths: - - path: {{ default .Values.server.ingress.path .path }} - pathType: {{ default .Values.server.ingress.pathType .pathType }} + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" $ }} port: number: {{ $servicePort }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index c4ce93c3..29d8e421 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -40,11 +40,11 @@ spec: - host: {{ .name | quote }} http: paths: - - path: {{ default .Values.server.ingressGrpc.path .path }} - pathType: {{ default .Values.server.ingressGrpc.pathType .pathType }} + - path: {{ default $.Values.server.ingressGrpc.path .path }} + pathType: {{ default $.Values.server.ingressGrpc.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" $ }} port: number: {{ $servicePort }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 5d8959e7..dda08082 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -39,11 +39,11 @@ spec: - host: {{ .name | quote }} http: paths: - - path: {{ default .Values.server.ingress.path .path }} - pathType: {{ default .Values.server.ingress.pathType .pathType }} + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} backend: service: - name: {{ include "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" $ }} port: number: {{ $servicePort }} {{- end }} From 5f2f0edad09d73e388d3a66b153b4eaff4312034 Mon Sep 17 00:00:00 2001 From: Matthias Baur Date: Thu, 8 Feb 2024 15:26:21 +0100 Subject: [PATCH 406/768] fix(argo-cd): Fix ingressGrpc extraTls (#2480) Signed-off-by: Matthias Baur --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a69f6fb0..40c10b7b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.1 +version: 6.0.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed rendering of ingress extraHosts sections + description: Fixed rendering of ingressGrpc extraTls sections diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 29d8e421..bfa9a242 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -58,7 +58,7 @@ spec: - {{ $hostname }} secretName: {{ printf "%s-tls" $hostname }} {{- end }} - {{- with .Values.server.ingressGrpc.tls }} + {{- with .Values.server.ingressGrpc.extraTls }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} From b1f9827b1711a9e6ed27cbd4bee08afb46365e20 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 8 Feb 2024 18:46:47 +0100 Subject: [PATCH 407/768] fix(argo-cd): Fix applicationset network policy when webhook is enabled (#2484) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-applicationset/networkpolicy.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 40c10b7b..85f07b9a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.2 +version: 6.0.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed rendering of ingressGrpc extraTls sections + description: Fixed rendering of network policy when applicationset webhook is enabled diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index 81020f54..c6333f88 100644 --- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }} +{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: @@ -8,7 +8,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: ingress: - {{- if .Values.applicationSet.webhook.ingress.enabled }} + {{- if .Values.applicationSet.ingress.enabled }} - ports: - port: webhook {{- end }} From 3c29c6f543f73f1e90e06a74a9a0ba96188fb3b2 Mon Sep 17 00:00:00 2001 From: Sjouke de Vries Date: Fri, 9 Feb 2024 12:45:54 +0100 Subject: [PATCH 408/768] fix(argo-cd): add hostname of extraHost to tls hosts (#2485) * fix(argo-cd): add hostname of extraHost to tls hosts Signed-off-by: Sjouke de Vries * fix(argo-cd): bump chart to 6.0.4 Signed-off-by: Sjouke de Vries * chore(argo-cd): update artifacthub.io/changes for 6.0.4 Signed-off-by: Sjouke de Vries --------- Signed-off-by: Sjouke de Vries --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/ingress.yaml | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 85f07b9a..45b70a3a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.3 +version: 6.0.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed rendering of network policy when applicationset webhook is enabled + description: Also added extraHosts defined to the TLS hostnames diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index dda08082..627f56b9 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -55,6 +55,11 @@ spec: {{- if .Values.server.ingress.tls }} - hosts: - {{ .Values.server.ingress.hostname }} + {{- range .Values.server.ingress.extraHosts }} + {{- if .name }} + - {{ .name }} + {{- end }} + {{- end }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} From d2b9b34c8cf8cb69f810c0e8f0943c4f8124e844 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 9 Feb 2024 13:14:05 +0100 Subject: [PATCH 409/768] docs(argo-cd): Document various ingress setups (#2486) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 235 +++++++++++++++++++++---------- charts/argo-cd/README.md.gotmpl | 236 ++++++++++++++++++++++---------- 3 files changed, 334 insertions(+), 143 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 45b70a3a..5346f909 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.4 +version: 6.0.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Also added extraHosts defined to the TLS hostnames + - kind: changed + description: Improved documentation for various ingress setups diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 862a818e..e8369d23 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -64,7 +64,170 @@ applicationSet: replicas: 2 ``` -### Synchronizing Changes from Original Repository +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +certificate: + enabled: true + domain: argocd.example.com + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + hostname: grpc.argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect" '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + hostname: argocd.example.com + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + +## Synchronizing Changes from Original Repository In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). @@ -124,53 +287,7 @@ Please review your setup and adjust to new configuration options: * additional hostnames and routing can be provided via `extraHosts` configuration section * additional TLS secrets can be provided via `extraTls` configuration section -Specific ingress implementations for cloud providers were decoupled from generic ingress resource. - -To configure AWS Application Load Balancer: - -```yaml -server: - ingress: - enabled: true - controller: aws - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - aws: - backendProtocolVersion: HTTP2 - serviceType: NodePort -``` - -To configure GKE Application Load Balancer: - -```yaml -configs: - params: - "server.insecure": true - -server: - service: - annotations: - cloud.google.com/neg: '{"ingress": true}' - cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' - - ingress: - enabled: true - controller: gke - gke: - backendConfig: - healthCheck: - checkIntervalSec: 30 - timeoutSec: 5 - healthyThreshold: 1 - unhealthyThreshold: 2 - type: HTTP - requestPath: /healthz - port: 8080 - frontendConfig: - redirectToHttps: - enabled: true -``` +Please refer to [ingress configuration](#ingress-configuration) for examples. ### 5.53.0 @@ -909,28 +1026,6 @@ NAME: my-release | server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | | server.volumes | list | `[]` | Additional volumes to the server pod | -### Using AWS ALB Ingress Controller With GRPC - -If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. - -Example: - -```yaml -server: - ingress: - enabled: true - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internal - alb.ingress.kubernetes.io/target-type: ip - ingressGrpc: - enabled: true - isAWSALB: true - awsALB: - serviceType: ClusterIP -``` - ## Dex | Key | Type | Default | Description | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 5dc99217..27f13c7e 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -63,7 +63,171 @@ applicationSet: replicas: 2 ``` -### Synchronizing Changes from Original Repository +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +certificate: + enabled: true + domain: argocd.example.com + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + hostname: grpc.argocd.example.com + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +server: + ingress: + enabled: true + hostname: argocd.example.com + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + hostname: argocd.example.com + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect" '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + hostname: argocd.example.com + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + + +## Synchronizing Changes from Original Repository In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). @@ -123,53 +287,7 @@ Please review your setup and adjust to new configuration options: * additional hostnames and routing can be provided via `extraHosts` configuration section * additional TLS secrets can be provided via `extraTls` configuration section -Specific ingress implementations for cloud providers were decoupled from generic ingress resource. - -To configure AWS Application Load Balancer: - -```yaml -server: - ingress: - enabled: true - controller: aws - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - aws: - backendProtocolVersion: HTTP2 - serviceType: NodePort -``` - -To configure GKE Application Load Balancer: - -```yaml -configs: - params: - "server.insecure": true - -server: - service: - annotations: - cloud.google.com/neg: '{"ingress": true}' - cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' - - ingress: - enabled: true - controller: gke - gke: - backendConfig: - healthCheck: - checkIntervalSec: 30 - timeoutSec: 5 - healthyThreshold: 1 - unhealthyThreshold: 2 - type: HTTP - requestPath: /healthz - port: 8080 - frontendConfig: - redirectToHttps: - enabled: true -``` +Please refer to [ingress configuration](#ingress-configuration) for examples. ### 5.53.0 @@ -525,28 +643,6 @@ NAME: my-release {{- end }} {{- end }} -### Using AWS ALB Ingress Controller With GRPC - -If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. - -Example: - -```yaml -server: - ingress: - enabled: true - annotations: - alb.ingress.kubernetes.io/backend-protocol: HTTPS - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' - alb.ingress.kubernetes.io/scheme: internal - alb.ingress.kubernetes.io/target-type: ip - ingressGrpc: - enabled: true - isAWSALB: true - awsALB: - serviceType: ClusterIP -``` - ## Dex | Key | Type | Default | Description | From c25c83b0db957226008331afea578b29768daf11 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Feb 2024 13:12:28 +0100 Subject: [PATCH 410/768] chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#2490) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/26f96dfa697d77e81fd5907df203aa23a56210a8...5d5d22a31266ced268874388b861e4b58bb5c2f3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 45338c22..3ccb86fe 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif From 5d20cfa70c8eff645125d4b0de1586cdf6442a08 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Sun, 11 Feb 2024 15:52:23 +0100 Subject: [PATCH 411/768] fix(argo-cd): Fix ports and TLS for dedicated gRPC ingress (#2497) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 ++++-- charts/argo-cd/README.md | 3 +-- charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 8 +++----- charts/argo-cd/values.yaml | 6 +++--- 4 files changed, 11 insertions(+), 12 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5346f909..392d00ed 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.5 +version: 6.0.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: fixed + description: Dedicated gRPC ingress should route to HTTPS port even when running with insecure server - kind: changed - description: Improved documentation for various ingress setups + description: Dedicated gRPC ingress TLS secret changed to argocd-server-grpc-tls based on feedback diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index e8369d23..ad9ceb6e 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -948,9 +948,8 @@ NAME: my-release | server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] | | server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | | server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] | -| server.ingressGrpc.hostname | string | `""` | Argo CD server hostname for dedicated [gRPC-ingress] | +| server.ingressGrpc.hostname | string | `""` (defaults to grpc.`server.ingress.hostname`) | Argo CD server hostname for dedicated [gRPC-ingress] | | server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] | -| server.ingressGrpc.isAWSALB | bool | `false` | Setup up gRPC ingress to work with an AWS ALB | | server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] | | server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] | | server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` | diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index bfa9a242..f9c27346 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,7 +1,5 @@ {{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} {{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}} -{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} -{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -35,7 +33,7 @@ spec: service: name: {{ include "argo-cd.server.fullname" . }} port: - number: {{ $servicePort }} + number: {{ .Values.server.service.servicePortHttps }} {{- range .Values.server.ingressGrpc.extraHosts }} - host: {{ .name | quote }} http: @@ -46,7 +44,7 @@ spec: service: name: {{ include "argo-cd.server.fullname" $ }} port: - number: {{ $servicePort }} + number: {{ $.Values.server.service.servicePortHttps }} {{- end }} {{- with .Values.server.ingressGrpc.extraRules }} {{- toYaml . | nindent 4 }} @@ -56,7 +54,7 @@ spec: {{- if .Values.server.ingressGrpc.tls }} - hosts: - {{ $hostname }} - secretName: {{ printf "%s-tls" $hostname }} + secretName: argocd-server-grpc-tls {{- end }} {{- with .Values.server.ingressGrpc.extraTls }} {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 146dac34..8b115102 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -236,6 +236,7 @@ configs: ## Server properties # -- Run server without TLS + ## NOTE: This value should be set when you generate params by other means as it changes ports used by ingress template. server.insecure: false # -- Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / server.basehref: / @@ -2078,8 +2079,6 @@ server: ingressGrpc: # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] enabled: false - # -- Setup up gRPC ingress to work with an AWS ALB - isAWSALB: false # -- Additional ingress annotations for dedicated [gRPC-ingress] annotations: {} # -- Additional ingress labels for dedicated [gRPC-ingress] @@ -2088,6 +2087,7 @@ server: ingressClassName: "" # -- Argo CD server hostname for dedicated [gRPC-ingress] + # @default -- `""` (defaults to grpc.`server.ingress.hostname`) hostname: "" # -- Argo CD server ingress path for dedicated [gRPC-ingress] @@ -2097,7 +2097,7 @@ server: pathType: Prefix # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` - ## TLS certificate will be retrieved from a TLS secret with name: `-tls` + ## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls` tls: false # -- The list of additional hostnames to be covered by ingress record From b44f9a0eb5e92089c54380edef73f5feed46eb65 Mon Sep 17 00:00:00 2001 From: nikolay-o <83726016+nikolay-o@users.noreply.github.com> Date: Mon, 12 Feb 2024 21:36:39 +0300 Subject: [PATCH 412/768] =?UTF-8?q?feat(argo-cd):=20Add=20scrapeTimeout=20?= =?UTF-8?q?property=20to=20server=20and=20application=E2=80=A6=20(#2489)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit feat(argo-cd): Add scrapeTimeout property to server and application, applicationset controllers. Signed-off-by: Nikolay Osmolovskiy Co-authored-by: Nikolay Osmolovskiy --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 4 ++++ .../argocd-application-controller/servicemonitor.yaml | 3 +++ .../templates/argocd-applicationset/servicemonitor.yaml | 3 +++ .../templates/argocd-repo-server/servicemonitor.yaml | 3 +++ .../argo-cd/templates/argocd-server/servicemonitor.yaml | 3 +++ charts/argo-cd/values.yaml | 8 ++++++++ 7 files changed, 26 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 392d00ed..5e066489 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.6 +version: 6.0.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Dedicated gRPC ingress should route to HTTPS port even when running with insecure server - kind: changed - description: Dedicated gRPC ingress TLS secret changed to argocd-server-grpc-tls based on feedback + description: Added scrapeTimeout property for server and application,applicationSet controllers. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index ad9ceb6e..5846b2e2 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -727,6 +727,7 @@ NAME: my-release | controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace | | controller.metrics.rules.selector | object | `{}` | PrometheusRule selector | | controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | +| controller.metrics.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | controller.metrics.service.annotations | object | `{}` | Metrics service annotations | | controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | controller.metrics.service.labels | object | `{}` | Metrics service labels | @@ -832,6 +833,7 @@ NAME: my-release | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | repoServer.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | repoServer.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| repoServer.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | repoServer.name | string | `"repo-server"` | Repo server name | @@ -976,6 +978,7 @@ NAME: my-release | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | server.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | server.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| server.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | server.name | string | `"server"` | Argo CD server name | @@ -1334,6 +1337,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | | applicationSet.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | applicationSet.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| applicationSet.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | | applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string | diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 3ce0c10d..342dbc01 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -22,6 +22,9 @@ spec: {{- with .Values.controller.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.controller.metrics.serviceMonitor.relabelings }} relabelings: diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index b3554675..8bcb6ca0 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -23,6 +23,9 @@ spec: {{- with .Values.applicationSet.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }} relabelings: diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index c41520b7..9ca16e74 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -22,6 +22,9 @@ spec: {{- with .Values.repoServer.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.repoServer.metrics.serviceMonitor.relabelings }} relabelings: diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index d036a8e1..e8820768 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -22,6 +22,9 @@ spec: {{- with .Values.server.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.server.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics {{- with .Values.server.metrics.serviceMonitor.relabelings }} relabelings: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8b115102..bcc630ed 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -759,6 +759,8 @@ controller: metrics: # -- Deploy metrics service enabled: false + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" applicationLabels: # -- Enables additional labels in argocd_app_labels metric enabled: false @@ -1931,6 +1933,8 @@ server: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2475,6 +2479,8 @@ repoServer: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2623,6 +2629,8 @@ applicationSet: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion From 2139f15727151f75e79577ecae44112d17d6f3a3 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 13 Feb 2024 09:23:39 +0100 Subject: [PATCH 413/768] fix(argo-cd): Use correct protocols for Istio service discovery (#2500) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5e066489..f77a7adb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.7 +version: 6.0.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Added scrapeTimeout property for server and application,applicationSet controllers. + - kind: fixed + description: Fixed port name for argocd-repo-server and applicationset webhook for Istio service discovery diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5846b2e2..be66568e 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -857,7 +857,7 @@ NAME: my-release | repoServer.service.annotations | object | `{}` | Repo server service annotations | | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | -| repoServer.service.portName | string | `"https-repo-server"` | Repo server service port name | +| repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name | | repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | repoServer.serviceAccount.create | bool | `true` | Create repo server service account | @@ -1361,7 +1361,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | -| applicationSet.service.portName | string | `"webhook"` | ApplicationSet service port name | +| applicationSet.service.portName | string | `"http-webhook"` | ApplicationSet service port name | | applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type | | applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index bcc630ed..7fad7539 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2455,7 +2455,7 @@ repoServer: # -- Repo server service port port: 8081 # -- Repo server service port name - portName: https-repo-server + portName: tcp-repo-server ## Repo server metrics service configuration metrics: @@ -2661,7 +2661,7 @@ applicationSet: # -- ApplicationSet service port port: 7000 # -- ApplicationSet service port name - portName: webhook + portName: http-webhook serviceAccount: # -- Create ApplicationSet controller service account From 79a24410b5fe781fabdc9986cbcbe54094599471 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 13 Feb 2024 12:13:41 +0100 Subject: [PATCH 414/768] chore(argo-cd): Remove server.config leftovers (#2504) --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-application-controller/statefulset.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/role.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f77a7adb..c2dc5617 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.8 +version: 6.0.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed port name for argocd-repo-server and applicationset webhook for Istio service discovery + description: Conditions that still checked for old configuration sections diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index c08a4a34..8c929e41 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -22,7 +22,7 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} - {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + {{- if .Values.configs.cm.create }} checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} {{- end }} {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 2d232591..9f72d33b 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -30,7 +30,7 @@ spec: {{- if .Values.repoServer.certificateSecret.enabled }} checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }} {{- end }} - {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + {{- if .Values.configs.cm.create }} checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} {{- end }} {{- if .Values.configs.cmp.create }} diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index adc6f014..1a2b3851 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -42,7 +42,7 @@ rules: verbs: - create - list -{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }} +{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} - apiGroups: - "" resources: From 866ee08bc06036fadd167e0a6d576c63c1be068a Mon Sep 17 00:00:00 2001 From: Luke Date: Tue, 13 Feb 2024 04:27:08 -0700 Subject: [PATCH 415/768] chore(argo-cd): update notifications links to latest documentation (#2503) Signed-off-by: lukepatrick Signed-off-by: Petr Drastil Co-authored-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/values.yaml | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c2dc5617..32dec045 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.9 +version: 6.0.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Conditions that still checked for old configuration sections + description: Update notifications links to updated documentation diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 7fad7539..7d58a699 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2967,7 +2967,7 @@ notifications: extraVolumes: [] # -- Define user-defined context - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/#defining-user-defined-context + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context context: {} # region: east # environmentName: staging @@ -2984,19 +2984,19 @@ notifications: # -- Generic key:value pairs to be inserted into the secret ## Can be used for templates, notification services etc. Some examples given below. - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ items: {} # slack-token: - # # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/slack/ + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/ # grafana-apiKey: - # # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/grafana/ + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/ # webhooks-github-token: # email-username: # email-password: - # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/email/ + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/ metrics: # -- Enables prometheus metrics server @@ -3038,7 +3038,7 @@ notifications: # -- Configures notification services such as slack, email or custom webhook # @default -- See [values.yaml] - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ notifiers: {} # service.slack: | # token: $slack-token @@ -3138,7 +3138,7 @@ notifications: rules: [] # -- Contains centrally managed global application subscriptions - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/ subscriptions: [] # # subscription for on-sync-status-unknown trigger notifications # - recipients: @@ -3154,7 +3154,7 @@ notifications: # - on-sync-status-unknown # -- The notification template is used to generate the notification content - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/ templates: {} # template.app-deployed: | # email: @@ -3371,7 +3371,7 @@ notifications: # }] # -- The trigger defines the condition when the notification should be sent - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/ + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/ triggers: {} # trigger.on-deployed: | # - description: Application is synced and healthy. Triggered once per commit. @@ -3405,6 +3405,6 @@ notifications: # - app-sync-succeeded # when: app.status.operationState.phase in ['Succeeded'] # - # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown From 6c47b2a69bf076c371f35d46785b1271ea32b31b Mon Sep 17 00:00:00 2001 From: Florian Blampey Date: Tue, 13 Feb 2024 12:42:29 +0100 Subject: [PATCH 416/768] fix(argo-cd): Use `with` instead of `range` on reposerver serviceaccount (#2506) fixes #2505 with instead of range serviceaccount reposerver Signed-off-by: Florian Blampey Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 4 ++-- .../argo-cd/templates/argocd-repo-server/serviceaccount.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 32dec045..95b46b16 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.10 +version: 6.0.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update notifications links to updated documentation + description: Use `with` instead of `range` on reposerver serviceaccount diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index 945483fa..2facd9af 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - {{- range $key, $value := .Values.repoServer.serviceAccount.labels }} + {{- with .Values.repoServer.serviceAccount.labels }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} From c0b7a7e074ff1eb0bee134a04fed351f3de9b633 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 13 Feb 2024 16:26:29 +0100 Subject: [PATCH 417/768] chore(argo-cd): Disable argocd-repo-server cluster role by default (#2498) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-repo-server/clusterrole.yaml | 6 +++--- .../templates/argocd-repo-server/clusterrolebinding.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 95b46b16..8ad20a03 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.11 +version: 6.0.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Use `with` instead of `range` on reposerver serviceaccount + - kind: security + description: Argo CD repo-server cluster role is not deployed by default diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml index e6efa08a..23439b18 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -6,8 +6,8 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: - {{- if .Values.repoServer.clusterRoleRules.enabled }} - {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }} + {{- with .Values.repoServer.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} {{- else }} - apiGroups: - '*' diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index f15b1cec..8531520c 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createClusterRoles }} +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: From e351448b0573e40896584e22d534e1b2a53162be Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 09:50:00 +0100 Subject: [PATCH 418/768] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.6 (#2508) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.6.6 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-rollouts/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 38882433..2db0614d 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.5 +appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.2 +version: 2.34.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.6.5 + description: Bump argo-rollouts to v1.6.6 From d8c64b80fea155370d4a54e37d7da0af566608e9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 09:52:44 +0100 Subject: [PATCH 419/768] chore(argo-events): Update dependency argoproj/argo-events to v1.9.1 (#2510) * chore(argo-events): Update dependency argoproj/argo-events to v1.9.1 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] Co-authored-by: Petr Drastil --- charts/argo-events/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index d219afc7..99f3b601 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.0 +appVersion: v1.9.1 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.2 +version: 2.4.3 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-events to v1.9.0 + description: Bump argo-events to v1.9.1 From 5915340fc7040a356e101150e84d068dd3cd23c9 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Wed, 14 Feb 2024 11:52:32 +0100 Subject: [PATCH 420/768] fix(argo-cd): Fix secret name for applicationset webhook ingress (#2511) Signed-off-by: Petr Drastil Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 8 +++++--- charts/argo-cd/README.md | 2 +- .../argo-cd/templates/argocd-applicationset/ingress.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++-- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8ad20a03..aa182352 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.12 +version: 6.0.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: security - description: Argo CD repo-server cluster role is not deployed by default + - kind: fixed + description: Use argocd-applicationset-controller-tls secret for ApplicationSet certificate + - kind: fixed + description: Use argocd-applicationset-controller-tls secret for ApplicationSet webhook ingress diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index be66568e..d8e213f3 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1283,7 +1283,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | -| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | +| applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index ad2db865..bc411704 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -55,7 +55,7 @@ spec: {{- if .Values.applicationSet.ingress.tls }} - hosts: - {{ .Values.applicationSet.ingress.hostname }} - secretName: argocd-application-controller-tls + secretName: argocd-applicationset-controller-tls {{- end }} {{- with .Values.applicationSet.ingress.extraTls }} {{- toYaml . | nindent 4 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 7d58a699..7f3b26c7 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2790,7 +2790,7 @@ applicationSet: # -- Deploy a Certificate resource (requires cert-manager) enabled: false # -- The name of the Secret that will be automatically created and managed by this Certificate resource - secretName: argocd-application-controller-tls + secretName: argocd-applicationset-controller-tls # -- Certificate primary domain (commonName) domain: argocd.example.com # -- Certificate Subject Alternate Names (SANs) @@ -2849,7 +2849,7 @@ applicationSet: pathType: Prefix # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` - ## TLS certificate will be retrieved from a TLS secret with name:`argocd-application-controller-tls` + ## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls` tls: false # -- The list of additional hostnames to be covered by ingress record From ba20d9518291fba3b7fc218957cea145d9d2bcdd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 22:04:20 +0100 Subject: [PATCH 421/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.1 (#2514) * chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.1 * Apply automatic changes Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index aa182352..369061fa 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.0 +appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.13 +version: 6.0.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Use argocd-applicationset-controller-tls secret for ApplicationSet certificate - - kind: fixed - description: Use argocd-applicationset-controller-tls secret for ApplicationSet webhook ingress + - kind: changed + description: Bump argo-cd to v2.10.1 From f8b1fecd81edf915bb0df9997ff2d3f61f1ae476 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 16 Feb 2024 15:44:51 +0100 Subject: [PATCH 422/768] feat(argo-cd): Add global domain configuration (#2499) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +-- charts/argo-cd/README.md | 44 ++++++++++++------- charts/argo-cd/README.md.gotmpl | 32 ++++++++++---- charts/argo-cd/templates/_helpers.tpl | 1 + .../argocd-applicationset/certificate.yaml | 4 +- .../argocd-applicationset/ingress.yaml | 4 +- .../argocd-notifications-cm.yaml | 2 +- .../templates/argocd-server/certificate.yaml | 4 +- .../templates/argocd-server/ingress-grpc.yaml | 4 +- .../templates/argocd-server/ingress.yaml | 4 +- charts/argo-cd/values.yaml | 24 +++++----- 11 files changed, 80 insertions(+), 49 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 369061fa..d0293d82 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.0.14 +version: 6.1.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.10.1 + - kind: added + description: Configuration option global.domain that is tied to all components diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d8e213f3..39bd3544 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -74,14 +74,15 @@ below corespond to their respective sections. The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. ```yaml +global: + domain: argocd.example.com + certificate: enabled: true - domain: argocd.example.com server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -92,6 +93,9 @@ server: ### SSL Termination at Ingress Controller ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -99,7 +103,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -119,6 +122,9 @@ server: Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -126,7 +132,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -135,7 +140,6 @@ server: ingressGrpc: enabled: true - hostname: grpc.argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -146,10 +150,12 @@ server: ### Multiple ingress domains ```yaml +global: + domain: argocd.example.com + server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: "" @@ -169,6 +175,9 @@ The provided example assumes you are using TLS off-loading via AWS ACM service. > Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -176,7 +185,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com controller: aws ingressClassName: alb annotations: @@ -184,7 +192,7 @@ server: alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/ssl-redirect" '443' + alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip backendProtocolVersion: GRPC @@ -196,6 +204,9 @@ The implementation will populate `ingressClassName`, `networking.gke.io/managed- automatically if you provide configuration for GKE resources. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -208,7 +219,6 @@ server: ingress: enabled: true - hostname: argocd.example.com controller: gke gke: backendConfig: @@ -268,6 +278,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.1.0 + +Added support for global domain used by all components. + ### 6.0.0 This version **removes support for**: @@ -610,6 +624,7 @@ NAME: my-release | global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | +| global.domain | string | `"argocd.example.com"` | Default domain used by all components | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | @@ -643,7 +658,6 @@ NAME: my-release | configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository | | configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap | | configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] | -| configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO | | configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap | | configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap | | configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm | @@ -884,7 +898,7 @@ NAME: my-release | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | | server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | -| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | +| server.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | | server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | | server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | @@ -938,7 +952,7 @@ NAME: my-release | server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller | | server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer | | server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource | -| server.ingress.hostname | string | `"argocd.example.com"` | Argo CD server hostname | +| server.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname | | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | | server.ingress.labels | object | `{}` | Additional ingress labels | | server.ingress.path | string | `"/"` | The path to Argo CD server | @@ -1272,7 +1286,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | -| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) | +| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | | applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | | applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | | applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | @@ -1309,7 +1323,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | | applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | | applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration | -| applicationSet.ingress.hostname | string | `"argocd.example.com"` | Argo CD ApplicationSet hostname | +| applicationSet.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD ApplicationSet hostname | | applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | | applicationSet.ingress.labels | object | `{}` | Additional ingress labels | | applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths | @@ -1377,7 +1391,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | -| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | | notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 27f13c7e..6c7c035a 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -73,14 +73,15 @@ below corespond to their respective sections. The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. ```yaml +global: + domain: argocd.example.com + certificate: enabled: true - domain: argocd.example.com server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -91,6 +92,9 @@ server: ### SSL Termination at Ingress Controller ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -98,7 +102,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" @@ -118,6 +121,9 @@ server: Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -125,7 +131,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -134,7 +139,6 @@ server: ingressGrpc: enabled: true - hostname: grpc.argocd.example.com ingressClassName: contour-internal extraTls: - hosts: @@ -145,10 +149,12 @@ server: ### Multiple ingress domains ```yaml +global: + domain: argocd.example.com + server: ingress: enabled: true - hostname: argocd.example.com ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: "" @@ -168,6 +174,9 @@ The provided example assumes you are using TLS off-loading via AWS ACM service. > Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -175,7 +184,6 @@ configs: server: ingress: enabled: true - hostname: argocd.example.com controller: aws ingressClassName: alb annotations: @@ -183,7 +191,7 @@ server: alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' - alb.ingress.kubernetes.io/ssl-redirect" '443' + alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip backendProtocolVersion: GRPC @@ -195,6 +203,9 @@ The implementation will populate `ingressClassName`, `networking.gke.io/managed- automatically if you provide configuration for GKE resources. ```yaml +global: + domain: argocd.example.com + configs: params: server.insecure: true @@ -207,7 +218,6 @@ server: ingress: enabled: true - hostname: argocd.example.com controller: gke gke: backendConfig: @@ -268,6 +278,10 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.1.0 + +Added support for global domain used by all components. + ### 6.0.0 This version **removes support for**: diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 4898172f..5dc957a2 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -163,6 +163,7 @@ Argo Configuration Preset Values (Incluenced by Values configuration) */}} {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} +{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} {{- if .Values.configs.styles -}} {{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index 76e63eb3..3f623614 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -14,9 +14,9 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: secretName: {{ .Values.applicationSet.certificate.secretName }} - commonName: {{ .Values.applicationSet.certificate.domain | quote }} + commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} dnsNames: - - {{ .Values.applicationSet.certificate.domain | quote }} + - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} {{- range .Values.applicationSet.certificate.additionalHosts }} - {{ . | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index bc411704..dda61550 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -20,8 +20,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - {{- if .Values.applicationSet.ingress.hostname }} - - host: {{ .Values.applicationSet.ingress.hostname }} + - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.applicationSet.ingress.extraPaths }} @@ -34,7 +33,6 @@ spec: name: {{ include "argo-cd.applicationSet.fullname" . }} port: number: {{ .Values.applicationSet.service.port }} - {{- end }} {{- range .Values.applicationSet.ingress.extraHosts }} - host: {{ .name | quote }} http: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml index c8cdefc4..2a18a2fc 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} data: context: | - argocdUrl: {{ .Values.notifications.argocdUrl | quote }} + argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }} {{- with .Values.notifications.context }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 74066ef8..84a0e62c 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -14,9 +14,9 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: secretName: {{ .Values.server.certificate.secretName }} - commonName: {{ .Values.server.certificate.domain | quote }} + commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: - - {{ .Values.server.certificate.domain | quote }} + - {{ .Values.server.certificate.domain | default .Values.global.domain }} {{- range .Values.server.certificate.additionalHosts }} - {{ . | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index f9c27346..3c6e5303 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,5 +1,5 @@ {{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} -{{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}} +{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -21,7 +21,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ $hostname }} + - host: {{ .Values.server.ingressGrpc.hostname | default $hostname }} http: paths: {{- with .Values.server.ingressGrpc.extraPaths }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 627f56b9..b09b6a95 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -22,7 +22,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname }} + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -57,7 +57,7 @@ spec: - {{ .Values.server.ingress.hostname }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - - {{ .name }} + - {{ .name }} {{- end }} {{- end }} secretName: argocd-server-tls diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 7f3b26c7..bf12c547 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -37,6 +37,10 @@ crds: ## Globally shared configuration global: + # -- Default domain used by all components + ## Used for ingresses, certificates, SSO, notifications, etc. + domain: argocd.example.com + # -- Common labels for the all resources additionalLabels: {} # app: argo-cd @@ -155,9 +159,6 @@ configs: # -- Annotations to be added to argocd-cm configmap annotations: {} - # -- Argo CD's externally facing base URL (optional). Required when configuring SSO - url: "" - # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance @@ -1828,7 +1829,8 @@ server: # -- The name of the Secret that will be automatically created and managed by this Certificate resource secretName: argocd-server-tls # -- Certificate primary domain (commonName) - domain: argocd.example.com + # @default -- `""` (defaults to global.domain) + domain: "" # -- Certificate Subject Alternate Names (SANs) additionalHosts: [] # -- The requested 'duration' (i.e. lifetime) of the certificate. @@ -1985,8 +1987,8 @@ server: ingressClassName: "" # -- Argo CD server hostname - ## NOTE: Hostname must be provided if Ingress is enabled - hostname: argocd.example.com + # @default -- `""` (defaults to global.domain) + hostname: "" # -- The path to Argo CD server path: / @@ -2792,7 +2794,8 @@ applicationSet: # -- The name of the Secret that will be automatically created and managed by this Certificate resource secretName: argocd-applicationset-controller-tls # -- Certificate primary domain (commonName) - domain: argocd.example.com + # @default -- `""` (defaults to global.domain) + domain: "" # -- Certificate Subject Alternate Names (SANs) additionalHosts: [] # -- The requested 'duration' (i.e. lifetime) of the certificate. @@ -2839,8 +2842,8 @@ applicationSet: ingressClassName: "" # -- Argo CD ApplicationSet hostname - ## NOTE: Hostname must be provided if Ingress is enabled - hostname: argocd.example.com + # @default -- `""` (defaults to global.domain) + hostname: "" # -- List of ingress paths path: /api/webhook @@ -2897,7 +2900,8 @@ notifications: name: notifications-controller # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates - argocdUrl: + # @default -- `""` (defaults to https://`global.domain`) + argocdUrl: "" ## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ From 0cf32acff2d69471698c5dfaa852ec05e893fa2d Mon Sep 17 00:00:00 2001 From: Alexis Dondon <63847345+alexisdondon@users.noreply.github.com> Date: Sat, 17 Feb 2024 10:14:34 +0100 Subject: [PATCH 423/768] feat(argo-workflows): add caSecret in s3 configuration (#2519) * add caSecret Signed-off-by: Dondon Alexis * bump chart version Signed-off-by: Dondon Alexis * add changelog Signed-off-by: Dondon Alexis --------- Signed-off-by: Dondon Alexis Co-authored-by: Dondon Alexis Co-authored-by: Vlad Losev --- charts/argo-workflows/Chart.yaml | 4 ++-- .../templates/controller/workflow-controller-config-map.yaml | 5 +++++ charts/argo-workflows/values.yaml | 3 +++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 048385d4..6110c4c1 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.10 +version: 0.40.11 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update argo-workflows documentation links to readthedocs + description: Add caSecret in the artifactory.s3 configuration values. diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 2d5ebdd0..0fefd01f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -83,6 +83,11 @@ data: bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} insecure: {{ .Values.artifactRepository.s3.insecure }} + {{- if .Values.artifactRepository.s3.caSecret }} + caSecret: + name: {{ tpl .Values.artifactRepository.s3.caSecret.name . }} + key: {{ tpl .Values.artifactRepository.s3.caSecret.key . }} + {{- end }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 5ec3bac2..def967b1 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -775,6 +775,9 @@ artifactRepository: # key: secretkey # # insecure will disable TLS. Primarily used for minio installs not configured with TLS # insecure: false + # caSecret: + # name: ca-root + # key: cert.pem # bucket: # endpoint: # region: From 4f382e5db1b5aa43fe1714f91221ff74c88bce07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Feb 2024 12:00:07 +0100 Subject: [PATCH 424/768] chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#2522) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/dda0770415bac9fc20092cacbc54aa298604d140...99576bfa6ddf9a8e612d83b513da5a75875caced) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 79782374..faf003de 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From 75b48cef3c6ddbe820ee72e53e3418c4c457bd55 Mon Sep 17 00:00:00 2001 From: Etienne <995474+etiennetremel@users.noreply.github.com> Date: Sun, 18 Feb 2024 19:44:25 +0100 Subject: [PATCH 425/768] feat(argocd-image-updater): allow defining additional labels to service account (#2517) --- charts/argocd-image-updater/Chart.yaml | 4 ++-- charts/argocd-image-updater/README.md | 1 + charts/argocd-image-updater/templates/serviceaccount.yaml | 3 +++ charts/argocd-image-updater/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 613f76aa..856e5621 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.3 +version: 0.9.4 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support extra K8s manifests + description: Allow defining additional labels to Service Account diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index c62e480f..955e4370 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -115,6 +115,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | securityContext | object | `{}` | Security context settings for the deployment | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.labels | object | `{}` | Labels to add to the service account | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Kubernetes toleration settings for the deployment | | updateStrategy | object | `{"type":"Recreate"}` | The deployment strategy to use to replace existing pods with new ones | diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml index c755731d..3e5d60f0 100644 --- a/charts/argocd-image-updater/templates/serviceaccount.yaml +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index f06edf3b..1b645fc7 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -178,6 +178,8 @@ serviceAccount: create: true # -- Annotations to add to the service account annotations: {} + # -- Labels to add to the service account + labels: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" From 1808903a6bbae9f7c46651bbceebb9dbf5150e02 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Mon, 19 Feb 2024 00:06:23 +0200 Subject: [PATCH 426/768] feat(argo-cd): bump redis chart dep and redis exporter (#2524) * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 * bump redis deps Signed-off-by: drfaust92 --------- Signed-off-by: drfaust92 Co-authored-by: Aikawa --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 8 ++++---- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index edd5df2b..bc11a715 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.23.0 -digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c -generated: "2023-05-15T19:25:26.049618+09:00" + version: 4.26.1 +digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41 +generated: "2024-02-18T19:42:53.135599+02:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d0293d82..6432e687 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.1.0 +version: 6.2.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.23.0 + version: 4.26.1 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Configuration option global.domain that is tied to all components + - kind: changed + description: bumped redis chart and redis exporter diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 39bd3544..a8775ecb 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1150,7 +1150,7 @@ NAME: my-release | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -1239,7 +1239,7 @@ The main options are listed here: | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"1.57.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index bf12c547..11fae55f 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1171,7 +1171,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.57.0 + tag: 1.58.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1444,7 +1444,7 @@ redis-ha: # -- Repository to use for the redis-exporter image: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.57.0 + tag: 1.58.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false From aa69a7769109d414391970468e5189a748ac4dfd Mon Sep 17 00:00:00 2001 From: Laurent Lavaud Date: Mon, 19 Feb 2024 09:37:38 +0100 Subject: [PATCH 427/768] fix(argo-cd): Add missing `global.domain` default values (#2525) Signed-off-by: Laurent Lavaud --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-applicationset/ingress.yaml | 2 +- charts/argo-cd/templates/argocd-server/aws/ingress.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/gke/ingress.yaml | 4 ++-- .../templates/argocd-server/gke/managedcertificate.yaml | 2 +- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- charts/argo-cd/templates/argocd-server/openshift/route.yaml | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6432e687..a6c03d2f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.0 +version: 6.2.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: bumped redis chart and redis exporter + - kind: fixed + description: Add missing `global.domain` default values diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index dda61550..88c45f62 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -52,7 +52,7 @@ spec: tls: {{- if .Values.applicationSet.ingress.tls }} - hosts: - - {{ .Values.applicationSet.ingress.hostname }} + - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} secretName: argocd-applicationset-controller-tls {{- end }} {{- with .Values.applicationSet.ingress.extraTls }} diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index 940ed427..b44d1739 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -22,7 +22,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname }} + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -61,7 +61,7 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml index 31d98e10..c2644491 100644 --- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -27,7 +27,7 @@ spec: ingressClassName: {{ . }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname }} + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -59,7 +59,7 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 569063be..63c089b8 100644 --- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: domains: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index b09b6a95..1739de4f 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -54,7 +54,7 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname }} + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - {{ .name }} diff --git a/charts/argo-cd/templates/argocd-server/openshift/route.yaml b/charts/argo-cd/templates/argocd-server/openshift/route.yaml index 59313798..01cb6aed 100644 --- a/charts/argo-cd/templates/argocd-server/openshift/route.yaml +++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} {{- end }} spec: - host: {{ .Values.server.route.hostname | quote }} + host: {{ .Values.server.route.hostname | default .Values.global.domain | quote }} to: kind: Service name: {{ template "argo-cd.server.fullname" . }} From f198eecc231b2decad86c41773412f4185755879 Mon Sep 17 00:00:00 2001 From: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> Date: Tue, 20 Feb 2024 12:38:50 +0100 Subject: [PATCH 428/768] fix(argo-cd): Fix path order in AWS Ingress declaration (#2531) * fix(ingress-aws): Fix path order in AWS Ingress declaration Fix path order to evaluate GRPc endpoint first Signed-off-by: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> * chore: update Chart version Signed-off-by: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> * chore: add aritfacthub description Signed-off-by: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> --------- Signed-off-by: fulcrum29 <35672150+fulcrum29@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-server/aws/ingress.yaml | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a6c03d2f..0ca54554 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.1 +version: 6.2.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Add missing `global.domain` default values + description: AWS gRPC Ingress rule ordering diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index b44d1739..2238acbc 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -28,13 +28,6 @@ spec: {{- with .Values.server.ingress.extraPaths }} {{- toYaml . | nindent 10 }} {{- end }} - - path: {{ .Values.server.ingress.path }} - pathType: {{ $.Values.server.ingress.pathType }} - backend: - service: - name: {{ include "argo-cd.server.fullname" . }} - port: - number: {{ $servicePort }} - path: {{ .Values.server.ingress.path }} pathType: {{ $.Values.server.ingressGrpc.pathType }} backend: @@ -42,6 +35,13 @@ spec: name: {{ include "argo-cd.server.fullname" $ }}-grpc port: number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} {{- range .Values.server.ingress.extraHosts }} - host: {{ .name | quote }} http: From 43337b5e14f715f172c0f7987d66db9d63e2d221 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 20 Feb 2024 13:04:59 +0100 Subject: [PATCH 429/768] chore(argo-cd): Update Redis image to 7.2.4 (#2533) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0ca54554..32424032 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.2 +version: 6.2.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: AWS gRPC Ingress rule ordering + - kind: changed + description: Updated Redis image tag to 7.2.4 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index a8775ecb..7b6fd58b 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1168,7 +1168,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.15-alpine"` | Redis tag | +| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1249,7 +1249,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.0.15-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 11fae55f..b8fcdc55 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1155,7 +1155,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.15-alpine + tag: 7.2.4-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1436,7 +1436,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.15-alpine + tag: 7.2.4-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar From 394d6f17c803f87deac46a14a3dcc0217d7743b8 Mon Sep 17 00:00:00 2001 From: LucasBoisserie Date: Fri, 23 Feb 2024 13:15:47 +0100 Subject: [PATCH 430/768] feat(argo-cd): Format redis health check confimap mode in decimal (#2535) feat: format redis health check confimap mode in decimal Signed-off-by: lucas boisserie --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis/deployment.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 32424032..ddf2bfa8 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.3 +version: 6.2.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Updated Redis image tag to 7.2.4 + - kind: fixed + description: Format redis health check confimap mode in decimal. diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 94c445c8..a25c1bd8 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -193,7 +193,7 @@ spec: - name: health configMap: name: {{ include "argo-cd.redis.fullname" . }}-health-configmap - defaultMode: 0755 + defaultMode: 493 {{- with .Values.redis.volumes }} {{- toYaml . | nindent 8}} {{- end }} From 2f913784220fd24610d13efbde9efe70d40c261f Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 23 Feb 2024 14:58:13 +0100 Subject: [PATCH 431/768] fix(argo-cd): Allow to use dedicated gRCP ingress with GKE implementation (#2541) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ddf2bfa8..baadb98c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.4 +version: 6.2.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Format redis health check confimap mode in decimal. + description: Dedicated gRPC ingress could be used with GKE ingress implementation diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 3c6e5303..118fb2f9 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}} +{{- if .Values.server.ingressGrpc.enabled -}} {{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}} apiVersion: networking.k8s.io/v1 kind: Ingress From 30836b841cd6d1e03fa1172f107a3eb1bea7ed0f Mon Sep 17 00:00:00 2001 From: Florian Boulanger Date: Fri, 23 Feb 2024 15:17:55 +0100 Subject: [PATCH 432/768] feat(argo-cd): Allow modification of path and port for dex liveness and readiness probes (#2542) feat(argo-cd): allow defining custom dex probes Signed-off-by: Florian Boulanger Signed-off-by: Petr Drastil Co-authored-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++++ charts/argo-cd/templates/dex/deployment.yaml | 8 ++++---- charts/argo-cd/values.yaml | 8 ++++++++ 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index baadb98c..9fc66045 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.2.5 +version: 6.3.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Dedicated gRPC ingress could be used with GKE ingress implementation + - kind: changed + description: Allow modification of path and port for dex liveness and readiness probes diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7b6fd58b..2a47a0cc 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1077,6 +1077,8 @@ NAME: my-release | dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag | | dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 | | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe | +| dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe | | dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | @@ -1109,6 +1111,8 @@ NAME: my-release | dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods | | dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 | | dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe | +| dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe | | dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index c8e2c929..3b21649a 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -99,8 +99,8 @@ spec: {{- if .Values.dex.livenessProbe.enabled }} livenessProbe: httpGet: - path: /healthz/live - port: metrics + path: {{ .Values.dex.livenessProbe.httpPort }} + port: {{ .Values.dex.livenessProbe.httpPath }} initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} @@ -110,8 +110,8 @@ spec: {{- if .Values.dex.readinessProbe.enabled }} readinessProbe: httpGet: - path: /healthz/ready - port: metrics + path: {{ .Values.dex.readinessProbe.httpPort }} + port: {{ .Values.dex.readinessProbe.httpPath }} initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b8fcdc55..8c1b2985 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1039,6 +1039,10 @@ dex: livenessProbe: # -- Enable Kubernetes liveness probe for Dex >= 2.28.0 enabled: false + # -- Http path to use for the liveness probe + httpPath: /healthz/live + # -- Http port to use for the liveness probe + httpPort: metrics # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated @@ -1053,6 +1057,10 @@ dex: readinessProbe: # -- Enable Kubernetes readiness probe for Dex >= 2.28.0 enabled: false + # -- Http path to use for the readiness probe + httpPath: /healthz/ready + # -- Http port to use for the readiness probe + httpPort: metrics # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated From 285ff7a2263639b216534a9e49c676829e31bd8f Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 23 Feb 2024 19:05:19 +0100 Subject: [PATCH 433/768] fix(argo-cd): Fix dex probes (#2546) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/dex/deployment.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9fc66045..ea35dab2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.3.0 +version: 6.3.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Allow modification of path and port for dex liveness and readiness probes + - kind: fixed + description: Fix templated values for Dex probes diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 3b21649a..7c40622c 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -99,8 +99,8 @@ spec: {{- if .Values.dex.livenessProbe.enabled }} livenessProbe: httpGet: - path: {{ .Values.dex.livenessProbe.httpPort }} - port: {{ .Values.dex.livenessProbe.httpPath }} + path: {{ .Values.dex.livenessProbe.httpPath }} + port: {{ .Values.dex.livenessProbe.httpPort }} initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} @@ -110,8 +110,8 @@ spec: {{- if .Values.dex.readinessProbe.enabled }} readinessProbe: httpGet: - path: {{ .Values.dex.readinessProbe.httpPort }} - port: {{ .Values.dex.readinessProbe.httpPath }} + path: {{ .Values.dex.readinessProbe.httpPath }} + port: {{ .Values.dex.readinessProbe.httpPort }} initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} From 42b20e0b6b8d871aa28416c8519d1621d6c26683 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Feb 2024 21:31:01 +0900 Subject: [PATCH 434/768] chore(deps): bump tj-actions/changed-files from 42.0.2 to 42.0.4 (#2548) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 42.0.2 to 42.0.4. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/90a06d6ba9543371ab4df8eeca0be07ca6054959...3f54ebb830831fc121d3263c1857cfbdc310cdb9) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/chart-version-bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml index 43b6b5ba..e6020c95 100644 --- a/.github/workflows/chart-version-bump.yml +++ b/.github/workflows/chart-version-bump.yml @@ -23,7 +23,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2 + uses: tj-actions/changed-files@3f54ebb830831fc121d3263c1857cfbdc310cdb9 # v42.0.4 with: files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml From 7c8fab5a7f8c330a4608186d1bbcf5f26950a92d Mon Sep 17 00:00:00 2001 From: Oscar Wieman Date: Sun, 25 Feb 2024 13:47:00 +0100 Subject: [PATCH 435/768] feat(argo-cd): Add support for application controller dynamic cluster distribution. (#2539) * Add support for application controller dynamic cluster distribution. Signed-off-by: Oscar Wieman * Added env variables to handle the non-standard names generated by the helm chart. https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/ https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252 Signed-off-by: Oscar Wieman --------- Signed-off-by: Oscar Wieman --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 12 + charts/argo-cd/README.md.gotmpl | 9 + .../argo-cd/ci/dynamic-sharding-values.yaml | 6 + .../deployment.yaml | 357 ++++++++++++++++++ .../statefulset.yaml | 4 + .../argocd-repo-server/deployment.yaml | 2 + .../templates/argocd-server/deployment.yaml | 2 + charts/argo-cd/values.yaml | 17 + 9 files changed, 413 insertions(+), 2 deletions(-) create mode 100644 charts/argo-cd/ci/dynamic-sharding-values.yaml create mode 100644 charts/argo-cd/templates/argocd-application-controller/deployment.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ea35dab2..d1824528 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.3.1 +version: 6.4.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: changed + description: Added support for application controller dynamic cluster distribution. - kind: fixed - description: Fix templated values for Dex probes + description: Added env variables to handle the non-standard names generated by the helm chart. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 2a47a0cc..9ef7c481 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -278,6 +278,15 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + ### 6.1.0 Added support for global domain used by all components. @@ -720,12 +729,15 @@ NAME: my-release | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment | | controller.dnsConfig | object | `{}` | [DNS configuration] | | controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | +| controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | | controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | +| controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution | | controller.hostNetwork | bool | `false` | Host Network for application controller pods | | controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | | controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 6c7c035a..62c1759d 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -278,6 +278,15 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + ### 6.1.0 Added support for global domain used by all components. diff --git a/charts/argo-cd/ci/dynamic-sharding-values.yaml b/charts/argo-cd/ci/dynamic-sharding-values.yaml new file mode 100644 index 00000000..e0b72e73 --- /dev/null +++ b/charts/argo-cd/ci/dynamic-sharding-values.yaml @@ -0,0 +1,6 @@ +# Test application controller dynamic cluster distribution +crds: + keep: false + +controller: + dynamicClusterDistribution: true diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml new file mode 100644 index 00000000..e0c12135 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -0,0 +1,357 @@ +{{- if .Values.controller.dynamicClusterDistribution }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + containers: + - args: + - /usr/local/bin/argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + {{- if .Values.controller.metrics.applicationLabels.enabled }} + {{- range .Values.controller.metrics.applicationLabels.labels }} + - --metrics-application-labels + - {{ . }} + {{- end }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + name: {{ .Values.controller.name }} + env: + {{- with (concat .Values.global.env .Values.controller.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION + value: "true" + - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME + value: {{ .Values.controller.heartbeatTime | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.hard.reconciliation + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.status.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.operation.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.format + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.level + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.metrics.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.resource.health.persist + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.default.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + workingDir: /home/argocd + volumeMounts: + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + {{- with .Values.controller.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + - name: argocd-home + emptyDir: {} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 8c929e41..3b72d19f 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.controller.dynamicClusterDistribution | default false }} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -77,6 +78,8 @@ spec: {{- end }} - name: ARGOCD_CONTROLLER_REPLICAS value: {{ .Values.controller.replicas | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -350,3 +353,4 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 9f72d33b..d27c15d9 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -85,6 +85,8 @@ spec: - name: USER_NAME value: argocd {{- end }} + - name: ARGOCD_REPO_SERVER_NAME + value: {{ template "argo-cd.repoServer.fullname" . }} - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 6de12319..6d614b0f 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -75,6 +75,8 @@ spec: {{- with (concat .Values.global.env .Values.server.env) }} {{- toYaml . | nindent 10 }} {{- end }} + - name: ARGOCD_SERVER_NAME + value: {{ template "argo-cd.server.fullname" . }} - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8c1b2985..20ecf6e9 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -577,8 +577,22 @@ controller: # -- The number of application controller pods to run. # Additional replicas will cause sharding of managed clusters across number of replicas. + ## With dynamic cluster distribution turned on, sharding of the clusters will gracefully + ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha) replicas: 1 + # -- Enable dynamic cluster distribution (alpha) + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution + ## This is done using a deployment instead of a statefulSet + ## When replicas are added or removed, the sharding algorithm is re-run to ensure that the + ## clusters are distributed according to the algorithm. If the algorithm is well-balanced, + ## like round-robin, then the shards will be well-balanced. + dynamicClusterDistribution: false + + # -- Application controller heartbeat time + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution + heartbeatTime: 10 + # -- Maximum number of controller revisions that will be maintained in StatefulSet history revisionHistoryLimit: 5 @@ -662,6 +676,9 @@ controller: # -- Annotations for the application controller StatefulSet statefulsetAnnotations: {} + # -- Annotations for the application controller Deployment + deploymentAnnotations: {} + # -- Annotations to be added to application controller pods podAnnotations: {} From fa85e824f014ef7bf19163d4ecf7e9b8eb01f6b9 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 25 Feb 2024 22:11:42 +0900 Subject: [PATCH 436/768] feat(argocd-apps): Support Template Patch to ApplicationSet (#2549) Signed-off-by: yu-croco Co-authored-by: Petr Drastil --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/ci/applicationsets-values.yaml | 13 +++++++++++++ charts/argocd-apps/templates/applicationsets.yaml | 4 ++++ charts/argocd-apps/values.yaml | 14 ++++++++++++++ 4 files changed, 34 insertions(+), 3 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 811c39e8..0b550fb4 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.6.1 +version: 1.6.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: move ignoreApplicationDifferences block up a level to fix render + - kind: added + description: Support Template Patch to ApplicationSet diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index e4f9101b..375367ca 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -46,6 +46,19 @@ applicationsets: syncPolicy: # Set Application finalizer preserveResourcesOnDeletion: false + templatePatch: | + spec: + source: + helm: + valueFiles: + {{- range $valueFile := .valueFiles }} + - {{ $valueFile }} + {{- end }} + {{- if .autoSync }} + syncPolicy: + automated: + prune: {{ .prune }} + {{- end }} - name: applicationset-list-generator generators: - list: diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index 10560075..72c8f2e2 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -84,4 +84,8 @@ spec: {{- end }} {{- end -}} {{- end }} + {{- with .templatePatch }} + templatePatch: | + {{- . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 87874dad..41ee1ef9 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -157,6 +157,20 @@ applicationsets: [] # syncPolicy: # # Set Application finalizer # preserveResourcesOnDeletion: false +# # Templating is only available on string type +# templatePatch: | +# spec: +# source: +# helm: +# valueFiles: +# {{- range $valueFile := .valueFiles }} +# - {{ $valueFile }} +# {{- end }} +# {{- if .autoSync }} +# syncPolicy: +# automated: +# prune: {{ .prune }} +# {{- end }} # -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release # @default -- `[]` (See [values.yaml]) From 2f82fb5992fe1e390d1ebdbc4be6d5d6c6549a37 Mon Sep 17 00:00:00 2001 From: Florian Boulanger Date: Wed, 28 Feb 2024 07:28:35 +0100 Subject: [PATCH 437/768] chore(argo-cd): add support for http probe scheme for dex (#2550) --- charts/argo-cd/Chart.yaml | 6 ++---- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/dex/deployment.yaml | 2 ++ charts/argo-cd/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d1824528..ac3128a5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.4.0 +version: 6.4.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,6 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Added support for application controller dynamic cluster distribution. - - kind: fixed - description: Added env variables to handle the non-standard names generated by the helm chart. + description: Added support for http probe scheme for dex liveness and readiness diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 9ef7c481..bddda8e2 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1091,6 +1091,7 @@ NAME: my-release | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe | | dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe | +| dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | | dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | @@ -1125,6 +1126,7 @@ NAME: my-release | dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe | | dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe | +| dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | | dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | | dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 7c40622c..61f3fe86 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -101,6 +101,7 @@ spec: httpGet: path: {{ .Values.dex.livenessProbe.httpPath }} port: {{ .Values.dex.livenessProbe.httpPort }} + scheme: {{ .Values.dex.livenessProbe.httpScheme }} initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} @@ -112,6 +113,7 @@ spec: httpGet: path: {{ .Values.dex.readinessProbe.httpPath }} port: {{ .Values.dex.readinessProbe.httpPort }} + scheme: {{ .Values.dex.readinessProbe.httpScheme }} initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 20ecf6e9..565320a8 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1060,6 +1060,8 @@ dex: httpPath: /healthz/live # -- Http port to use for the liveness probe httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated @@ -1078,6 +1080,8 @@ dex: httpPath: /healthz/ready # -- Http port to use for the readiness probe httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 # -- Number of seconds after the container has started before [probe] is initiated From 48824664e904bc165ebef4ef7630d6296743cd1c Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 29 Feb 2024 20:24:21 +0900 Subject: [PATCH 438/768] fix(argo-cd): Pass argocd-server's ALB health check (#2553) * fix(argo-cd): Pass argocd-server's ALB health check Signed-off-by: yu-croco * fix: changelog lint Signed-off-by: yu-croco * fix: revert unnecessary diffs Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 5 +++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ac3128a5..8e66db48 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.4.1 +version: 6.4.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Added support for http probe scheme for dex liveness and readiness + - kind: fixed + description: Pass argocd-server's ALB health check diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bddda8e2..d1c95206 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -952,7 +952,7 @@ NAME: my-release | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | | server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | server.ingress.annotations | object | `{}` | Additional ingress annotations | -| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service | | server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | | server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` | | server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 565320a8..2bee3895 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2071,8 +2071,9 @@ server: ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode aws: # -- Backend protocol version for the AWS ALB gRPC service - ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features - backendProtocolVersion: HTTP2 + ## This tells AWS to send traffic from the ALB using gRPC. + ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings + backendProtocolVersion: GRPC # -- Service type for the AWS ALB gRPC service ## Can be of type NodePort or ClusterIP depending on which mode you are running. ## Instance mode needs type NodePort, IP mode needs type ClusterIP From e0f6a16ce87159d613e7315ceb28d4456ce37ef5 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 29 Feb 2024 19:54:21 +0100 Subject: [PATCH 439/768] chore(github): Migrate to renovate GH action (#2520) chore: Migrate to renovate GH action Signed-off-by: Marco Maurer --- .github/configs/renovate-config.js | 7 +++ .github/workflows/chart-version-bump.yml | 57 ------------------------ .github/workflows/renovate.yaml | 36 +++++++++++++++ renovate.json | 48 ++++++++++++-------- scripts/renovate-bump-version.sh | 31 +++++++++++++ 5 files changed, 104 insertions(+), 75 deletions(-) create mode 100644 .github/configs/renovate-config.js delete mode 100644 .github/workflows/chart-version-bump.yml create mode 100644 .github/workflows/renovate.yaml create mode 100755 scripts/renovate-bump-version.sh diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js new file mode 100644 index 00000000..9118ffe9 --- /dev/null +++ b/.github/configs/renovate-config.js @@ -0,0 +1,7 @@ +module.exports = { + platform: 'github', + gitAuthor: 'renovate[bot] ', + autodiscover: false, + allowPostUpgradeCommandTemplating: true, + allowedPostUpgradeCommands: [".*"], + }; diff --git a/.github/workflows/chart-version-bump.yml b/.github/workflows/chart-version-bump.yml deleted file mode 100644 index e6020c95..00000000 --- a/.github/workflows/chart-version-bump.yml +++ /dev/null @@ -1,57 +0,0 @@ -## Used on Renovate PRs to bump the chart version and add a changelog entry -## Reference: https://github.com/stefanzweifel/git-auto-commit-action -## Reference: https://github.com/marketplace/actions/changed-files -name: 'Chart Version Bump and Changelog' - -on: - pull_request: - types: - - labeled - -permissions: - contents: write - -jobs: - helm-bumper: - if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: ${{ secrets.PAT }} - fetch-depth: 0 - - - name: Get changed files - id: changed-files - uses: tj-actions/changed-files@3f54ebb830831fc121d3263c1857cfbdc310cdb9 # v42.0.4 - with: - files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml - - - name: "Bump Version and Changelog" - run: | - chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)" - echo "Changed chart name is: $chartName" - echo "----------------------------------------" - - parentDir="charts/${chartName}" - - # Bump the chart version by one patch version - version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}') - major=$(echo $version | cut -d. -f1) - minor=$(echo $version | cut -d. -f2) - patch=$(echo $version | cut -d. -f3) - patch=$(expr $patch + 1) - sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml - - # Add a changelog entry - appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}') - sed -i -e '/^ artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml - echo " artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml - echo " - kind: changed" >> ${parentDir}/Chart.yaml - echo " description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml - cat ${parentDir}/Chart.yaml - - - name: "Commit and push changes" - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 - with: - commit_options: '--signoff' diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 00000000..4f938beb --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,36 @@ +name: Renovate +on: + # The "*" (#42, asterisk) character has special semantics in YAML, so this + # string has to be quoted. + schedule: + - cron: '0 * * * *' + # Manual trigger is also possible + workflow_dispatch: {} + +permissions: + contents: read + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Get token + uses: actions/create-github-app-token@f4c6bf6752984b3a29fcc135a5e70eb792c40c6b # v1.8.0 + id: get_token + with: + app-id: ${{ vars.RENOVATE_APP_ID }} + private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@2d90417499f45ff78a09586f7b9874b19817dba3 # v40.1.0 + with: + configurationFile: .github/configs/renovate-config.js + # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate + renovate-version: 37.192.1 + token: '${{ steps.get_token.outputs.token }}' + env: + LOG_LEVEL: 'debug' + RENOVATE_REPOSITORIES: '${{ github.repository }}' diff --git a/renovate.json b/renovate.json index 12c7f3ea..cb8bacc8 100644 --- a/renovate.json +++ b/renovate.json @@ -4,7 +4,7 @@ "fileMatch": ["\\.yaml$", "\\.yml$"] }, "extends": [ - "config:base", + "config:recommended", "docker:enableMajor" ], "labels": ["renovate"], @@ -13,10 +13,12 @@ "**/charts/argo-cd/Chart.yaml", "**/charts/argo-events/Chart.yaml", "**/charts/argo-rollouts/Chart.yaml", - "**/charts/argocd-image-updater/Chart.yaml" + "**/charts/argocd-image-updater/Chart.yaml", + "**/.github/workflows/renovate.yaml" ], - "regexManagers": [ + "customManagers": [ { + "customType": "regex", "fileMatch": ["charts/argo-workflows/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -26,6 +28,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argo-cd/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -35,6 +38,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argo-events/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -44,6 +48,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argo-rollouts/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -53,6 +58,7 @@ "datasourceTemplate": "github-releases" }, { + "customType": "regex", "fileMatch": ["charts/argocd-image-updater/Chart.yaml$"], "matchStrings": [ "\\sappVersion: (?.*)\\s" @@ -60,28 +66,34 @@ "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", "depNameTemplate": "argoproj-labs/argocd-image-updater", "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)\\s+.+version: (?.*)" + ] } ], "packageRules": [ { - "matchPackagePatterns": ["argoproj/argo-workflows"], - "commitMessagePrefix": "chore(argo-workflows):" - }, - { - "matchPackagePatterns": ["argoproj/argo-cd"], - "commitMessagePrefix": "chore(argo-cd):" - }, - { - "matchPackagePatterns": ["argoproj/argo-events"], - "commitMessagePrefix": "chore(argo-events):" - }, - { - "matchPackagePatterns": ["argoproj/argo-rollouts"], - "commitMessagePrefix": "chore(argo-rollouts):" + "matchPackagePatterns": [ + "argoproj/argo-workflows", + "argoproj/argo-cd", + "argoproj/argo-events", + "argoproj/argo-rollouts" + ], + "commitMessagePrefix": "chore({{{replace 'argoproj/' '' depName}}}):", + "postUpgradeTasks": { + "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + } }, { "matchPackagePatterns": ["argoproj-labs/argocd-image-updater"], - "commitMessagePrefix": "chore(argocd-image-updater):" + "commitMessagePrefix": "chore({{{replace 'argoproj-labs/' '' depName}}}):", + "postUpgradeTasks": { + "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + } }, { "matchPackagePatterns": ["redis-ha"], diff --git a/scripts/renovate-bump-version.sh b/scripts/renovate-bump-version.sh new file mode 100755 index 00000000..1ec6e125 --- /dev/null +++ b/scripts/renovate-bump-version.sh @@ -0,0 +1,31 @@ +#!/bin/bash +depName="${1}" +if [ -z "${depName}" ]; then + echo "Missing argument 'depName'" >&2 + echo "Example usage: $0 argoproj/argo-cd" >&2 + exit 1 +fi + +chartName=$(echo "$depName" | sed -e "s+^argoproj/++" -e "s+^argoproj-labs/++") +echo "Changed chart name is: $chartName" +echo "----------------------------------------" + +parentDir="charts/${chartName}" + +# Bump the chart version by one patch version +version=$(grep '^version:' "${parentDir}/Chart.yaml" | awk '{print $2}') +major=$(echo "${version}" | cut -d. -f1) +minor=$(echo "${version}" | cut -d. -f2) +patch=$(echo "${version}" | cut -d. -f3) +patch=$((patch + 1)) +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${parentDir}/Chart.yaml" + +# Add a changelog entry +appVersion=$(grep '^appVersion:' "${parentDir}/Chart.yaml" | awk '{print $2}') +sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${parentDir}/Chart.yaml" +{ + echo " artifacthub.io/changes: |" + echo " - kind: changed" + echo " description: Bump ${chartName} to ${appVersion}" +} >> "${parentDir}/Chart.yaml" +cat "${parentDir}/Chart.yaml" From d684a9f4e8a88329962d7be176d9574c5205d9bd Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 29 Feb 2024 19:57:22 +0100 Subject: [PATCH 440/768] chore(deps): update renovatebot/github-action action to v40.1.2 (#2558) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 4f938beb..22932e35 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@2d90417499f45ff78a09586f7b9874b19817dba3 # v40.1.0 + uses: renovatebot/github-action@a6e57359b32af9a54d5b3b6603011f50629a0a05 # v40.1.2 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 31de7d359455bb752618b5c952ec497c26c534f8 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 29 Feb 2024 20:00:49 +0100 Subject: [PATCH 441/768] chore(deps): update actions/create-github-app-token action to v1.8.1 (#2557) Co-authored-by: renovate[bot] Co-authored-by: Marco Maurer (-Kilchhofer) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 22932e35..87a6f906 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@f4c6bf6752984b3a29fcc135a5e70eb792c40c6b # v1.8.0 + uses: actions/create-github-app-token@e8e39f73bb84fdf315a015fa3104f314c0a258b4 # v1.8.1 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 74fbd561b74f7b290531ace2ac8b90e225d5a2a6 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Thu, 29 Feb 2024 20:45:29 +0100 Subject: [PATCH 442/768] feat(argo-cd): Add templating of ingress extra paths and rules (#2530) Signed-off-by: Petr Drastil Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 6 +-- .../argocd-applicationset/ingress.yaml | 4 +- .../templates/argocd-server/aws/ingress.yaml | 4 +- .../templates/argocd-server/gke/ingress.yaml | 4 +- .../templates/argocd-server/ingress-grpc.yaml | 4 +- .../templates/argocd-server/ingress.yaml | 4 +- charts/argo-cd/values.yaml | 44 +++++++++++-------- 7 files changed, 39 insertions(+), 31 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8e66db48..13ded9d9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.4.2 +version: 6.5.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Pass argocd-server's ALB health check + - kind: added + description: Support for templating ingress extraPaths and extraRules diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index 88c45f62..fbaa862b 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -24,7 +24,7 @@ spec: http: paths: {{- with .Values.applicationSet.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.applicationSet.ingress.path }} pathType: {{ .Values.applicationSet.ingress.pathType }} @@ -46,7 +46,7 @@ spec: number: {{ $.Values.applicationSet.service.port }} {{- end }} {{- with .Values.applicationSet.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }} tls: diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index 2238acbc..ffe0b79b 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -26,7 +26,7 @@ spec: http: paths: {{- with .Values.server.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingress.path }} pathType: {{ $.Values.server.ingressGrpc.pathType }} @@ -55,7 +55,7 @@ spec: number: {{ $servicePort }} {{- end }} {{- with .Values.server.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml index c2644491..160308bd 100644 --- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -31,7 +31,7 @@ spec: http: paths: {{- with .Values.server.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingress.path }} pathType: {{ .Values.server.ingress.pathType }} @@ -53,7 +53,7 @@ spec: number: {{ $servicePort }} {{- end }} {{- with .Values.server.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 118fb2f9..73f447bf 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -25,7 +25,7 @@ spec: http: paths: {{- with .Values.server.ingressGrpc.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingressGrpc.path }} pathType: {{ .Values.server.ingressGrpc.pathType }} @@ -47,7 +47,7 @@ spec: number: {{ $.Values.server.service.servicePortHttps }} {{- end }} {{- with .Values.server.ingressGrpc.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} tls: diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 1739de4f..cfd0696d 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -26,7 +26,7 @@ spec: http: paths: {{- with .Values.server.ingress.extraPaths }} - {{- toYaml . | nindent 10 }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - path: {{ .Values.server.ingress.path }} pathType: {{ $.Values.server.ingress.pathType }} @@ -48,7 +48,7 @@ spec: number: {{ $servicePort }} {{- end }} {{- with .Values.server.ingress.extraRules }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 2bee3895..68581a3c 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2038,6 +2038,7 @@ server: # -- Additional ingress paths # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraPaths: [] # - path: /* # pathType: Prefix @@ -2049,15 +2050,17 @@ server: # -- Additional ingress rules # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraRules: [] - # - host: example.example.com - # http: - # path: / + # - http: + # paths: + # - path: / + # pathType: Prefix # backend: # service: - # name: example-svc + # name: '{{ include "argo-cd.server.fullname" . }}' # port: - # name: http + # name: '{{ .Values.server.service.servicePortHttpsName }}' # -- Additional TLS configuration # @default -- `[]` (See [values.yaml]) @@ -2144,6 +2147,7 @@ server: # -- Additional ingress paths for dedicated [gRPC-ingress] # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraPaths: [] # - path: /* # pathType: Prefix @@ -2155,15 +2159,17 @@ server: # -- Additional ingress rules # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraRules: [] - # - host: example.example.com - # http: - # path: / + # - http: + # paths: + # - path: / + # pathType: Prefix # backend: # service: - # name: example-svc + # name: '{{ include "argo-cd.server.fullname" . }}' # port: - # name: http + # name: '{{ .Values.server.service.servicePortHttpName }}' # -- Additional TLS configuration for dedicated [gRPC-ingress] # @default -- `[]` (See [values.yaml]) @@ -2904,15 +2910,17 @@ applicationSet: # -- Additional ingress rules # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates extraRules: [] - # - host: example.example.com - # http: - # path: / - # backend: - # service: - # name: example-svc - # port: - # name: http + # - http: + # paths: + # - path: /api/webhook + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.applicationSet.fullname" . }}' + # port: + # name: '{{ .Values.applicationSet.service.portName }}' # -- Additional ingress TLS configuration # @default -- `[]` (See [values.yaml]) From ebd499140728a4a5718291fcfb738c02ee85112a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 09:02:40 +0900 Subject: [PATCH 443/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.5 (#2561) Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6110c4c1..4acf4e9d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.4 +appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.11 +version: 0.40.12 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add caSecret in the artifactory.s3 configuration values. + - kind: changed + description: Bump argo-workflows to v3.5.5 From 09679ae4d3492c2a1466354c46e369076baa47ef Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 09:11:05 +0900 Subject: [PATCH 444/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.221.0 (#2560) Co-authored-by: renovate[bot] Co-authored-by: Aikawa --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 87a6f906..acd15404 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -29,7 +29,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.192.1 + renovate-version: 37.221.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From fba54d4597e93536b2fcb8faf76a66b3b03f5bec Mon Sep 17 00:00:00 2001 From: Braden Wright Date: Fri, 1 Mar 2024 01:41:23 -0700 Subject: [PATCH 445/768] feat(argocd-image-updater): Add ability to set .Values.namespaceOverride (#2562) Signed-off-by: Braden Wright --- charts/argocd-image-updater/Chart.yaml | 4 ++-- charts/argocd-image-updater/README.md | 1 + charts/argocd-image-updater/templates/_helpers.tpl | 7 +++++++ .../templates/configmap-authscripts.yaml | 2 +- .../templates/configmap-sshconfig.yaml | 2 +- charts/argocd-image-updater/templates/configmap.yaml | 2 +- charts/argocd-image-updater/templates/deployment.yaml | 2 +- charts/argocd-image-updater/templates/metrics-service.yaml | 2 +- charts/argocd-image-updater/templates/rbac.yaml | 5 +++-- charts/argocd-image-updater/templates/secret.yaml | 2 +- charts/argocd-image-updater/templates/serviceaccount.yaml | 2 +- charts/argocd-image-updater/templates/servicemonitor.yaml | 4 ++-- charts/argocd-image-updater/values.yaml | 2 ++ 13 files changed, 24 insertions(+), 13 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 856e5621..43d69f51 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.4 +version: 0.9.5 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Allow defining additional labels to Service Account + description: Allow overriding of .Release.Namespace with .Values.namespaceOverride diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 955e4370..f094d77a 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -105,6 +105,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override | +| namespaceOverride | string | `""` | Global namespace (argocd-image-updater.namespace in _helpers.tpl) override | | nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment | | podAnnotations | object | `{}` | Pod Annotations for the deployment | | podLabels | object | `{}` | Pod Labels for the deployment | diff --git a/charts/argocd-image-updater/templates/_helpers.tpl b/charts/argocd-image-updater/templates/_helpers.tpl index 934d894c..abfba11e 100644 --- a/charts/argocd-image-updater/templates/_helpers.tpl +++ b/charts/argocd-image-updater/templates/_helpers.tpl @@ -24,6 +24,13 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* +Override .Release.Namespace +*/}} +{{- define "argocd-image-updater.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml index 3659fbaf..fbb345e3 100644 --- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-authscripts - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- toYaml .Values.authScripts.scripts | nindent 2}} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 45554c0e..9233137c 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -4,7 +4,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-ssh-config - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.sshConfig }} {{- toYaml . | nindent 2 }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 75f69b13..57ef2197 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-config - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} applications_api: {{ . }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 9cc71fe3..6a4f592c 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argocd-image-updater.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} spec: diff --git a/charts/argocd-image-updater/templates/metrics-service.yaml b/charts/argocd-image-updater/templates/metrics-service.yaml index 186abb41..8ca83b53 100644 --- a/charts/argocd-image-updater/templates/metrics-service.yaml +++ b/charts/argocd-image-updater/templates/metrics-service.yaml @@ -14,7 +14,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "argocd-image-updater.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} spec: ports: - name: metrics diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index c6316f42..685b0b89 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -6,7 +6,7 @@ metadata: labels: {{ include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} rules: - apiGroups: - '' @@ -39,6 +39,7 @@ metadata: labels: {{ include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -46,5 +47,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argocd-image-updater.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} {{- end }} diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml index c4cb7781..08955095 100644 --- a/charts/argocd-image-updater/templates/secret.yaml +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-image-updater-secret - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} type: Opaque diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml index 3e5d60f0..a676f6fb 100644 --- a/charts/argocd-image-updater/templates/serviceaccount.yaml +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argocd-image-updater.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.serviceAccount.labels }} diff --git a/charts/argocd-image-updater/templates/servicemonitor.yaml b/charts/argocd-image-updater/templates/servicemonitor.yaml index 969f1190..de9bcd52 100644 --- a/charts/argocd-image-updater/templates/servicemonitor.yaml +++ b/charts/argocd-image-updater/templates/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argocd-image-updater.fullname" . }}-metrics - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argocd-image-updater.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} {{- with .Values.metrics.serviceMonitor.selector }} @@ -29,7 +29,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argocd-image-updater.namespace" . | quote }} selector: matchLabels: {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 1b645fc7..fb5aad1a 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -17,6 +17,8 @@ imagePullSecrets: [] nameOverride: "" # -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override fullnameOverride: "" +# -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override +namespaceOverride: "" # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. # If a flag contains both key and value, they need to be split to a new entry From d0cf368fcd955143536d0b0f1a0d01797e581823 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 09:45:12 +0100 Subject: [PATCH 446/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.221.1 (#2563) Co-authored-by: renovate[bot] Co-authored-by: Marco Maurer (-Kilchhofer) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index acd15404..94afae3f 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -29,7 +29,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.221.0 + renovate-version: 37.221.1 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From d0647e4a50932aa081dc69e3601b56647eb1b100 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 1 Mar 2024 11:08:44 +0000 Subject: [PATCH 447/768] chore(github): Disable some GH actions on forks (#2566) Signed-off-by: Tim Collins --- .github/workflows/publish.yml | 1 + .github/workflows/renovate.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7c0e768b..788bd8e0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,6 +12,7 @@ permissions: jobs: publish: + if: github.repository == 'argoproj/argo-helm' permissions: contents: write # for helm/chart-releaser-action to push chart release and create a release packages: write # to push OCI chart package to GitHub Registry diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 94afae3f..b536061e 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -12,6 +12,7 @@ permissions: jobs: renovate: + if: github.repository == 'argoproj/argo-helm' runs-on: ubuntu-latest steps: - name: Get token From 29e341091c4ac4343bf9a76a2ce1fb9260a80587 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:17:04 +0000 Subject: [PATCH 448/768] feat(argo-workflows): Disable leader election on single repl controllers (#2565) Signed-off-by: Tim Collins Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-controller-deployment.yaml | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 4acf4e9d..b59241fa 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.12 +version: 0.40.13 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.5 + - kind: added + description: Disable leader election if only 1 repl of the Workflow Controller diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 2cc8a903..4a4e9f64 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -89,6 +89,10 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.name + {{- if eq (int .Values.controller.replicas) 1 }} + - name: LEADER_ELECTION_DISABLE + value: "true" + {{- end }} {{- with .Values.controller.extraEnv }} {{- toYaml . | nindent 12 }} {{- end }} From 5c256cce1844f66be85db340b018d09d6b676dcf Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 22:05:37 +0100 Subject: [PATCH 449/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.222.0 (#2567) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b536061e..b9ba882c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.221.1 + renovate-version: 37.222.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 075a8a634f257b356c98dd47da684d249b12a054 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Fri, 1 Mar 2024 22:48:29 +0100 Subject: [PATCH 450/768] chore(github): Update renovate image only monthly (#2568) --- renovate.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/renovate.json b/renovate.json index cb8bacc8..4e068215 100644 --- a/renovate.json +++ b/renovate.json @@ -98,6 +98,10 @@ { "matchPackagePatterns": ["redis-ha"], "enabled": false + }, + { + "matchPackageNames": ["ghcr.io/renovatebot/renovate"], + "extends": ["schedule:monthly"] } ] } From baa566bd6b00ca2641ecce57cc43cd91a7a4fe34 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 22:26:54 +0000 Subject: [PATCH 451/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.2 (#2570) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 13ded9d9..22f637bd 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.1 +appVersion: v2.10.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.5.0 +version: 6.5.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support for templating ingress extraPaths and extraRules + - kind: changed + description: Bump argo-cd to v2.10.2 From f7a6060fce7ed0b1fa8cd2379c2bba8fba31c061 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 2 Mar 2024 09:29:24 +0900 Subject: [PATCH 452/768] chore(deps): update actions/create-github-app-token action to v1.9.0 (#2569) Co-authored-by: renovate[bot] Co-authored-by: Marco Maurer (-Kilchhofer) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b9ba882c..488c65f2 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@e8e39f73bb84fdf315a015fa3104f314c0a258b4 # v1.8.1 + uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From de462b7e809b06472a706f0c9d23ef2f5727ae35 Mon Sep 17 00:00:00 2001 From: mugi <62197019+mugioka@users.noreply.github.com> Date: Sat, 2 Mar 2024 20:20:12 +0900 Subject: [PATCH 453/768] feat(argo-cd): support ApplicationSet in any namespace. (#2402) * chore(argo-cd): support ApplicationSet in any namespace. Signed-off-by: mugioka * chore: apply feedback by maintainer. Signed-off-by: mugioka * fix: docs is not generated. Signed-off-by: mugioka --------- Signed-off-by: mugioka --- charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 1 + .../argocd-applicationset/clusterrole.yaml | 89 +++++++++++++++++++ .../clusterrolebinding.yaml | 17 ++++ charts/argo-cd/values.yaml | 3 +- 5 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml create mode 100644 charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 22f637bd..680b5d04 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.5.1 +version: 6.6.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.2 + description: Support ApplicationSet in any namespace. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d1c95206..eab256f7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1302,6 +1302,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml new file mode 100644 index 00000000..6ac4c1e7 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -0,0 +1,89 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml new file mode 100644 index 00000000..152b31f4 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.applicationSet.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 68581a3c..42b44183 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2928,7 +2928,8 @@ applicationSet: # - secretName: argocd-applicationset-tls # hosts: # - argocd-applicationset.example.com - + # -- Enable ApplicationSet in any namespace feature + allowAnyNamespace: false ## Notifications controller notifications: # -- Enable notifications controller From 1af4bf5f48c6d7de31600b60366649d71fb19e39 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 4 Mar 2024 04:12:41 +0900 Subject: [PATCH 454/768] feat(argo-workflows): Add ability to set .Values.namespaceOverride (#2564) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/_helpers.tpl | 8 ++++++++ .../templates/controller/artifact-repository-ref-cm.yaml | 2 +- .../controller/workflow-controller-cluster-roles.yaml | 2 +- .../controller/workflow-controller-config-map.yaml | 2 +- .../templates/controller/workflow-controller-crb.yaml | 6 +++--- .../controller/workflow-controller-deployment-pdb.yaml | 2 +- .../controller/workflow-controller-deployment.yaml | 2 +- .../templates/controller/workflow-controller-sa.yaml | 2 +- .../templates/controller/workflow-controller-service.yaml | 2 +- .../controller/workflow-controller-servicemonitor.yaml | 4 ++-- .../argo-workflows/templates/controller/workflow-rb.yaml | 2 +- .../templates/controller/workflow-role.yaml | 2 +- .../argo-workflows/templates/controller/workflow-sa.yaml | 2 +- .../templates/server/gke/backendconfig.yaml | 2 +- .../templates/server/gke/frontendconfig.yaml | 2 +- .../templates/server/gke/managedcertificate.yaml | 2 +- .../templates/server/server-cluster-roles.yaml | 2 +- charts/argo-workflows/templates/server/server-crb.yaml | 6 +++--- .../templates/server/server-deployment-hpa.yaml | 2 +- .../templates/server/server-deployment-pdb.yaml | 2 +- .../templates/server/server-deployment.yaml | 2 +- .../argo-workflows/templates/server/server-ingress.yaml | 2 +- charts/argo-workflows/templates/server/server-sa.yaml | 2 +- .../argo-workflows/templates/server/server-service.yaml | 2 +- charts/argo-workflows/values.yaml | 4 ++++ 27 files changed, 43 insertions(+), 30 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index b59241fa..99b190bc 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.13 +version: 0.40.14 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Disable leader election if only 1 repl of the Workflow Controller + description: Support namespaceOverride diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 75ecb19a..785bf9f8 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -124,6 +124,7 @@ Fields to note: | images.tag | string | `""` | Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. | ### Workflow diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 0d170ec9..118f9a52 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -189,3 +189,11 @@ Return the appropriate apiVersion for GKE resources {{- print "cloud.google.com/v1beta1" -}} {{- end -}} {{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-workflows.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml index ce7cd55b..81c1d0a7 100644 --- a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml +++ b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ $cm_name }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" $ | quote }} labels: {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }} {{- with $cm_val.annotations }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index c2d2a771..1b01b117 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -8,7 +8,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.controller.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 0fefd01f..1997d9d3 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "argo-workflows.controller.config-map.name" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} data: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 9fa7a7f6..69883f60 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -8,7 +8,7 @@ kind: ClusterRoleBinding metadata: name: {{ template "argo-workflows.controller.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} @@ -23,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- @@ -40,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index ee38445f..bee7c199 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 4a4e9f64..b3db5f4e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml index c6a8bf66..fd1db89f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 1959eb2e..51362c4f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 6643d634..df318fc2 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-workflows.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceMonitor.additionalLabels }} @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace | quote }} + - {{ include "argo-workflows.namespace" . | quote }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index 6f9ba23d..4402a722 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -1,5 +1,5 @@ {{- if .Values.workflow.rbac.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 80309119..14265372 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -1,5 +1,5 @@ {{- if .Values.workflow.rbac.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml index 273487c4..c6fff691 100644 --- a/charts/argo-workflows/templates/controller/workflow-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -1,5 +1,5 @@ {{- if .Values.workflow.serviceAccount.create -}} - {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq) }} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} --- apiVersion: v1 kind: ServiceAccount diff --git a/charts/argo-workflows/templates/server/gke/backendconfig.yaml b/charts/argo-workflows/templates/server/gke/backendconfig.yaml index 4597db3d..0d439b62 100644 --- a/charts/argo-workflows/templates/server/gke/backendconfig.yaml +++ b/charts/argo-workflows/templates/server/gke/backendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }} kind: BackendConfig metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml index 6b81c923..32cfc3a1 100644 --- a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml +++ b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml index b77c3131..4d1f840e 100644 --- a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml +++ b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} spec: domains: {{- with .Values.server.GKEmanagedCertificate.domains }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 56d4dcaa..dbb5ff9f 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -8,7 +8,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.server.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index e8d6511d..4ffb9107 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -8,7 +8,7 @@ kind: ClusterRoleBinding metadata: name: {{ template "argo-workflows.server.fullname" . }} {{- if .Values.singleNamespace }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} @@ -23,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.server.clusterWorkflowTemplates.enabled }} --- @@ -40,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end -}} {{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml index 9194bbd9..142bc31b 100644 --- a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml @@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }} kind: HorizontalPodAutoscaler metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml index 7ea6d465..47f8394d 100644 --- a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index b3aa3728..a4b8df7b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index 36209f5b..db69b012 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -14,7 +14,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- if .Values.server.ingress.labels }} diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml index 382d565e..d2c9c535 100644 --- a/charts/argo-workflows/templates/server/server-sa.yaml +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.serviceAccount.labels }} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index f7096a8d..7f81bd39 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index def967b1..0f2d6ca7 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -26,6 +26,10 @@ nameOverride: # -- String to fully override "argo-workflows.fullname" template fullnameOverride: +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" + # -- Labels to set on all resources commonLabels: {} From c4d79885816f09214287e39cc36bee06d1411278 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 23:52:59 +0900 Subject: [PATCH 455/768] chore(deps): update renovatebot/github-action action to v40.1.3 (#2573) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 488c65f2..f159b705 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@a6e57359b32af9a54d5b3b6603011f50629a0a05 # v40.1.2 + uses: renovatebot/github-action@78bdcb3bffa5e95e646183ca0a2ac2895abd6a20 # v40.1.3 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From fc620a3d51afb448fd3a14ed86a8949ed3e47af6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 17:26:10 +0900 Subject: [PATCH 456/768] chore(deps): update renovatebot/github-action action to v40.1.4 (#2579) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f159b705..a61d4b9c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@78bdcb3bffa5e95e646183ca0a2ac2895abd6a20 # v40.1.3 + uses: renovatebot/github-action@c134f38c01867794a23c35e86660bd9609caf30c # v40.1.4 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From b9615e451cd1637c13d4b6881ce53cb4e95e24c7 Mon Sep 17 00:00:00 2001 From: Ran Rubin Date: Mon, 11 Mar 2024 20:26:07 +0200 Subject: [PATCH 457/768] feat(argo-cd): Support setting ArgoCD Notifications secret (#2577) * chore(deps): update renovatebot/github-action action to v40.1.3 (#2573) Co-authored-by: renovate[bot] Signed-off-by: ranrubin * feat(argo-cd): Support for existing Secret in ArgoCD Notifications, and ability to set its name. Signed-off-by: ranrubin * feat(argo-cd): Pass Secret name to Notification controller Signed-off-by: ranrubin * chore(deps): update renovatebot/github-action action to v40.1.4 (#2579) Co-authored-by: renovate[bot] Signed-off-by: ranrubin * feat(argo-cd): Remove redundant useExistingSecret, and assume existence of a secret Signed-off-by: ranrubin --------- Signed-off-by: ranrubin Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../argocd-configs/argocd-notifications-secret.yaml | 2 +- .../argo-cd/templates/argocd-notifications/clusterrole.yaml | 4 +--- .../argo-cd/templates/argocd-notifications/deployment.yaml | 1 + charts/argo-cd/templates/argocd-notifications/role.yaml | 2 +- charts/argo-cd/values.yaml | 4 ++++ 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 680b5d04..f77df4c1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.6.0 +version: 6.7.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Support ApplicationSet in any namespace. + - kind: Added + description: Support for existing Secret for ArgoCD Notifications, and ability to set its name. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index eab256f7..d43a0fda 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1465,6 +1465,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | | notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret | +| notifications.secret.name | string | `"argocd-notifications-secret"` | notifications controller Secret name | | notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | notifications.serviceAccount.create | bool | `true` | Create notifications controller service account | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index 75027ed5..9c261c6a 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-notifications-secret + name: {{ .Values.notifications.secret.name }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml index 793bb5d3..edb957f3 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -38,14 +38,12 @@ rules: verbs: - get {{- end }} - {{- if .Values.notifications.secret.create }} - apiGroups: - "" resourceNames: - - argocd-notifications-secret + - {{ .Values.notifications.secret.name }} resources: - secrets verbs: - get - {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index f9b766f4..674639f4 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -66,6 +66,7 @@ spec: - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} - --namespace={{ .Release.Namespace }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + - --secret-name={{ .Values.notifications.secret.name }} {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/role.yaml b/charts/argo-cd/templates/argocd-notifications/role.yaml index 128c24f5..22eaa473 100644 --- a/charts/argo-cd/templates/argocd-notifications/role.yaml +++ b/charts/argo-cd/templates/argocd-notifications/role.yaml @@ -37,7 +37,7 @@ rules: - apiGroups: - "" resourceNames: - - argocd-notifications-secret + - {{ .Values.notifications.secret.name }} resources: - secrets verbs: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 42b44183..a281d019 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3017,8 +3017,12 @@ notifications: secret: # -- Whether helm chart creates notifications controller secret + ## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name. create: true + # -- notifications controller Secret name + name: "argocd-notifications-secret" + # -- key:value pairs of annotations to be added to the secret annotations: {} From 6a58945969d2711cb476901ce08fb1a998b9d888 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6ran=20P=C3=B6hner?= <10630407+groundhog2k@users.noreply.github.com> Date: Tue, 12 Mar 2024 00:08:20 +0100 Subject: [PATCH 458/768] fix(argo-cd): Fixed default tls hosts for grpc ingress endpoint (#2580) * Fixed default tls hosts for grpc ingress endpoint Signed-off-by: Goeran Poehner * Increased chart version Signed-off-by: Goeran Poehner * Added changelog entry Signed-off-by: Goeran Poehner * Updated changelog Signed-off-by: Goeran Poehner --------- Signed-off-by: Goeran Poehner Signed-off-by: Petr Drastil Co-authored-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/ingress-grpc.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f77df4c1..8a461c90 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.0 +version: 6.7.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: Added - description: Support for existing Secret for ArgoCD Notifications, and ability to set its name. + - kind: changed + description: Fixed a bug for TLS host value in GRPC ingress endpoint diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 73f447bf..2d15b9d7 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -53,7 +53,7 @@ spec: tls: {{- if .Values.server.ingressGrpc.tls }} - hosts: - - {{ $hostname }} + - {{ .Values.server.ingressGrpc.hostname | default $hostname }} secretName: argocd-server-grpc-tls {{- end }} {{- with .Values.server.ingressGrpc.extraTls }} From 1786f6e54488f90ff0e0df321d3775a302cc8f7e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 12 Mar 2024 07:26:50 -0500 Subject: [PATCH 459/768] chore(deps): update actions/checkout action to v4.1.2 (#2582) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index a61d4b9c..f3cd30ae 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate uses: renovatebot/github-action@c134f38c01867794a23c35e86660bd9609caf30c # v40.1.4 From b4e645c75fa5b3c843fb7b76dcfbe78dd70b6ab9 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 13 Mar 2024 20:45:56 +0000 Subject: [PATCH 460/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.3 (#2583) --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8a461c90..d0155755 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.2 +appVersion: v2.10.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.1 +version: 6.7.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Fixed a bug for TLS host value in GRPC ingress endpoint + description: Bump argo-cd to v2.10.3 From 718589628b97194a586926df7893ccc851340eb0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 13:18:13 +0900 Subject: [PATCH 461/768] chore(deps): update renovatebot/github-action action to v40.1.5 (#2584) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f3cd30ae..6e9edaa0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@c134f38c01867794a23c35e86660bd9609caf30c # v40.1.4 + uses: renovatebot/github-action@89bd050bafa5a15de5d9383e3129edf210422004 # v40.1.5 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From a148991ff83c0a3b36aeef2fbd69da873f8c0c7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Mar 2024 07:32:19 -0500 Subject: [PATCH 462/768] chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#2587) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index faf003de..895cbe52 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 788bd8e0..fb1de5ea 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3ccb86fe..971961e7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: persist-credentials: false From e7ad44173de7c56f86a73966ca61608aaf2f692b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Mar 2024 07:37:38 -0500 Subject: [PATCH 463/768] chore(deps): bump docker/login-action from 3.0.0 to 3.1.0 (#2586) --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index fb1de5ea..3a3b41d6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GHCR - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: ghcr.io username: ${{ github.actor }} From 85de0a16e70df7501ad6ea3d3922dbc1c602180e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 09:36:40 +0000 Subject: [PATCH 464/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.4 (#2588) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d0155755..2cbf4bd0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.3 +appVersion: v2.10.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.2 +version: 6.7.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.3 + description: Bump argo-cd to v2.10.4 From e248b6b3166491e187f7cdf499b28fb9fbf70408 Mon Sep 17 00:00:00 2001 From: Abdullah Alaqeel Date: Thu, 21 Mar 2024 02:52:58 +0300 Subject: [PATCH 465/768] fix(argocd-image-updater): Properly quoting the config map values (and other fixes) (#2512) fix(argocd-image-updater): Properly quoting the config map values fix(argocd-image-updater): Only adding a data field to argocd-image-updater-ssh-config when there's data to be added fix(argocd-image-updater): Only include config.argocd if config.applicationsAPIKind is set to 'argocd' chore(argocd-image-updater): removing unneeded whitespace in Role and RoleBinding Signed-off-by: Abdullah Alaqeel --- charts/argocd-image-updater/Chart.yaml | 10 +++++-- .../templates/configmap-sshconfig.yaml | 4 +-- .../templates/configmap.yaml | 28 ++++++++++--------- .../argocd-image-updater/templates/rbac.yaml | 4 +-- charts/argocd-image-updater/values.yaml | 1 + 5 files changed, 27 insertions(+), 20 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 43d69f51..2e34fad6 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.5 +version: 0.9.6 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,5 +18,9 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Allow overriding of .Release.Namespace with .Values.namespaceOverride + - kind: fixed + description: Properly quoting the config map values + - kind: fixed + description: Only adding a data field to argocd-image-updater-ssh-config when there's data to be added + - kind: changed + description: Only include config.argocd if config.applicationsAPIKind is set to 'argocd' diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 9233137c..9fd83d92 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -5,7 +5,7 @@ metadata: {{- include "argocd-image-updater.labels" . | nindent 4 }} name: argocd-image-updater-ssh-config namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- with .Values.config.sshConfig }} data: - {{- with .Values.config.sshConfig }} {{- toYaml . | nindent 2 }} - {{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 57ef2197..84eb6875 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -8,30 +8,32 @@ metadata: namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} - applications_api: {{ . }} + applications_api: {{ . | quote }} + {{- if eq . "argocd" }} + argocd.grpc_web: {{ $.Values.config.argocd.grpcWeb | quote }} + {{- with $.Values.config.argocd.serverAddress }} + argocd.server_addr: {{ . | quote }} {{- end }} - argocd.grpc_web: {{ .Values.config.argocd.grpcWeb | quote }} - {{- with .Values.config.argocd.serverAddress }} - argocd.server_addr: {{ . }} + argocd.insecure: {{ $.Values.config.argocd.insecure | quote }} + argocd.plaintext: {{ $.Values.config.argocd.plaintext | quote }} + {{- end -}} {{- end }} - argocd.insecure: {{ .Values.config.argocd.insecure | quote }} - argocd.plaintext: {{ .Values.config.argocd.plaintext | quote }} {{- with .Values.config.logLevel }} - log.level: {{ . }} + log.level: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitUser }} - git.user: {{ . }} + git.user: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitMail }} - git.email: {{ . }} + git.email: {{ . | quote }} {{- end }} {{- with .Values.config.gitCommitTemplate }} git.commit-message-template: | {{- nindent 4 . }} {{- end }} kube.events: {{ .Values.config.disableKubeEvents | quote }} + {{- with .Values.config.registries }} registries.conf: | - {{- with .Values.config.registries }} - registries: - {{- toYaml . | nindent 6 }} - {{- end }} + registries: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 685b0b89..50d75876 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} rules: @@ -37,7 +37,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - {{ include "argocd-image-updater.labels" . | nindent 4 }} + {{- include "argocd-image-updater.labels" . | nindent 4 }} name: {{ include "argocd-image-updater.fullname" . }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} roleRef: diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index fb5aad1a..7cbbe05b 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -101,6 +101,7 @@ config: applicationsAPIKind: "" # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags + # Note: this is only relevant if config.applicationsAPIKind == 'argocd' argocd: # -- Use the gRPC-web protocol to connect to the Argo CD API grpcWeb: true From 8a4c87529520a05a2026bc7ae1bfc743cace8d89 Mon Sep 17 00:00:00 2001 From: amcamina Date: Fri, 22 Mar 2024 17:09:43 +0100 Subject: [PATCH 466/768] feat(argo-rollouts): Allow customizing additional RBAC rules for other providers (#2556) * Allow customizing additional RBAC rules for other providers Signed-off-by: Alvaro.Camina * Changing additionalRules from dict to list Signed-off-by: Alvaro.Camina * Changing additionalRules from dict to list and addressing comment Signed-off-by: Alvaro.Camina * Runing `./scripts/helm-docs.sh` to update the README Signed-off-by: Alvaro.Camina --------- Signed-off-by: Alvaro.Camina Co-authored-by: Alvaro.Camina Co-authored-by: Aikawa Co-authored-by: Jason Meridth --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 1 + .../templates/controller/clusterrole.yaml | 21 +++++++++++-------- charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 2db0614d..5d6ccc7d 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.3 +version: 2.34.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-rollouts to v1.6.6 + - kind: added + description: Allow customizing additional RBAC rules for other providers diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 3627de83..adf27530 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -60,6 +60,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +| providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | | providerRBAC.enabled | bool | `true` | Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole | | providerRBAC.providers.ambassador | bool | `true` | Adds RBAC rules for the Ambassador provider | | providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 35fd8215..a60070b3 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -258,23 +258,26 @@ rules: {{- if .Values.providerRBAC.providers.contour }} # Access needed when using the Contour provider - apiGroups: - - projectcontour.io + - projectcontour.io resources: - - httpproxies + - httpproxies verbs: - - get - - list - - watch - - update + - get + - list + - watch + - update {{- end }} {{- if .Values.providerRBAC.providers.glooPlatform }} # Access needed when using the Gloo Platform provider - apiGroups: - - networking.gloo.solo.io + - networking.gloo.solo.io resources: - - routetables + - routetables verbs: - - '*' + - '*' +{{- end }} +{{- with .Values.providerRBAC.additionalRules }} +{{ toYaml . }} {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 19ab340e..1a4a9ede 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -273,6 +273,8 @@ providerRBAC: contour: true # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` glooPlatform: true + # -- Additional RBAC rules for others providers + additionalRules: [] dashboard: # -- Deploy dashboard server From 393402cb1b914a5eced42c0c0256c49b0796a5b5 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 23 Mar 2024 20:06:54 +0900 Subject: [PATCH 467/768] feat(argo-events): Support ability to set .Values.namespaceOverride (#2594) * feat(argo-events): Support ability to set .Values.namespaceOverride Signed-off-by: yu-croco * fix(argo-events): update README Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-events/Chart.yaml | 6 +++--- charts/argo-events/README.md | 1 + charts/argo-events/templates/_helpers.tpl | 8 ++++++++ .../templates/argo-events-controller/config.yaml | 2 +- .../templates/argo-events-controller/deployment.yaml | 2 +- .../argo-events/templates/argo-events-controller/pdb.yaml | 2 +- .../templates/argo-events-controller/rbac.yaml | 4 ++-- .../templates/argo-events-controller/service.yaml | 2 +- .../templates/argo-events-controller/serviceaccount.yaml | 2 +- .../templates/argo-events-controller/servicemonitor.yaml | 4 ++-- .../templates/argo-events-webhook/clusterrolebinding.yaml | 2 +- .../templates/argo-events-webhook/deployment.yaml | 2 +- charts/argo-events/templates/argo-events-webhook/pdb.yaml | 2 +- .../templates/argo-events-webhook/service.yaml | 2 +- .../templates/argo-events-webhook/serviceaccount.yaml | 2 +- charts/argo-events/values.yaml | 3 +++ 16 files changed, 29 insertions(+), 17 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 99f3b601..aed0dfdc 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.1 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.3 +version: 2.4.4 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-events to v1.9.1 + - kind: added + description: Support ability to set .Values.namespaceOverride diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 0abf2c31..c9cd5083 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -87,6 +87,7 @@ done | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] | | nameOverride | string | `"argo-events"` | Provide a name in place of `argo-events` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | openshift | bool | `false` | Deploy on OpenShift | ### Controller diff --git a/charts/argo-events/templates/_helpers.tpl b/charts/argo-events/templates/_helpers.tpl index d18f2ca9..93069ca3 100644 --- a/charts/argo-events/templates/_helpers.tpl +++ b/charts/argo-events/templates/_helpers.tpl @@ -136,3 +136,11 @@ Define Pdb apiVersion {{- printf "policy/v1beta1" -}} {{- end }} {{- end }} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-events.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml index b3293385..119c10f5 100644 --- a/charts/argo-events/templates/argo-events-controller/config.yaml +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "argo-events.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} data: diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index a3614c73..75d0cdb2 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "argo-events.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }} diff --git a/charts/argo-events/templates/argo-events-controller/pdb.yaml b/charts/argo-events/templates/argo-events-controller/pdb.yaml index 0451ecd7..269e2de4 100644 --- a/charts/argo-events/templates/argo-events-controller/pdb.yaml +++ b/charts/argo-events/templates/argo-events-controller/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-controller/rbac.yaml b/charts/argo-events/templates/argo-events-controller/rbac.yaml index aa9c7c2b..69a0adcb 100644 --- a/charts/argo-events/templates/argo-events-controller/rbac.yaml +++ b/charts/argo-events/templates/argo-events-controller/rbac.yaml @@ -4,7 +4,7 @@ kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} metadata: name: {{ include "argo-events.controller.fullname" . }} {{- if .Values.controller.rbac.namespaced }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- end }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} @@ -122,5 +122,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/service.yaml b/charts/argo-events/templates/argo-events-controller/service.yaml index fe36320b..55fe9361 100644 --- a/charts/argo-events/templates/argo-events-controller/service.yaml +++ b/charts/argo-events/templates/argo-events-controller/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-events.controller.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- with .Values.controller.metrics.service.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml index 3b8a9c81..bd697989 100644 --- a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- with .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml index 55cda1d4..371794ee 100644 --- a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml +++ b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-events.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-events.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} @@ -29,7 +29,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace | quote }} + - {{ include "argo-events.namespace" . | quote }} selector: matchLabels: {{- include "argo-events.selectorLabels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 6 }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml index 89226483..c701c8d7 100644 --- a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml +++ b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-events.webhook.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/deployment.yaml b/charts/argo-events/templates/argo-events-webhook/deployment.yaml index 0445484e..0b995ba2 100644 --- a/charts/argo-events/templates/argo-events-webhook/deployment.yaml +++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: events-webhook - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }} diff --git a/charts/argo-events/templates/argo-events-webhook/pdb.yaml b/charts/argo-events/templates/argo-events-webhook/pdb.yaml index a3daa745..26ee675d 100644 --- a/charts/argo-events/templates/argo-events-webhook/pdb.yaml +++ b/charts/argo-events/templates/argo-events-webhook/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: {{ template "argo-events.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "argo-events.webhook.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} {{- with .Values.webhook.pdb.labels }} diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml index 15563d0e..e1f2b2ee 100644 --- a/charts/argo-events/templates/argo-events-webhook/service.yaml +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: events-webhook - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} labels: {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} spec: diff --git a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml index e3e2ac5b..0efad0c2 100644 --- a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml +++ b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-events.webhook.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-events.namespace" . | quote }} {{- with .Values.webhook.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index faba6939..b959e6cd 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -6,6 +6,9 @@ nameOverride: argo-events # -- String to fully override "argo-events.fullname" template fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" # -- Deploy on OpenShift openshift: false From 237493a4ab1478a0c33cb1253767f65ce4ec007c Mon Sep 17 00:00:00 2001 From: irizzant Date: Sat, 23 Mar 2024 16:38:56 +0100 Subject: [PATCH 468/768] feat(argocd-apps)!: use maps instead of lists (#2538) * feat(argocd-apps)!: use maps instead of lists Signed-off-by: irizzant * fix(chart): add artifacthub annotations Signed-off-by: irizzant * fix: remove not needed lines Signed-off-by: irizzant * fix: use the right range function Signed-off-by: irizzant * fix(argocd-apps): fix issues Signed-off-by: irizzant * fix: fix newline issue in values.yaml Signed-off-by: irizzant * fix: Use range function properly (revert complex changes on item-templates) Signed-off-by: Marco Maurer --------- Signed-off-by: irizzant Signed-off-by: Marco Maurer Co-authored-by: Jason Meridth Co-authored-by: Marco Maurer Co-authored-by: Aikawa --- charts/argocd-apps/Chart.yaml | 4 +- charts/argocd-apps/README.md | 8 +- .../applications-multiple-sources-values.yaml | 50 +-- .../argocd-apps/ci/applications-values.yaml | 60 ++-- ...plicationsets-multiple-sources-values.yaml | 42 +-- ...licationsets-progressive-syncs-values.yaml | 76 ++-- .../ci/applicationsets-values.yaml | 172 ++++----- .../argocd-apps/templates/applications.yaml | 28 +- .../templates/applicationsets.yaml | 27 +- charts/argocd-apps/templates/extensions.yaml | 12 +- charts/argocd-apps/templates/projects.yaml | 38 +- charts/argocd-apps/values.yaml | 340 +++++++++--------- 12 files changed, 428 insertions(+), 429 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 0b550fb4..397e9db6 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 1.6.2 +version: 2.0.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,4 +18,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support Template Patch to ApplicationSet + description: make the chart use maps instead of lists diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md index 2cc1541f..447df733 100644 --- a/charts/argocd-apps/README.md +++ b/charts/argocd-apps/README.md @@ -28,11 +28,11 @@ $ helm install my-release argo/argocd-apps | Key | Type | Default | Description | |-----|------|---------|-------------| -| applications | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | -| applicationsets | list | `[]` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | -| extensions | list | `[]` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | +| applications | object | `{}` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | +| applicationsets | object | `{}` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | +| extensions | object | `{}` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | | itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | -| projects | list | `[]` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | +| projects | object | `{}` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/argocd-apps/ci/applications-multiple-sources-values.yaml b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml index 4d21403b..f1023424 100644 --- a/charts/argocd-apps/ci/applications-multiple-sources-values.yaml +++ b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml @@ -1,28 +1,28 @@ # Test with multi-source applications applications: -- name: argocd-application-multiple-sources - additionalLabels: {} - additionalAnnotations: {} - finalizers: - - resources-finalizer.argocd.argoproj.io - project: default - sources: - - chart: elasticsearch - repoURL: https://helm.elastic.co - targetRevision: 8.5.1 - - repoURL: https://github.com/argoproj/argocd-example-apps.git - path: guestbook - targetRevision: HEAD - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: false - selfHeal: false - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas + argocd-application-multiple-sources: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas diff --git a/charts/argocd-apps/ci/applications-values.yaml b/charts/argocd-apps/ci/applications-values.yaml index 28a627ff..4f742748 100644 --- a/charts/argocd-apps/ci/applications-values.yaml +++ b/charts/argocd-apps/ci/applications-values.yaml @@ -1,33 +1,33 @@ # Test with applications applications: -- name: argocd-application - additionalLabels: {} - additionalAnnotations: {} - finalizers: - - resources-finalizer.argocd.argoproj.io - project: default - source: - repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: guestbook - directory: - recurse: true - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: false - selfHeal: false - syncOptions: - - ApplyOutOfSyncOnly=true - revisionHistoryLimit: null - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - info: - - name: url - value: https://argoproj.github.io/ + argocd-application: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + syncOptions: + - ApplyOutOfSyncOnly=true + revisionHistoryLimit: null + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ diff --git a/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml index f1dd7cda..d8fe500c 100644 --- a/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml @@ -1,24 +1,24 @@ # Test with multi-source applicationsets applicationsets: -- name: applicationset-multiple-sources - generators: - - list: - elements: - - cluster: default-cluster - url: https://kubernetes.default.svc - template: - metadata: - name: '{{cluster}}-guestbook' - spec: - project: default - sources: - - chart: elasticsearch - repoURL: https://helm.elastic.co - targetRevision: 8.5.1 - - repoURL: https://github.com/argoproj/argocd-example-apps.git - path: guestbook - targetRevision: HEAD - destination: - server: '{{url}}' - namespace: default + applicationset-multiple-sources: + generators: + - list: + elements: + - cluster: default-cluster + url: https://kubernetes.default.svc + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: '{{url}}' + namespace: default diff --git a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml index 2fa58978..a225e7c5 100644 --- a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml @@ -1,41 +1,41 @@ # Test applicationsets with Progressive Syncs applicationsets: -- name: applicationset-progressive-syncs - generators: - - list: - elements: - - cluster: engineering-dev - url: https://1.2.3.4 - env: env-dev - - cluster: engineering-prod - url: https://9.8.7.6/ - env: env-prod - strategy: - type: RollingSync - rollingSync: - steps: - - matchExpressions: - - key: envLabel - operator: In - values: - - env-dev - - matchExpressions: - - key: envLabel - operator: In - values: - - env-prod - template: - metadata: - name: '{{.cluster}}-guestbook' - labels: - envLabel: '{{.env}}' - spec: - project: my-project - source: - repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: guestbook/{{.cluster}} - destination: - server: '{{.url}}' - namespace: guestbook + applicationset-progressive-syncs: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + env: env-dev + - cluster: engineering-prod + url: https://9.8.7.6/ + env: env-prod + strategy: + type: RollingSync + rollingSync: + steps: + - matchExpressions: + - key: envLabel + operator: In + values: + - env-dev + - matchExpressions: + - key: envLabel + operator: In + values: + - env-prod + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + envLabel: '{{.env}}' + spec: + project: my-project + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index 375367ca..ed84c5fb 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -1,90 +1,90 @@ # Test with applicationsets applicationsets: -- name: applicationset - additionalLabels: {} - additionalAnnotations: {} - # See PR #10026 (ArgoCD v2.5 or later) - # goTemplate: false - generators: - - git: - repoURL: https://github.com/argoproj/argocd-example-apps.git - revision: HEAD - directories: - - path: guestbook - - path: kustomize-* - # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync - ignoreApplicationDifferences: - - jsonPointers: - - /spec/syncPolicy - template: - metadata: - name: '{{path.basename}}' - labels: {} - annotations: {} - spec: - project: default - source: + applicationset: + additionalLabels: {} + additionalAnnotations: {} + # See PR #10026 (ArgoCD v2.5 or later) + # goTemplate: false + generators: + - git: repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: '{{path}}' - destination: - server: https://kubernetes.default.svc - namespace: default - syncPolicy: - automated: - prune: false - selfHeal: false - ignoreDifferences: - - group: apps - kind: Deployment - jsonPointers: - - /spec/replicas - info: - - name: url - value: https://argoproj.github.io/ - syncPolicy: - # Set Application finalizer - preserveResourcesOnDeletion: false - templatePatch: | - spec: - source: - helm: - valueFiles: - {{- range $valueFile := .valueFiles }} - - {{ $valueFile }} - {{- end }} - {{- if .autoSync }} - syncPolicy: - automated: - prune: {{ .prune }} - {{- end }} -- name: applicationset-list-generator - generators: - - list: - elements: - - cluster: engineering-dev - url: https://kubernetes.default.svc - template: - metadata: {} - spec: - project: '{{cluster}}' - source: - targetRevision: HEAD - repoURL: https://github.com/argoproj/argo-cd.git - # New path value is generated here: - path: 'applicationset/examples/template-override/{{cluster}}-override' - destination: {} - template: - metadata: - name: '{{cluster}}-guestbook' - spec: - project: '{{cluster}}' - source: - repoURL: https://github.com/argoproj/argo-cd.git - targetRevision: HEAD - # This 'default' value is not used: it is is replaced by the generator's template path, above - path: applicationset/examples/template-override/default - destination: - server: '{{url}}' - namespace: guestbook + revision: HEAD + directories: + - path: guestbook + - path: kustomize-* + # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync + ignoreApplicationDifferences: + - jsonPointers: + - /spec/syncPolicy + template: + metadata: + name: '{{path.basename}}' + labels: {} + annotations: {} + spec: + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: '{{path}}' + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ + syncPolicy: + # Set Application finalizer + preserveResourcesOnDeletion: false + templatePatch: | + spec: + source: + helm: + valueFiles: + {{- range $valueFile := .valueFiles }} + - {{ $valueFile }} + {{- end }} + {{- if .autoSync }} + syncPolicy: + automated: + prune: {{ .prune }} + {{- end }} + applicationset-list-generator: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + template: + metadata: {} + spec: + project: '{{cluster}}' + source: + targetRevision: HEAD + repoURL: https://github.com/argoproj/argo-cd.git + # New path value is generated here: + path: 'applicationset/examples/template-override/{{cluster}}-override' + destination: {} + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: '{{cluster}}' + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + # This 'default' value is not used: it is is replaced by the generator's template path, above + path: applicationset/examples/template-override/default + destination: + server: '{{url}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml index df0ea5eb..b26b6684 100644 --- a/charts/argocd-apps/templates/applications.yaml +++ b/charts/argocd-apps/templates/applications.yaml @@ -1,50 +1,50 @@ -{{- range .Values.applications }} +{{- range $appName, $appData:= .Values.applications }} --- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - {{- with .additionalAnnotations }} + {{- with $appData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - {{- with .additionalLabels }} + {{- with $appData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .name }} - {{- with .namespace }} + name: {{ $appName }} + {{- with $appData.namespace }} namespace: {{ . }} {{- end }} - {{- with .finalizers }} + {{- with $appData.finalizers }} finalizers: {{- toYaml . | nindent 4 }} {{- end }} spec: - project: {{ tpl .project $ }} - {{- with .source }} + project: {{ tpl $appData.project $ }} + {{- with $appData.source }} source: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .sources }} + {{- with $appData.sources }} sources: {{- toYaml . | nindent 4 }} {{- end }} destination: - {{- toYaml .destination | nindent 4 }} - {{- with .syncPolicy }} + {{- toYaml $appData.destination | nindent 4 }} + {{- with $appData.syncPolicy }} syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .revisionHistoryLimit }} + {{- with $appData.revisionHistoryLimit }} revisionHistoryLimit: {{ . }} {{- end }} - {{- with .ignoreDifferences }} + {{- with $appData.ignoreDifferences }} ignoreDifferences: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .info }} + {{- with $appData.info }} info: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index 72c8f2e2..e8ae2134 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -1,44 +1,43 @@ - -{{- range .Values.applicationsets }} +{{- range $appSetName, $appSetData:= .Values.applicationsets }} --- apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: - {{- with .additionalAnnotations }} + {{- with $appSetData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - {{- with .additionalLabels }} + {{- with $appSetData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .name }} - {{- with .namespace }} + name: {{ $appSetName }} + {{- with $appSetData.namespace }} namespace: {{ . }} {{- end }} spec: - {{- if hasKey . "goTemplate" }} - goTemplate: {{ .goTemplate }} + {{- if hasKey $appSetData "goTemplate" }} + goTemplate: {{ $appSetData.goTemplate }} {{- end }} - {{- with .generators }} + {{- with $appSetData.generators }} generators: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .ignoreApplicationDifferences }} + {{- with $appSetData.ignoreApplicationDifferences }} ignoreApplicationDifferences: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .strategy }} + {{- with $appSetData.strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .syncPolicy }} + {{- with $appSetData.syncPolicy }} syncPolicy: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .template }} + {{- with $appSetData.template }} template: {{- with .metadata }} metadata: @@ -84,7 +83,7 @@ spec: {{- end }} {{- end -}} {{- end }} - {{- with .templatePatch }} + {{- with $appSetData.templatePatch }} templatePatch: | {{- . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/templates/extensions.yaml b/charts/argocd-apps/templates/extensions.yaml index 1893c2a7..8a19e3a5 100644 --- a/charts/argocd-apps/templates/extensions.yaml +++ b/charts/argocd-apps/templates/extensions.yaml @@ -1,25 +1,25 @@ -{{- range .Values.extensions }} +{{- range $extensionName, $extensionData:= .Values.extensions }} --- apiVersion: argoproj.io/v1alpha1 kind: ArgoCDExtension metadata: - name: {{ .name }} - {{- with .namespace }} + name: {{ $extensionName }} + {{- with $extensionData.namespace }} namespace: {{ . }} {{- end }} finalizers: - extensions-finalizer.argocd.argoproj.io - {{- with .additionalLabels }} + {{- with $extensionData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .additionalAnnotations }} + {{- with $extensionData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- with .sources }} +{{- with $extensionData.sources }} spec: sources: {{- toYaml . | nindent 4 }} diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index f4c273e8..34a865ea 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -1,72 +1,72 @@ -{{- range .Values.projects }} +{{- range $projectName, $projectData := .Values.projects }} --- apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: - {{- with .additionalAnnotations }} + {{- with $projectData.additionalAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - {{- with .additionalLabels }} + {{- with $projectData.additionalLabels }} labels: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .name }} - {{- with .namespace }} + name: {{ $projectName }} + {{- with $projectData.namespace }} namespace: {{ . }} {{- end }} - {{- with .finalizers }} + {{- with $projectData.finalizers }} finalizers: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- with .permitOnlyProjectScopedClusters }} + {{- with $projectData.permitOnlyProjectScopedClusters }} permitOnlyProjectScopedClusters: {{ . }} {{- end }} - description: {{ .description }} - {{- with .sourceRepos }} + description: {{ $projectData.description }} + {{- with $projectData.sourceRepos }} sourceRepos: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .destinations }} + {{- with $projectData.destinations }} destinations: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .clusterResourceWhitelist }} + {{- with $projectData.clusterResourceWhitelist }} clusterResourceWhitelist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .clusterResourceBlacklist }} + {{- with $projectData.clusterResourceBlacklist }} clusterResourceBlacklist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .namespaceResourceBlacklist }} + {{- with $projectData.namespaceResourceBlacklist }} namespaceResourceBlacklist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .namespaceResourceWhitelist }} + {{- with $projectData.namespaceResourceWhitelist }} namespaceResourceWhitelist: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .orphanedResources }} + {{- with $projectData.orphanedResources }} orphanedResources: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .roles }} + {{- with $projectData.roles }} roles: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .syncWindows }} + {{- with $projectData.syncWindows }} syncWindows: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .signatureKeys }} + {{- with $projectData.signatureKeys }} signatureKeys: {{- toYaml . | nindent 4 }} {{- end }} - {{- with .sourceNamespaces }} + {{- with $projectData.sourceNamespaces }} sourceNamespaces: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 41ee1ef9..1fad3941 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -1,176 +1,176 @@ # -- Deploy Argo CD Applications within this helm release -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ -applications: [] -# - name: guestbook -# namespace: argocd -# additionalLabels: {} -# additionalAnnotations: {} -# finalizers: -# - resources-finalizer.argocd.argoproj.io -# project: guestbook -# source: -# repoURL: https://github.com/argoproj/argocd-example-apps.git -# targetRevision: HEAD -# path: guestbook -# directory: -# recurse: true -# # ArgoCD v2.6 or later -# sources: +applications: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# project: guestbook +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: guestbook +# directory: +# recurse: true +# # ArgoCD v2.6 or later +# sources: # - chart: elasticsearch # repoURL: https://helm.elastic.co # targetRevision: 8.5.1 # - repoURL: https://github.com/argoproj/argocd-example-apps.git # path: guestbook # targetRevision: HEAD -# destination: -# server: https://kubernetes.default.svc -# namespace: guestbook -# syncPolicy: -# automated: -# prune: false -# selfHeal: false -# syncOptions: -# - CreateNamespace=true -# revisionHistoryLimit: null -# ignoreDifferences: -# - group: apps -# kind: Deployment -# jsonPointers: -# - /spec/replicas -# info: -# - name: url -# value: https://argoproj.github.io/ +# destination: +# server: https://kubernetes.default.svc +# namespace: guestbook +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# syncOptions: +# - CreateNamespace=true +# revisionHistoryLimit: null +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ # -- Deploy Argo CD Projects within this helm release -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ -projects: [] -# - name: guestbook -# namespace: argocd -# additionalLabels: {} -# additionalAnnotations: {} -# permitOnlyProjectScopedClusters: false -# finalizers: -# - resources-finalizer.argocd.argoproj.io -# description: Example Project -# sourceRepos: -# - '*' -# destinations: -# - namespace: guestbook -# server: https://kubernetes.default.svc -# clusterResourceWhitelist: [] -# clusterResourceBlacklist: [] -# namespaceResourceBlacklist: -# - group: '' -# kind: ResourceQuota -# - group: '' -# kind: LimitRange -# - group: '' -# kind: NetworkPolicy -# orphanedResources: {} -# roles: [] -# namespaceResourceWhitelist: -# - group: 'apps' -# kind: Deployment -# - group: 'apps' -# kind: StatefulSet -# orphanedResources: {} -# roles: [] -# syncWindows: -# - kind: allow -# schedule: '10 1 * * *' -# duration: 1h -# applications: -# - '*-prod' -# manualSync: true -# signatureKeys: -# - keyID: ABCDEF1234567890 -# sourceNamespaces: -# - argocd +projects: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# permitOnlyProjectScopedClusters: false +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# description: Example Project +# sourceRepos: +# - '*' +# destinations: +# - namespace: guestbook +# server: https://kubernetes.default.svc +# clusterResourceWhitelist: [] +# clusterResourceBlacklist: [] +# namespaceResourceBlacklist: +# - group: '' +# kind: ResourceQuota +# - group: '' +# kind: LimitRange +# - group: '' +# kind: NetworkPolicy +# orphanedResources: {} +# roles: [] +# namespaceResourceWhitelist: +# - group: 'apps' +# kind: Deployment +# - group: 'apps' +# kind: StatefulSet +# orphanedResources: {} +# roles: [] +# syncWindows: +# - kind: allow +# schedule: '10 1 * * *' +# duration: 1h +# applications: +# - '*-prod' +# manualSync: true +# signatureKeys: +# - keyID: ABCDEF1234567890 +# sourceNamespaces: +# - argocd # -- Deploy Argo CD ApplicationSets within this helm release -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ -applicationsets: [] -# - name: guestbook -# namespace: argocd -# additionalLabels: {} -# additionalAnnotations: {} -# # See PR #10026 (ArgoCD v2.5 or later) -# # goTemplate: false -# generators: -# - git: -# repoURL: https://github.com/argoproj/argocd-example-apps.git -# revision: HEAD -# directories: -# - path: guestbook -# - path: kustomize-* -# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync -# ignoreApplicationDifferences: -# - jsonPointers: -# - /spec/syncPolicy -# # Progressive Syncs is an experimental feature and it must be explicitly enabled -# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs -# strategy: -# type: RollingSync -# rollingSync: -# steps: -# - matchExpressions: -# - key: project -# operator: In -# values: -# - guestbook -# - matchExpressions: -# - key: project -# operator: In -# values: -# - kustomize-foo -# - kustomize-bar -# template: -# metadata: -# name: '{{path.basename}}' -# labels: -# project: '{{path.basename}}' -# annotations: {} -# spec: -# project: default -# source: -# repoURL: https://github.com/argoproj/argocd-example-apps.git -# targetRevision: HEAD -# path: '{{path}}' -# destination: -# server: https://kubernetes.default.svc -# namespace: default -# syncPolicy: -# automated: -# prune: false -# selfHeal: false -# ignoreDifferences: -# - group: apps -# kind: Deployment -# jsonPointers: -# - /spec/replicas -# info: -# - name: url -# value: https://argoproj.github.io/ -# syncPolicy: -# # Set Application finalizer -# preserveResourcesOnDeletion: false -# # Templating is only available on string type -# templatePatch: | -# spec: -# source: -# helm: -# valueFiles: -# {{- range $valueFile := .valueFiles }} -# - {{ $valueFile }} -# {{- end }} -# {{- if .autoSync }} -# syncPolicy: -# automated: -# prune: {{ .prune }} -# {{- end }} +applicationsets: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# # See PR #10026 (ArgoCD v2.5 or later) +# # goTemplate: false +# generators: +# - git: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# revision: HEAD +# directories: +# - path: guestbook +# - path: kustomize-* +# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync +# ignoreApplicationDifferences: +# - jsonPointers: +# - /spec/syncPolicy +# # Progressive Syncs is an experimental feature and it must be explicitly enabled +# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs +# strategy: +# type: RollingSync +# rollingSync: +# steps: +# - matchExpressions: +# - key: project +# operator: In +# values: +# - guestbook +# - matchExpressions: +# - key: project +# operator: In +# values: +# - kustomize-foo +# - kustomize-bar +# template: +# metadata: +# name: '{{path.basename}}' +# labels: +# project: '{{path.basename}}' +# annotations: {} +# spec: +# project: default +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: '{{path}}' +# destination: +# server: https://kubernetes.default.svc +# namespace: default +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ +# syncPolicy: +# # Set Application finalizer +# preserveResourcesOnDeletion: false +# # Templating is only available on string type +# templatePatch: | +# spec: +# source: +# helm: +# valueFiles: +# {{- range $valueFile := .valueFiles }} +# - {{ $valueFile }} +# {{- end }} +# {{- if .autoSync }} +# syncPolicy: +# automated: +# prune: {{ .prune }} +# {{- end }} # -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release # @default -- `[]` (See [values.yaml]) @@ -238,16 +238,16 @@ itemTemplates: [] # namespace: guestbook # -- DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. -# @default -- `[]` (See [values.yaml]) +# @default -- `{}` (See [values.yaml]) ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. ## Ref: https://github.com/argoproj-labs/argocd-extensions -extensions: [] - # - name: example - # namespace: argocd - # additionalLabels: {} - # additionalAnnotations: {} - # sources: - # - git: - # url: https://github.com/argoproj-labs/argocd-example-extension.git - # - web: - # url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar +extensions: {} +# example: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# sources: +# - git: +# url: https://github.com/argoproj-labs/argocd-example-extension.git +# - web: +# url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar From 19b3d7271817910c51f0f5c6052b01735d4b301f Mon Sep 17 00:00:00 2001 From: Matthew Peterson <51802441+mpeters0n@users.noreply.github.com> Date: Sat, 23 Mar 2024 13:47:03 -0700 Subject: [PATCH 469/768] feat(argo-rollouts): Added Deployment labels to values.yaml (#2590) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 3 +++ charts/argo-rollouts/templates/controller/deployment.yaml | 3 +++ charts/argo-rollouts/templates/dashboard/deployment.yaml | 3 +++ charts/argo-rollouts/values.yaml | 6 ++++++ 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 5d6ccc7d..740aba28 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.34.4 +version: 2.35.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Allow customizing additional RBAC rules for other providers + description: Added Deployment labels diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index adf27530..0bd3560a 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -50,6 +50,7 @@ For full list of changes please check ArtifactHub [changelog]. | extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. | | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | | global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | +| global.deploymentLabels | object | `{}` | Labels for all deployed Deployments | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | installCRDs | bool | `true` | Install and upgrade CRDs | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | @@ -83,6 +84,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.containerPorts.metrics | int | `8090` | Metrics container port | | controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | | controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment | +| controller.deploymentLabels | object | `{}` | Labels to be added to the controller deployment | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | | controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | | controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. | @@ -139,6 +141,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | | dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) | | dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment | +| dashboard.deploymentLabels | object | `{}` | Labels to be added to the dashboard deployment | | dashboard.enabled | bool | `false` | Deploy dashboard server | | dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. | | dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 9b8f456e..25301e22 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -10,6 +10,9 @@ metadata: name: {{ include "argo-rollouts.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.controller.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} spec: diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index de7f525b..1c1d70c3 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -11,6 +11,9 @@ metadata: name: {{ include "argo-rollouts.fullname" . }}-dashboard namespace: {{ .Release.Namespace | quote }} labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.dashboard.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} app.kubernetes.io/component: {{ .Values.dashboard.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} spec: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 1a4a9ede..9cc4042d 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -41,12 +41,16 @@ extraObjects: [] global: # -- Annotations for all deployed Deployments deploymentAnnotations: {} + # -- Labels for all deployed Deployments + deploymentLabels: {} controller: # -- Value of label `app.kubernetes.io/component` component: rollouts-controller # -- Annotations to be added to the controller deployment deploymentAnnotations: {} + # -- Labels to be added to the controller deployment + deploymentLabels: {} # -- Annotations to be added to application controller pods podAnnotations: {} # -- [Node selector] @@ -285,6 +289,8 @@ dashboard: component: rollouts-dashboard # -- Annotations to be added to the dashboard deployment deploymentAnnotations: {} + # -- Labels to be added to the dashboard deployment + deploymentLabels: {} # -- Annotations to be added to application dashboard pods podAnnotations: {} # -- [Node selector] From a28780fb195fb1488f65bc7af95dcd389266e60f Mon Sep 17 00:00:00 2001 From: Carlos M <1761056+cmontemuino@users.noreply.github.com> Date: Sun, 24 Mar 2024 21:26:55 +0100 Subject: [PATCH 470/768] feat(argo-workflows): check prometheus CRD for ServiceMonitor (#2430) * chore: Apply changes from code review Signed-off-by: Marco Maurer --------- Signed-off-by: cmontemuino <1761056+cmontemuino@users.noreply.github.com> Signed-off-by: Marco Maurer Co-authored-by: Jason Meridth Co-authored-by: Marco Maurer --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + charts/argo-workflows/templates/_helpers.tpl | 11 +++++++++++ .../workflow-controller-servicemonitor.yaml | 5 +++-- charts/argo-workflows/values.yaml | 2 ++ 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 99b190bc..6223ffc6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.40.14 +version: 0.41.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support namespaceOverride + description: Check Prometheus CRDs are available before creating Service Monitor resource(s) diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 785bf9f8..3a387546 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -111,6 +111,7 @@ Fields to note: |-----|------|---------|-------------| | apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | | apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| apiVersionOverrides.monitoring | string | `""` | String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart | | commonLabels | object | `{}` | Labels to set on all resources | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index 118f9a52..f46af22f 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -190,6 +190,17 @@ Return the appropriate apiVersion for GKE resources {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for monitoring CRDs +*/}} +{{- define "argo-workflows.apiVersions.monitoring" -}} +{{- if .Values.apiVersionOverrides.monitoring -}} +{{- print .Values.apiVersionOverrides.monitoring -}} +{{- else -}} +{{- print "monitoring.coreos.com/v1" -}} +{{- end -}} +{{- end -}} + {{/* Expand the namespace of the release. Allows overriding it for multi-namespace deployments in combined charts. diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index df318fc2..1695f96d 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -1,5 +1,6 @@ -{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 +{{- $apiVersion := include "argo-workflows.apiVersions.monitoring" . }} +{{- if and (.Capabilities.APIVersions.Has $apiVersion) (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} +apiVersion: {{ $apiVersion }} kind: ServiceMonitor metadata: name: {{ template "argo-workflows.controller.fullname" . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 0f2d6ca7..3c361c9c 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -42,6 +42,8 @@ apiVersionOverrides: autoscaling: "" # autoscaling/v2 # -- String to override apiVersion of GKE resources rendered by this helm chart cloudgoogle: "" # cloud.google.com/v1 + # -- String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart + monitoring: "" # monitoring.coreos.com/v1 # -- Restrict Argo to operate only in a single namespace (the namespace of the # Helm release) by apply Roles and RoleBindings instead of the Cluster From 3e8653a7651678dadb951892d69fc49399cffd23 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 15:26:28 +0900 Subject: [PATCH 471/768] chore(deps): update renovatebot/github-action action to v40.1.6 (#2602) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 6e9edaa0..6f180fc5 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@89bd050bafa5a15de5d9383e3129edf210422004 # v40.1.5 + uses: renovatebot/github-action@23b01dbf6f38965076a36aff87f802263164f204 # v40.1.6 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 776c19db6377eea7b42a81eae5e2befde52b9861 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 21:39:36 +0000 Subject: [PATCH 472/768] chore(deps): update actions/create-github-app-token action to v1.9.1 (#2604) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 6f180fc5..08cfce31 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0 + uses: actions/create-github-app-token@78e5f2ddc08efcb88fbbee6cfa3fed770ba550c3 # v1.9.1 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 38900afada6cbc51e469d53fbf20ebba6f1cb07b Mon Sep 17 00:00:00 2001 From: Connor Given <47261237+congiv@users.noreply.github.com> Date: Tue, 26 Mar 2024 04:35:50 -0400 Subject: [PATCH 473/768] feat(argo-rollouts): add minimum RBAC for Gateway API (#2599) --- charts/argo-rollouts/Chart.yaml | 4 +-- charts/argo-rollouts/README.md | 1 + .../templates/controller/clusterrole.yaml | 27 +++++++++++++++ .../templates/controller/role.yaml | 33 +++++++++++++++++-- charts/argo-rollouts/values.yaml | 2 ++ 5 files changed, 62 insertions(+), 5 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 740aba28..307965b9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.35.0 +version: 2.35.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added Deployment labels + description: Allow minimum set of RBAC rules for Gateway API resources diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 0bd3560a..eb30e7ee 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -68,6 +68,7 @@ For full list of changes please check ArtifactHub [changelog]. | providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | | providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | | providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` | +| providerRBAC.providers.gatewayAPI | bool | `true` | Adds RBAC rules for the Gateway API provider | | providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` | | providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | | providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index a60070b3..a80708b6 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -94,11 +94,22 @@ rules: - "" resources: - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: - configmaps verbs: - get - list - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -276,6 +287,22 @@ rules: verbs: - '*' {{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update +{{- end }} {{- with .Values.providerRBAC.additionalRules }} {{ toYaml . }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index dc656cde..584587b9 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -95,11 +95,22 @@ rules: - "" resources: - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: - configmaps verbs: - get - list - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} # pod list/update needed for updating ephemeral data - apiGroups: - "" @@ -259,11 +270,27 @@ rules: {{- if .Values.providerRBAC.providers.glooPlatform }} # Access needed when using the Gloo Platform provider - apiGroups: - - networking.gloo.solo.io + - networking.gloo.solo.io resources: - - routetables + - routetables verbs: - - '*' + - '*' +{{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 9cc4042d..8f3f10b4 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -277,6 +277,8 @@ providerRBAC: contour: true # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` glooPlatform: true + # -- Adds RBAC rules for the Gateway API provider + gatewayAPI: true # -- Additional RBAC rules for others providers additionalRules: [] From e56bda239d7871acfe7162def5a327d6a53dae8c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 28 Mar 2024 08:44:07 +0100 Subject: [PATCH 474/768] chore(deps): update renovatebot/github-action action to v40.1.7 (#2608) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 08cfce31..6b290f1d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@23b01dbf6f38965076a36aff87f802263164f204 # v40.1.6 + uses: renovatebot/github-action@7d358366277001f3316d7fa54ff49a81c0158948 # v40.1.7 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 6043017f34a4aab9eed905c3eec3dfe796252d1f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 28 Mar 2024 18:29:52 +0100 Subject: [PATCH 475/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.5 (#2610) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2cbf4bd0..7cc1ab23 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.4 +appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.3 +version: 6.7.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.4 + description: Bump argo-cd to v2.10.5 From e9a3381d739f4c07069753bf5a2db4cd462ec014 Mon Sep 17 00:00:00 2001 From: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> Date: Fri, 29 Mar 2024 09:13:31 +0100 Subject: [PATCH 476/768] fix(argo-cd): Properly support "application in any namespace" for the argocd-server ClusterRole (#2609) * Properly support "application in any namespace" for the argocd-server ClusterRole Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> * Add changelog Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> * notification controller can handle self-managed notification in any namespace Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> * Bump argo-cd chart to v6.7.5 Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> --------- Signed-off-by: GuillaumeRemyCSI <30650458+GuillaumeRemyCSI@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- .../templates/argocd-notifications/clusterrole.yaml | 3 +++ .../argo-cd/templates/argocd-server/clusterrole.yaml | 11 +++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7cc1ab23..41acb075 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.4 +version: 6.7.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.10.5 + - kind: fixed + description: Fixed the ClusterRole of argocd-server and notification when using "application in any namespace" diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml index edb957f3..eba5973f 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -28,6 +28,9 @@ rules: verbs: - list - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - create + {{- end }} {{- if .Values.notifications.cm.create }} - apiGroups: - "" diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index f4877980..0867a1b1 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -48,6 +48,17 @@ rules: - list - update - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - create + - delete + - update + - patch + {{- end }} - apiGroups: - batch resources: From d6063b9595c5692c122302fe913f28c66376747c Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Fri, 29 Mar 2024 19:13:26 +0300 Subject: [PATCH 477/768] fix(argo-cd): add missing crd change from 2.10.5 (#2612) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/crds/crd-applicationset.yaml | 6 ------ 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 41acb075..fa41352d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.5 +version: 6.7.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed the ClusterRole of argocd-server and notification when using "application in any namespace" + description: added missing crd change for 2.10.5 diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 02623f6c..323beb27 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -2381,8 +2381,6 @@ spec: - metadata - spec type: object - required: - - elements type: object matrix: properties: @@ -4725,8 +4723,6 @@ spec: - metadata - spec type: object - required: - - elements type: object matrix: x-kubernetes-preserve-unknown-fields: true @@ -9752,8 +9748,6 @@ spec: - metadata - spec type: object - required: - - elements type: object matrix: x-kubernetes-preserve-unknown-fields: true From 3a56a3e64d8edb4522531498fe9686ddafbb975a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Mar 2024 12:33:40 -0500 Subject: [PATCH 478/768] chore(deps): bump actions/setup-python from 5.0.0 to 5.1.0 (#2615) --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 895cbe52..46cf47cd 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: 3.9 From d64b7e2d0c378635c9ce1e3ee8e800d11156dd88 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 10:18:04 +0900 Subject: [PATCH 479/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.278.0 (#2617) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 6b290f1d..d5280ec2 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.222.0 + renovate-version: 37.278.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 7b87ff19e5c034b3e4b628a9220516fe5f6ceaa3 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 19:27:32 +0200 Subject: [PATCH 480/768] chore(deps): update actions/create-github-app-token action to v1.9.2 (#2618) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d5280ec2..22e06e11 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@78e5f2ddc08efcb88fbbee6cfa3fed770ba550c3 # v1.9.1 + uses: actions/create-github-app-token@6c406e8a244fdf6bbf79e6cc8a91504a48d2c2ce # v1.9.2 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 30fd5202b0c195ad8bda0406dab33eec85c3781d Mon Sep 17 00:00:00 2001 From: edmondshtogu Date: Tue, 2 Apr 2024 07:03:37 +0200 Subject: [PATCH 481/768] feat(argo-cd): enabled server cluster role permissions overriding (#2606) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/argocd-server/clusterrole.yaml | 4 ++++ charts/argo-cd/values.yaml | 8 ++++++++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fa41352d..f86a8d52 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.6 +version: 6.7.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: added missing crd change for 2.10.5 + - kind: added + description: Support for Overriding Argo CD Server ClusterRole Permissions diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index d43a0fda..70679f23 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -928,6 +928,8 @@ NAME: my-release | server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | | server.certificateSecret.key | string | `""` | Private Key of the certificate | | server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret | +| server.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the server's ClusterRole resource | +| server.clusterRoleRules.rules | list | `[]` | List of custom rules for the server's ClusterRole resource | | server.containerPorts.metrics | int | `8083` | Metrics container port | | server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 0867a1b1..c1439b0c 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -6,6 +6,9 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: + {{- if .Values.server.clusterRoleRules.enabled }} + {{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }} + {{- else }} - apiGroups: - '*' resources: @@ -73,4 +76,5 @@ rules: verbs: {{/* supports triggering workflows from UI */}} - create + {{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index a281d019..000f94a3 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2194,6 +2194,14 @@ server: # -- Termination policy of Openshift Route termination_policy: None + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the server's ClusterRole resource + enabled: false + # -- List of custom rules for the server's ClusterRole resource + rules: [] + ## Repo Server repoServer: # -- Repo server name From 72f0a50d7038ba2883a5ea87b5012824f9a7884f Mon Sep 17 00:00:00 2001 From: Pierre Blais <109473352+pierreblais@users.noreply.github.com> Date: Tue, 2 Apr 2024 15:36:34 +0200 Subject: [PATCH 482/768] feat(argo-cd): Add sizeLimit parameters on emptyDir (#2607) * feat(argo-cd): Add sizeLimit parameters on emptyDir Signed-off-by: Pierre BLAIS * feat(argo-cd): Bumping chart version Signed-off-by: Pierre BLAIS * Fix(argo-cd): Add missing new line Signed-off-by: Pierre BLAIS --------- Signed-off-by: Pierre BLAIS Signed-off-by: Pierre Blais <109473352+pierreblais@users.noreply.github.com> Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 +-- charts/argo-cd/README.md | 5 +++ .../deployment.yaml | 6 ++++ .../statefulset.yaml | 5 +++ .../argocd-applicationset/deployment.yaml | 10 ++++++ .../argocd-repo-server/deployment.yaml | 25 +++++++++++++ .../templates/argocd-server/deployment.yaml | 15 ++++++++ charts/argo-cd/templates/dex/deployment.yaml | 10 ++++++ charts/argo-cd/values.yaml | 35 +++++++++++++++++++ 9 files changed, 113 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f86a8d52..b645755d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.7 +version: 6.7.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support for Overriding Argo CD Server ClusterRole Permissions + description: Add sizeLimit params on EmptyDir Volume diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 70679f23..244c2641 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -733,6 +733,7 @@ NAME: my-release | controller.dnsConfig | object | `{}` | [DNS configuration] | | controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | | controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution | +| controller.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for application controller | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | @@ -827,6 +828,7 @@ NAME: my-release | repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | | repoServer.dnsConfig | object | `{}` | [DNS configuration] | | repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | +| repoServer.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for repo server | | repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | | repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes | @@ -937,6 +939,7 @@ NAME: my-release | server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | | server.dnsConfig | object | `{}` | [DNS configuration] | | server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | +| server.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for the Argo CD server | | server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | @@ -1075,6 +1078,7 @@ NAME: my-release | dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | | dex.dnsConfig | object | `{}` | [DNS configuration] | | dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | +| dex.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for Dex server | | dex.enabled | bool | `true` | Enable dex | | dex.env | list | `[]` | Environment variables to pass to the Dex server | | dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server | @@ -1327,6 +1331,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | +| applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller | | applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | | applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | | applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index e0c12135..232ce267 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -334,7 +334,13 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} + - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 3b72d19f..80535e67 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -333,7 +333,12 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 96fc3804..795f18d0 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -302,9 +302,19 @@ spec: configMap: name: argocd-gpg-keys-cm - name: gpg-keyring + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: tmp + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index d27c15d9..590e5387 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -394,26 +394,46 @@ spec: {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}} {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} {{- end }} - name: plugins {{- if .Values.repoServer.existingVolumes.plugins -}} {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: var-files {{- if .Values.repoServer.existingVolumes.varFiles -}} {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: tmp {{- if .Values.repoServer.existingVolumes.tmp -}} {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: ssh-known-hosts configMap: @@ -428,7 +448,12 @@ spec: {{- if .Values.repoServer.existingVolumes.gpgKeyring -}} {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }} {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: argocd-repo-server-tls secret: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 6d614b0f..faaf1c26 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -442,12 +442,27 @@ spec: {{- end }} {{- if .Values.server.extensions.enabled }} - name: extensions + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} - name: plugins-home + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: tmp + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: ssh-known-hosts configMap: name: argocd-ssh-known-hosts-cm diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 61f3fe86..3c293e7c 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -187,9 +187,19 @@ spec: {{- end }} volumes: - name: static-files + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: dexconfig + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} emptyDir: {} + {{- end }} - name: argocd-dex-server-tls secret: secretName: argocd-dex-server-tls diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 000f94a3..1285eccf 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -673,6 +673,13 @@ controller: # - name: custom-tools # emptyDir: {} + ## Application controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for application controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # -- Annotations for the application controller StatefulSet statefulsetAnnotations: {} @@ -989,6 +996,13 @@ dex: # -- Additional volumes to the dex pod volumes: [] + ## Dex server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for Dex server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers. @@ -1744,6 +1758,13 @@ server: # - name: custom-tools # emptyDir: {} + ## Argo CD server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for the Argo CD server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # -- Annotations to be added to server Deployment deploymentAnnotations: {} @@ -2366,6 +2387,13 @@ repoServer: # persistentVolumeClaim: # claimName: pvc-argocd-repo-server-plugins + ## RepoServer emptyDir volumes + emptyDir: + # -- EmptyDir size limit for repo server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + # -- Toggle the usage of a ephemeral Helm working directory useEphemeralHelmWorkingDir: true @@ -2653,6 +2681,13 @@ applicationSet: # -- List of extra volumes to add extraVolumes: [] + ## ApplicationSet controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for applicationSet controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + ## Metrics service configuration metrics: # -- Deploy metrics service From c30f1984e418bc12953bd967fcc8dd2598173a65 Mon Sep 17 00:00:00 2001 From: Karl Lyons <7.lyonsy@gmail.com> Date: Tue, 2 Apr 2024 13:26:07 -0400 Subject: [PATCH 483/768] feat(argo-workflows): Add the ability to use headless service for workflow controller (#2620) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../templates/controller/workflow-controller-service.yaml | 3 +++ charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6223ffc6..0243bcd7 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.5 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.0 +version: 0.41.1 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Check Prometheus CRDs are available before creating Service Monitor resource(s) + description: Add the ability to use a headless service for the workflow controller diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 3a387546..e8d99b6d 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -170,6 +170,7 @@ Fields to note: | controller.logging.globallevel | string | `"0"` | Set the glog logging level | | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | +| controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 51362c4f..0cd8a75b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -32,6 +32,9 @@ spec: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.controller.serviceType }} + {{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }} + clusterIP: None + {{- end }} {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 3c361c9c..89fa1753 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -135,6 +135,8 @@ controller: servicePort: 8080 # -- Service metrics port name servicePortName: metrics + # -- Flag to enable headless service + headlessService: false # -- ServiceMonitor relabel configs to apply to samples before scraping ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig relabelings: [] From 1a5bded746dfcd27d8bc143b427246034606324b Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 4 Apr 2024 20:47:21 +0200 Subject: [PATCH 484/768] fix(argo-cd): Add required label for CLI on redis-ha-haproxy pod (#2627) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/values.yaml | 3 +++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b645755d..2bef9887 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.8 +version: 6.7.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add sizeLimit params on EmptyDir Volume + - kind: fixed + description: Add required label for CLI to redis-ha-haproxy pods diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 244c2641..c8401dd2 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1269,6 +1269,7 @@ The main options are listed here: | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1285eccf..09968523 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1505,6 +1505,9 @@ redis-ha: haproxy: # -- Enabled HAProxy LoadBalancing/Proxy enabled: true + # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. + labels: + app.kubernetes.io/name: argocd-redis-ha-haproxy metrics: # -- HAProxy enable prometheus metric scraping enabled: true From b35d6e3618a6fd37341f2a39b618599979a009dd Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 4 Apr 2024 15:25:31 -0500 Subject: [PATCH 485/768] chore(deps): update actions/create-github-app-token action to v1.9.3 (#2626) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 22e06e11..13242aaf 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@6c406e8a244fdf6bbf79e6cc8a91504a48d2c2ce # v1.9.2 + uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From b583d7742ffb460f2900244789c1eb2a098828e0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 5 Apr 2024 05:59:50 +0100 Subject: [PATCH 486/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.6 (#2630) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2bef9887..94a33897 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.5 +appVersion: v2.10.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.9 +version: 6.7.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add required label for CLI to redis-ha-haproxy pods + - kind: changed + description: Bump argo-cd to v2.10.6 From af50be59ed31a371f811ad586bd72a762291b810 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 13:38:36 +0200 Subject: [PATCH 487/768] chore(deps): update renovatebot/github-action action to v40.1.8 (#2633) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 13242aaf..f5963f3c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@7d358366277001f3316d7fa54ff49a81c0158948 # v40.1.7 + uses: renovatebot/github-action@10b0dbf049fea8f04c079c8802145f3eac72d9e7 # v40.1.8 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From f42e0e1fd586d48459d99db69e65f2540a5cd209 Mon Sep 17 00:00:00 2001 From: Stefan Caraiman Date: Wed, 10 Apr 2024 23:05:47 +0300 Subject: [PATCH 488/768] fix(argo-cd): make automountServiceAccountToken configurable (#2625) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 7 +++++++ .../deployment.yaml | 1 + .../statefulset.yaml | 1 + .../argocd-applicationset/deployment.yaml | 1 + .../argocd-notifications/deployment.yaml | 1 + .../argocd-repo-server/deployment.yaml | 1 + .../templates/argocd-server/deployment.yaml | 1 + charts/argo-cd/templates/dex/deployment.yaml | 1 + .../argo-cd/templates/redis/deployment.yaml | 1 + charts/argo-cd/values.yaml | 21 +++++++++++++++++++ 11 files changed, 39 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 94a33897..51d91732 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.10 +version: 6.7.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.10.6 + - kind: added + description: Add configurable automountServiceAccountToken diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c8401dd2..a9c7c446 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -725,6 +725,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| controller.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | @@ -806,6 +807,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| repoServer.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | | repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | @@ -903,6 +905,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| server.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | @@ -1064,6 +1067,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| dex.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret | | dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | | dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) | @@ -1160,6 +1164,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| redis.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | redis.containerPorts.metrics | int | `9121` | Metrics container port | | redis.containerPorts.redis | int | `6379` | Redis container port | | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | @@ -1310,6 +1315,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature | +| applicationSet.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | | applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | @@ -1419,6 +1425,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 232ce267..c0dc1460 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -55,6 +55,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} containers: - args: - /usr/local/bin/argocd-application-controller diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 80535e67..14c3653e 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -56,6 +56,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} containers: - args: - /usr/local/bin/argocd-application-controller diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 795f18d0..0b6a51fb 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -56,6 +56,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }} containers: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 674639f4..eaf35623 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -55,6 +55,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.notifications.automountServiceAccountToken }} containers: - name: {{ .Values.notifications.name }} image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 590e5387..84804ac6 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -66,6 +66,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.repoServer.automountServiceAccountToken }} containers: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index faaf1c26..dee9cf43 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -60,6 +60,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.server.automountServiceAccountToken }} containers: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 3c293e7c..b6c94f90 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -59,6 +59,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.dex.automountServiceAccountToken }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index a25c1bd8..56ceae93 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -52,6 +52,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} {{- end }} serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.redis.automountServiceAccountToken }} containers: - name: {{ .Values.redis.name }} image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 09968523..5f6d0d0b 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -768,6 +768,9 @@ controller: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create a service account for the application controller create: true @@ -1110,6 +1113,9 @@ dex: # -- terminationGracePeriodSeconds for container lifecycle hook terminationGracePeriodSeconds: 30 + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create dex service account create: true @@ -1410,6 +1416,9 @@ redis: # -- terminationGracePeriodSeconds for container lifecycle hook terminationGracePeriodSeconds: 30 + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create a service account for the redis pod create: false @@ -2009,6 +2018,9 @@ server: # -- Prometheus ServiceMonitor annotations annotations: {} + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create server service account create: true @@ -2586,6 +2598,9 @@ repoServer: # -- List of custom rules for the Repo server's Cluster Role resource rules: [] + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + ## Repo server service account ## If create is set to true, make sure to uncomment the name and update the rbac section below serviceAccount: @@ -2747,6 +2762,9 @@ applicationSet: # -- ApplicationSet service port name portName: http-webhook + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create ApplicationSet controller service account create: true @@ -3208,6 +3226,9 @@ notifications: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: # -- Create notifications controller service account create: true From a51380a144fa2a6ca42879faac2756f0b703d4b4 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 12 Apr 2024 01:55:23 -0500 Subject: [PATCH 489/768] chore(deps): update renovatebot/github-action action to v40.1.9 (#2638) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f5963f3c..90c0570f 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@10b0dbf049fea8f04c079c8802145f3eac72d9e7 # v40.1.8 + uses: renovatebot/github-action@74811c93da74bf38cb37f41489065619930fba44 # v40.1.9 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 7aca86035924ff9015d836669ffe5dc5a8eee38d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Apr 2024 08:42:06 -0500 Subject: [PATCH 490/768] chore(deps): bump azure/setup-helm from 3.5 to 4 (#2640) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/publish.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 46cf47cd..d28d2fce 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -27,7 +27,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 with: version: v3.10.1 # Also update in publish.yaml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3a3b41d6..9584e09a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 with: version: v3.10.1 # Also update in lint-and-test.yaml From ebbe2eefad39f0f0c38ded984eeeb8d0c4816e80 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 11:42:55 +0100 Subject: [PATCH 491/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.7 (#2643) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 51d91732..06a52163 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.6 +appVersion: v2.10.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.11 +version: 6.7.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add configurable automountServiceAccountToken + - kind: changed + description: Bump argo-cd to v2.10.7 From 8abf55a807aec83640ee6479fca13b07cf1e7dd6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 17 Apr 2024 22:48:41 +0200 Subject: [PATCH 492/768] chore(deps): update renovatebot/github-action action to v40.1.10 (#2645) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 90c0570f..f3a6ac6b 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@74811c93da74bf38cb37f41489065619930fba44 # v40.1.9 + uses: renovatebot/github-action@2e021d24483d81e77e0e902d0809adfbfff276fc # v40.1.10 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From a12dbf812c9b1eb0a1065734159e9a3c9c03fc03 Mon Sep 17 00:00:00 2001 From: Marc Brugger Date: Thu, 18 Apr 2024 23:41:24 +0200 Subject: [PATCH 493/768] feat(argocd-image-updater): Allow defining extraEnvFrom for the deployment (#2646) Signed-off-by: bakito --- charts/argocd-image-updater/Chart.yaml | 10 +++------- charts/argocd-image-updater/README.md | 1 + charts/argocd-image-updater/templates/deployment.yaml | 4 ++++ charts/argocd-image-updater/values.yaml | 7 +++++++ 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 2e34fad6..7f299aef 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.6 +version: 0.9.7 appVersion: v0.12.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,9 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Properly quoting the config map values - - kind: fixed - description: Only adding a data field to argocd-image-updater-ssh-config when there's data to be added - - kind: changed - description: Only include config.argocd if config.applicationsAPIKind is set to 'argocd' + - kind: added + description: Allow defining extraEnvFrom for the deployment diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index f094d77a..a8d28699 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -86,6 +86,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | +| extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | | extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater | | fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | | image.pullPolicy | string | `"Always"` | Default image pull policy | diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 6a4f592c..cfd87a47 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -104,6 +104,10 @@ spec: {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 7cbbe05b..0f2a4e33 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -44,6 +44,13 @@ extraEnv: [] # - name: AWS_REGION # value: "us-west-1" +# -- Extra envFrom to pass to argocd-image-updater +extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + # -- Extra K8s manifests to deploy for argocd-image-updater ## Note: Supports use of custom Helm templates extraObjects: [] From 598a3c48c5c628a32a41078dd0d46e96e4dfa6fb Mon Sep 17 00:00:00 2001 From: Aleksei Sviridkin <3811295@gmail.com> Date: Fri, 19 Apr 2024 18:07:22 +0400 Subject: [PATCH 494/768] feat(argo-cd): Bump argocd-extension-installer to 0.0.5 (#2647) * Bump argocd-extension-installer to v0.0.5 Signed-off-by: Aleksey Sviridkin * Update docs Signed-off-by: Aleksey Sviridkin --------- Signed-off-by: Aleksey Sviridkin --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 06a52163..ae6fae89 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.12 +version: 6.7.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.7 + description: Bump argocd-extension-installer to v0.0.5 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index a9c7c446..5035e24d 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -950,7 +950,7 @@ NAME: my-release | server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | -| server.extensions.image.tag | string | `"v0.0.1"` | Tag to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5f6d0d0b..f7053281 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1682,7 +1682,7 @@ server: # -- Repository to use for extension installer image repository: "quay.io/argoprojlabs/argocd-extension-installer" # -- Tag to use for extension installer image - tag: "v0.0.1" + tag: "v0.0.5" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From b7ccf969ad85e27b29af749ce7a02535be0a7393 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 05:55:00 +0100 Subject: [PATCH 495/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.6 (#2651) --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 0243bcd7..50c88749 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.5 +appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.1 +version: 0.41.2 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add the ability to use a headless service for the workflow controller + - kind: changed + description: Bump argo-workflows to v3.5.6 From 03003fff0e348113464c9687737d13cfca560d21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 19:47:40 +0200 Subject: [PATCH 496/768] chore(deps): bump azure/setup-helm from 4.1.0 to 4.2.0 (#2652) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/publish.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index d28d2fce..aee46a66 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -27,7 +27,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.10.1 # Also update in publish.yaml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9584e09a..c84c90f7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.10.1 # Also update in lint-and-test.yaml From 71899cb56a763c23b3ba841b7d40da528c97a350 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 19:49:00 +0200 Subject: [PATCH 497/768] chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#2654) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/renovate.yaml | 2 +- .github/workflows/scorecard.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index aee46a66..f3c26ae6 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c84c90f7..f1403a97 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f3a6ac6b..8de05921 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Self-hosted Renovate uses: renovatebot/github-action@2e021d24483d81e77e0e902d0809adfbfff276fc # v40.1.10 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 971961e7..6683eb3b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false From ae7fd924dc5a6fee6fefde587866ab1f6ba174f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 20:09:35 +0200 Subject: [PATCH 498/768] chore(deps): bump pascalgn/size-label-action from 0.5.0 to 0.5.2 (#2653) --- .github/workflows/pr-sizing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 01af9781..04d2b6b4 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@37a5ad4ae20ea8032abf169d953bcd661fd82cd3 # v0.5.0 + - uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 # v0.5.2 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 895b26a3cbf9cb475d92a1a4bece76bbff9845d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Apr 2024 21:17:51 +0200 Subject: [PATCH 499/768] chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#2655) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6683eb3b..eb0fcbf1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 with: name: SARIF file path: results.sarif From 7ad09a972f2610ed8d65e8d090df090cd1eed5b5 Mon Sep 17 00:00:00 2001 From: Bojan Raic Date: Sun, 21 Apr 2024 22:54:13 +0200 Subject: [PATCH 500/768] feat(argo-cd): Pre-set `statusbadge.url` value to `global.domain` (#2657) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ae6fae89..b5a874df 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.13 +version: 6.7.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-extension-installer to v0.0.5 + description: Pre-set statusbadge.url value to global.domain value diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 5dc957a2..f8b64780 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -164,6 +164,7 @@ Argo Configuration Preset Values (Incluenced by Values configuration) {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} +{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} {{- if .Values.configs.styles -}} {{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} From da0068075833e9a58d129f3963fb915819d8a062 Mon Sep 17 00:00:00 2001 From: Bojan Raic Date: Wed, 24 Apr 2024 09:07:57 +0200 Subject: [PATCH 501/768] fix(argo-cd): Pre-set `statusbadge.url` only when statusbadge is enabled (#2658) - Add `statusbadge.enabled` to values.yaml as `false` - Pre-set `statusbadge.url` to `global.domain` URL only when `statusbadge.enabled` is `true` - Update README.md - Fix a minor comment typo Signed-off-by: Bojan Raic --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/_helpers.tpl | 4 +++- charts/argo-cd/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b5a874df..80e944ca 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.14 +version: 6.7.15 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Pre-set statusbadge.url value to global.domain value + description: Pre-set statusbadge.url to global.domain when statusbadge is enabled diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5035e24d..b76423fa 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -663,6 +663,7 @@ NAME: my-release | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | +| configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | | configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | | configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository | | configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index f8b64780..589dd002 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -159,12 +159,14 @@ Create the name of the notifications service account to use {{- end -}} {{/* -Argo Configuration Preset Values (Incluenced by Values configuration) +Argo Configuration Preset Values (Influenced by Values configuration) */}} {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} +{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}} {{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} +{{- end -}} {{- if .Values.configs.styles -}} {{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} {{- end -}} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f7053281..529e6d94 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -180,6 +180,10 @@ configs: # -- Timeout to refresh application data as well as target manifests cache timeout.hard.reconciliation: 0s + # -- Enable Status Badge + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/ + statusbadge.enabled: false + # Dex configuration # dex.config: | # connectors: From 93b7a946503d2b0a7cfe09ac619d91e7c9d16c83 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 25 Apr 2024 23:12:35 +0900 Subject: [PATCH 502/768] chore(deps): update actions/checkout action to v4.1.4 (#2662) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 8de05921..cbfae5ad 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Self-hosted Renovate uses: renovatebot/github-action@2e021d24483d81e77e0e902d0809adfbfff276fc # v40.1.10 From d82efb40cb1f491735b353b05a5954e9e4e178ce Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 26 Apr 2024 15:21:13 +0100 Subject: [PATCH 503/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.8 (#2665) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 80e944ca..9d237a9f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.7 +appVersion: v2.10.8 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.15 +version: 6.7.16 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Pre-set statusbadge.url to global.domain when statusbadge is enabled + description: Bump argo-cd to v2.10.8 From 42bfba2cc83633c75b8aa0fd32ae58ed749cd8b6 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 26 Apr 2024 20:35:49 +0100 Subject: [PATCH 504/768] feat(argo-cd): added jq path expression timeout (#2666) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../templates/argocd-application-controller/deployment.yaml | 6 ++++++ .../argocd-application-controller/statefulset.yaml | 6 ++++++ charts/argo-cd/values.yaml | 6 ++++++ 5 files changed, 22 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9d237a9f..9be5d54e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.10.8 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.16 +version: 6.7.17 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.10.8 + - kind: added + description: JQ Path expression timeout diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b76423fa..7c3e4d4a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -678,6 +678,7 @@ NAME: my-release | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | +| configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | | configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | | configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index c0dc1460..dc26a8db 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -268,6 +268,12 @@ spec: name: argocd-cmd-params-cm key: controller.diff.server.side optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 14c3653e..208f358f 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -267,6 +267,12 @@ spec: name: argocd-cmd-params-cm key: controller.diff.server.side optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 529e6d94..4ab533d0 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -272,6 +272,12 @@ configs: ## Set comma-separated list. (e.g. app-team-one, app-team-two) application.namespaces: "" + # -- JQ Path expression timeout + ## By default, the evaluation of a JQPathExpression is limited to one second. + ## If you encounter a "JQ patch execution timed out" error message due to a complex JQPathExpression + ## that requires more time to evaluate, you can extend the timeout period. + controller.ignore.normalizer.jq.timeout: "1s" + # Argo CD RBAC policy configuration ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md rbac: From 95b9a947011a940821c6a99d77480d0827e3beb2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:23:23 +0900 Subject: [PATCH 505/768] chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#2671) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.3...0ad4b8fadaa221de15dcec353f45205ec38ea70b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index f3c26ae6..4aac42e5 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f1403a97..619e19d7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index eb0fcbf1..a4ec53c6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: persist-credentials: false From 937a1702a1fb3158a19ad298f4a1e2652634ddae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:26:20 +0900 Subject: [PATCH 506/768] chore(deps): bump helm/kind-action from 1.9.0 to 1.10.0 (#2670) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/99576bfa6ddf9a8e612d83b513da5a75875caced...0025e74a8c7512023d06dc019c617aa3cf561fde) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 4aac42e5..41ec8336 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From dafe207ae1a274f04bf632a97933c679dda78072 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:30:59 +0900 Subject: [PATCH 507/768] chore(deps): bump amannn/action-semantic-pull-request from 5.4.0 to 5.5.2 (#2669) chore(deps): bump amannn/action-semantic-pull-request Bumps [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) from 5.4.0 to 5.5.2. - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/e9fabac35e210fea40ca5b14c0da95a099eff26f...cfb60706e18bc85e8aec535e3c577abe8f70378e) --- updated-dependencies: - dependency-name: amannn/action-semantic-pull-request dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 256b1c38..9828761b 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From 1119c0d8ccab5c0df03e487255c4ace4508f3345 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:31:51 +0900 Subject: [PATCH 508/768] chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#2668) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/1746f4ab65b179e0ea60a494b83293b640dd5bba...65462800fd760344b1a7b4382951275a0abb4808) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a4ec53c6..96b1ed0b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif From 9c1e15abf3c0a24bfe45ef83bcb12131a6d25862 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 29 Apr 2024 22:56:09 +0900 Subject: [PATCH 509/768] chore(deps): update renovatebot/github-action action to v40.1.11 (#2672) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index cbfae5ad..e1e47026 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Self-hosted Renovate - uses: renovatebot/github-action@2e021d24483d81e77e0e902d0809adfbfff276fc # v40.1.10 + uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 65e99a1c04bad5cbc47398204f92a136e3e57bb3 Mon Sep 17 00:00:00 2001 From: Mykyta Orlov Date: Mon, 29 Apr 2024 23:29:49 +0300 Subject: [PATCH 510/768] fix(argo-workflows): hyphen typo in values.yaml comment (#2673) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 2 +- charts/argo-workflows/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 50c88749..1b9d5109 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.2 +version: 0.41.3 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.5.6 + description: Fix hyphen typo in values.yaml comments diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index e8d99b6d..da4c388c 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -339,7 +339,7 @@ Fields to note: | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | | server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | | server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | -| server.sso.redirectUrl | string | `""` | | +| server.sso.redirectUrl | string | `""` | The OIDC redirect URL. Should be in the form /oauth2/callback. | | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 89fa1753..6bc461f2 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -700,7 +700,7 @@ server: name: argo-server-sso # -- Key of a secret to retrieve the app OIDC client secret key: client-secret - # - The OIDC redirect URL. Should be in the form /oauth2/callback. + # -- The OIDC redirect URL. Should be in the form /oauth2/callback. redirectUrl: "" rbac: # -- Adds ServiceAccount Policy to server (Cluster)Role. From b9e4a3fd3413ca0adeb6036536ab678badfee319 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 18:14:03 +0100 Subject: [PATCH 511/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.10.9 (#2674) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9be5d54e..8c0db468 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.8 +appVersion: v2.10.9 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.17 +version: 6.7.18 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: JQ Path expression timeout + - kind: changed + description: Bump argo-cd to v2.10.9 From 6c0874513635516da103ca0d8c78566f27eb1779 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 1 May 2024 10:49:58 +0100 Subject: [PATCH 512/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.332.0 (#2675) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e1e47026..ff81e146 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.278.0 + renovate-version: 37.332.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 966b745e7b2bed105bc838e35b1a0396cb8040ea Mon Sep 17 00:00:00 2001 From: Daniel Beilin <144586547+dbeilin@users.noreply.github.com> Date: Wed, 1 May 2024 06:37:24 -0700 Subject: [PATCH 513/768] feat(argo-workflows): Allow adding additional ServiceAccounts to RoleBinding (#2676) remove unnecessary if statements Signed-off-by: Daniel Beilin Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ .../templates/controller/workflow-controller-crb.yaml | 5 +++++ .../argo-workflows/templates/controller/workflow-rb.yaml | 9 ++++++--- charts/argo-workflows/values.yaml | 8 ++++++++ 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 1b9d5109..942eeadf 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.3 +version: 0.41.4 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Fix hyphen typo in values.yaml comments + - kind: added + description: Added option to add service accounts to RoleBindings diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index da4c388c..662b63fd 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -134,6 +134,7 @@ Fields to note: |-----|------|---------|-------------| | workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. | | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) | +| workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding | | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created | | workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account | @@ -146,6 +147,7 @@ Fields to note: |-----|------|---------|-------------| | controller.affinity | object | `{}` | Assign custom [affinity] rules | | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | +| controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | | controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | | controller.configMap.name | string | `""` | ConfigMap name | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 69883f60..93e0557b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -41,5 +41,10 @@ subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} namespace: {{ include "argo-workflows.namespace" . | quote }} +{{- range .Values.controller.clusterWorkflowTemplates.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index 4402a722..ec5ac172 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -17,8 +17,11 @@ roleRef: subjects: - kind: ServiceAccount name: {{ $.Values.workflow.serviceAccount.name }} - {{- with $namespace }} - namespace: {{ . }} - {{- end }} + namespace: {{ $namespace }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 6bc461f2..0c5e624d 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -69,6 +69,10 @@ workflow: # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) create: true + # -- Extra service accounts to be added to the RoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace controller: image: @@ -361,6 +365,10 @@ controller: clusterWorkflowTemplates: # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. enabled: true + # -- Extra service accounts to be added to the ClusterRoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace # -- Extra containers to be added to the controller deployment extraContainers: [] From 35bc505bec7c8e5ada964772e1d2dbe1625c2374 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 2 May 2024 16:57:37 +0200 Subject: [PATCH 514/768] chore(deps): update actions/create-github-app-token action to v1.10.0 (#2677) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index ff81e146..9487c1fe 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3 + uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 0882bfcbd69d1405afc383733cfc328c2970ff29 Mon Sep 17 00:00:00 2001 From: mitchell amihod Date: Sun, 5 May 2024 20:24:13 -0400 Subject: [PATCH 515/768] feat(argo-rollouts): Add podLabels at the controller & dashboard level (#2678) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 2 ++ charts/argo-rollouts/templates/controller/deployment.yaml | 2 +- charts/argo-rollouts/templates/dashboard/deployment.yaml | 2 +- charts/argo-rollouts/values.yaml | 4 ++++ 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 307965b9..6a4645f9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.35.1 +version: 2.35.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Allow minimum set of RBAC rules for Gateway API resources + description: Added pod labels for the controller and the dashboard components diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index eb30e7ee..d5d11c26 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -116,6 +116,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | controller.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | | controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | +| controller.podLabels | object | `{}` | Labels to be added to the application controller pods | | controller.priorityClassName | string | `""` | [priorityClassName] for the controller | | controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller | | controller.replicas | int | `2` | The number of controller pods to run | @@ -168,6 +169,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | | dashboard.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | | dashboard.podAnnotations | object | `{}` | Annotations to be added to application dashboard pods | +| dashboard.podLabels | object | `{}` | Labels to be added to the application dashboard pods | | dashboard.podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | | dashboard.priorityClassName | string | `""` | [priorityClassName] for the dashboard server | | dashboard.readonly | bool | `false` | Set cluster role to readonly | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 25301e22..0d4c5281 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -34,7 +34,7 @@ spec: labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.controller.component }} - {{- range $key, $value := .Values.podLabels }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.controller.podLabels) }} {{ $key }}: {{ $value | quote }} {{- end }} spec: diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index 1c1d70c3..e2918f40 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -35,7 +35,7 @@ spec: labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: {{ .Values.dashboard.component }} - {{- range $key, $value := .Values.podLabels }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.dashboard.podLabels) }} {{ $key }}: {{ $value | quote }} {{- end }} spec: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 8f3f10b4..f9ae582c 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -53,6 +53,8 @@ controller: deploymentLabels: {} # -- Annotations to be added to application controller pods podAnnotations: {} + # -- Labels to be added to the application controller pods + podLabels: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints @@ -295,6 +297,8 @@ dashboard: deploymentLabels: {} # -- Annotations to be added to application dashboard pods podAnnotations: {} + # -- Labels to be added to the application dashboard pods + podLabels: {} # -- [Node selector] nodeSelector: {} # -- [Tolerations] for use with node taints From 1098ce1287de74ac0d189b5f5d099e98abd9914b Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Wed, 8 May 2024 09:21:09 +0300 Subject: [PATCH 516/768] feat(argo-cd): Upgrade argocd to 2.11.0 + crd changes (#2681) --- charts/argo-cd/Chart.yaml | 6 +- .../argocd-repo-server/deployment.yaml | 6 ++ .../templates/crds/crd-application.yaml | 68 +++++++++++++ .../templates/crds/crd-applicationset.yaml | 96 +++++++++++++++++++ 4 files changed, 173 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8c0db468..204e9d31 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10.9 +appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.18 +version: 6.8.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.10.9 + description: Bump argo-cd to v2.11.0 diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 84804ac6..dca27426 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -268,6 +268,12 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 9869efbb..686626ba 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -353,6 +353,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -688,6 +692,10 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1137,6 +1145,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1462,6 +1474,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1736,6 +1752,19 @@ spec: description: ID is an auto incrementing identifier of the RevisionHistory format: int64 type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object revision: description: Revision holds the revision the sync was performed against @@ -1940,6 +1969,10 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -2278,6 +2311,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -2761,6 +2799,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3117,6 +3160,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3587,6 +3635,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3936,6 +3989,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -4428,6 +4486,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -4777,6 +4840,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 323beb27..032c24ea 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -267,6 +267,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -481,6 +483,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -854,6 +858,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -1068,6 +1074,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -1445,6 +1453,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -1659,6 +1669,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2016,6 +2028,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2230,6 +2244,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2609,6 +2625,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -2823,6 +2841,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -3196,6 +3216,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -3410,6 +3432,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -3787,6 +3811,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4001,6 +4027,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4358,6 +4386,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4572,6 +4602,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -4937,6 +4969,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5151,6 +5185,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5698,6 +5734,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5912,6 +5950,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -6454,6 +6494,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -6668,6 +6710,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7039,6 +7083,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7253,6 +7299,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7634,6 +7682,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7848,6 +7898,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8221,6 +8273,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8435,6 +8489,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8812,6 +8868,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9026,6 +9084,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9383,6 +9443,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9597,6 +9659,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9962,6 +10026,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10176,6 +10242,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10723,6 +10791,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10937,6 +11007,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -11479,6 +11551,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -11693,6 +11767,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12068,6 +12144,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12282,6 +12360,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12646,6 +12726,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12860,6 +12942,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -13407,6 +13491,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -13621,6 +13707,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14163,6 +14251,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14377,6 +14467,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14823,6 +14915,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -15037,6 +15131,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: From dcdcff217698f414a4dd9e4394705e6a442ece3f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 8 May 2024 22:58:26 -0500 Subject: [PATCH 517/768] chore(deps): update actions/checkout action to v4.1.5 (#2683) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 9487c1fe..4aa9875a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Self-hosted Renovate uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 From 63306b32f8033ac02a5a2425b67ea3011dce408c Mon Sep 17 00:00:00 2001 From: Thomas Decaux Date: Fri, 10 May 2024 04:32:34 -0400 Subject: [PATCH 518/768] feat(argo-cd): Always install applicationset crd (#2682) * Install applicationset crd always ApplicationSet is required by argocd-server, cannot be "opt-out". If ApplicationSet CRD is not installed, we see lot of errors: ``` W0507 19:44:33.469804 7 reflector.go:424] pkg/mod/k8s.io/client-go@v0.26.11/tools/cache/reflector.go:169: failed to list *v1alpha1.ApplicationSet: the server could not find the requested resource (get applicationsets.argoproj.io) E0507 19:44:33.469828 7 reflector.go:140] pkg/mod/k8s.io/client-go@v0.26.11/tools/cache/reflector.go:169: Failed to watch *v1alpha1.ApplicationSet: failed to list *v1alpha1.ApplicationSet: the server could not find the requested resource (get applicationsets.argoproj.io) ``` Signed-off-by: Thomas Decaux * Bump chart version Signed-off-by: Thomas Decaux * Bump Chart.yaml patch version Signed-off-by: Thomas Decaux * Update Chart.yaml changelog Signed-off-by: Thomas Decaux --------- Signed-off-by: Thomas Decaux Co-authored-by: Petr Drastil Co-authored-by: yuki.kitakata --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/crds/crd-applicationset.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 204e9d31..fd726110 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.8.0 +version: 6.8.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.11.0 + description: Always install applicationset crd diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 032c24ea..6414d832 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.crds.install .Values.applicationSet.enabled }} +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: From 8e2f3d5bc07848604664236065e2d1194c1a8681 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 11 May 2024 05:04:44 -0500 Subject: [PATCH 519/768] chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#2687) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 41ec8336..50bb6a84 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 619e19d7..2894d4fc 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 96b1ed0b..714f2976 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: persist-credentials: false From 3693ed427028c581ce806a96da12627b9743ccfe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 11 May 2024 19:08:12 +0900 Subject: [PATCH 520/768] chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#2686) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 714f2976..b81bf415 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif From 510261328f083edfb206f85da8c6be7898ac9762 Mon Sep 17 00:00:00 2001 From: "yuki.kitakata" Date: Mon, 13 May 2024 13:31:48 +0900 Subject: [PATCH 521/768] fix(argo-cd): Always create ApplicationSet as following upstream (#2688) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 4 +++- charts/argo-cd/README.md.gotmpl | 3 +++ charts/argo-cd/templates/_helpers.tpl | 4 +--- charts/argo-cd/templates/aggregate-roles.yaml | 6 ------ .../argo-cd/templates/argocd-applicationset/deployment.yaml | 2 -- charts/argo-cd/templates/argocd-applicationset/ingress.yaml | 2 +- charts/argo-cd/templates/argocd-applicationset/metrics.yaml | 2 +- .../templates/argocd-applicationset/networkpolicy.yaml | 2 +- charts/argo-cd/templates/argocd-applicationset/pdb.yaml | 2 +- charts/argo-cd/templates/argocd-applicationset/role.yaml | 2 -- .../templates/argocd-applicationset/rolebinding.yaml | 2 -- charts/argo-cd/templates/argocd-applicationset/service.yaml | 2 -- .../templates/argocd-applicationset/serviceaccount.yaml | 2 +- .../templates/argocd-applicationset/servicemonitor.yaml | 2 -- .../argo-cd/templates/argocd-repo-server/networkpolicy.yaml | 2 -- charts/argo-cd/templates/argocd-server/role.yaml | 2 -- charts/argo-cd/values.yaml | 3 --- 18 files changed, 14 insertions(+), 34 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index fd726110..3d992838 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.8.1 +version: 6.9.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Always install applicationset crd + description: Always create ApplicationSet as following upstream diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7c3e4d4a..984b3c61 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -278,6 +278,9 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.9.0 +ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). + ### 6.4.0 Added support for application controller dynamic cluster distribution. @@ -1341,7 +1344,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | | applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller | -| applicationSet.enabled | bool | `true` | Enable ApplicationSet controller | | applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | | applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | | applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller | diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 62c1759d..97a967df 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -278,6 +278,9 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.9.0 +ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). + ### 6.4.0 Added support for application controller dynamic cluster distribution. diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 589dd002..5ec03d90 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -196,6 +196,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}} {{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}} {{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} {{- if .Values.dex.enabled -}} {{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}} {{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}} @@ -204,9 +205,6 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} {{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} {{- end -}} -{{- if .Values.applicationSet.enabled -}} -{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} -{{- end -}} {{- toYaml $presets }} {{- end -}} diff --git a/charts/argo-cd/templates/aggregate-roles.yaml b/charts/argo-cd/templates/aggregate-roles.yaml index ba93d548..12d0e006 100644 --- a/charts/argo-cd/templates/aggregate-roles.yaml +++ b/charts/argo-cd/templates/aggregate-roles.yaml @@ -11,9 +11,7 @@ rules: - argoproj.io resources: - applications - {{- if .Values.applicationSet.enabled }} - applicationsets - {{- end }} - appprojects verbs: - get @@ -33,9 +31,7 @@ rules: - argoproj.io resources: - applications - {{- if .Values.applicationSet.enabled }} - applicationsets - {{- end }} - appprojects verbs: - create @@ -60,9 +56,7 @@ rules: - argoproj.io resources: - applications - {{- if .Values.applicationSet.enabled }} - applicationsets - {{- end }} - appprojects verbs: - create diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 0b6a51fb..1c75150d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -332,4 +331,3 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.applicationSet.dnsPolicy }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index fbaa862b..f7fb4142 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.ingress.enabled -}} +{{- if .Values.applicationSet.ingress.enabled -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index ad26d22d..16154c81 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.metrics.enabled }} +{{- if .Values.applicationSet.metrics.enabled }} apiVersion: v1 kind: Service metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index c6333f88..fee5a80c 100644 --- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} +{{- if and .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml index 8f179032..16134160 100644 --- a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.pdb.enabled }} +{{- if .Values.applicationSet.pdb.enabled }} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: diff --git a/charts/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml index f8f55405..f33e776d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -86,4 +85,3 @@ rules: - patch - update - watch -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml index a012f1ed..daf8c799 100644 --- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -14,4 +13,3 @@ subjects: - kind: ServiceAccount name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index e3a07b6f..199c8374 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} apiVersion: v1 kind: Service metadata: @@ -23,4 +22,3 @@ spec: targetPort: webhook selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index 7c0cf017..07839606 100644 --- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.applicationSet.enabled .Values.applicationSet.serviceAccount.create }} +{{- if .Values.applicationSet.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 8bcb6ca0..11ddd553 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -1,4 +1,3 @@ -{{- if .Values.applicationSet.enabled }} {{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor @@ -49,4 +48,3 @@ spec: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }} {{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml index 08a1c214..8d2b66b5 100644 --- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -20,11 +20,9 @@ spec: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }} {{- end }} - {{- if .Values.applicationSet.enabled }} - podSelector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }} - {{- end }} ports: - port: repo-server protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 1a2b3851..570d07fd 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -23,9 +23,7 @@ rules: - argoproj.io resources: - applications - {{- if .Values.applicationSet.enabled }} - applicationsets - {{- end }} - appprojects verbs: - create diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 4ab533d0..c3cbf9be 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2638,9 +2638,6 @@ repoServer: ## ApplicationSet controller applicationSet: - # -- Enable ApplicationSet controller - enabled: true - # -- ApplicationSet controller name string name: applicationset-controller From 87f717656a2a10af0277d3df6805a0c89ae85a27 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Tue, 14 May 2024 00:59:03 +0200 Subject: [PATCH 522/768] fix(argo-cd): Fix Service configuration for Argo server (#2690) Signed-off-by: Petr Drastil --- charts/argo-cd/Chart.yaml | 10 ++-- charts/argo-cd/README.md | 5 +- .../templates/argocd-server/service.yaml | 53 +++++++++---------- charts/argo-cd/values.yaml | 12 +++-- 4 files changed, 44 insertions(+), 36 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3d992838..bea2c90e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.9.0 +version: 6.9.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,9 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Always create ApplicationSet as following upstream + - kind: fixed + description: Service option externalIPs is available for all service types + - kind: fixed + description: Service option externalTrafficPolicy is available only for Service types LoadBalancer and NodePort + - kind: fixed + description: Load balancer options are available only for Service type LoadBalancer diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 984b3c61..596caabd 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1044,7 +1044,7 @@ NAME: my-release | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | | server.service.annotations | object | `{}` | Server service annotations | | server.service.externalIPs | list | `[]` | Server service external IPs | -| server.service.externalTrafficPolicy | string | `""` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | +| server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | | server.service.labels | object | `{}` | Server service labels | | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | @@ -1053,8 +1053,9 @@ NAME: my-release | server.service.servicePortHttp | int | `80` | Server service http port | | server.service.servicePortHttpName | string | `"http"` | Server service http port name, can be used to route traffic via istio | | server.service.servicePortHttps | int | `443` | Server service https port | +| server.service.servicePortHttpsAppProtocol | string | `""` | Server service https port appProtocol | | server.service.servicePortHttpsName | string | `"https"` | Server service https port name, can be used to route traffic via istio | -| server.service.sessionAffinity | string | `""` | Used to maintain session affinity. Supports `ClientIP` and `None` | +| server.service.sessionAffinity | string | `"None"` | Used to maintain session affinity. Supports `ClientIP` and `None` | | server.service.type | string | `"ClusterIP"` | Server service type | | server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | server.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index b9881f88..61ad81d0 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -1,21 +1,37 @@ apiVersion: v1 kind: Service metadata: -{{- if .Values.server.service.annotations }} - annotations: - {{- range $key, $value := .Values.server.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} name: {{ template "argo-cd.server.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -{{- if .Values.server.service.labels }} -{{- toYaml .Values.server.service.labels | nindent 4 }} -{{- end }} + {{- with .Values.server.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: type: {{ .Values.server.service.type }} + {{- with .Values.server.service.externalIPs }} + externalIPs: {{ . }} + {{- end }} + {{- if or (eq .Values.server.service.type "LoadBalancer") (eq .Values.server.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} + {{- end }} + {{- if eq .Values.server.service.type "LoadBalancer" }} + {{- with .Values.server.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + sessionAffinity: {{ .Values.server.service.sessionAffinity }} ports: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP @@ -36,21 +52,4 @@ spec: {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} -{{- if eq .Values.server.service.type "LoadBalancer" }} -{{- if .Values.server.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }} -{{- end }} -{{- if .Values.server.service.externalIPs }} - externalIPs: {{ .Values.server.service.externalIPs }} -{{- end }} -{{- if .Values.server.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end -}} -{{- with .Values.server.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ . }} -{{- end }} -{{- with .Values.server.service.sessionAffinity }} - sessionAffinity: {{ . }} -{{- end }} + diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c3cbf9be..5df19e89 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1972,18 +1972,22 @@ server: servicePortHttpName: http # -- Server service https port name, can be used to route traffic via istio servicePortHttpsName: https - # -- Server service https port appProtocol. (should be upper case - i.e. HTTPS) - # servicePortHttpsAppProtocol: HTTPS + # -- Server service https port appProtocol + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + servicePortHttpsAppProtocol: "" # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service loadBalancerSourceRanges: [] # -- Server service external IPs externalIPs: [] # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - externalTrafficPolicy: "" + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: Cluster # -- Used to maintain session affinity. Supports `ClientIP` and `None` - sessionAffinity: "" + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + sessionAffinity: None ## Server metrics service configuration metrics: From 7be9b016fb061e325cc5a4751739242c3bc45d59 Mon Sep 17 00:00:00 2001 From: Andres Vara <46708607+andres-vara@users.noreply.github.com> Date: Tue, 14 May 2024 17:17:31 +0200 Subject: [PATCH 523/768] feat(argo-cd): Support ability to set .Values.namespaceOverride (#2679) * feat(argo-workflows): Allow adding additional ServiceAccounts to RoleBinding (#2676) remove unnecessary if statements Signed-off-by: Daniel Beilin Co-authored-by: Aikawa Signed-off-by: Andres Vara Parsegov * feat(argo-cd): Support ability to set .Values.namespaceOverride Signed-off-by: Andres Vara Parsegov * fix(argo-cd): typo Signed-off-by: Andres Vara Parsegov * chore(deps): update actions/create-github-app-token action to v1.10.0 (#2677) Co-authored-by: renovate[bot] Signed-off-by: Andres Vara Parsegov * feat(argo-rollouts): Add podLabels at the controller & dashboard level (#2678) Signed-off-by: Andres Vara Parsegov * feat(argo-cd): Support ability to set .Values.namespaceOverride Signed-off-by: Andres Vara Parsegov * fix(argo-cd): typo Signed-off-by: Andres Vara Parsegov * fix(argo-cd): autocorrection Signed-off-by: Andres Vara Parsegov * fix(argo-cd): typos Signed-off-by: Andres Vara Parsegov * fix(argo-cd): typos Signed-off-by: Andres Vara Parsegov * removed auota Signed-off-by: Andres Vara Parsegov * Update Chart.yaml Signed-off-by: Andres Vara <46708607+andres-vara@users.noreply.github.com> --------- Signed-off-by: Daniel Beilin Signed-off-by: Andres Vara Parsegov Signed-off-by: Andres Vara <46708607+andres-vara@users.noreply.github.com> Co-authored-by: Daniel Beilin <144586547+dbeilin@users.noreply.github.com> Co-authored-by: Aikawa Co-authored-by: Andres Vara Parsegov Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] Co-authored-by: mitchell amihod --- charts/argo-cd/Chart.yaml | 10 +++------- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/_helpers.tpl | 8 ++++++++ .../clusterrolebinding.yaml | 2 +- .../argocd-application-controller/deployment.yaml | 2 +- .../argocd-application-controller/metrics.yaml | 2 +- .../argocd-application-controller/networkpolicy.yaml | 2 +- .../templates/argocd-application-controller/pdb.yaml | 2 +- .../templates/argocd-application-controller/role.yaml | 2 +- .../argocd-application-controller/rolebinding.yaml | 8 ++++---- .../argocd-application-controller/serviceaccount.yaml | 2 +- .../argocd-application-controller/servicemonitor.yaml | 2 +- .../argocd-application-controller/statefulset.yaml | 2 +- .../templates/argocd-applicationset/certificate.yaml | 2 +- .../templates/argocd-applicationset/clusterrole.yaml | 2 +- .../argocd-applicationset/clusterrolebinding.yaml | 4 ++-- .../templates/argocd-applicationset/deployment.yaml | 2 +- .../templates/argocd-applicationset/ingress.yaml | 2 +- .../templates/argocd-applicationset/metrics.yaml | 2 +- .../templates/argocd-applicationset/networkpolicy.yaml | 2 +- .../argo-cd/templates/argocd-applicationset/pdb.yaml | 2 +- .../argo-cd/templates/argocd-applicationset/role.yaml | 2 +- .../templates/argocd-applicationset/rolebinding.yaml | 4 ++-- .../templates/argocd-applicationset/service.yaml | 2 +- .../argocd-applicationset/serviceaccount.yaml | 2 +- .../argocd-applicationset/servicemonitor.yaml | 2 +- charts/argo-cd/templates/argocd-configs/argocd-cm.yaml | 2 +- .../templates/argocd-configs/argocd-cmd-params-cm.yaml | 2 +- .../templates/argocd-configs/argocd-cmp-cm.yaml | 2 +- .../argocd-configs/argocd-dex-server-tls-secret.yaml | 2 +- .../templates/argocd-configs/argocd-gpg-keys-cm.yaml | 2 +- .../argocd-configs/argocd-notifications-cm.yaml | 2 +- .../argocd-configs/argocd-notifications-secret.yaml | 2 +- .../templates/argocd-configs/argocd-rbac-cm.yaml | 2 +- .../argocd-configs/argocd-repo-server-tls-secret.yaml | 2 +- .../templates/argocd-configs/argocd-secret.yaml | 2 +- .../argocd-configs/argocd-server-tls-secret.yaml | 2 +- .../argocd-configs/argocd-ssh-known-hosts-cm.yaml | 2 +- .../templates/argocd-configs/argocd-styles-cm.yaml | 2 +- .../templates/argocd-configs/argocd-tls-certs-cm.yaml | 2 +- .../templates/argocd-configs/externalredis-secret.yaml | 2 +- .../argocd-notifications/clusterrolebinding.yaml | 2 +- .../templates/argocd-notifications/deployment.yaml | 4 ++-- .../templates/argocd-notifications/metrics.yaml | 2 +- .../templates/argocd-notifications/networkpolicy.yaml | 2 +- charts/argo-cd/templates/argocd-notifications/pdb.yaml | 2 +- .../argo-cd/templates/argocd-notifications/role.yaml | 2 +- .../templates/argocd-notifications/rolebinding.yaml | 4 ++-- .../templates/argocd-notifications/serviceaccount.yaml | 2 +- .../templates/argocd-notifications/servicemonitor.yaml | 2 +- .../argocd-repo-server/clusterrolebinding.yaml | 2 +- .../templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/hpa.yaml | 2 +- .../argo-cd/templates/argocd-repo-server/metrics.yaml | 2 +- .../templates/argocd-repo-server/networkpolicy.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/pdb.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/role.yaml | 2 +- .../templates/argocd-repo-server/rolebinding.yaml | 4 ++-- .../argo-cd/templates/argocd-repo-server/service.yaml | 4 ++-- .../templates/argocd-repo-server/serviceaccount.yaml | 2 +- .../templates/argocd-repo-server/servicemonitor.yaml | 2 +- .../argo-cd/templates/argocd-server/aws/ingress.yaml | 2 +- .../argo-cd/templates/argocd-server/aws/service.yaml | 2 +- .../argo-cd/templates/argocd-server/certificate.yaml | 2 +- .../templates/argocd-server/clusterrolebinding.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- .../templates/argocd-server/gke/backendconfig.yaml | 2 +- .../templates/argocd-server/gke/frontendconfig.yaml | 2 +- .../argo-cd/templates/argocd-server/gke/ingress.yaml | 2 +- .../argocd-server/gke/managedcertificate.yaml | 2 +- charts/argo-cd/templates/argocd-server/hpa.yaml | 2 +- .../argo-cd/templates/argocd-server/ingress-grpc.yaml | 2 +- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- charts/argo-cd/templates/argocd-server/metrics.yaml | 2 +- .../argo-cd/templates/argocd-server/networkpolicy.yaml | 2 +- .../templates/argocd-server/openshift/route.yaml | 2 +- charts/argo-cd/templates/argocd-server/pdb.yaml | 2 +- charts/argo-cd/templates/argocd-server/role.yaml | 2 +- .../argo-cd/templates/argocd-server/rolebinding.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/service.yaml | 2 +- .../templates/argocd-server/serviceaccount.yaml | 2 +- .../templates/argocd-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/dex/deployment.yaml | 2 +- charts/argo-cd/templates/dex/networkpolicy.yaml | 2 +- charts/argo-cd/templates/dex/pdb.yaml | 2 +- charts/argo-cd/templates/dex/role.yaml | 4 ++-- charts/argo-cd/templates/dex/rolebinding.yaml | 4 ++-- charts/argo-cd/templates/dex/service.yaml | 2 +- charts/argo-cd/templates/dex/serviceaccount.yaml | 2 +- charts/argo-cd/templates/dex/servicemonitor.yaml | 2 +- .../argo-cd/templates/networkpolicy-default-deny.yaml | 2 +- charts/argo-cd/templates/redis/deployment.yaml | 2 +- charts/argo-cd/templates/redis/health-configmap.yaml | 2 +- charts/argo-cd/templates/redis/metrics.yaml | 2 +- charts/argo-cd/templates/redis/networkpolicy.yaml | 2 +- charts/argo-cd/templates/redis/pdb.yaml | 2 +- charts/argo-cd/templates/redis/service.yaml | 2 +- charts/argo-cd/templates/redis/serviceaccount.yaml | 2 +- charts/argo-cd/templates/redis/servicemonitor.yaml | 2 +- charts/argo-cd/values.yaml | 3 +++ 100 files changed, 123 insertions(+), 115 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index bea2c90e..83409042 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.9.1 +version: 6.9.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,9 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Service option externalIPs is available for all service types - - kind: fixed - description: Service option externalTrafficPolicy is available only for Service types LoadBalancer and NodePort - - kind: fixed - description: Load balancer options are available only for Service type LoadBalancer + - kind: added + description: Support ability to set .Values.namespaceOverride diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 596caabd..3f196f82 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -622,6 +622,7 @@ NAME: my-release | fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `"argocd"` | Provide a name in place of `argocd` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | | openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server | ## Global Configs diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 5ec03d90..67af632c 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -218,3 +218,11 @@ Merge Argo Params Configuration with Preset Configuration {{ $key }}: {{ toString $value | toYaml }} {{- end }} {{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-cd.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 7b6df782..6076c531 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index dc26a8db..23d2a7ad 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml index 01b7a779..c3ceb047 100644 --- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.controller.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} {{- with .Values.controller.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml index e7448c52..db1ee7c2 100644 --- a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml index 7eaf28e1..bef09799 100644 --- a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index ea550e1f..f2aa2cfd 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml index 9a87f771..48681637 100644 --- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: @@ -10,6 +10,6 @@ roleRef: kind: Role name: {{ include "argo-cd.controller.fullname" . }} subjects: -- kind: ServiceAccount - name: {{ include "argo-cd.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index 1b9619d6..575cbf6d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.controller.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 342dbc01..4a09daf3 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 208f358f..07191359 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index 3f623614..c2d2b279 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 6ac4c1e7..9c9b9193 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index 152b31f4..af6d5297 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 1c75150d..060d20c5 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml index f7fb4142..5cdf0cfe 100644 --- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index 16154c81..06253a81 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }} {{- with .Values.applicationSet.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml index fee5a80c..3a295f77 100644 --- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml index 16134160..5d0ebc88 100644 --- a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml index f33e776d..69ebf7ee 100644 --- a/charts/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml index daf8c799..5d4f1e4a 100644 --- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: @@ -12,4 +12,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index 199c8374..91c082aa 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.service.labels }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml index 07839606..4869cad0 100644 --- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.applicationSet.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 11ddd553..9c236c45 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index c0c8bc86..6bd19f5c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} {{- with .Values.configs.cm.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml index 9d60d932..f0c81b24 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmd-params-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }} {{- if .Values.configs.params.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml index a3400605..a5d29f6c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmp-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }} {{- with .Values.configs.cmp.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml index c543e8a7..747fa13c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-dex-server-tls - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }} {{- with .Values.dex.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml index f94113a2..ed299b59 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-gpg-keys-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} {{- with .Values.configs.gpg.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml index 2a18a2fc..663862e2 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-notifications-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml index 9c261c6a..f64a91f5 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Values.notifications.secret.name }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.secret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index f9b62f76..ae48404e 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-rbac-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} {{- with .Values.configs.rbac.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml index 4e1b3dc9..8635d64e 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-server-tls - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }} {{- with .Values.repoServer.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index 9e25e376..9462be26 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-secret - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} {{- with .Values.configs.secret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml index c612a62c..97116472 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-server-tls - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }} {{- with .Values.server.certificateSecret.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index 845d219d..b0695ed3 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-ssh-known-hosts-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} {{- with .Values.configs.ssh.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml index b98e40df..77421542 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-styles-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index fa6e7433..db582e6d 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: argocd-tls-certs-cm - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} {{- with .Values.configs.tls.annotations }} diff --git a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml index 9bfcd983..c4166d1b 100644 --- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with .Values.externalRedis.secretAnnotations }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml index cfdba38a..9a6fa7c5 100644 --- a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.notifications.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index eaf35623..4bdb24f6 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: @@ -65,7 +65,7 @@ spec: - --metrics-port={{ .Values.notifications.containerPorts.metrics }} - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }} - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} - - --namespace={{ .Release.Namespace }} + - --namespace={{ include "argo-cd.namespace" . }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - --secret-name={{ .Values.notifications.secret.name }} {{- range .Values.notifications.extraArgs }} diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml index b5ce611d..b7dcfe6a 100644 --- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.notifications.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }} {{- with .Values.notifications.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml index 011a7c33..b03c26ca 100644 --- a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml @@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: {{ template "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-notifications/pdb.yaml b/charts/argo-cd/templates/argocd-notifications/pdb.yaml index 71619547..4bdf211a 100644 --- a/charts/argo-cd/templates/argocd-notifications/pdb.yaml +++ b/charts/argo-cd/templates/argocd-notifications/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-notifications/role.yaml b/charts/argo-cd/templates/argocd-notifications/role.yaml index 22eaa473..800a937a 100644 --- a/charts/argo-cd/templates/argocd-notifications/role.yaml +++ b/charts/argo-cd/templates/argocd-notifications/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml index 32324190..e2259621 100644 --- a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.notifications.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.notifications.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml index 8f58ff8d..3da8f27c 100644 --- a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.notifications.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.notifications.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 18849886..03599a6d 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml index 8531520c..d8bd88aa 100644 --- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.repoServer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index dca27426..745150e7 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index ce6ed371..7615a412 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -3,7 +3,7 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ include "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml index 514595a2..6b82796c 100644 --- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.repoServer.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} {{- with .Values.repoServer.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml index 8d2b66b5..c11ab129 100644 --- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml index 658a1fe3..f79af3d7 100644 --- a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo-cd/templates/argocd-repo-server/role.yaml index 5f9324d5..596874d4 100644 --- a/charts/argo-cd/templates/argocd-repo-server/role.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml index ea4baded..2bc88b66 100644 --- a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.repoServer.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo-cd/templates/argocd-repo-server/service.yaml index c2c43463..4412a8c9 100644 --- a/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -13,7 +13,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ports: - name: {{ .Values.repoServer.service.portName }} @@ -21,4 +21,4 @@ spec: port: {{ .Values.repoServer.service.port }} targetPort: repo-server selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} \ No newline at end of file + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index 2facd9af..9b5777f1 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.repoServer.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.repoServer.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 9ca16e74..38041de3 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }} diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml index ffe0b79b..46d24d3c 100644 --- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index 376699e3..a98ddfa2 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -7,7 +7,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }}-grpc - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ports: - name: {{ .Values.server.service.servicePortHttpName }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 84a0e62c..629d0e95 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 1e5a98fa..ce4a4d70 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -12,5 +12,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index dee9cf43..8c02805a 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml index cd040c90..515e6d74 100644 --- a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: cloud.google.com/v1 kind: BackendConfig metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.gke.backendConfig }} diff --git a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml index d8b3b1ea..ae460a38 100644 --- a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.gke.frontendConfig }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml index 160308bd..b030435b 100644 --- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml index 63c089b8..2dd6f5e9 100644 --- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index a509e569..51fe559d 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -3,7 +3,7 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 2d15b9d7..3ad5a519 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -4,7 +4,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }}-grpc - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingressGrpc.labels }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index cfd0696d..84668373 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml index 3844820e..f0797552 100644 --- a/charts/argo-cd/templates/argocd-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.server.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} {{- with .Values.server.metrics.service.labels }} diff --git a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml index 443ff359..4621e24f 100644 --- a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - {} diff --git a/charts/argo-cd/templates/argocd-server/openshift/route.yaml b/charts/argo-cd/templates/argocd-server/openshift/route.yaml index 01cb6aed..b018f724 100644 --- a/charts/argo-cd/templates/argocd-server/openshift/route.yaml +++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml @@ -3,7 +3,7 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.route.annotations }} diff --git a/charts/argo-cd/templates/argocd-server/pdb.yaml b/charts/argo-cd/templates/argocd-server/pdb.yaml index adc47aec..6bc93305 100644 --- a/charts/argo-cd/templates/argocd-server/pdb.yaml +++ b/charts/argo-cd/templates/argocd-server/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.pdb.labels }} diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 570d07fd..8d12e30d 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-server/rolebinding.yaml index 61276d60..4d635aa9 100644 --- a/charts/argo-cd/templates/argocd-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: @@ -12,4 +12,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 61ad81d0..2b9872be 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.service.labels }} diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index a8efe1e5..9789e1d0 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.server.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index e8820768..2f96ca0a 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -43,7 +43,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index b6c94f90..007e0ee1 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo-cd/templates/dex/networkpolicy.yaml index cb0fcc55..6d0c9789 100644 --- a/charts/argo-cd/templates/dex/networkpolicy.yaml +++ b/charts/argo-cd/templates/dex/networkpolicy.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/dex/pdb.yaml b/charts/argo-cd/templates/dex/pdb.yaml index c0adc73f..12161024 100644 --- a/charts/argo-cd/templates/dex/pdb.yaml +++ b/charts/argo-cd/templates/dex/pdb.yaml @@ -3,7 +3,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.pdb.labels }} diff --git a/charts/argo-cd/templates/dex/role.yaml b/charts/argo-cd/templates/dex/role.yaml index 49d40891..e79b3cf7 100644 --- a/charts/argo-cd/templates/dex/role.yaml +++ b/charts/argo-cd/templates/dex/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} rules: @@ -16,4 +16,4 @@ rules: - get - list - watch -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/argo-cd/templates/dex/rolebinding.yaml index 30b92c06..792a465a 100644 --- a/charts/argo-cd/templates/dex/rolebinding.yaml +++ b/charts/argo-cd/templates/dex/rolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} roleRef: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-cd.dex.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-cd.namespace" . }} {{- end }} diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 73c98483..8825a7ea 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- if .Values.dex.metrics.service.annotations }} annotations: {{- range $key, $value := .Values.dex.metrics.service.annotations }} diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index 66bf3076..aeff2441 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.dex.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.dex.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 00f2a238..3faa667a 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -40,7 +40,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }} diff --git a/charts/argo-cd/templates/networkpolicy-default-deny.yaml b/charts/argo-cd/templates/networkpolicy-default-deny.yaml index b499ab03..06d1979a 100644 --- a/charts/argo-cd/templates/networkpolicy-default-deny.yaml +++ b/charts/argo-cd/templates/networkpolicy-default-deny.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} name: {{ template "argo-cd.fullname" . }}-default-deny - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: podSelector: {} policyTypes: diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 56ceae93..de9c29b1 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} {{- end }} name: {{ include "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} spec: diff --git a/charts/argo-cd/templates/redis/health-configmap.yaml b/charts/argo-cd/templates/redis/health-configmap.yaml index fd0ecff7..0d4005d6 100644 --- a/charts/argo-cd/templates/redis/health-configmap.yaml +++ b/charts/argo-cd/templates/redis/health-configmap.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "argo-cd.redis.fullname" . }}-health-configmap - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} data: diff --git a/charts/argo-cd/templates/redis/metrics.yaml b/charts/argo-cd/templates/redis/metrics.yaml index 67b4c3ac..040f5ebf 100644 --- a/charts/argo-cd/templates/redis/metrics.yaml +++ b/charts/argo-cd/templates/redis/metrics.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "argo-cd.redis.fullname" . }}-metrics - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.service.labels }} diff --git a/charts/argo-cd/templates/redis/networkpolicy.yaml b/charts/argo-cd/templates/redis/networkpolicy.yaml index cd8150e1..d602a931 100644 --- a/charts/argo-cd/templates/redis/networkpolicy.yaml +++ b/charts/argo-cd/templates/redis/networkpolicy.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} name: {{ template "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/redis/pdb.yaml b/charts/argo-cd/templates/redis/pdb.yaml index 59423b47..c614144d 100644 --- a/charts/argo-cd/templates/redis/pdb.yaml +++ b/charts/argo-cd/templates/redis/pdb.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ include "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.pdb.labels }} diff --git a/charts/argo-cd/templates/redis/service.yaml b/charts/argo-cd/templates/redis/service.yaml index 31f497d7..a4a94140 100644 --- a/charts/argo-cd/templates/redis/service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.redis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.service.labels }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml index f45ece13..bc942e22 100644 --- a/charts/argo-cd/templates/redis/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.redis.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . }} {{- with .Values.redis.serviceAccount.annotations }} annotations: {{- range $key, $value := . }} diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 6f036a80..2126bafb 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -41,7 +41,7 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 6 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5df19e89..15171656 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -6,6 +6,9 @@ nameOverride: argocd # -- String to fully override `"argo-cd.fullname"` fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" # -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" # Override APIVersions From 39e1322df2b15446796356d9bf027250c5d75c35 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 20:06:49 +0900 Subject: [PATCH 524/768] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.13.0 (#2692) * chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.13.0 * feat(argocd-image-updater): update deployment as following upstream Signed-off-by: yu-croco * fix(argocd-image-updater): correct doc Signed-off-by: yu-croco * fix(argocd-image-updater): fix manifest Signed-off-by: yu-croco * chore(argocd-image-updater): bump version Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: renovate[bot] Co-authored-by: yu-croco --- charts/argocd-image-updater/Chart.yaml | 8 ++++---- charts/argocd-image-updater/README.md | 2 +- .../templates/deployment.yaml | 11 +++++------ charts/argocd-image-updater/values.yaml | 17 ++++++++++------- 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 7f299aef..d3143726 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.9.7 -appVersion: v0.12.2 +version: 0.10.0 +appVersion: v0.13.0 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Allow defining extraEnvFrom for the deployment + - kind: changed + description: Bump argocd-image-updater to v0.13.0 diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index a8d28699..ea57d402 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -114,7 +114,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | rbac.enabled | bool | `true` | Enable RBAC creation | | replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. | | resources | object | `{}` | Pod memory and cpu resource settings for the deployment | -| securityContext | object | `{}` | Security context settings for the deployment | +| securityContext | object | See [values.yaml] | Security context settings for the deployment | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.labels | object | `{}` | Labels to add to the service account | diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index cfd87a47..b6aa13fe 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -34,8 +34,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} - command: - - /usr/local/bin/argocd-image-updater + args: - run {{- with .Values.extraArgs }} {{- toYaml . | nindent 12 }} @@ -136,12 +135,12 @@ spec: volumeMounts: - mountPath: /app/config name: image-updater-conf - - mountPath: /tmp - name: tmp-dir - mountPath: /app/config/ssh name: ssh-known-hosts - mountPath: /app/.ssh name: ssh-config + - mountPath: /tmp + name: tmp {{- if .Values.authScripts.enabled }} - mountPath: /scripts name: authscripts @@ -165,8 +164,6 @@ spec: name: argocd-image-updater-authscripts name: authscripts {{- end }} - - emptyDir: {} - name: tmp-dir - configMap: name: argocd-ssh-known-hosts-cm optional: true @@ -175,6 +172,8 @@ spec: name: argocd-image-updater-ssh-config optional: true name: ssh-config + - emptyDir: {} + name: tmp {{- with .Values.volumes }} {{- toYaml . | nindent 6}} {{- end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 0f2a4e33..2791890a 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -205,13 +205,16 @@ podSecurityContext: {} # fsGroup: 2000 # -- Security context settings for the deployment -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +# @default -- See [values.yaml] +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault rbac: # -- Enable RBAC creation From 4ce5e9be2efe51d64754e3a3e1e9c2f49f0a258f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 23:27:52 +0200 Subject: [PATCH 525/768] chore(deps): update actions/checkout action to v4.1.6 (#2696) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 4aa9875a..c270cb2a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Self-hosted Renovate uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 From 66c39a06d83da91713a98f912f4bf9f75184fce0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Kemp-Rousseau?= <36542216+etiennnr@users.noreply.github.com> Date: Fri, 17 May 2024 11:18:13 -0400 Subject: [PATCH 526/768] fix(argo-cd): Adding checksum for argocd-cm to dex pod (#2695) Adding checksum to argocd-cm to dex pod Signed-off-by: Etienne Kemp-Rousseau Co-authored-by: yuki.kitakata --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/dex/deployment.yaml | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 83409042..f27ae34d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.0 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.9.2 +version: 6.9.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support ability to set .Values.namespaceOverride + - kind: fixed + description: Restarting dex pod when `argocd-cm` configmap changes diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 007e0ee1..bc9b4530 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -26,6 +26,9 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (index .Values.configs.cm "dex.config") }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- if .Values.dex.certificateSecret.enabled }} checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls-secret.yaml") . | sha256sum }} {{- end }} From 5d3e581b117e89b916231729510725cf8c046a81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 May 2024 19:02:45 +0900 Subject: [PATCH 527/768] chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#2700) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.5...a5ac7e51b41094c92402da3b24376905380afc29) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 50bb6a84..8335fc7c 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2894d4fc..07dde599 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b81bf415..2d72cdb0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false From b95e14aa021873a995822fa38f00e758678b25d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 May 2024 20:13:16 +0900 Subject: [PATCH 528/768] chore(deps): bump github/codeql-action from 2.13.4 to 3.25.5 (#2699) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.13.4 to 3.25.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/cdcdbb579706841c47f7063dda365e292e5cad7a...b7cec7526559c32f1616476ff32d17ba4c59b2d6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: yuki.kitakata --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2d72cdb0..0074ed3d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: sarif_file: results.sarif From 4611a164637f626b6d55ab9362d229dd9f05b523 Mon Sep 17 00:00:00 2001 From: "yuki.kitakata" Date: Sun, 19 May 2024 16:34:24 +0900 Subject: [PATCH 529/768] fix(argo-workflows): Correct sample of secondsAfterCompletion (#2702) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 942eeadf..2c6c24df 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.4 +version: 0.41.5 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added option to add service accounts to RoleBindings + - kind: fixed + description: Correct sample of secondsAfterCompletion diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 0c5e624d..15a42ec4 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -202,7 +202,7 @@ controller: workflowDefaults: {} # spec: # ttlStrategy: - # secondsAfterCompletion: 84600 + # secondsAfterCompletion: 86400 # # Ref: https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/ # artifactRepositoryRef: # configMap: my-artifact-repository # default is "artifact-repositories" From f9eb0b394ca7856a42e69e9f3e58671646052c25 Mon Sep 17 00:00:00 2001 From: "yuki.kitakata" Date: Sun, 19 May 2024 19:22:17 +0900 Subject: [PATCH 530/768] fix(argo-workflows): Add missing serviceLabels to server service (#2698) --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/server/server-service.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 2c6c24df..e897eab6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.6 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.5 +version: 0.41.6 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Correct sample of secondsAfterCompletion + description: Add missing serviceLabels to server service diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index 7f81bd39..7517d659 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -7,6 +7,9 @@ metadata: labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} + {{- with .Values.server.serviceLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} {{- with .Values.server.serviceAnnotations }} annotations: {{- toYaml . | nindent 4 }} From fcee9a60460b3784b1f1656fd3cd3fb1f53eef6b Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Tue, 21 May 2024 18:36:32 +0200 Subject: [PATCH 531/768] fix(argo-cd): Enable Redis authentication in the default installation (#2705) --- charts/argo-cd/Chart.yaml | 10 +-- charts/argo-cd/README.md | 60 ++++++++++++++++ charts/argo-cd/README.md.gotmpl | 48 +++++++++++++ charts/argo-cd/templates/_helpers.tpl | 19 +++++ .../deployment.yaml | 8 ++- .../statefulset.yaml | 8 ++- .../argocd-configs/externalredis-secret.yaml | 2 +- .../argocd-repo-server/deployment.yaml | 8 ++- .../templates/argocd-server/deployment.yaml | 8 ++- .../templates/redis-secret-init/job.yaml | 54 +++++++++++++++ .../templates/redis-secret-init/role.yaml | 27 ++++++++ .../redis-secret-init/rolebinding.yaml | 19 +++++ .../redis-secret-init/serviceaccount.yaml | 16 +++++ .../argo-cd/templates/redis/deployment.yaml | 8 ++- .../templates/redis/health-configmap.yaml | 2 + charts/argo-cd/values.yaml | 69 +++++++++++++++++++ 16 files changed, 352 insertions(+), 14 deletions(-) create mode 100644 charts/argo-cd/templates/redis-secret-init/job.yaml create mode 100644 charts/argo-cd/templates/redis-secret-init/role.yaml create mode 100644 charts/argo-cd/templates/redis-secret-init/rolebinding.yaml create mode 100644 charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f27ae34d..eb512089 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.0 +appVersion: v2.11.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.9.3 +version: 6.10.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Restarting dex pod when `argocd-cm` configmap changes + - kind: security + description: Enable Redis authentication in the default installation (GHSA-9766-5277-j5hr) + - kind: changed + description: Bump argo-cd to v2.11.1 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3f196f82..4452d4ed 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -278,6 +278,39 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + ### 6.9.0 ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). @@ -1271,8 +1304,10 @@ The main options are listed here: |-----|------|---------|-------------| | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH | | redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | +| redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | @@ -1316,6 +1351,29 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | externalRedis.secretAnnotations | object | `{}` | External Redis Secret annotations | | externalRedis.username | string | `""` | External Redis username | +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | +| redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job | +| redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job | +| redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name | +| redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | +| redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | +| redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context | +| redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod | +| redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod | + ## ApplicationSet | Key | Type | Default | Description | @@ -1507,8 +1565,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 97a967df..6ab46ffc 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -278,6 +278,39 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + ### 6.9.0 ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). @@ -722,6 +755,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide {{- end }} {{- end }} +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "redisSecretInit" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + ## ApplicationSet | Key | Type | Default | Description | @@ -750,8 +796,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 67af632c..f0470be3 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -86,6 +86,25 @@ Create the name of the redis service account to use {{- end -}} {{- end -}} + +{{/* +Create Redis secret-init name +*/}} +{{- define "argo-cd.redisSecretInit.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Redis secret-init service account to use +*/}} +{{- define "argo-cd.redisSecretInit.serviceAccountName" -}} +{{- if .Values.redisSecretInit.serviceAccount.create -}} + {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redisSecretInit.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create argocd server name and version as used by the chart label. */}} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 23d2a7ad..7c4a2a6d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -199,15 +199,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 07191359..947307d7 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -198,15 +198,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml index c4166d1b..2cfefde9 100644 --- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "argo-cd.redis.fullname" . }} + name: argocd-redis namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 745150e7..3cacf124 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -175,15 +175,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 8c02805a..125328a5 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -243,15 +243,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml new file mode 100644 index 00000000..04536932 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -0,0 +1,54 @@ +{{- if not .Values.externalRedis.host }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.jobAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +spec: + template: + metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redisSecretInit.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redisSecretInit.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{ toYaml . | nindent 8 }} + {{- end }} + containers: + - command: + - argocd + - admin + - redis-initial-password + image: {{ default .Values.global.image.repository .Values.redisSecretInit.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.redisSecretInit.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redisSecretInit.image.imagePullPolicy }} + name: secret-init + resources: + {{- toYaml .Values.redisSecretInit.resources | nindent 10 }} + {{- with .Values.redisSecretInit.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.redisSecretInit.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/role.yaml b/charts/argo-cd/templates/redis-secret-init/role.yaml new file mode 100644 index 00000000..52bdf0a3 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/role.yaml @@ -0,0 +1,27 @@ +{{- if not .Values.externalRedis.host }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml new file mode 100644 index 00000000..536c847d --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if not .Values.externalRedis.host }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.redisSecretInit.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml new file mode 100644 index 00000000..0dc9979a --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.externalRedis.host }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index de9c29b1..9a8d1b91 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -65,8 +65,14 @@ spec: - "" - --appendonly - "no" - {{- with (concat .Values.global.env .Values.redis.env) }} + - --requirepass $(REDIS_PASSWORD) env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + {{- with (concat .Values.global.env .Values.redis.env) }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.redis.envFrom }} diff --git a/charts/argo-cd/templates/redis/health-configmap.yaml b/charts/argo-cd/templates/redis/health-configmap.yaml index 0d4005d6..7443625f 100644 --- a/charts/argo-cd/templates/redis/health-configmap.yaml +++ b/charts/argo-cd/templates/redis/health-configmap.yaml @@ -11,6 +11,7 @@ data: redis_liveness.sh: | response=$( redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ -h localhost \ -p {{ .Values.redis.containerPorts.redis }} \ ping @@ -23,6 +24,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ -h localhost \ -p {{ .Values.redis.containerPorts.redis }} \ ping diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 15171656..46635276 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1547,6 +1547,12 @@ redis-ha: containerSecurityContext: readOnlyRootFilesystem: true + # -- Configures redis-ha with AUTH + auth: true + # -- Existing Secret to use for redis-ha authentication. + # By default the redis-secret-init Job is generating this Secret. + existingSecret: argocd-redis + # -- Whether the Redis server pods should be forced to run on separate nodes. hardAntiAffinity: true @@ -1594,6 +1600,69 @@ externalRedis: # -- External Redis Secret annotations secretAnnotations: {} +redisSecretInit: + # -- Redis secret-init name + name: redis-secret-init + + image: + # -- Repository to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the Redis secret-init Job + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Annotations to be added to the Redis secret-init Job + jobAnnotations: {} + + # -- Annotations to be added to the Redis secret-init Job + podAnnotations: {} + + # -- Labels to be added to the Redis secret-init Job + podLabels: {} + + # -- Resource limits and requests for Redis secret-init Job + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + + # -- Application controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + # -- Redis secret-init Job pod-level security context + securityContext: {} + + serviceAccount: + # -- Create a service account for the redis pod + create: true + # -- Service account name for redis pod + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + ## Server server: # -- Argo CD server name From f431e9b2bed6d812b86a0df2609fb85e56f90a1a Mon Sep 17 00:00:00 2001 From: Pavan Kumar <64532630+pavankumar-go@users.noreply.github.com> Date: Wed, 22 May 2024 12:47:05 +0530 Subject: [PATCH 532/768] chore(argo-cd): add nodeselector and tolerations to redis-secret-init job (#2708) chore(argo-cd): add nodeselector and tolerations to redis-secret-init-job Signed-off-by: Pavan Co-authored-by: Pavan --- charts/argo-cd/Chart.yaml | 8 +++----- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/redis-secret-init/job.yaml | 8 ++++++++ charts/argo-cd/values.yaml | 7 +++++++ 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index eb512089..ccbb3374 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.10.0 +version: 6.10.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: security - description: Enable Redis authentication in the default installation (GHSA-9766-5277-j5hr) - - kind: changed - description: Bump argo-cd to v2.11.1 + - kind: added + description: Added node selector and tolerations for the redis secret init job diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 4452d4ed..55e1e0d1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1365,6 +1365,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | | redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name | +| redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job | | redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | | redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | | redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | @@ -1373,6 +1374,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod | | redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod | +| redisSecretInit.tolerations | list | `[]` (defaults to global.tolerations) | Tolerations to be added to the Redis secret-init Job | ## ApplicationSet diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 04536932..96a81d99 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -50,5 +50,13 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} restartPolicy: OnFailure + {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 46635276..903a866f 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1662,6 +1662,13 @@ redisSecretInit: # -- Automount API credentials for the Service Account automountServiceAccountToken: true + # -- Node selector to be added to the Redis secret-init Job + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- Tolerations to be added to the Redis secret-init Job + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] ## Server server: From 3174f52ffcfe3bb0d2ad6118411eacbaf20b0c7d Mon Sep 17 00:00:00 2001 From: tberreis <88875030+tberreis@users.noreply.github.com> Date: Wed, 22 May 2024 13:20:34 +0200 Subject: [PATCH 533/768] chore(argo-cd): add priorityClassName to redis-secret-init job (#2709) Signed-off-by: Thomas Berreis --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/redis-secret-init/job.yaml | 3 +++ charts/argo-cd/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ccbb3374..ccd8c0c4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.10.1 +version: 6.10.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added node selector and tolerations for the redis secret init job + description: Added priorityClassName for the redis secret init job diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 55e1e0d1..fcfcd27f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1368,6 +1368,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job | | redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | | redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | +| redisSecretInit.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for Redis secret-init Job | | redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | | redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context | | redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 96a81d99..0e3baf0a 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -49,6 +49,9 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.redisSecretInit.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} restartPolicy: OnFailure {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 903a866f..6d193720 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1662,6 +1662,10 @@ redisSecretInit: # -- Automount API credentials for the Service Account automountServiceAccountToken: true + # -- Priority class for Redis secret-init Job + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + # -- Node selector to be added to the Redis secret-init Job # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} From e6776415a40038b113368c88716eb3fd7660475e Mon Sep 17 00:00:00 2001 From: "yuki.kitakata" Date: Thu, 23 May 2024 16:29:52 +0900 Subject: [PATCH 534/768] feat(argo-rollouts): Support revisionHistoryLimit (#2712) * feat(argo-rollouts): Support revisionHistoryLimit Signed-off-by: yu-croco * chore(argo-rollouts): Align to argo-cd's configuration Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + charts/argo-rollouts/templates/controller/deployment.yaml | 1 + charts/argo-rollouts/templates/dashboard/deployment.yaml | 1 + charts/argo-rollouts/values.yaml | 2 ++ 5 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 6a4645f9..ecb6f19b 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.6 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.35.2 +version: 2.35.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added pod labels for the controller and the dashboard components + description: Support revisionHistoryLimit diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index d5d11c26..4647c419 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -51,6 +51,7 @@ For full list of changes please check ArtifactHub [changelog]. | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | | global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | | global.deploymentLabels | object | `{}` | Labels for all deployed Deployments | +| global.revisionHistoryLimit | int | `10` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | | installCRDs | bool | `true` | Install and upgrade CRDs | | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 0d4c5281..2bfdb912 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -23,6 +23,7 @@ spec: strategy: type: Recreate replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} template: metadata: {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.controller.podAnnotations) }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml index e2918f40..ec0114ba 100644 --- a/charts/argo-rollouts/templates/dashboard/deployment.yaml +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -24,6 +24,7 @@ spec: strategy: type: Recreate replicas: {{ .Values.dashboard.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} template: metadata: {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.dashboard.podAnnotations) }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index f9ae582c..64181c99 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -43,6 +43,8 @@ global: deploymentAnnotations: {} # -- Labels for all deployed Deployments deploymentLabels: {} + # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected. + revisionHistoryLimit: 10 controller: # -- Value of label `app.kubernetes.io/component` From 728b6e732693dbaac4b46e1090578c655c557a5a Mon Sep 17 00:00:00 2001 From: Michael Vittrup Larsen Date: Thu, 23 May 2024 14:36:49 +0200 Subject: [PATCH 535/768] feat(argo-cd): Make redis secret initialization optional (#2713) * Make redis secret initialization optional Signed-off-by: michaelvl * Remove artifacthub.io/changes from previous change Signed-off-by: michaelvl --------- Signed-off-by: michaelvl --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/role.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/rolebinding.yaml | 2 +- .../argo-cd/templates/redis-secret-init/serviceaccount.yaml | 2 +- charts/argo-cd/values.yaml | 2 ++ 7 files changed, 9 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ccd8c0c4..9c085f53 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.1 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.10.2 +version: 6.11.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added priorityClassName for the redis secret init job + description: Made Redis secret initialization optional with default enabled diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index fcfcd27f..b390056f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1359,6 +1359,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | Key | Type | Default | Description | |-----|------|---------|-------------| | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | | redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job | | redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job | diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 0e3baf0a..27837465 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.externalRedis.host }} +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} apiVersion: batch/v1 kind: Job metadata: diff --git a/charts/argo-cd/templates/redis-secret-init/role.yaml b/charts/argo-cd/templates/redis-secret-init/role.yaml index 52bdf0a3..ac5fd313 100644 --- a/charts/argo-cd/templates/redis-secret-init/role.yaml +++ b/charts/argo-cd/templates/redis-secret-init/role.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.externalRedis.host }} +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml index 536c847d..7ea1de96 100644 --- a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml +++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.externalRedis.host }} +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml index 0dc9979a..d6b95f13 100644 --- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.externalRedis.host }} +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6d193720..f9ee4674 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1601,6 +1601,8 @@ externalRedis: secretAnnotations: {} redisSecretInit: + # -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods + enabled: true # -- Redis secret-init name name: redis-secret-init From fa2fb1c5c15e8753a850865c2db86091a6fd8c87 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 23 May 2024 16:37:05 +0100 Subject: [PATCH 536/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.2 (#2715) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9c085f53..350c8596 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.1 +appVersion: v2.11.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.11.0 +version: 6.11.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Made Redis secret initialization optional with default enabled + - kind: changed + description: Bump argo-cd to v2.11.2 From fb807031a28b136be3901601f7aca69e6cfa23fe Mon Sep 17 00:00:00 2001 From: Nicolas Lamirault Date: Fri, 24 May 2024 05:04:54 +0200 Subject: [PATCH 537/768] fix(argo-events): support for additional labels (#2714) Signed-off-by: Nicolas Lamirault Co-authored-by: yuki.kitakata Co-authored-by: Jason Meridth --- charts/argo-events/Chart.yaml | 6 +++--- charts/argo-events/templates/_helpers.tpl | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index aed0dfdc..6a548402 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.1 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.4 +version: 2.4.5 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support ability to set .Values.namespaceOverride + - kind: fixed + description: Support additional labels diff --git a/charts/argo-events/templates/_helpers.tpl b/charts/argo-events/templates/_helpers.tpl index 93069ca3..79c7051d 100644 --- a/charts/argo-events/templates/_helpers.tpl +++ b/charts/argo-events/templates/_helpers.tpl @@ -104,6 +104,9 @@ helm.sh/chart: {{ include "argo-events.chart" .context }} {{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argo-events +{{- with .context.Values.global.additionalLabels }} +{{ toYaml . }} +{{- end }} {{- end }} {{/* From 165c6518d25f08d29601a73675799e7c9ec48253 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 23:19:47 +0200 Subject: [PATCH 538/768] chore(deps): bump github/codeql-action from 3.25.5 to 3.25.6 (#2718) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0074ed3d..9c6c360b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: sarif_file: results.sarif From 408500c5ccdb704ce4b731308f9697dee2559192 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 27 May 2024 17:09:26 +0900 Subject: [PATCH 539/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.7 (#2720) --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index e897eab6..896f6606 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.6 +appVersion: v3.5.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.6 +version: 0.41.7 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add missing serviceLabels to server service + - kind: changed + description: Bump argo-workflows to v3.5.7 From 5652e66777047634c7fa7b9a9b01be5d79afdb64 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 07:32:32 +0200 Subject: [PATCH 540/768] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.13.1 (#2722) --- charts/argocd-image-updater/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index d3143726..963db659 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.10.0 -appVersion: v0.13.0 +version: 0.10.1 +appVersion: v0.13.1 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.13.0 + description: Bump argocd-image-updater to v0.13.1 From 2c05baf7416bfac007540a16713240624c3d0bce Mon Sep 17 00:00:00 2001 From: Nacho Barrientos Date: Tue, 28 May 2024 15:38:23 +0200 Subject: [PATCH 541/768] feat(argo-cd): represent cluster credentials as a map (#2648) So it can be merged with values coming from different sources. Closes #2592 Signed-off-by: Nacho Barrientos --- charts/argo-cd/Chart.yaml | 4 +-- charts/argo-cd/README.md | 2 +- .../argocd-configs/cluster-secrets.yaml | 26 +++++++++---------- charts/argo-cd/values.yaml | 10 +++---- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 350c8596..876e36f1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.11.1 +version: 7.0.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.11.2 + description: Represent cluster credentials as a map diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b390056f..7b94e90b 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -695,7 +695,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | +| configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 83b1c15d..2682e70e 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -1,17 +1,17 @@ -{{- range .Values.configs.clusterCredentials }} +{{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }} --- apiVersion: v1 kind: Secret metadata: - name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} + name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }} namespace: {{ $.Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} - {{- with .labels }} + {{- with $cluster_value.labels }} {{- toYaml . | nindent 4 }} {{- end }} argocd.argoproj.io/secret-type: cluster - {{- with .annotations }} + {{- with $cluster_value.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} @@ -19,17 +19,17 @@ metadata: {{- end }} type: Opaque stringData: - name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} - server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} - {{- if .namespaces }} - namespaces: {{ .namespaces }} - {{- if .clusterResources }} - clusterResources: {{ .clusterResources | quote }} + name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} + server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} + {{- if $cluster_value.namespaces }} + namespaces: {{ $cluster_value.namespaces }} + {{- if $cluster_value.clusterResources }} + clusterResources: {{ $cluster_value.clusterResources | quote }} {{- end }} {{- end }} - {{- if .project }} - project: {{ .project | quote }} + {{- if $cluster_value.project }} + project: {{ $cluster_value.project | quote }} {{- end }} config: | - {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }} + {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f9ee4674..cf89fb1e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -418,13 +418,13 @@ configs: # command: [sh, -c, find . -name env.yaml] # -- Provide one or multiple [external cluster credentials] - # @default -- `[]` (See [values.yaml]) + # @default -- `{}` (See [values.yaml]) ## Ref: ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters - clusterCredentials: [] - # - name: mycluster + clusterCredentials: {} + # mycluster: # server: https://mycluster.example.com # labels: {} # annotations: {} @@ -433,7 +433,7 @@ configs: # tlsClientConfig: # insecure: false # caData: "" - # - name: mycluster2 + # mycluster2: # server: https://mycluster2.example.com # labels: {} # annotations: {} @@ -444,7 +444,7 @@ configs: # tlsClientConfig: # insecure: false # caData: "" - # - name: mycluster3-project-scoped + # mycluster3-project-scoped: # server: https://mycluster3.example.com # labels: {} # annotations: {} From 0a97419aa9346feb1bee4d7d28361808e83ea3dd Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Fri, 31 May 2024 11:01:54 +0200 Subject: [PATCH 542/768] docs(github): Charts use Helm "Capabilities" (#2730) Signed-off-by: Marco Maurer --- README.md | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/README.md b/README.md index 3d57db36..c4092e07 100644 --- a/README.md +++ b/README.md @@ -42,3 +42,63 @@ Please refer to [SECURITY.md](SECURITY.md) for details on how to report security ### Changelog Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). + +## Charts use Helm "Capabilities" + +Our charts make use of the Helm built-in object "Capabilities": +> This provides information about what capabilities the Kubernetes cluster supports. +> *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/* + +Today we use: + +- `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster +- `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1") + +If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster. + +For this you need to pass the `--api-versions` parameter to the `helm template` command: + +```bash +helm template argocd \ + oci://ghcr.io/argoproj/argo-helm/argo-cd \ + --api-versions monitoring.coreos.com/v1 \ + --values my-argocd-values.yaml +``` + +If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options. + +Example with Kustomize: + +```yaml +# kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: +- name: argo-cd + repo: oci://ghcr.io/argoproj/argo-helm + version: x.y.z + releaseName: argocd + apiVersions: + - monitoring.coreos.com/v1 + valuesFile: my-argocd-values.yaml +``` + +Example with helmfile: + +```yaml +# helmfile.yaml +repositories: + - name: argo + url: https://argoproj.github.io/argo-helm + +apiVersions: + - monitoring.coreos.com/v1 + +releases: + - name: argocd + namespace: argocd + chart: argo/argo-cd + values: + - my-argocd-values.yaml +``` From 45ff5666146afa95eaccad682f6960cf78607efc Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Fri, 31 May 2024 14:04:50 +0200 Subject: [PATCH 543/768] feat(argo-cd): add support for dual stack clusters (#2649) * feat(argo-cd): add support for dual stack clusters Signed-off-by: Ludovic Ortega * fix: add suggested change Signed-off-by: Ludovic Ortega * fix: metric template & add suggested change Signed-off-by: Ludovic Ortega * fix: remove changelog in README.md.gotmpl Signed-off-by: Ludovic Ortega * fix: applicationset metric template Signed-off-by: Ludovic Ortega * fix: add changelog as annotation Signed-off-by: Ludovic Ortega * feat: use a global setting to enable dual stack Signed-off-by: Ludovic Ortega --------- Signed-off-by: Ludovic Ortega Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Aikawa Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 ++ charts/argo-cd/templates/_helpers.tpl | 12 ++++++++++++ .../argocd-application-controller/metrics.yaml | 1 + .../templates/argocd-applicationset/metrics.yaml | 1 + .../templates/argocd-applicationset/service.yaml | 1 + .../templates/argocd-notifications/metrics.yaml | 1 + .../templates/argocd-repo-server/metrics.yaml | 1 + .../templates/argocd-repo-server/service.yaml | 1 + .../argo-cd/templates/argocd-server/aws/service.yaml | 1 + charts/argo-cd/templates/argocd-server/metrics.yaml | 1 + charts/argo-cd/templates/argocd-server/service.yaml | 1 + charts/argo-cd/templates/dex/service.yaml | 1 + charts/argo-cd/templates/redis/service.yaml | 1 + charts/argo-cd/values.yaml | 7 +++++++ 15 files changed, 35 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 876e36f1..c3a5faab 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.0.0 +version: 7.1.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Represent cluster credentials as a map + - kind: added + description: Add support for IPv4/IPv6 dual-stack networking. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 7b94e90b..833fbe15 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -671,6 +671,8 @@ NAME: my-release | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | global.domain | string | `"argocd.example.com"` | Default domain used by all components | +| global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | +| global.dualStack.ipFamilyPolicy | string | `""` | IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index f0470be3..c609f19f 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -245,3 +245,15 @@ Allows overriding it for multi-namespace deployments in combined charts. {{- define "argo-cd.namespace" -}} {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} {{- end }} + +{{/* +Dual stack definition +*/}} +{{- define "argo-cd.dualStack" -}} +{{- with .Values.global.dualStack.ipFamilyPolicy }} +ipFamilyPolicy: {{ . }} +{{- end }} +{{- with .Values.global.dualStack.ipFamilies }} +ipFamilies: {{ toYaml . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml index c3ceb047..086dfe9b 100644 --- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.controller.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index 06253a81..de5638ad 100644 --- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.applicationSet.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml index 91c082aa..bf58c6b4 100644 --- a/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -16,6 +16,7 @@ metadata: {{- end }} spec: type: {{ .Values.applicationSet.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.applicationSet.service.portName }} port: {{ .Values.applicationSet.service.port }} diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml index b7dcfe6a..9dd18c8b 100644 --- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} ports: diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml index 6b82796c..6ede9ddb 100644 --- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.repoServer.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo-cd/templates/argocd-repo-server/service.yaml index 4412a8c9..24ca10ef 100644 --- a/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -15,6 +15,7 @@ metadata: name: {{ template "argo-cd.repoServer.fullname" . }} namespace: {{ include "argo-cd.namespace" . }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.repoServer.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml index a98ddfa2..0e9de75a 100644 --- a/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -9,6 +9,7 @@ metadata: name: {{ template "argo-cd.server.fullname" . }}-grpc namespace: {{ include "argo-cd.namespace" . }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml index f0797552..d08dbae0 100644 --- a/charts/argo-cd/templates/argocd-server/metrics.yaml +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.server.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.server.metrics.service.portName }} protocol: TCP diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 2b9872be..71f46449 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -16,6 +16,7 @@ metadata: {{- end }} spec: type: {{ .Values.server.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} {{- with .Values.server.service.externalIPs }} externalIPs: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 8825a7ea..b52acfb1 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -16,6 +16,7 @@ metadata: {{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.dex.servicePortHttpName }} protocol: TCP diff --git a/charts/argo-cd/templates/redis/service.yaml b/charts/argo-cd/templates/redis/service.yaml index a4a94140..a60cf77e 100644 --- a/charts/argo-cd/templates/redis/service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -17,6 +17,7 @@ metadata: {{- end }} {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: redis port: {{ .Values.redis.servicePort }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index cf89fb1e..6c446a2e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -98,6 +98,13 @@ global: # hostnames: # - git.myhostname + # Configure dual-stack used by all component services + dualStack: + # -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + ipFamilyPolicy: "" + # -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + ipFamilies: [] + # Default network policy rules used by all components networkPolicy: # -- Create NetworkPolicy objects for all components From 9607dee38e307d8c794e7c5da1a86a44d5705854 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 31 May 2024 23:25:40 -0500 Subject: [PATCH 544/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.384.0 (#2733) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index c270cb2a..f82006c2 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.332.0 + renovate-version: 37.384.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 760d1995e089efcf8c7a30b667de9527777b21d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jun 2024 13:10:40 -0500 Subject: [PATCH 545/768] chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#2734) --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 07dde599..84b51f79 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GHCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.actor }} From 4f5020681380578390b9b5e8d787807e5a436d4f Mon Sep 17 00:00:00 2001 From: BenHesketh21 Date: Sun, 2 Jun 2024 00:44:56 +0100 Subject: [PATCH 546/768] fix(argo-cd): Fixed redis exporter NOAUTH error (#2736) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis/deployment.yaml | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c3a5faab..586d7895 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.2 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.0 +version: 7.1.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for IPv4/IPv6 dual-stack networking. + - kind: fixed + description: Fixed redis exporter NOAUTH error diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 9a8d1b91..76e1b00a 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -130,6 +130,11 @@ spec: value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth {{- with (concat .Values.global.env .Values.redis.exporter.env) }} {{- toYaml . | nindent 8 }} {{- end }} From 0dae5da325b1f6635399fa2a23a7870d44a66907 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Jun 2024 10:24:16 +0900 Subject: [PATCH 547/768] chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 (#2735) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9fdb3e49720b44c48891d036bb502feb25684276...f079b8493333aace61c81488f8bd40919487bd9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9c6c360b..35ddcf79 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: sarif_file: results.sarif From 98d8ea00e6cbe06acd65049456350b66c1256cc4 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 08:59:14 +0200 Subject: [PATCH 548/768] chore(deps): update actions/create-github-app-token action to v1.10.1 (#2739) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f82006c2..d00ce019 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0 + uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 19ef184d8fe923fdc0ec42411c6272a91138db31 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 16:08:02 +0900 Subject: [PATCH 549/768] chore(deps): update renovatebot/github-action action to v40.1.12 (#2740) Co-authored-by: renovate[bot] Co-authored-by: Aikawa --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d00ce019..65439348 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Self-hosted Renovate - uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11 + uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 02499d9b31e6e763e3af8e143f7a89b1a84f2fc4 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 6 Jun 2024 11:51:33 +0100 Subject: [PATCH 550/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.3 (#2748) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 586d7895..1e1fa2b5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.2 +appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.1 +version: 7.1.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed redis exporter NOAUTH error + - kind: changed + description: Bump argo-cd to v2.11.3 From 3dd3e1a754514f418a0aa32ccdc0daceb6d4339d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 8 Jun 2024 07:42:46 -0500 Subject: [PATCH 551/768] chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#2752) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 35ddcf79..cd8d1548 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: sarif_file: results.sarif From 377332f8c7655525b9f69fd8ae9857a402c4db63 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 9 Jun 2024 14:22:44 +0900 Subject: [PATCH 552/768] fix(argo-cd): Add missing permission for Dynamic Cluster Distribution (#2754) --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/role.yaml | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1e1fa2b5..15ab4a2e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.2 +version: 7.1.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.11.3 + - kind: fixed + description: Add missing permission for Dynamic Cluster Distribution diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index f2aa2cfd..27e3e956 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -43,3 +43,17 @@ rules: - get - list - watch +{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - argocd-app-controller-shard-cm + verbs: + - get + - list + - watch + - create + - update +{{- end }} From 8b02b6d9b828902ba0d9ae1e6ddb4f060a5975ca Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Sun, 9 Jun 2024 18:18:20 -0400 Subject: [PATCH 553/768] fix(argo-workflows): `BASE_HREF` -> `ARGO_BASE_HREF` for forward compat (#2756) --- charts/argo-workflows/Chart.yaml | 6 +++--- .../argo-workflows/templates/server/server-deployment.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 896f6606..72634b14 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.7 +version: 0.41.8 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.7 + - kind: fixed + description: changed BASE_HREF to ARGO_BASE_HREF for forward compat diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index a4b8df7b..95789b56 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -95,7 +95,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: BASE_HREF + - name: ARGO_BASE_HREF value: {{ .Values.server.baseHref | quote }} {{- with .Values.server.extraEnv }} {{- toYaml . | nindent 12 }} From 4c29c31b9a26196e007a2a9045163b114cf29ce6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 13 Jun 2024 08:14:29 +0900 Subject: [PATCH 554/768] chore(deps): update actions/checkout action to v4.1.7 (#2762) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 65439348..d69671c9 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12 From e088468e721d563263d7a8b43aae8bf07a2692ef Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 06:08:49 +0100 Subject: [PATCH 555/768] chore(argo-events): Update dependency argoproj/argo-events to v1.9.2 (#2764) --- charts/argo-events/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 6a548402..394b150c 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.1 +appVersion: v1.9.2 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.5 +version: 2.4.6 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Support additional labels + - kind: changed + description: Bump argo-events to v1.9.2 From ea967df1e36733381c5b7483a1afc1c230164a81 Mon Sep 17 00:00:00 2001 From: Kaita Nakamura <94943154+z63d@users.noreply.github.com> Date: Fri, 14 Jun 2024 16:53:59 +0900 Subject: [PATCH 556/768] chore(argocd-image-updater): fix referenced URL to command line reference page (#2761) --- charts/argocd-image-updater/Chart.yaml | 6 +++--- charts/argocd-image-updater/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 963db659..cbf21e4c 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.10.1 +version: 0.10.2 appVersion: v0.13.1 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argocd-image-updater to v0.13.1 + - kind: fixed + description: Fixed a URL in values.yaml comments diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 2791890a..292f2c90 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -107,7 +107,7 @@ config: # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) applicationsAPIKind: "" - # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags + # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags # Note: this is only relevant if config.applicationsAPIKind == 'argocd' argocd: # -- Use the gRPC-web protocol to connect to the Argo CD API From 43c626d31ed39037696392682e65fd82f79f1c9f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 14 Jun 2024 18:00:28 +0900 Subject: [PATCH 557/768] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.0 (#2763) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.0 * feat(argo-rollouts): Update resources as following upstream Signed-off-by: yu-croco * fix(argo-rollouts): update doc Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: renovate[bot] Co-authored-by: yu-croco --- charts/argo-rollouts/Chart.yaml | 8 +- charts/argo-rollouts/README.md | 2 +- .../templates/controller/deployment.yaml | 2 +- .../templates/crds/analysis-run-crd.yaml | 239 +++++++++++++++++- .../templates/crds/analysis-template-crd.yaml | 235 ++++++++++++++++- .../crds/cluster-analysis-template-crd.yaml | 235 ++++++++++++++++- .../templates/crds/experiment-crd.yaml | 213 +++++++++++++++- .../templates/crds/rollout-crd.yaml | 227 ++++++++++++++++- charts/argo-rollouts/values.yaml | 15 +- 9 files changed, 1151 insertions(+), 25 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index ecb6f19b..3cb72cef 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.6.6 +appVersion: v1.7.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.35.3 +version: 2.36.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support revisionHistoryLimit + - kind: changed + description: Bump argo-rollouts to v1.7.0 diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 4647c419..4284942c 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -79,7 +79,7 @@ For full list of changes please check ArtifactHub [changelog]. | Key | Type | Default | Description | |-----|------|---------|-------------| -| containerSecurityContext | object | `{}` | Security Context to set on container level | +| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context to set on container level | | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | | controller.containerPorts.healthz | int | `8080` | Healthz container port | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 2bfdb912..851dec0b 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -21,7 +21,7 @@ spec: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} strategy: - type: Recreate + type: RollingUpdate replicas: {{ .Values.controller.replicas }} revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} template: diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 1dddfa7d..52c75d97 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -188,6 +188,19 @@ spec: type: object datadog: properties: + aggregator: + default: last + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area + type: string apiVersion: default: v1 enum: @@ -241,6 +254,9 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer completionMode: type: string completions: @@ -248,6 +264,9 @@ spec: type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer @@ -289,13 +308,14 @@ spec: x-kubernetes-list-type: atomic required: - action - - onPodConditions type: object type: array x-kubernetes-list-type: atomic required: - rules type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -467,6 +487,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -535,6 +565,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -601,6 +641,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -669,6 +719,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -848,6 +908,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -898,6 +966,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1094,13 +1170,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1453,6 +1556,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1503,6 +1614,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1699,13 +1818,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2065,6 +2211,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2115,6 +2269,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2311,13 +2473,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2543,12 +2732,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2945,11 +3165,26 @@ spec: type: array terminate: type: boolean + ttlStrategy: + properties: + secondsAfterCompletion: + format: int32 + type: integer + secondsAfterFailure: + format: int32 + type: integer + secondsAfterSuccess: + format: int32 + type: integer + type: object required: - metrics type: object status: properties: + completedAt: + format: date-time + type: string dryRunSummary: properties: count: diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index d97a6ce9..794c7617 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -184,6 +184,19 @@ spec: type: object datadog: properties: + aggregator: + default: last + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area + type: string apiVersion: default: v1 enum: @@ -237,6 +250,9 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer completionMode: type: string completions: @@ -244,6 +260,9 @@ spec: type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer @@ -285,13 +304,14 @@ spec: x-kubernetes-list-type: atomic required: - action - - onPodConditions type: object type: array x-kubernetes-list-type: atomic required: - rules type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -463,6 +483,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -531,6 +561,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -597,6 +637,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -665,6 +715,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -844,6 +904,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -894,6 +962,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1090,13 +1166,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1449,6 +1552,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1499,6 +1610,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1695,13 +1814,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2061,6 +2207,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2111,6 +2265,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2307,13 +2469,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2539,12 +2728,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2939,8 +3159,15 @@ spec: - provider type: object type: array - required: - - metrics + templates: + items: + properties: + clusterScope: + type: boolean + templateName: + type: string + type: object + type: array type: object required: - spec diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index 335f06a2..b6c9f6f0 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -184,6 +184,19 @@ spec: type: object datadog: properties: + aggregator: + default: last + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area + type: string apiVersion: default: v1 enum: @@ -237,6 +250,9 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer completionMode: type: string completions: @@ -244,6 +260,9 @@ spec: type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer @@ -285,13 +304,14 @@ spec: x-kubernetes-list-type: atomic required: - action - - onPodConditions type: object type: array x-kubernetes-list-type: atomic required: - rules type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -463,6 +483,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -531,6 +561,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -597,6 +637,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -665,6 +715,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -844,6 +904,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -894,6 +962,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1090,13 +1166,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1449,6 +1552,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1499,6 +1610,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1695,13 +1814,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2061,6 +2207,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2111,6 +2265,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2307,13 +2469,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2539,12 +2728,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2939,8 +3159,15 @@ spec: - provider type: object type: array - required: - - metrics + templates: + items: + properties: + clusterScope: + type: boolean + templateName: + type: string + type: object + type: array type: object required: - spec diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 2f60d415..2f2ea2dc 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -94,6 +94,17 @@ spec: - templateName type: object type: array + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object dryRun: items: properties: @@ -309,6 +320,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -377,6 +398,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -443,6 +474,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -511,6 +552,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -690,6 +741,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -740,6 +799,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -936,13 +1003,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1295,6 +1389,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1345,6 +1447,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1541,13 +1651,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1907,6 +2044,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1957,6 +2102,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2153,13 +2306,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2385,12 +2565,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 7faf3790..a22a9364 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -581,6 +581,26 @@ spec: - templateName type: object type: array + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array duration: type: string templates: @@ -913,6 +933,9 @@ spec: - name type: object type: array + maxTrafficWeight: + format: int32 + type: integer nginx: properties: additionalIngressAnnotations: @@ -1093,6 +1116,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1161,6 +1194,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1227,6 +1270,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1295,6 +1348,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1474,6 +1537,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1524,6 +1595,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1720,13 +1799,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2079,6 +2185,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2129,6 +2243,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2325,13 +2447,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2691,6 +2840,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2741,6 +2898,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2937,13 +3102,40 @@ spec: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -3169,12 +3361,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -3340,6 +3563,8 @@ spec: type: string name: type: string + scaleDown: + type: string type: object type: object status: diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 64181c99..98a78471 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -240,13 +240,14 @@ podSecurityContext: runAsNonRoot: true # -- Security Context to set on container level -containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault # -- Annotations to be added to the Rollout service serviceAnnotations: {} From a07f981d4e72cb5b2efae6451d52e27a1d5f57f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 15 Jun 2024 14:25:24 -0500 Subject: [PATCH 558/768] chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 (#2766) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cd8d1548..c16802b5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: results.sarif From 5fa92f5189e3e2e3226604c33813bf538b8a6316 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 16 Jun 2024 00:17:15 +0200 Subject: [PATCH 559/768] chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#2767) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 8335fc7c..95a10226 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 84b51f79..7cdbac43 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c16802b5..71c8da60 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false From b26191b776dd3edeb9b546e20ba523b437c50079 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 16 Jun 2024 01:28:34 -0500 Subject: [PATCH 560/768] chore(github): group dependabot updates for minor and patch (#2768) --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0a4fd6ca..4d8e45c5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,3 +6,11 @@ updates: schedule: interval: weekly day: "saturday" + commit-message: + prefix: "chore(deps)" + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" From fab2809c67243112d708ca309367500d388c81b4 Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Mon, 17 Jun 2024 14:59:29 -0400 Subject: [PATCH 561/768] fix(argo-workflows): revert `BASE_HREF` change (#2770) * fix(argo-workflows): revert `BASE_HREF` change This reverts commit 134cecde5812612514995205cd8fcc6a7f933373. Sorry, I screwed up this and caused a regression. Didn't read my own release notes (from 4 months ago to be fair) where `ARGO_BASE_HREF` would not work previously as it was inconsistently `ARGO_BASEHREF`. So there is no forward compatible change to be made here, so just revert this. Will have to reinstate this change for the 3.6 upgrade Signed-off-by: Anton Gilgur * changelog update Signed-off-by: Anton Gilgur --------- Signed-off-by: Anton Gilgur --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/server/server-deployment.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 72634b14..70b3949a 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.8 +version: 0.41.9 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: changed BASE_HREF to ARGO_BASE_HREF for forward compat + description: reverted the BASE_HREF change, will add back during 3.6 upgrade diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 95789b56..a4b8df7b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -95,7 +95,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: ARGO_BASE_HREF + - name: BASE_HREF value: {{ .Values.server.baseHref | quote }} {{- with .Values.server.extraEnv }} {{- toYaml . | nindent 12 }} From 6946696aaef570adc140fb74ac473b8aa0f0d2fc Mon Sep 17 00:00:00 2001 From: Gazal Date: Tue, 18 Jun 2024 11:13:21 +1000 Subject: [PATCH 562/768] feat(argo-cd): add loadBalancerClass field for Service resource (#2769) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-server/service.yaml | 3 +++ charts/argo-cd/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 15ab4a2e..6d1a4041 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.3 +version: 7.1.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add missing permission for Dynamic Cluster Distribution + - kind: changed + description: add loadBalancerClass field for Service resources diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 833fbe15..f89a222c 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1082,6 +1082,7 @@ NAME: my-release | server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | | server.service.labels | object | `{}` | Server service labels | +| server.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | | server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") | diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 71f46449..86f8abb0 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -24,6 +24,9 @@ spec: externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} {{- end }} {{- if eq .Values.server.service.type "LoadBalancer" }} + {{- with .Values.server.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} {{- with .Values.server.service.loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6c446a2e..6d9923e6 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2067,6 +2067,8 @@ server: # -- Server service https port appProtocol ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol servicePortHttpsAppProtocol: "" + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from From 3c127abe7b3aba8a80e9d01be3f4975c650535bf Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 18 Jun 2024 08:46:47 +0100 Subject: [PATCH 563/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.8 (#2773) Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 70b3949a..d06694de 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.7 +appVersion: v3.5.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.9 +version: 0.41.10 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: reverted the BASE_HREF change, will add back during 3.6 upgrade + - kind: changed + description: Bump argo-workflows to v3.5.8 From 8130224b3b84de27c1bba7047688893bbc40ae17 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Wed, 19 Jun 2024 08:00:44 +0100 Subject: [PATCH 564/768] fix(argo-workflows): add `app:` label to components to match upstream (#2775) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/templates/_helpers.tpl | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index d06694de..99d313f8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.8 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.10 +version: 0.41.11 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.8 + - kind: fixed + description: Add `app:` label to components to match upstream diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index f46af22f..ebbba978 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -94,6 +94,7 @@ app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }} app.kubernetes.io/instance: {{ .context.Release.Name }} {{- if .component }} app.kubernetes.io/component: {{ .component }} +app: {{ .component }} {{- end }} {{- end }} From e34b45b3eabeb34fd116a676aafac5f2bff95bdf Mon Sep 17 00:00:00 2001 From: Julie Ims <44164757+julieims@users.noreply.github.com> Date: Wed, 19 Jun 2024 16:04:02 +0200 Subject: [PATCH 565/768] feat(argo-cd): Add secrettemplate to argo-cd server certificate (#2780) * Add secrettemplate to argo-cd server certificate Signed-off-by: Ims, Julie * refactor documentation Signed-off-by: Ims, Julie * added changelog Signed-off-by: Ims, Julie * remove empty line Signed-off-by: Ims, Julie * correct comment in values file Signed-off-by: Ims, Julie * move documentation comment according to test results Signed-off-by: Ims, Julie --------- Signed-off-by: Ims, Julie --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/argocd-server/certificate.yaml | 7 +++++++ charts/argo-cd/values.yaml | 2 ++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6d1a4041..408a6989 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.4 +version: 7.1.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: add loadBalancerClass field for Service resources + - kind: added + description: Added secrettemplateAnnotation field for argocd server certificate diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f89a222c..6b7c2fdd 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -968,6 +968,7 @@ NAME: my-release | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | +| server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | | server.certificate.usages | list | `[]` | Usages for the certificate | | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | | server.certificateSecret.crt | string | `""` | Certificate data | diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 629d0e95..4376bd5c 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -13,6 +13,13 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: + secretTemplate: + {{- with .Values.server.certificate.secretTemplateAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} secretName: {{ .Values.server.certificate.secretName }} commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6d9923e6..33252305 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2029,6 +2029,8 @@ server: # -- Usages for the certificate ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage usages: [] + # -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources + secretTemplateAnnotations: {} # TLS certificate configuration via Secret ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server From b0d4648471aef30a1a849a82c84dcb37ed7b504d Mon Sep 17 00:00:00 2001 From: Erwan Vallienne <135604788+erwanval@users.noreply.github.com> Date: Thu, 20 Jun 2024 12:25:27 +0200 Subject: [PATCH 566/768] fix(argo-cd): remove secretName for server and applicationSet Certificates (#2741) * Remove Certificate's secretName because expected names by server and applicationset are static Signed-off-by: Erwan Vallienne * Apply suggestions from code review Signed-off-by: Marco Maurer (-Kilchhofer) * Fix lint Signed-off-by: Erwan Vallienne --------- Signed-off-by: Erwan Vallienne Signed-off-by: Marco Maurer (-Kilchhofer) Signed-off-by: Erwan Vallienne <135604788+erwanval@users.noreply.github.com> Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 8 +++++--- charts/argo-cd/README.md | 2 -- .../templates/argocd-applicationset/certificate.yaml | 2 +- charts/argo-cd/templates/argocd-server/certificate.yaml | 2 +- charts/argo-cd/values.yaml | 4 ---- 5 files changed, 7 insertions(+), 11 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 408a6989..1d1b03af 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.1.5 +version: 7.2.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added secrettemplateAnnotation field for argocd server certificate + - kind: removed + description: Remove `server.certificate.secretName`, as the expected secret name is static (argocd-server-tls) + - kind: removed + description: Remove `applicationSet.certificate.secretName`, as the expected secret name is static (argocd-applicationset-controller-tls) diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6b7c2fdd..8ef96974 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -967,7 +967,6 @@ NAME: my-release | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | -| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | | server.certificate.usages | list | `[]` | Usages for the certificate | | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | @@ -1402,7 +1401,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | -| applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml index c2d2b279..fce26bf5 100644 --- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -13,7 +13,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: - secretName: {{ .Values.applicationSet.certificate.secretName }} + secretName: argocd-applicationset-controller-tls commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} dnsNames: - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 4376bd5c..803452f6 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -20,7 +20,7 @@ spec: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - secretName: {{ .Values.server.certificate.secretName }} + secretName: argocd-server-tls commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: - {{ .Values.server.certificate.domain | default .Values.global.domain }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 33252305..001a3d97 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1990,8 +1990,6 @@ server: certificate: # -- Deploy a Certificate resource (requires cert-manager) enabled: false - # -- The name of the Secret that will be automatically created and managed by this Certificate resource - secretName: argocd-server-tls # -- Certificate primary domain (commonName) # @default -- `""` (defaults to global.domain) domain: "" @@ -2998,8 +2996,6 @@ applicationSet: certificate: # -- Deploy a Certificate resource (requires cert-manager) enabled: false - # -- The name of the Secret that will be automatically created and managed by this Certificate resource - secretName: argocd-applicationset-controller-tls # -- Certificate primary domain (commonName) # @default -- `""` (defaults to global.domain) domain: "" From 02949b14b108e42407831ddaa131161eb6210ed6 Mon Sep 17 00:00:00 2001 From: smcavallo Date: Fri, 21 Jun 2024 17:01:27 -0400 Subject: [PATCH 567/768] fix(argo-cd): Default repo-server init container resources to empty (#2786) --- charts/argo-cd/Chart.yaml | 8 +++----- .../argo-cd/templates/argocd-repo-server/deployment.yaml | 4 +--- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1d1b03af..70bca9bb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.2.0 +version: 7.2.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,7 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: removed - description: Remove `server.certificate.secretName`, as the expected secret name is static (argocd-server-tls) - - kind: removed - description: Remove `applicationSet.certificate.secretName`, as the expected secret name is static (argocd-applicationset-controller-tls) + - kind: changed + description: Default argocd repo-server init container replicas to empty diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 3cacf124..7a29d147 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -359,10 +359,8 @@ spec: image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} name: copyutil - {{- with .Values.repoServer.resources }} resources: - {{- toYaml . | nindent 10 }} - {{- end }} + {{- toYaml .Values.repoServer.resources | nindent 10 }} {{- with .Values.repoServer.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} From 2ba2eb3daf34bf89b740518cd27cd8a165357f84 Mon Sep 17 00:00:00 2001 From: Mohamed Ragab <155462724+mohamedragab2024@users.noreply.github.com> Date: Sat, 22 Jun 2024 06:11:25 -0400 Subject: [PATCH 568/768] feat(argo-rollouts): add annotations for notifications secret (#2777) * feat(argo-rollouts): Most users of Argo-rollouts may store secrets on vault which allows to auto inject secrets directly to secrets object using annotations. Signed-off-by:Mohamed Ragab Signed-off-by: Mohamed Ragab * Fix indentation Signed-off-by: Mohamed Ragab --------- Signed-off-by: Mohamed Ragab Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + .../templates/controller/notifications-secret.yaml | 6 ++++++ charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 3cb72cef..1c8ccbc9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.36.0 +version: 2.36.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.7.0 + description: Add annotations for notifications secret diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 4284942c..b6d8160a 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -58,6 +58,7 @@ For full list of changes please check ArtifactHub [changelog]. | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template | | notifications.notifiers | object | `{}` | Configures notification services | +| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | | notifications.secret.create | bool | `false` | Whether to create notifications secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.templates | object | `{}` | Notification templates | diff --git a/charts/argo-rollouts/templates/controller/notifications-secret.yaml b/charts/argo-rollouts/templates/controller/notifications-secret.yaml index 52b393df..f48d895f 100644 --- a/charts/argo-rollouts/templates/controller/notifications-secret.yaml +++ b/charts/argo-rollouts/templates/controller/notifications-secret.yaml @@ -4,6 +4,12 @@ kind: Secret metadata: name: argo-rollouts-notification-secret namespace: {{ .Release.Namespace | quote }} + {{- with .Values.notifications.secret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 98a78471..089d5547 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -454,6 +454,8 @@ notifications: # -- Generic key:value pairs to be inserted into the notifications secret items: {} # slack-token: + # -- Annotations to be added to the notifications secret + annotations: {} # -- Configures notification services notifiers: {} From ad8d48c590f24a4b6e2fa1cbe72d65a4d5ab487b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Can=C3=A9vet?= Date: Tue, 25 Jun 2024 05:48:03 +0200 Subject: [PATCH 569/768] =?UTF-8?q?feat(argo-cd):=20make=20PrometheusRule?= =?UTF-8?q?=20deployment=20conditional=20on=20CRD=20exis=E2=80=A6=20(#2791?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/argo-cd/Chart.yaml | 4 ++-- .../argocd-application-controller/prometheusrule.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 70bca9bb..196b482c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.2.1 +version: 7.3.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Default argocd repo-server init container replicas to empty + description: make PrometheusRule deployment conditional on CRD existence diff --git a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml index 86d66564..20d8eea8 100644 --- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: From 7b30c3bcfa011d4cfeb83e2441bf5ff4d00728e9 Mon Sep 17 00:00:00 2001 From: Clement Chevalier <69809982+clemcvlcs@users.noreply.github.com> Date: Tue, 25 Jun 2024 14:25:46 +0200 Subject: [PATCH 570/768] chore(argo-cd): add shard option for clusterCredentials (#2779) feat(argocd): add shard option for clusterCredentials Signed-off-by: Clement Chevalier --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-configs/cluster-secrets.yaml | 3 +++ charts/argo-cd/values.yaml | 10 ++++++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 196b482c..906b8661 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.0 +version: 7.3.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: make PrometheusRule deployment conditional on CRD existence + description: add shard option for clusterCredentials diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 2682e70e..d952f7c9 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -19,6 +19,9 @@ metadata: {{- end }} type: Opaque stringData: + {{- if $cluster_value.shard }} + shard: {{ $cluster_value.shard }} + {{- end }} name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} {{- if $cluster_value.namespaces }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 001a3d97..a89a9f96 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -461,6 +461,16 @@ configs: # tlsClientConfig: # insecure: false # caData: "" + # mycluster4-sharded: + # shard: 1 + # server: https://mycluster4.example.com + # labels: {} + # annotations: {} + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" # -- Repository credentials to be used as Templates for other repos ## Creates a secret for each key/value specified below to create repository credentials From ee508fe7fc9780529d4f425de424b42d6b7c4105 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Halc=C3=B3n?= Date: Tue, 25 Jun 2024 15:04:32 +0200 Subject: [PATCH 571/768] fix(argo-rollouts): Add subscriptions into notifcations-configmap (#2793) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(argo-rollouts): Add subscriptions into notifcations-configmap Signed-off-by: Jaime Pérez Halcón * fix(argo-rollouts): Set version Signed-off-by: Jaime Pérez Halcón * fix(argo-rollouts): Updated readme Signed-off-by: Jaime Pérez Halcón * fix(values.yaml): fixed trailing spaces Signed-off-by: Jaime Pérez Halcón --------- Signed-off-by: Jaime Pérez Halcón Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + .../templates/controller/notifcations-configmap.yaml | 4 ++++ charts/argo-rollouts/values.yaml | 8 ++++++++ 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 1c8ccbc9..c72282f6 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.36.1 +version: 2.36.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Add annotations for notifications secret + description: Add subscriptions into notifications-configmap diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index b6d8160a..1d7c59cd 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -61,6 +61,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | | notifications.secret.create | bool | `false` | Whether to create notifications secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | +| notifications.subscriptions | object | `{}` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | | providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | diff --git a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml index a370a600..8d4cd6b4 100644 --- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml +++ b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml @@ -16,3 +16,7 @@ data: {{- with .Values.notifications.triggers }} {{- toYaml . | nindent 2 }} {{- end }} + {{- with .Values.notifications.subscriptions }} + subscriptions: + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 089d5547..7e142c24 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -479,3 +479,11 @@ notifications: # trigger.on-purple: | # - send: [my-purple-template] # when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple' + + # -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts + subscriptions: {} + # subscriptions: + # recipients: + # - slack: + # triggers: + # - on-rollout-completed From db0f57b309ea6dec4b951e4340defff0c603ce21 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 26 Jun 2024 14:27:44 +0900 Subject: [PATCH 572/768] fix(argo-events): Update Jetstream versions as following upstream (#2790) --- charts/argo-events/Chart.yaml | 6 ++--- charts/argo-events/README.md | 46 +++++++++++++++++++++++++++++--- charts/argo-events/values.yaml | 48 +++++++++++++++++++++++++++++++--- 3 files changed, 90 insertions(+), 10 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 394b150c..aae23442 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.2 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.6 +version: 2.4.7 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-events to v1.9.2 + - kind: fixed + description: Update Jetstream versions as following upstream diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index c9cd5083..5d2c036b 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -65,11 +65,51 @@ done | configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | | | configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message | | configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 | -| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:latest"` | | -| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:latest"` | | -| configs.jetstream.versions[0].natsImage | string | `"nats:latest"` | | +| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | +| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | +| configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | | | configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | | configs.jetstream.versions[0].version | string | `"latest"` | | +| configs.jetstream.versions[1].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[1].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[1].natsImage | string | `"nats:2.8.1"` | | +| configs.jetstream.versions[1].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[1].version | string | `"2.8.1"` | | +| configs.jetstream.versions[2].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[2].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[2].natsImage | string | `"nats:2.8.1-alpine"` | | +| configs.jetstream.versions[2].startCommand | string | `"nats-server"` | | +| configs.jetstream.versions[2].version | string | `"2.8.1-alpine"` | | +| configs.jetstream.versions[3].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[3].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[3].natsImage | string | `"nats:2.8.2"` | | +| configs.jetstream.versions[3].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[3].version | string | `"2.8.2"` | | +| configs.jetstream.versions[4].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[4].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[4].natsImage | string | `"nats:2.8.2-alpine"` | | +| configs.jetstream.versions[4].startCommand | string | `"nats-server"` | | +| configs.jetstream.versions[4].version | string | `"2.8.2-alpine"` | | +| configs.jetstream.versions[5].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[5].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[5].natsImage | string | `"nats:2.9.1"` | | +| configs.jetstream.versions[5].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[5].version | string | `"2.9.1"` | | +| configs.jetstream.versions[6].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[6].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[6].natsImage | string | `"nats:2.9.12"` | | +| configs.jetstream.versions[6].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[6].version | string | `"2.9.12"` | | +| configs.jetstream.versions[7].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[7].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[7].natsImage | string | `"nats:2.9.16"` | | +| configs.jetstream.versions[7].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[7].version | string | `"2.9.16"` | | +| configs.jetstream.versions[8].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | +| configs.jetstream.versions[8].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | +| configs.jetstream.versions[8].natsImage | string | `"nats:2.10.10"` | | +| configs.jetstream.versions[8].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[8].version | string | `"2.10.10"` | | | configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index b959e6cd..09a2d9ea 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -96,10 +96,50 @@ configs: duplicates: 300s # Supported versions of JetStream eventbus versions: - - version: "latest" - natsImage: nats:latest - metricsExporterImage: natsio/prometheus-nats-exporter:latest - configReloaderImage: natsio/nats-server-config-reloader:latest + - version: latest + natsImage: nats:2.10.10 + metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0 + configReloaderImage: natsio/nats-server-config-reloader:0.14.0 + startCommand: /nats-server + - version: 2.8.1 + natsImage: nats:2.8.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.8.1-alpine + natsImage: nats:2.8.1-alpine + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: nats-server + - version: 2.8.2 + natsImage: nats:2.8.2 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.8.2-alpine + natsImage: nats:2.8.2-alpine + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: nats-server + - version: 2.9.1 + natsImage: nats:2.9.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.9.12 + natsImage: nats:2.9.12 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.9.16 + natsImage: nats:2.9.16 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.10.10 + natsImage: nats:2.10.10 + metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0 + configReloaderImage: natsio/nats-server-config-reloader:0.14.0 startCommand: /nats-server # -- Array of extra K8s manifests to deploy From 889c3e95653a21f6b0aed6e6047e5a913452401f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 26 Jun 2024 09:02:42 +0200 Subject: [PATCH 573/768] chore(deps): update actions/create-github-app-token action to v1.10.2 (#2798) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d69671c9..f647beb0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1 + uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 3d98d04f431bad7362c2d8643dd840ddf4c6aced Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 26 Jun 2024 18:10:00 +0900 Subject: [PATCH 574/768] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.1 (#2794) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.1 * feat(argo-rollouts): update as following upstream Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: renovate[bot] Co-authored-by: yu-croco --- charts/argo-rollouts/Chart.yaml | 6 +++--- .../templates/controller/deployment.yaml | 12 ++++++++++-- .../templates/crds/analysis-run-crd.yaml | 1 - .../templates/crds/analysis-template-crd.yaml | 1 - .../crds/cluster-analysis-template-crd.yaml | 1 - charts/argo-rollouts/values.yaml | 1 + 6 files changed, 14 insertions(+), 8 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index c72282f6..0aef8f18 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.0 +appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.36.2 +version: 2.37.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Add subscriptions into notifications-configmap + description: Bump argo-rollouts to v1.7.1 diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index 851dec0b..df5dc4db 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -80,8 +80,12 @@ spec: {{- toYaml .Values.containerSecurityContext | nindent 10 }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} - {{- with .Values.controller.volumeMounts }} volumeMounts: + - name: plugin-bin + mountPath: /home/argo-rollouts/plugin-bin + - name: tmp + mountPath: /tmp + {{- with .Values.controller.volumeMounts }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.controller.extraContainers }} @@ -120,7 +124,11 @@ spec: {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} - {{- with .Values.controller.volumes }} volumes: + - name: plugin-bin + emptyDir: {} + - name: tmp + emptyDir: {} + {{- with .Values.controller.volumes }} {{- toYaml . | nindent 6 }} {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 52c75d97..d79c3608 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -189,7 +189,6 @@ spec: datadog: properties: aggregator: - default: last enum: - avg - min diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 794c7617..3c46bbad 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -185,7 +185,6 @@ spec: datadog: properties: aggregator: - default: last enum: - avg - min diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index b6c9f6f0..b7b07c2e 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -185,7 +185,6 @@ spec: datadog: properties: aggregator: - default: last enum: - avg - min diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 7e142c24..f8bc359f 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -120,6 +120,7 @@ controller: # limits: # cpu: 100m # memory: 128Mi + # ephemeral-storage: 1Gi # requests: # cpu: 50m # memory: 64Mi From 425e98ecff7bbfa5ccc6f94980c6a9699daf4e99 Mon Sep 17 00:00:00 2001 From: ajax-bychenok-y <138507453+ajax-bychenok-y@users.noreply.github.com> Date: Wed, 26 Jun 2024 13:39:03 +0300 Subject: [PATCH 575/768] fix(argo-rollouts): Fix of global subscriptions for Argo Rollouts (#2797) * Fix of Argo Rollouts notifications subscription Signed-off-by: Yurii Bychenok * Fixed Argo Rollouts helm changelog Signed-off-by: Yurii Bychenok * Fixed Argo Rollouts helm default values.yaml Signed-off-by: Yurii Bychenok * Fixed Argo Rollouts doc after helm update Signed-off-by: Yurii Bychenok --------- Signed-off-by: Yurii Bychenok Signed-off-by: Aikawa Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 2 +- .../templates/controller/notifcations-configmap.yaml | 2 +- charts/argo-rollouts/values.yaml | 10 +++++----- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 0aef8f18..df878d7f 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.0 +version: 2.37.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-rollouts to v1.7.1 + - kind: fixed + description: Fix subscriptions into notifications-configmap diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 1d7c59cd..13a4f24b 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -61,7 +61,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | | notifications.secret.create | bool | `false` | Whether to create notifications secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | -| notifications.subscriptions | object | `{}` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | +| notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | | notifications.templates | object | `{}` | Notification templates | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | | providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | diff --git a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml index 8d4cd6b4..4748bfc1 100644 --- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml +++ b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml @@ -17,6 +17,6 @@ data: {{- toYaml . | nindent 2 }} {{- end }} {{- with .Values.notifications.subscriptions }} - subscriptions: + subscriptions: | {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index f8bc359f..2a3b7c15 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -482,9 +482,9 @@ notifications: # when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple' # -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts - subscriptions: {} - # subscriptions: - # recipients: - # - slack: + subscriptions: [] + # - recipients: + # - slack: # triggers: - # - on-rollout-completed + # - on-rollout-completed + # - on-rollout-aborted From 171177ab77f3e5b242566de5a3b8638c10a40928 Mon Sep 17 00:00:00 2001 From: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> Date: Wed, 26 Jun 2024 14:28:42 +0300 Subject: [PATCH 576/768] feat(argo-cd): add support for passing redis - sentinel credentials (#2492) * feat: add support for passing redis - sentinel credentials Signed-off-by: ShlomiTubul * feat: add changelog annotations Signed-off-by: ShlomiTubul * Update Chart.yaml Signed-off-by: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> * Update Chart.yaml Signed-off-by: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> * Update Chart.yaml Signed-off-by: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> --------- Signed-off-by: ShlomiTubul Signed-off-by: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- .../argocd-application-controller/statefulset.yaml | 12 ++++++++++++ .../templates/argocd-repo-server/deployment.yaml | 12 ++++++++++++ .../argo-cd/templates/argocd-server/deployment.yaml | 12 ++++++++++++ charts/argo-cd/values.yaml | 2 +- 6 files changed, 41 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 906b8661..06d3d2f6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.1 +version: 7.3.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: add shard option for clusterCredentials + - kind: added + description: Add support for passing redis - sentinel credentials diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 8ef96974..3801650d 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1347,7 +1347,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| -| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis credentials (must contain key `redis-password`). When it's set, the `externalRedis.password` parameter is ignored | +| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored | | externalRedis.host | string | `""` | External Redis server host | | externalRedis.password | string | `""` | External Redis password | | externalRedis.port | int | `6379` | External Redis server port | diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 947307d7..4fb49bee 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -211,6 +211,18 @@ spec: {{- else }} key: auth {{- end }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 7a29d147..992d2369 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -188,6 +188,18 @@ spec: {{- else }} key: auth {{- end }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 125328a5..f20f2af0 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -256,6 +256,18 @@ spec: {{- else }} key: auth {{- end }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index a89a9f96..0d42bf71 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1611,7 +1611,7 @@ externalRedis: password: "" # -- External Redis server port port: 6379 - # -- The name of an existing secret with Redis credentials (must contain key `redis-password`). + # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. # When it's set, the `externalRedis.password` parameter is ignored existingSecret: "" # -- External Redis Secret annotations From 9cefbb3dafab990bc7a5c1297bae01fefa3307f5 Mon Sep 17 00:00:00 2001 From: shlomi tubul <33376277+shlomitubul@users.noreply.github.com> Date: Sat, 29 Jun 2024 00:52:17 +0300 Subject: [PATCH 577/768] fix(argo-cd): Make REDIS_PASSWORD environment variables optional always (#2800) --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/statefulset.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 06d3d2f6..b4a7c1af 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.3 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.2 +version: 7.3.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add support for passing redis - sentinel credentials + - kind: changed + description: make REDIS_PASSWORD environment variables optional always diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 4fb49bee..8231f311 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -205,9 +205,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + optional: true {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 992d2369..71e8c767 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -182,9 +182,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + optional: true {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index f20f2af0..00a62fd2 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -250,9 +250,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + optional: true {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} From 80e6e6bebdf62fce7aacc5b973d46d6e7a10887d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 29 Jun 2024 07:43:46 -0500 Subject: [PATCH 578/768] chore(deps): bump the dependencies group with 2 updates (#2801) --- .github/workflows/pr-title.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 9828761b..170d908b 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2 + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 71c8da60..7ee9fec5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: sarif_file: results.sarif From 24275df2aa87653e6c3f62a41b9cfc4d5310f4ce Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 02:18:40 -0500 Subject: [PATCH 579/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.421.4 (#2802) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f647beb0..056f4109 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.384.0 + renovate-version: 37.421.4 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 475d7e724dfa7b6c0038b6504e1ddb8a4db6c873 Mon Sep 17 00:00:00 2001 From: Kaswob <44066982+Kaswob@users.noreply.github.com> Date: Mon, 1 Jul 2024 12:02:14 +0200 Subject: [PATCH 580/768] fix(argo-rollouts): Add traefik.io api group (#2703) Add traefik.io (which is the only supported apiGroup for traefik >3.0) to clusterrole and role of argo-rollouts chart Signed-off-by: Kamil Swoboda Signed-off-by: Kaswob <44066982+Kaswob@users.noreply.github.com> --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/templates/controller/clusterrole.yaml | 1 + charts/argo-rollouts/templates/controller/role.yaml | 1 + 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index df878d7f..53066aa5 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.1 +version: 2.37.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix subscriptions into notifications-configmap + - kind: added + description: Added traefik.io apiGroup to Role and ClusterRole diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index a80708b6..70c3bdf8 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -248,6 +248,7 @@ rules: # Traefik access needed when using the Traefik provider - apiGroups: - traefik.containo.us + - traefik.io resources: - traefikservices verbs: diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index 584587b9..fdce087e 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -249,6 +249,7 @@ rules: # Traefik access needed when using the Traefik provider - apiGroups: - traefik.containo.us + - traefik.io resources: - traefikservices verbs: From 080e79078cae5d24a5bbc3712e5b9a23a6dc3716 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 23:21:48 +0200 Subject: [PATCH 581/768] chore(deps): update actions/create-github-app-token action to v1.10.3 (#2803) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 056f4109..d0ed6dbd 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2 + uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 5e862ea63bb487e1899588fb31e20f26ba833be6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:23:41 -0500 Subject: [PATCH 582/768] chore(deps): update renovatebot/github-action action to v40.2.0 (#2804) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d0ed6dbd..54249d70 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12 + uses: renovatebot/github-action@259200be4d976a76196ec8985b0dddcaf1733b47 # v40.2.0 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From de281eca6e3e73bc8d96d29cd1c8cc637ab2752b Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 21:43:28 +0100 Subject: [PATCH 583/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.4 (#2805) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b4a7c1af..6dfce538 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.3 +appVersion: v2.11.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.3 +version: 7.3.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: make REDIS_PASSWORD environment variables optional always + description: Bump argo-cd to v2.11.4 From 50984954684e14bd6c43d19313d9487f78dd7237 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 7 Jul 2024 07:43:25 -0500 Subject: [PATCH 584/768] chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 in the dependencies group (#2808) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7ee9fec5..8de765b9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif From f9b619dc6aac70ef9ce9f957db6478af5cf53435 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 19:55:39 +0200 Subject: [PATCH 585/768] chore(deps): update renovatebot/github-action action to v40.2.1 (#2811) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 54249d70..ba7bedb0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@259200be4d976a76196ec8985b0dddcaf1733b47 # v40.2.0 + uses: renovatebot/github-action@d4cde0ac34e53942ead1619a101748e3ab842937 # v40.2.1 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 6dab5492689e9f2d389515a7059564f9d0c9fb39 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 19:31:47 -0500 Subject: [PATCH 586/768] chore(deps): update renovatebot/github-action action to v40.2.2 (#2815) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index ba7bedb0..5eced008 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@d4cde0ac34e53942ead1619a101748e3ab842937 # v40.2.1 + uses: renovatebot/github-action@042670e39b8d7335e992c3fa526ecbfbd52ef57b # v40.2.2 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From ea28da27d14035f9efa88750a45b1fdf21585ec0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 9 Jul 2024 22:31:36 +0100 Subject: [PATCH 587/768] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.14.0 (#2809) * chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.14.0 * feat(argocd-image-updater): upgrade as following upstream Signed-off-by: yu-croco * feat(argocd-image-updater): configure gitCommitSigningKey and gitCommitSignOff Signed-off-by: yu-croco * fix(argocd-image-updater): add missing attribute Signed-off-by: yu-croco --------- Signed-off-by: yu-croco Co-authored-by: renovate[bot] Co-authored-by: yu-croco --- charts/argocd-image-updater/Chart.yaml | 8 +++--- charts/argocd-image-updater/README.md | 3 +++ .../templates/configmap.yaml | 9 +++++++ .../templates/deployment.yaml | 26 +++++++++++++++++++ charts/argocd-image-updater/values.yaml | 9 +++++++ 5 files changed, 51 insertions(+), 4 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index cbf21e4c..c358515f 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.10.2 -appVersion: v0.13.1 +version: 0.11.0 +appVersion: v0.14.0 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed a URL in values.yaml comments + - kind: changed + description: Bump argocd-image-updater to v0.14.0 diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index ea57d402..5e51a8cd 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -79,6 +79,9 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | | config.disableKubeEvents | bool | `false` | Disable kubernetes events | | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | +| config.gitCommitSignOff | bool | `false` | Enables sign off on commits | +| config.gitCommitSigningKey | string | `""` | Path to public SSH key mounted in container, or GPG key ID used to sign commits | +| config.gitCommitSigningMethod | string | `""` | Method used to sign Git commits. `openpgp` or `ssh` | | config.gitCommitTemplate | string | `""` | Changing the Git commit message | | config.gitCommitUser | string | `""` | Username to use for Git commits | | config.logLevel | string | `"info"` | Argo CD Image Update log level | diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 84eb6875..46ee3b80 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -31,6 +31,15 @@ data: git.commit-message-template: | {{- nindent 4 . }} {{- end }} + {{- with .Values.config.gitCommitSigningKey }} + git.commit-signing-key: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitSignOff }} + git.commit-sign-off: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitSigningMethod }} + git.commit-signing-method: {{ . | quote }} + {{- end }} kube.events: {{ .Values.config.disableKubeEvents | quote }} {{- with .Values.config.registries }} registries.conf: | diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index b6aa13fe..4aaa83b3 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -100,6 +100,24 @@ spec: key: kube.events name: argocd-image-updater-config optional: true + - name: GIT_COMMIT_SIGNING_KEY + valueFrom: + configMapKeyRef: + key: git.commit-signing-key + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_SIGNING_METHOD + valueFrom: + configMapKeyRef: + key: git.commit-signing-method + name: argocd-image-updater-config + optional: true + - name: GIT_COMMIT_SIGN_OFF + valueFrom: + configMapKeyRef: + key: git.commit-sign-off + name: argocd-image-updater-config + optional: true {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} {{- end }} @@ -141,6 +159,10 @@ spec: name: ssh-config - mountPath: /tmp name: tmp + - name: ssh-signing-key + mountPath: /app/ssh-keys/id_rsa + readOnly: true + subPath: sshPrivateKey {{- if .Values.authScripts.enabled }} - mountPath: /scripts name: authscripts @@ -172,6 +194,10 @@ spec: name: argocd-image-updater-ssh-config optional: true name: ssh-config + - name: ssh-signing-key + secret: + secretName: ssh-git-creds + optional: true - emptyDir: {} name: tmp {{- with .Values.volumes }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 292f2c90..19291de9 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -133,6 +133,15 @@ config: # -- Changing the Git commit message gitCommitTemplate: "" + # -- Path to public SSH key mounted in container, or GPG key ID used to sign commits + gitCommitSigningKey: "" + + # -- Enables sign off on commits + gitCommitSignOff: false + + # -- Method used to sign Git commits. `openpgp` or `ssh` + gitCommitSigningMethod: "" + # -- Argo CD Image Update log level logLevel: "info" From 79e32424d68e39a46f40db7f5377db7a2b473960 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Wed, 10 Jul 2024 23:01:05 +0200 Subject: [PATCH 588/768] fix(argo-cd): Address oversights of feature `namespaceOverride` (#2821) Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/NOTES.txt | 4 ++-- .../argocd-application-controller/prometheusrule.yaml | 2 +- .../argocd-application-controller/servicemonitor.yaml | 2 +- .../templates/argocd-applicationset/servicemonitor.yaml | 2 +- .../argo-cd/templates/argocd-configs/cluster-secrets.yaml | 2 +- .../argocd-configs/repository-credentials-secret.yaml | 2 +- .../argo-cd/templates/argocd-configs/repository-secret.yaml | 2 +- .../templates/argocd-notifications/servicemonitor.yaml | 2 +- .../templates/argocd-repo-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/argocd-server/servicemonitor.yaml | 2 +- charts/argo-cd/templates/dex/servicemonitor.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/role.yaml | 2 +- charts/argo-cd/templates/redis-secret-init/rolebinding.yaml | 2 +- .../argo-cd/templates/redis-secret-init/serviceaccount.yaml | 2 +- charts/argo-cd/templates/redis/servicemonitor.yaml | 2 +- 17 files changed, 20 insertions(+), 20 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6dfce538..1f3f92a3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.4 +version: 7.3.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.11.4 + - kind: fixed + description: Address oversights of feature `namespaceOverride` diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index f2dbdfab..8821ab75 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,6 +1,6 @@ In order to access the server UI you have the following options: -1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 +1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443 and then open the browser on http://localhost:8080 and accept the certificate @@ -12,7 +12,7 @@ In order to access the server UI you have the following options: {{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}} After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: -kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d +kubectl -n {{ include "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli) {{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}} diff --git a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml index 20d8eea8..6ddc7f4c 100644 --- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- if .Values.controller.metrics.rules.selector }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 4a09daf3..a9edaf54 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.controller.fullname" . }} - namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 9c236c45..8fac6a8d 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} {{- with .Values.applicationSet.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index d952f7c9..0b4b1e11 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} {{- with $cluster_value.labels }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml index ed1d2fd7..e4d23f9a 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-creds-{{ $repo_cred_key }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: argocd.argoproj.io/secret-type: repo-creds {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml index 4c028958..4a77cf1b 100644 --- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: argocd-repo-{{ $repo_key }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: argocd.argoproj.io/secret-type: repository {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 03599a6d..0d2c704f 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.notifications.fullname" . }} - namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} {{- with .Values.notifications.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 38041de3..70995398 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - namespace: {{ default .Release.Namespace .Values.repoServer.metrics.serviceMonitor.namespace | default }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} {{- with .Values.repoServer.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 2f96ca0a..74902ef0 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.server.fullname" . }} - namespace: {{ default .Release.Namespace .Values.server.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 3faa667a..2c03e597 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.dex.fullname" . }} - namespace: {{ default .Release.Namespace .Values.dex.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- with .Values.dex.metrics.serviceMonitor.selector }} diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 27837465..68086235 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -3,7 +3,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "argo-cd.redisSecretInit.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . | quote }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation diff --git a/charts/argo-cd/templates/redis-secret-init/role.yaml b/charts/argo-cd/templates/redis-secret-init/role.yaml index ac5fd313..9e8259f9 100644 --- a/charts/argo-cd/templates/redis-secret-init/role.yaml +++ b/charts/argo-cd/templates/redis-secret-init/role.yaml @@ -8,7 +8,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} name: {{ include "argo-cd.redisSecretInit.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . | quote }} rules: - apiGroups: - "" diff --git a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml index 7ea1de96..a199628a 100644 --- a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml +++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml @@ -8,7 +8,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} name: {{ include "argo-cd.redisSecretInit.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml index d6b95f13..a5352b72 100644 --- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -4,7 +4,7 @@ kind: ServiceAccount automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} metadata: name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "argo-cd.namespace" . | quote }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 2126bafb..4132c1ce 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -4,7 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.redis.fullname" . }} - namespace: {{ default .Release.Namespace .Values.redis.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.redis.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} {{- with .Values.redis.metrics.serviceMonitor.selector }} From 2653aef414ab6a5d8617af75f04190a8f7da28dc Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Fri, 12 Jul 2024 01:04:45 +0200 Subject: [PATCH 589/768] fix(argo-cd): Address inconsistent redis-secret-init SA handling (#2823) Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 2 +- .../argo-cd/templates/redis-secret-init/serviceaccount.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1f3f92a3..5ddb4c65 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.4 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.5 +version: 7.3.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Address oversights of feature `namespaceOverride` + description: Address inconsistent redis-secret-init ServiceAccount handling diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index c609f19f..eb3f7a2a 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -99,7 +99,7 @@ Create the name of the Redis secret-init service account to use */}} {{- define "argo-cd.redisSecretInit.serviceAccountName" -}} {{- if .Values.redisSecretInit.serviceAccount.create -}} - {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }} + {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }} {{- else -}} {{ default "default" .Values.redisSecretInit.serviceAccount.name }} {{- end -}} diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml index a5352b72..85540d26 100644 --- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +{{- if and .Values.redisSecretInit.enabled .Values.redisSecretInit.serviceAccount.create (not .Values.externalRedis.host) }} apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} From 94b270ad1849b51a68c25eba0337836ace345877 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Jul 2024 15:01:55 +0200 Subject: [PATCH 590/768] chore(deps): bump the dependencies group with 2 updates (#2829) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 95a10226..656e47d0 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: 3.9 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8de765b9..832240c2 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: sarif_file: results.sarif From 2285578bba7f769a74ba2ca0494278393c1e80b7 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 16 Jul 2024 10:16:44 +0900 Subject: [PATCH 591/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.5 (#2832) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5ddb4c65..f2b1c264 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.4 +appVersion: v2.11.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.6 +version: 7.3.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Address inconsistent redis-secret-init ServiceAccount handling + - kind: changed + description: Bump argo-cd to v2.11.5 From 809351a3fbee60102dec3ac3bf40de2d0559ea5e Mon Sep 17 00:00:00 2001 From: Filipe Date: Thu, 18 Jul 2024 11:52:38 +1200 Subject: [PATCH 592/768] fix(argo-cd): Missing Redis sentinel variables in app controller deployment (#2806) --- charts/argo-cd/Chart.yaml | 6 +++--- .../argocd-application-controller/deployment.yaml | 14 +++++++++++++- .../argocd-application-controller/statefulset.yaml | 2 +- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f2b1c264..b943f562 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.7 +version: 7.3.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.11.5 + - kind: fixed + description: Add Redis Sentinel variables to application controller deployment diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 7c4a2a6d..3938c25d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -208,10 +208,22 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 8231f311..3938a759 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -205,12 +205,12 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - optional: true {{- if .Values.externalRedis.host }} key: redis-password {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: From be36117924528d94f33a2b256eeb70042cba6536 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 19 Jul 2024 19:22:48 +0900 Subject: [PATCH 593/768] docs(argo-cd): Add Changelog for v7.0.0 (#2835) chore(argo-cd): Add Changelog for v7.0.0 Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 25 +++++++++++++++++++++++++ charts/argo-cd/README.md.gotmpl | 25 +++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b943f562..8dc290ce 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.11.5 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.8 +version: 7.3.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add Redis Sentinel variables to application controller deployment + - kind: added + description: Add Changelog for v7.0.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3801650d..c55c5577 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 7.0.0 + +We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. +If you used the value, please migrate like below. + +```yaml +# before +configs: + clusterCredentials: + - mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... + +# after +configs: + clusterCredentials: + mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... +``` + ### 6.10.0 This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 6ab46ffc..8ee73e93 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 7.0.0 + +We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. +If you used the value, please migrate like below. + +```yaml +# before +configs: + clusterCredentials: + - mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... + +# after +configs: + clusterCredentials: + mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... +``` + ### 6.10.0 This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. From 211bd44603726c352f7cba26c333865a1ac3f182 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 21 Jul 2024 22:03:46 +0200 Subject: [PATCH 594/768] chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 in the dependencies group (#2838) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 832240c2..0aa94eb3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: sarif_file: results.sarif From b4151e94bab875f1ed5480acc0e91a963440e27a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:33:43 +0200 Subject: [PATCH 595/768] chore(deps): update renovatebot/github-action action to v40.2.3 (#2842) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 5eced008..a04d69bf 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@042670e39b8d7335e992c3fa526ecbfbd52ef57b # v40.2.2 + uses: renovatebot/github-action@8ce0fe8066eb6b16e1bf499b21bc96e5ccd962a4 # v40.2.3 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From d32e6b537c20e0e541bbebc728e9eba08c4ce60a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 18:14:22 +0100 Subject: [PATCH 596/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.6 (#2843) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8dc290ce..dbf4e113 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.5 +appVersion: v2.11.6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.9 +version: 7.3.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add Changelog for v7.0.0 + - kind: changed + description: Bump argo-cd to v2.11.6 From 511d0d0adcedc61701f6abdbe5a6699b3d2d9e65 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 24 Jul 2024 12:44:35 +0100 Subject: [PATCH 597/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.7 (#2845) Co-authored-by: renovate[bot] --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index dbf4e113..d3de3e38 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.6 +appVersion: v2.11.7 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.10 +version: 7.3.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.11.6 + description: Bump argo-cd to v2.11.7 From 89bc396b55f19cd4cf20cb41802c9def2511642a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Jul 2024 08:16:48 -0500 Subject: [PATCH 598/768] chore(deps): bump the dependencies group with 3 updates (#2850) --- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7cdbac43..7dc62234 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Login to GHCR - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0aa94eb3..0a5792f5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif From 87e6dd9b6330db2f47b97eaa5f8b110949f01ae3 Mon Sep 17 00:00:00 2001 From: Roland Kool Date: Mon, 29 Jul 2024 09:25:24 +0200 Subject: [PATCH 599/768] chore(argo-rollouts): add option to disable creation of notifications configmap (#2849) * chore(argo-rollouts): add option to disable creation of notifications configmap This allows for using the upstream notifications configmap from https://github.com/argoproj/argo-rollouts/blob/master/manifests/notifications-install.yaml Signed-off-by: Roland Kool * chore: update changelog Signed-off-by: Roland Kool * chore: fix chart version bump Signed-off-by: Roland Kool --------- Signed-off-by: Roland Kool Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + ...tifcations-configmap.yaml => notifications-configmap.yaml} | 2 ++ charts/argo-rollouts/values.yaml | 4 ++++ 4 files changed, 9 insertions(+), 2 deletions(-) rename charts/argo-rollouts/templates/controller/{notifcations-configmap.yaml => notifications-configmap.yaml} (91%) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 53066aa5..05d40de7 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.2 +version: 2.37.3 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Added traefik.io apiGroup to Role and ClusterRole + description: Added setting to disable creation of the notifications ConfigMap diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 13a4f24b..b6a6f44d 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -57,6 +57,7 @@ For full list of changes please check ArtifactHub [changelog]. | keepCRDs | bool | `true` | Keep CRD's on helm uninstall | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | | nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template | +| notifications.configmap.create | bool | `true` | Whether to create notifications configmap | | notifications.notifiers | object | `{}` | Configures notification services | | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | | notifications.secret.create | bool | `false` | Whether to create notifications secret | diff --git a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml similarity index 91% rename from charts/argo-rollouts/templates/controller/notifcations-configmap.yaml rename to charts/argo-rollouts/templates/controller/notifications-configmap.yaml index 4748bfc1..680f468f 100644 --- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml +++ b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml @@ -1,3 +1,4 @@ +{{ if .Values.notifications.configmap.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -20,3 +21,4 @@ data: subscriptions: | {{- toYaml . | nindent 4 }} {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index 2a3b7c15..a4d313e0 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -449,6 +449,10 @@ dashboard: volumeMounts: [] notifications: + configmap: + # -- Whether to create notifications configmap + create: true + secret: # -- Whether to create notifications secret create: false From 3ecc30aa158ff3f710acf01863f1307a90c19a54 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 13:18:01 +0900 Subject: [PATCH 600/768] chore(deps): update renovatebot/github-action action to v40.2.4 (#2851) Co-authored-by: renovate[bot] --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index a04d69bf..177e527e 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@8ce0fe8066eb6b16e1bf499b21bc96e5ccd962a4 # v40.2.3 + uses: renovatebot/github-action@76d49712364696a06b60e8647df46b288fff0ddc # v40.2.4 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 3fb3397d961451a149c2fe7cf1ee4a51355ac9d0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 30 Jul 2024 16:39:06 +0900 Subject: [PATCH 601/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.9 (#2852) Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 99d313f8..d024db62 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.8 +appVersion: v3.5.9 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.11 +version: 0.41.12 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Add `app:` label to components to match upstream + - kind: changed + description: Bump argo-workflows to v3.5.9 From 67c720d23f1247726a4a4f63b3b8ef51808e2803 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 16:18:41 +0900 Subject: [PATCH 602/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.10 (#2856) Co-authored-by: renovate[bot] --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index d024db62..c2d0d9e9 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.9 +appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.12 +version: 0.41.13 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.5.9 + description: Bump argo-workflows to v3.5.10 From d89333a6b801fc67d83b30ce76ecd2d0e774185f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 13:42:22 +0200 Subject: [PATCH 603/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38 (#2855) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 177e527e..1f793b2d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 37.421.4 + renovate-version: 38.18.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From b5fcbe23c86e5a5fbfe51d976ac88876ee5704ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= Date: Fri, 2 Aug 2024 12:42:36 +0200 Subject: [PATCH 604/768] fix(argo-workflows): avoid empty namespace in role binding when singleNamespace is true (#2858) Signed-off-by: Aljoscha Poertner --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/templates/controller/workflow-rb.yaml | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index c2d0d9e9..1ed66b76 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.13 +version: 0.41.14 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.10 + - kind: fixed + description: Avoid empty namespace in role binding when singleNamespace is true diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index ec5ac172..d1d0e329 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -17,7 +17,9 @@ roleRef: subjects: - kind: ServiceAccount name: {{ $.Values.workflow.serviceAccount.name }} - namespace: {{ $namespace }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} {{- range $.Values.workflow.rbac.serviceAccounts }} - kind: ServiceAccount name: {{ .name }} From feff5aeea050ef21e1fc6d3e377108e1baff66cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Aug 2024 14:29:55 +0200 Subject: [PATCH 605/768] chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 in the dependencies group (#2860) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0a5792f5..1d8ccb97 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: SARIF file path: results.sarif From c2ba09055c1c95e851e6fad2fb07b3ca915bc688 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 05:43:54 -0500 Subject: [PATCH 606/768] chore(deps): update renovatebot/github-action action to v40.2.5 (#2862) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 1f793b2d..b1830e28 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@76d49712364696a06b60e8647df46b288fff0ddc # v40.2.4 + uses: renovatebot/github-action@0c94129d48b4e92addf23686b8a735b3057a0448 # v40.2.5 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 97a3db19cff7acb27d491a6818b9d6a4d9d0fc7a Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Mon, 5 Aug 2024 17:21:48 +0200 Subject: [PATCH 607/768] feat(argo-cd): Upgrade to Argo CD 2.12.0 (#2820) --- charts/argo-cd/Chart.yaml | 8 +- charts/argo-cd/README.md | 2 +- .../templates/argocd-applicationset/role.yaml | 2 + .../argocd-repo-server/deployment.yaml | 6 + .../templates/crds/crd-application.yaml | 271 +++++++++--------- .../templates/crds/crd-applicationset.yaml | 45 +++ .../argo-cd/templates/crds/crd-project.yaml | 60 ++-- 7 files changed, 223 insertions(+), 171 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d3de3e38..514979df 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.11.7 -kubeVersion: ">=1.23.0-0" +appVersion: v2.12.0 +kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.3.11 +version: 7.4.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.11.7 + description: Bump argo-cd to v2.11.4 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c55c5577..e9922c73 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -647,7 +647,7 @@ server: ## Prerequisites -- Kubernetes: `>=1.23.0-0` +- Kubernetes: `>=1.25.0-0` - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. - Helm v3.0.0+ diff --git a/charts/argo-cd/templates/argocd-applicationset/role.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml index 69ebf7ee..d8cfed62 100644 --- a/charts/argo-cd/templates/argocd-applicationset/role.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -34,6 +34,8 @@ rules: - appprojects verbs: - get + - list + - watch - apiGroups: - "" resources: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 71e8c767..46a0bb95 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -290,6 +290,12 @@ spec: key: reposerver.revision.cache.lock.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} - name: HELM_CACHE_HOME value: /helm-working-dir diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 686626ba..1b75cebd 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -39,20 +39,29 @@ spec: name: Revision priority: 10 type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -150,22 +159,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version (Helm) - which to sync the application to If omitted, will use the revision - specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or chart - version (Helm) which to sync each source in sources field for - the application to If omitted, will use the revision specified - in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -486,18 +494,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be - commit, tag, or branch. If omitted, will equal to HEAD. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -825,11 +833,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -848,10 +855,10 @@ spec: the sync. properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -859,10 +866,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -883,9 +890,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -914,10 +921,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted managers. - Fields mutated by those managers will take precedence over - the desired state defined in the SCM and won't be displayed - in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -944,18 +950,17 @@ spec: type: object type: array project: - description: Project is a reference to the project this application - belongs to. The empty string means that application belongs to the - 'default' project. + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: RevisionHistoryLimit limits the number of items kept - in the application's revision history, which is used for informational - purposes as well as for rollbacks to previous versions. This should - only be changed in exceptional circumstances. Setting to zero will - store no history. This will reduce storage used. Increasing will - increase the space used to store the history, so we do not recommend - increasing it. Default is 10. + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. format: int64 type: integer source: @@ -1274,10 +1279,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1606,10 +1611,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of - Helm, this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2102,11 +2107,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2448,11 +2452,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2464,9 +2467,9 @@ spec: type: object type: array observedAt: - description: 'ObservedAt indicates when the application state was - updated without querying latest git state Deprecated: controller - no longer updates ObservedAt field' + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field format: date-time type: string operationState: @@ -2579,22 +2582,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version - (Helm) which to sync the application to If omitted, - will use the revision specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or - chart version (Helm) which to sync each source in sources - field for the application to If omitted, will use the - revision specified in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2937,19 +2939,18 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3300,11 +3301,10 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision - of the source to sync the application to. In case - of Git, this can be commit, tag, or branch. If - omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3325,11 +3325,10 @@ spec: to perform the sync. properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -3337,11 +3336,10 @@ spec: to perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -3385,9 +3383,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: HookPhase contains the state of any operation - associated with this resource OR hook This can also - contain values for non-hook resources. + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3772,11 +3770,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4127,11 +4124,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4158,8 +4154,9 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: 'ResourceStatus holds the current sync and health status - of a resource TODO: describe members of this type' + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type properties: group: type: string @@ -4242,10 +4239,9 @@ spec: if Server is not set. type: string namespace: - description: Namespace specifies the target namespace - for the application's resources. The namespace will - only be set for namespace-scoped resources that have - not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4274,10 +4270,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted - managers. Fields mutated by those managers will take - precedence over the desired state defined in the SCM - and won't be displayed in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -4623,11 +4618,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4978,11 +4972,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 6414d832..899c5d09 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -72,6 +72,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -668,6 +669,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -2430,6 +2432,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -3026,6 +3029,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -6891,6 +6895,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array template: @@ -7487,6 +7492,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8083,6 +8089,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -11948,6 +11955,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -14648,6 +14656,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -15306,11 +15315,16 @@ spec: type: string step: type: string + targetRevisions: + items: + type: string + type: array required: - application - message - status - step + - targetRevisions type: object type: array conditions: @@ -15334,6 +15348,37 @@ spec: - type type: object type: array + resources: + items: + properties: + group: + type: string + health: + properties: + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array type: object required: - metadata diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index 38801469..f9910152 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -31,22 +31,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing - controls for: * where the apps may deploy to (cluster whitelist) * what - may be deployed (repository whitelist, resource whitelist/blacklist) * who - can access these applications (roles, OIDC group claims bindings) * and - what they can do (RBAC policies) * automation access to these roles (JWT - tokens)' + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -57,9 +63,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -74,9 +80,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -103,9 +109,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -118,9 +124,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -135,9 +141,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string From 2251079c2627ed54ef7a529e967f55a4dd82199a Mon Sep 17 00:00:00 2001 From: Johannes Kleinlercher Date: Tue, 6 Aug 2024 12:14:17 +0200 Subject: [PATCH 608/768] fix(argo-cd): Set TTL on redis-secret-init Job (#2861) * feat: set ttlsecondsafterfinished to prevent stuck during sync when managed by argocd Signed-off-by: Johannes Kleinlercher * fix: increased version and added changelig Signed-off-by: Johannes Kleinlercher * chore: Apply suggestions from code review Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: Johannes Kleinlercher Signed-off-by: Johannes Kleinlercher Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis-secret-init/job.yaml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 514979df..1084146a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.0 +version: 7.4.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.11.4 + - kind: fixed + description: added ttlsecondsafterfinished in redis-secret-init job to prevent a stuck in waiting for completion of hook batch/Job/argocd-redis-secret-init diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 68086235..643dadc7 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -13,6 +13,7 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} spec: + ttlSecondsAfterFinished: 60 template: metadata: labels: From 817182bdb0bd6e3e1082fe392f3ad89712c25ea8 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 9 Aug 2024 00:02:08 +0900 Subject: [PATCH 609/768] fix(argo-cd): Fix Redis race condition due to optional REDIS_PASSWORD (#2839) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-application-controller/statefulset.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1084146a..f11fcf4e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.1 +version: 7.4.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: added ttlsecondsafterfinished in redis-secret-init job to prevent a stuck in waiting for completion of hook batch/Job/argocd-redis-secret-init + description: Fix Redis race condition due to optional REDIS_PASSWORD diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 3938a759..4fb49bee 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -207,10 +207,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password + optional: true {{- else }} key: auth {{- end }} - optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 46a0bb95..500b2e44 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -182,9 +182,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - optional: true {{- if .Values.externalRedis.host }} key: redis-password + optional: true {{- else }} key: auth {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 00a62fd2..f20f2af0 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -250,9 +250,9 @@ spec: valueFrom: secretKeyRef: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - optional: true {{- if .Values.externalRedis.host }} key: redis-password + optional: true {{- else }} key: auth {{- end }} From a7e5915b2163ba62e7763ed97dce8be496868fa4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 10 Aug 2024 12:43:15 +0200 Subject: [PATCH 610/768] chore(deps): bump the dependencies group with 2 updates (#2871) --- .github/workflows/scorecard.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1d8ccb97..0d99d22b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: sarif_file: results.sarif From 4f4fb956d372604e86abcfb03038eedc7c2578a0 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 12 Aug 2024 17:58:01 +0900 Subject: [PATCH 611/768] fix(argo-rollouts): Align permissions for controller's ClusterRole / Role (#2830) * fix(argo-rollouts): Align permissions for controller's ClusterRole / Role Signed-off-by: yu-croco * fix(argo-rollouts): correct typo Signed-off-by: yu-croco --------- Signed-off-by: yu-croco --- charts/argo-rollouts/Chart.yaml | 6 +- charts/argo-rollouts/templates/_helpers.tpl | 307 ++++++++++++++++++ .../templates/controller/clusterrole.yaml | 302 +---------------- .../templates/controller/role.yaml | 287 +--------------- 4 files changed, 312 insertions(+), 590 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 05d40de7..ddb90274 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.3 +version: 2.37.4 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added setting to disable creation of the notifications ConfigMap + - kind: fixed + description: Align permissions for controller's ClusterRole and Role diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 46ebaea5..4c23c54e 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -109,3 +109,310 @@ Return the appropriate apiVersion for pod disruption budget {{- print "policy/v1" -}} {{- end -}} {{- end -}} + +{{/* +Return the rules for controller's Role and ClusterRole +*/}} +{{- define "argo-rollouts.controller.roleRules" -}} +- apiGroups: + - argoproj.io + resources: + - rollouts + - rollouts/status + - rollouts/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - experiments + - experiments/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - analysistemplates + - clusteranalysistemplates + verbs: + - get + - list + - watch +# replicaset access needed for managing ReplicaSets +- apiGroups: + - apps + resources: + - replicasets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +# deployments and podtemplates read access needed for workload reference support +- apiGroups: + - "" + - apps + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch +# services patch needed to update selector of canary/stable/active/preview services +# services create needed to create and delete services for experiments +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - patch + - create + - delete +# leases create/get/update needed for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +# secret read access to run analysis templates which reference secrets +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} +# pod list/update needed for updating ephemeral data +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - update + - watch +# pods eviction needed for restart +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +# event write needed for emitting events +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch +# ingress patch needed for managing ingress annotations, create needed for nginx canary +- apiGroups: + - networking.k8s.io + - extensions + resources: + - ingresses + verbs: + - create + - get + - list + - watch + - update + - patch +# job access needed for analysis template job metrics +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +{{- if .Values.providerRBAC.enabled }} +{{- if .Values.providerRBAC.providers.istio }} +# virtualservice/destinationrule access needed for using the Istio provider +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - destinationrules + verbs: + - watch + - get + - update + - patch + - list +{{- end }} +{{- if .Values.providerRBAC.providers.smi }} +# trafficsplit access needed for using the SMI provider +- apiGroups: + - split.smi-spec.io + resources: + - trafficsplits + verbs: + - create + - watch + - get + - update + - patch +{{- end }} +{{- if .Values.providerRBAC.providers.ambassador }} +# ambassador access needed for Ambassador provider +- apiGroups: + - getambassador.io + - x.getambassador.io + resources: + - mappings + - ambassadormappings + verbs: + - create + - watch + - get + - update + - list + - delete +{{- end }} +{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} +# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +- apiGroups: + - elbv2.k8s.aws + resources: + - targetgroupbindings + verbs: + - list + - get +{{- end }} +{{- if .Values.providerRBAC.providers.awsAppMesh }} +# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualservices + verbs: + - watch + - get + - list +# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualnodes + - virtualrouters + verbs: + - watch + - get + - list + - update + - patch +{{- end }} +{{- if .Values.providerRBAC.providers.traefik }} +# Traefik access needed when using the Traefik provider +- apiGroups: + - traefik.containo.us + - traefik.io + resources: + - traefikservices + verbs: + - watch + - get + - update +{{- end }} +{{- if .Values.providerRBAC.providers.apisix }} +# Access needed when using the Apisix provider +- apiGroups: + - apisix.apache.org + resources: + - apisixroutes + verbs: + - watch + - get + - update +{{- end }} +{{- if .Values.providerRBAC.providers.contour }} + # Access needed when using the Contour provider +- apiGroups: + - projectcontour.io + resources: + - httpproxies + verbs: + - get + - list + - watch + - update +{{- end }} +{{- if .Values.providerRBAC.providers.glooPlatform }} + # Access needed when using the Gloo Platform provider +- apiGroups: + - networking.gloo.solo.io + resources: + - routetables + verbs: + - '*' +{{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update +{{- end }} +{{- with .Values.providerRBAC.additionalRules }} +{{ toYaml . }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml index 70c3bdf8..026f23d7 100644 --- a/charts/argo-rollouts/templates/controller/clusterrole.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -7,305 +7,5 @@ metadata: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} rules: -- apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/status - - rollouts/finalizers - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch -# replicaset access needed for managing ReplicaSets -- apiGroups: - - apps - resources: - - replicasets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# deployments and podtemplates read access needed for workload reference support -- apiGroups: - - "" - - apps - resources: - - deployments - - podtemplates - verbs: - - get - - list - - watch -# services patch needed to update selector of canary/stable/active/preview services -# services create needed to create and delete services for experiments -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - patch - - create - - delete -# leases create/get/update needed for leader election -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -# secret read access to run analysis templates which reference secrets -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch -{{- if .Values.providerRBAC.providers.gatewayAPI }} - - create - - update -{{- end }} -# pod list/update needed for updating ephemeral data -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - update - - watch -# pods eviction needed for restart -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -# event write needed for emitting events -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -# ingress patch needed for managing ingress annotations, create needed for nginx canary -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - update - - patch -# job access needed for analysis template job metrics -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -{{- if .Values.providerRBAC.enabled }} -{{- if .Values.providerRBAC.providers.istio }} -# virtualservice/destinationrule access needed for using the Istio provider -- apiGroups: - - networking.istio.io - resources: - - virtualservices - - destinationrules - verbs: - - watch - - get - - update - - patch - - list -{{- end }} -{{- if .Values.providerRBAC.providers.smi }} -# trafficsplit access needed for using the SMI provider -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - watch - - get - - update - - patch -{{- end }} -{{- if .Values.providerRBAC.providers.ambassador }} -# ambassador access needed for Ambassador provider -- apiGroups: - - getambassador.io - - x.getambassador.io - resources: - - mappings - - ambassadormappings - verbs: - - create - - watch - - get - - update - - list - - delete -{{- end }} -{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} -# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - list - - get -{{- end }} -{{- if .Values.providerRBAC.providers.awsAppMesh }} -# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualservices - verbs: - - watch - - get - - list -# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualnodes - - virtualrouters - verbs: - - watch - - get - - list - - update - - patch -{{- end }} -{{- if .Values.providerRBAC.providers.traefik }} -# Traefik access needed when using the Traefik provider -- apiGroups: - - traefik.containo.us - - traefik.io - resources: - - traefikservices - verbs: - - watch - - get - - update -{{- end }} -{{- if .Values.providerRBAC.providers.apisix }} -# Access needed when using the Apisix provider -- apiGroups: - - apisix.apache.org - resources: - - apisixroutes - verbs: - - watch - - get - - update -{{- end }} -{{- if .Values.providerRBAC.providers.contour }} - # Access needed when using the Contour provider -- apiGroups: - - projectcontour.io - resources: - - httpproxies - verbs: - - get - - list - - watch - - update -{{- end }} -{{- if .Values.providerRBAC.providers.glooPlatform }} - # Access needed when using the Gloo Platform provider -- apiGroups: - - networking.gloo.solo.io - resources: - - routetables - verbs: - - '*' -{{- end }} -{{- if .Values.providerRBAC.providers.gatewayAPI }} - # Access needed when using the Gateway API provider -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - - tcproutes - - tlsroutes - - udproutes - - grpcroutes - verbs: - - get - - list - - watch - - update -{{- end }} -{{- with .Values.providerRBAC.additionalRules }} -{{ toYaml . }} -{{- end }} -{{- end }} + {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml index fdce087e..6ba0805a 100644 --- a/charts/argo-rollouts/templates/controller/role.yaml +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -8,290 +8,5 @@ metadata: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} rules: -- apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/status - - rollouts/finalizers - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch -# replicaset access needed for managing ReplicaSets -- apiGroups: - - apps - resources: - - replicasets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# deployments and podtemplates read access needed for workload reference support -- apiGroups: - - "" - - apps - resources: - - deployments - - podtemplates - verbs: - - get - - list - - watch -# services patch needed to update selector of canary/stable/active/preview services -# services create needed to create and delete services for experiments -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - patch - - create - - delete -# leases create/get/update needed for leader election -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -# secret read access to run analysis templates which reference secrets -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch -{{- if .Values.providerRBAC.providers.gatewayAPI }} - - create - - update -{{- end }} -# pod list/update needed for updating ephemeral data -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - update - - watch -# pods eviction needed for restart -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -# event write needed for emitting events -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -# ingress patch needed for managing ingress annotations, create needed for nginx canary -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - update - - patch -# job access needed for analysis template job metrics -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -{{- if .Values.providerRBAC.enabled }} -{{- if .Values.providerRBAC.providers.istio }} -# virtualservice/destinationrule access needed for using the Istio provider -- apiGroups: - - networking.istio.io - resources: - - virtualservices - - destinationrules - verbs: - - watch - - get - - update - - patch - - list -{{- end }} -{{- if .Values.providerRBAC.providers.smi }} -# trafficsplit access needed for using the SMI provider -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - watch - - get - - update - - patch -{{- end }} -{{- if .Values.providerRBAC.providers.ambassador }} -# ambassador access needed for Ambassador provider -- apiGroups: - - getambassador.io - - x.getambassador.io - resources: - - mappings - - ambassadormappings - verbs: - - create - - watch - - get - - update - - list - - delete -{{- end }} -{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} -# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - list - - get -{{- end }} -{{- if .Values.providerRBAC.providers.awsAppMesh }} -# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualservices - verbs: - - watch - - get - - list -# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider -- apiGroups: - - appmesh.k8s.aws - resources: - - virtualnodes - - virtualrouters - verbs: - - watch - - get - - list - - update - - patch -{{- end }} -{{- if .Values.providerRBAC.providers.traefik }} -# Traefik access needed when using the Traefik provider -- apiGroups: - - traefik.containo.us - - traefik.io - resources: - - traefikservices - verbs: - - watch - - get - - update -{{- end }} -{{- if .Values.providerRBAC.providers.apisix }} -# Access needed when using the Apisix provider -- apiGroups: - - apisix.apache.org - resources: - - apisixroutes - verbs: - - watch - - get - - update -{{- end }} -{{- if .Values.providerRBAC.providers.glooPlatform }} - # Access needed when using the Gloo Platform provider -- apiGroups: - - networking.gloo.solo.io - resources: - - routetables - verbs: - - '*' -{{- end }} -{{- if .Values.providerRBAC.providers.gatewayAPI }} - # Access needed when using the Gateway API provider -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - - tcproutes - - tlsroutes - - udproutes - - grpcroutes - verbs: - - get - - list - - watch - - update -{{- end }} -{{- end }} + {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }} {{- end }} From 96320b6486b6ee781ba62223c08b3b2b33d8d042 Mon Sep 17 00:00:00 2001 From: 1102 <90682513+nueavv@users.noreply.github.com> Date: Tue, 13 Aug 2024 00:28:21 +0900 Subject: [PATCH 612/768] feat(argo-cd): Update Notification Liveness/Readiness Probes (#2872) --- charts/argo-cd/Chart.yaml | 6 ++-- charts/argo-cd/README.md | 12 ++++++++ .../argocd-notifications/deployment.yaml | 20 +++++++++++++ charts/argo-cd/values.yaml | 30 +++++++++++++++++++ 4 files changed, 65 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f11fcf4e..f2725dab 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.2 +version: 7.4.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix Redis race condition due to optional REDIS_PASSWORD + - kind: added + description: "Added liveness and readiness probes to the notification controller." diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index e9922c73..39baf405 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1542,6 +1542,12 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller | | notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod | +| notifications.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` | | notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` | | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | @@ -1570,6 +1576,12 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods | | notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods | | notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods | +| notifications.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 4bdb24f6..0f6ad38b 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -107,6 +107,26 @@ spec: - name: metrics containerPort: {{ .Values.notifications.containerPorts.metrics }} protocol: TCP + {{- if .Values.notifications.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.notifications.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }} + {{- end }} resources: {{- toYaml .Values.notifications.resources | nindent 12 }} {{- with .Values.notifications.containerSecurityContext }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 0d42bf71..08a26b8b 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3307,6 +3307,36 @@ notifications: drop: - ALL + ## Probes for notifications controller Pods (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- terminationGracePeriodSeconds for container lifecycle hook terminationGracePeriodSeconds: 30 From f4101a794717207fe914946e8e23e2d779ffbd99 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 11:03:09 -0500 Subject: [PATCH 613/768] chore(deps): update renovatebot/github-action action to v40.2.6 (#2876) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b1830e28..a2bdbb74 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@0c94129d48b4e92addf23686b8a735b3057a0448 # v40.2.5 + uses: renovatebot/github-action@b266b24b144602ed4f512f0773009d026722f4cc # v40.2.6 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 51e1e5b7356676f93f2dcf688b83dc9b690775c0 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 17:31:12 +0900 Subject: [PATCH 614/768] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.2 (#2880) --- charts/argo-rollouts/Chart.yaml | 8 ++++---- charts/argo-rollouts/templates/_helpers.tpl | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index ddb90274..da2ffcb0 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.1 +appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.4 +version: 2.37.5 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Align permissions for controller's ClusterRole and Role + - kind: changed + description: Bump argo-rollouts to v1.7.2 diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 4c23c54e..820996a8 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -174,6 +174,7 @@ Return the rules for controller's Role and ClusterRole - get - list - watch + - update # services patch needed to update selector of canary/stable/active/preview services # services create needed to create and delete services for experiments - apiGroups: From 243dc286a70aee1cc93c7f8c23cf17029d3d0764 Mon Sep 17 00:00:00 2001 From: Petr Drastil Date: Fri, 16 Aug 2024 23:36:35 +0200 Subject: [PATCH 615/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.1 (#2885) * chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.1 * Add missing permissions Signed-off-by: Petr Drastil --------- Signed-off-by: Petr Drastil Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- .../templates/argocd-applicationset/clusterrole.yaml | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f2725dab..88a73792 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.0 +appVersion: v2.12.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.3 +version: 7.4.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: "Added liveness and readiness probes to the notification controller." + - kind: changed + description: Bump argo-cd to v2.12.1 diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 9c9b9193..7b1f1998 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -35,6 +35,8 @@ rules: - appprojects verbs: - get + - list + - watch - apiGroups: - "" resources: From d1f5d50dcdd436329f5baa2cea94a969b4b087d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Aug 2024 13:14:54 +0200 Subject: [PATCH 616/768] chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 in the dependencies group (#2886) chore(deps): bump github/codeql-action in the dependencies group Bumps the dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.26.0 to 3.26.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/eb055d739abdc2e8de2e5f4ba1a8b246daa779aa...429e1977040da7a23b6822b13c129cd1ba93dbb2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0d99d22b..76284816 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: sarif_file: results.sarif From 8c0b68689540eb276ac92d921b2326e706a7ba7f Mon Sep 17 00:00:00 2001 From: Brian Dunnigan Date: Tue, 20 Aug 2024 15:07:05 -0400 Subject: [PATCH 617/768] feat(argo-workflows): Added support for setting annotations on argo workflows controller configmap (#2889) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-config-map.yaml | 4 ++++ charts/argo-workflows/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 1ed66b76..bb7251b2 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.41.14 +version: 0.42.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Avoid empty namespace in role binding when singleNamespace is true + - kind: added + description: Added support for setting annotations on argo workflows controller configmap diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 662b63fd..9ab1c016 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -149,6 +149,7 @@ Fields to note: | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | | controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding | | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | +| controller.configMap.annotations | object | `{}` | ConfigMap annotations | | controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | | controller.configMap.name | string | `""` | ConfigMap name | | controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index 1997d9d3..d93a910e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -6,6 +6,10 @@ metadata: namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} + {{- with .Values.controller.configMap.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} data: config: | {{- if .Values.controller.instanceID.enabled }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 15a42ec4..9f140f1b 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -106,6 +106,8 @@ controller: create: true # -- ConfigMap name name: "" + # -- ConfigMap annotations + annotations: {} # -- Limits the maximum number of incomplete workflows in a namespace namespaceParallelism: From e49123cdf455c7f793718be823583f4747e0918e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 23 Aug 2024 09:51:01 +0100 Subject: [PATCH 618/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.2 (#2893) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 88a73792..5ee92c2e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.1 +appVersion: v2.12.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.4 +version: 7.4.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.1 + description: Bump argo-cd to v2.12.2 From 0c27d8d946090f0bfc4d43c63ea85c9199e82ed1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Aug 2024 17:15:27 -0500 Subject: [PATCH 619/768] chore(deps): bump github/codeql-action from 3.26.2 to 3.26.5 in the dependencies group (#2894) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 76284816..9d583235 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: sarif_file: results.sarif From 991579f32409483d2d96b79a97dbd72939d2b524 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sun, 25 Aug 2024 23:29:05 -0500 Subject: [PATCH 620/768] chore(deps): update renovatebot/github-action action to v40.2.7 (#2896) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index a2bdbb74..97943b77 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@b266b24b144602ed4f512f0773009d026722f4cc # v40.2.6 + uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 66615c347a9c86b31154e4787c95eaa8c2ad4024 Mon Sep 17 00:00:00 2001 From: Yuki Kitakata Date: Tue, 27 Aug 2024 17:48:42 +0900 Subject: [PATCH 621/768] chore(argo-cd): Support string type of "true" for `statusbadge.enabled` (#2895) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5ee92c2e..a231dea0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.5 +version: 7.4.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.2 + description: Support string type of "true" for `statusbadge.enabled` diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index eb3f7a2a..1ef054b1 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -183,7 +183,7 @@ Argo Configuration Preset Values (Influenced by Values configuration) {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} -{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}} +{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}} {{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} {{- end -}} {{- if .Values.configs.styles -}} From 466dd693558dd7d90d6120dcf2139100bed10b57 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 14:30:18 +0100 Subject: [PATCH 622/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.3 (#2897) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a231dea0..c912b5c5 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.2 +appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.6 +version: 7.4.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Support string type of "true" for `statusbadge.enabled` + description: Bump argo-cd to v2.12.3 From 777f5410c59b69f4f5fc718a71105e8d7c489742 Mon Sep 17 00:00:00 2001 From: Andreas Kappler Date: Wed, 28 Aug 2024 17:27:07 +0200 Subject: [PATCH 623/768] chore(argo-cd): bump redis-ha (#2900) Signed-off-by: a-hat --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index bc11a715..309790fc 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.26.1 -digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41 -generated: "2024-02-18T19:42:53.135599+02:00" + version: 4.27.6 +digest: sha256:69c6b20682f0a2a8044b71731b7c656a57118088a7b3611f59217b537167af2e +generated: "2024-08-28T13:02:33.763307+02:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c912b5c5..6490b0bc 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.4.7 +version: 7.5.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.26.1 + version: 4.27.6 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.3 + description: bumped redis chart From 2df52cba0ec3b0e19293f02b009072ba62d92187 Mon Sep 17 00:00:00 2001 From: Gazal Date: Sat, 31 Aug 2024 20:12:52 +1000 Subject: [PATCH 624/768] feat(argo-rollouts): add loadBalancerClass field for Service resource (#2772) Most users of ArgoCD may use `Ingress` (and soon `HTTPRoute`), but for those who may want to use `Service` of type `LoadBalancer`, this would be useful. The `loadBalancerClass` field would allow for a `CloudProvider` agnostic way of offloading the reconciliation for Kubernetes Service resources of type `LoadBalancer` to an external controller. Signed-off-by: Gazal Gafoor Signed-off-by: Gazal Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 1 + charts/argo-rollouts/templates/dashboard/service.yaml | 3 +++ charts/argo-rollouts/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index da2ffcb0..39dd385a 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.5 +version: 2.37.6 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-rollouts to v1.7.2 + description: add loadBalancerClass field for Service resources diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index b6a6f44d..724a6b82 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -182,6 +182,7 @@ For full list of changes please check ArtifactHub [changelog]. | dashboard.service.annotations | object | `{}` | Service annotations | | dashboard.service.externalIPs | list | `[]` | Dashboard service external IPs | | dashboard.service.labels | object | `{}` | Service labels | +| dashboard.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | | dashboard.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | | dashboard.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | | dashboard.service.nodePort | int | `nil` | Service nodePort | diff --git a/charts/argo-rollouts/templates/dashboard/service.yaml b/charts/argo-rollouts/templates/dashboard/service.yaml index 6a304b82..b7e553d7 100644 --- a/charts/argo-rollouts/templates/dashboard/service.yaml +++ b/charts/argo-rollouts/templates/dashboard/service.yaml @@ -22,6 +22,9 @@ spec: externalIPs: {{- toYaml . | nindent 4 }} {{- end }} {{- if eq .Values.dashboard.service.type "LoadBalancer" }} + {{- with .Values.dashboard.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} {{- with .Values.dashboard.service.loadBalancerIP }} loadBalancerIP: {{ . | quote }} {{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index a4d313e0..e78aa2bb 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -356,6 +356,8 @@ dashboard: service: # -- Sets the type of the Service type: ClusterIP + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from From cd8245716a5818e3be530e6bc8caa02dc8cb4c6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 Aug 2024 20:06:33 +0900 Subject: [PATCH 625/768] chore(deps): bump the dependencies group with 4 updates (#2905) Bumps the dependencies group with 4 updates: [actions/setup-python](https://github.com/actions/setup-python), [pascalgn/size-label-action](https://github.com/pascalgn/size-label-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/setup-python` from 5.1.1 to 5.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/39cd14951b08e74b54015e9e001cdefcf80e669f...f677139bbe7f9c59b41e40162b753c062f5d49a3) Updates `pascalgn/size-label-action` from 0.5.2 to 0.5.4 - [Release notes](https://github.com/pascalgn/size-label-action/releases) - [Commits](https://github.com/pascalgn/size-label-action/compare/bbbaa0d5ccce8e2e76254560df5c64b82dac2e12...be08a2d5f857dc99c5b9426cdb5a8ea1aa7f0399) Updates `actions/upload-artifact` from 4.3.6 to 4.4.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/834a144ee995460fba8ed112a2fc961b36a5ec5a...50769540e7f4bd5e21e526ee35c689e35e0d6874) Updates `github/codeql-action` from 3.26.5 to 3.26.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2c779ab0d087cd7fe7b826087247c2c81f27bfa6...4dd16135b69a43b6c8efb853346f8437d92d3c93) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pascalgn/size-label-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marco Maurer (-Kilchhofer) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/pr-sizing.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 656e47d0..a6ad9274 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: 3.9 diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 04d2b6b4..660b9385 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 # v0.5.2 + - uses: pascalgn/size-label-action@be08a2d5f857dc99c5b9426cdb5a8ea1aa7f0399 # v0.5.4 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9d583235..8c948600 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif From 2b25efdb3299f1e47a0a6168974c6cae0e195d3c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 31 Aug 2024 21:39:56 -0500 Subject: [PATCH 626/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38.59.2 (#2906) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 97943b77..c5873a18 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.18.0 + renovate-version: 38.59.2 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From e709ba3b5a643f18bb435b00b9b4aab5e985b52b Mon Sep 17 00:00:00 2001 From: Gazal Date: Mon, 2 Sep 2024 01:05:42 +1000 Subject: [PATCH 627/768] feat(argo-workflows): add loadBalancerClass field for Service resources (#2771) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ .../controller/workflow-controller-service.yaml | 7 ++++++- .../templates/server/server-service.yaml | 11 ++++++++--- charts/argo-workflows/values.yaml | 4 ++++ 5 files changed, 23 insertions(+), 7 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index bb7251b2..8b242c4f 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.0 +version: 0.42.1 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added support for setting annotations on argo workflows controller configmap + - kind: changed + description: add loadBalancerClass field for Service resources diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 9ab1c016..deec1649 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -168,6 +168,7 @@ Fields to note: | controller.kubeConfig | object | `{}` (See [values.yaml]) | Configure when workflow controller runs in a different k8s cluster with the workflow workloads, or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. | | controller.links | list | `[]` | Configure Argo Server to show custom [links] | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.loadBalancerClass | string | `""` | The class of the load balancer implementation | | controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.globallevel | string | `"0"` | Set the glog logging level | @@ -302,6 +303,7 @@ Fields to note: | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | | server.ingress.paths | list | `["/"]` | List of ingress paths | | server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.loadBalancerClass | string | `""` | The class of the load balancer implementation | | server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` | | server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | | server.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 0cd8a75b..4a1290ba 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -35,8 +35,13 @@ spec: {{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }} clusterIP: None {{- end }} - {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + {{- if eq .Values.controller.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- if .Values.controller.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index 7517d659..39c37792 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -28,11 +28,16 @@ spec: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.server.serviceType }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} + {{- if eq .Values.server.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} {{- end }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} + {{- with .Values.server.loadBalancerIP }} + loadBalancerIP: {{ . | quote }} + {{- end }} + {{- if .Values.server.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 9f140f1b..5c2a674d 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -297,6 +297,8 @@ controller: serviceAnnotations: {} # -- Optional labels to add to the controller Service serviceLabels: {} + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` loadBalancerSourceRanges: [] @@ -508,6 +510,8 @@ server: serviceAnnotations: {} # -- Optional labels to add to the UI Service serviceLabels: {} + # -- The class of the load balancer implementation + loadBalancerClass: "" # -- Static IP address to assign to loadBalancer service type `LoadBalancer` loadBalancerIP: "" # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` From d144195ff44121c70167133f5021de747b1dc945 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Mon, 2 Sep 2024 17:58:56 +0900 Subject: [PATCH 628/768] chore(argo-cd): Fix typo on README (#2907) Signed-off-by: yu-croco --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/README.md.gotmpl | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6490b0bc..69b6ccd3 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.5.0 +version: 7.5.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: bumped redis chart + - kind: fixed + description: Correct typo on README diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 39baf405..8b0cb174 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach. Steps to roteate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash - kubectl delete secret argocd-redis -n + kubectl delete secret argocd-redis -n ``` * **Perform a helm upgrade** ```bash diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 8ee73e93..ef75ddfe 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach. Steps to roteate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash - kubectl delete secret argocd-redis -n + kubectl delete secret argocd-redis -n ``` * **Perform a helm upgrade** ```bash From 3a1066cb5ab8fe3405a5667fafaa39e3e3ad8055 Mon Sep 17 00:00:00 2001 From: eddyfussel <28265760+eddyfussel@users.noreply.github.com> Date: Mon, 2 Sep 2024 17:33:07 +0200 Subject: [PATCH 629/768] fix(argo-cd): Fix certificate template secretTemplateAnnotations null (#2909) Signed-off-by: eddyfussel <28265760+eddyfussel@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/certificate.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 69b6ccd3..febb1e67 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.5.1 +version: 7.5.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Correct typo on README + description: Certificate template was wrong leading to null diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index 803452f6..a9862139 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -13,13 +13,13 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: + {{- with .Values.server.certificate.secretTemplateAnnotations }} secretTemplate: - {{- with .Values.server.certificate.secretTemplateAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} secretName: argocd-server-tls commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: From a5dc0350b9c9834a3c691aa6ed5c6be408b72e5c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 4 Sep 2024 00:55:57 -0500 Subject: [PATCH 630/768] chore(deps): update actions/create-github-app-token action to v1.10.4 (#2910) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index c5873a18..0bb3233e 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3 + uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1.10.4 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 687392688fdbc28eb0813b083e3e63771d138c5a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 07:35:42 -0500 Subject: [PATCH 631/768] chore(deps): update renovatebot/github-action action to v40.2.8 (#2912) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 0bb3233e..f1250bcc 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7 + uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From a344d64fbdb584b40fce03b8c1cf7e05034b866d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20Reegn?= Date: Tue, 10 Sep 2024 23:55:38 +0200 Subject: [PATCH 632/768] fix(argocd-apps): don't render empty app description (#2911) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(argocd-apps): don't render empty app description Signed-off-by: Zoltán Reegn * chore: Apply suggestions from code review Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: Zoltán Reegn Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/templates/projects.yaml | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index 397e9db6..f6cc3443 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 2.0.0 +version: 2.0.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: make the chart use maps instead of lists + - kind: fixed + description: not rendering empty app description diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml index 34a865ea..d6032636 100644 --- a/charts/argocd-apps/templates/projects.yaml +++ b/charts/argocd-apps/templates/projects.yaml @@ -25,7 +25,9 @@ spec: {{- with $projectData.permitOnlyProjectScopedClusters }} permitOnlyProjectScopedClusters: {{ . }} {{- end }} - description: {{ $projectData.description }} + {{- with $projectData.description }} + description: {{ . }} + {{- end }} {{- with $projectData.sourceRepos }} sourceRepos: {{- toYaml . | nindent 4 }} From 7c8bbd62e84c48c70368d9491493ed6b5018472c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 12 Sep 2024 10:57:30 +0900 Subject: [PATCH 633/768] chore(deps): update actions/create-github-app-token action to v1.11.0 (#2918) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f1250bcc..5c90efbc 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1.10.4 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From e718e4665175c79ce5a50a6c8bd49b2bb9188ffe Mon Sep 17 00:00:00 2001 From: venegator Date: Fri, 13 Sep 2024 16:01:59 +0200 Subject: [PATCH 634/768] feat(argo-workflows): Add honorLabels parameter to Argo Workflows ServiceMonitor (#2920) * Update workflow-controller-servicemonitor.yaml Signed-off-by: venegator * Update values.yaml Signed-off-by: venegator * Update Chart.yaml Signed-off-by: venegator * Update README.md Signed-off-by: venegator * Update charts/argo-workflows/Chart.yaml Co-authored-by: kiblik <5609770+kiblik@users.noreply.github.com> Signed-off-by: venegator * Update workflow-controller-servicemonitor.yaml Signed-off-by: venegator --------- Signed-off-by: venegator Co-authored-by: kiblik <5609770+kiblik@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-servicemonitor.yaml | 2 ++ charts/argo-workflows/values.yaml | 3 +++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 8b242c4f..30ff622d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.10 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.1 +version: 0.42.2 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: add loadBalancerClass field for Service resources + description: add honorLabels config for ServiceMonitor resource diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index deec1649..43e86677 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -175,6 +175,7 @@ Fields to note: | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | | controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | +| controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 1695f96d..01844a87 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -24,6 +24,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry @@ -37,6 +38,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- with .Values.controller.metricsConfig.targetLabels }} targetLabels: diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 5c2a674d..aa6e86b1 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -143,6 +143,9 @@ controller: servicePortName: metrics # -- Flag to enable headless service headlessService: false + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#honorlabels + honorLabels: false # -- ServiceMonitor relabel configs to apply to samples before scraping ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig relabelings: [] From 97acfc9360155a7f5aea4a5c5e6ab6b7dabb20c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 Sep 2024 07:50:42 -0500 Subject: [PATCH 635/768] chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 in the dependencies group (#2921) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8c948600..b94e76ce 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: sarif_file: results.sarif From b33b3dbd3066a03c5aa8def211b4303f74de6477 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 19:02:55 +0900 Subject: [PATCH 636/768] chore(deps): update renovatebot/github-action action to v40.2.9 (#2924) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 5c90efbc..526f897a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8 + uses: renovatebot/github-action@17973eff4f1b66dc88786ea5490d902aaa274cbf # v40.2.9 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 2e05c8b57b9e51bf27928cee723cf8116de38403 Mon Sep 17 00:00:00 2001 From: Mykola Stasiuk <93274808+st-myk@users.noreply.github.com> Date: Mon, 16 Sep 2024 15:37:59 +0200 Subject: [PATCH 637/768] docs(argo-rollouts): add more description for notification secret creation (#2922) * docs(argo-rollouts): add more description for secret creation Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): bump chart version Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): fix lint Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): change reference to controller Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> * docs(argo-rollouts): fix readme Signed-off-by: Mykola Stasiuk <93274808+st-myk@users.noreply.github.com> --------- Signed-off-by: st-myk <93274808+st-myk@users.noreply.github.com> Signed-off-by: Mykola Stasiuk <93274808+st-myk@users.noreply.github.com> Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/README.md | 2 +- charts/argo-rollouts/values.yaml | 3 ++- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 39dd385a..44abcb53 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.6 +version: 2.37.7 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: add loadBalancerClass field for Service resources + - kind: added + description: add description for manual secret creation diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 724a6b82..126a1dcd 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -60,7 +60,7 @@ For full list of changes please check ArtifactHub [changelog]. | notifications.configmap.create | bool | `true` | Whether to create notifications configmap | | notifications.notifiers | object | `{}` | Configures notification services | | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | -| notifications.secret.create | bool | `false` | Whether to create notifications secret | +| notifications.secret.create | bool | `false` | Whether to create notifications secret. | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | | notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | | notifications.templates | object | `{}` | Notification templates | diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index e78aa2bb..b6b5821c 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -456,7 +456,8 @@ notifications: create: true secret: - # -- Whether to create notifications secret + # -- Whether to create notifications secret. + ## If you want to manually create secret, do not forget to add proper label to it: "app.kubernetes.io/component: {{ .Values.controller.component }}". create: false # -- Generic key:value pairs to be inserted into the notifications secret items: {} From 8096751c175f6a5250bda64dc86d4de1e56b2e50 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 06:04:30 -0500 Subject: [PATCH 638/768] chore(deps): update renovatebot/github-action action to v40.2.10 (#2925) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 526f897a..077a96f4 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@17973eff4f1b66dc88786ea5490d902aaa274cbf # v40.2.9 + uses: renovatebot/github-action@e1db501385ddcccbaae6fb9c06befae04f379f23 # v40.2.10 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 8adc2939a26ce3c0e0cdcaaaddcca91e71859d5d Mon Sep 17 00:00:00 2001 From: Neile Havens Date: Thu, 19 Sep 2024 19:09:54 -0500 Subject: [PATCH 639/768] fix(argo-events): Fix events-webhook Service using non-default port (#2929) Resolves #2926 Signed-off-by: Neile Havens --- charts/argo-events/Chart.yaml | 4 ++-- charts/argo-events/templates/argo-events-webhook/service.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index aae23442..dc6af9ac 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.2 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.7 +version: 2.4.8 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update Jetstream versions as following upstream + description: events-webhook Service using non-default port diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml index e1f2b2ee..797ceb43 100644 --- a/charts/argo-events/templates/argo-events-webhook/service.yaml +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -8,7 +8,7 @@ metadata: {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} spec: ports: - - port: 443 + - port: {{ int .Values.webhook.port }} targetPort: webhook selector: {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }} From 133e70a9ea9c9db4e86df35621a6fcdc4847ad5a Mon Sep 17 00:00:00 2001 From: d3adb5 Date: Fri, 20 Sep 2024 00:59:01 -0700 Subject: [PATCH 640/768] feat(argo-cd): allow setting runtime class name (#2930) Allow chart users to set a runtime class name for all Argo CD components. Signed-off-by: d3adb5 --- charts/argo-cd/Chart.yaml | 6 ++-- charts/argo-cd/README.md | 8 +++++ .../deployment.yaml | 3 ++ .../statefulset.yaml | 3 ++ .../argocd-applicationset/deployment.yaml | 3 ++ .../argocd-notifications/deployment.yaml | 3 ++ .../argocd-repo-server/deployment.yaml | 3 ++ .../templates/argocd-server/deployment.yaml | 3 ++ charts/argo-cd/templates/dex/deployment.yaml | 3 ++ .../argo-cd/templates/redis/deployment.yaml | 3 ++ charts/argo-cd/values.yaml | 31 +++++++++++++++++++ 11 files changed, 66 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index febb1e67..210bbc7b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.5.2 +version: 7.6.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Certificate template was wrong leading to null + - kind: added + description: Ability to set runtime class for all components diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 8b0cb174..5ed80a40 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -713,6 +713,7 @@ NAME: my-release | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.priorityClassName | string | `""` | Default priority class for all components | | global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| global.runtimeClassName | string | `""` | Runtime class name for all components | | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | | global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | | global.tolerations | list | `[]` | Default tolerations for all components | @@ -856,6 +857,7 @@ NAME: my-release | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | | controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | +| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | @@ -950,6 +952,7 @@ NAME: my-release | repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.replicas | int | `1` | The number of repo server pods to run | | repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server | | repoServer.service.annotations | object | `{}` | Repo server service annotations | | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | @@ -1103,6 +1106,7 @@ NAME: my-release | server.route.hostname | string | `""` | Hostname of OpenShift Route | | server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route | | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | +| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server | | server.service.annotations | object | `{}` | Server service annotations | | server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | @@ -1210,6 +1214,7 @@ NAME: my-release | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex | | dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | dex.serviceAccount.create | bool | `true` | Create dex service account | @@ -1308,6 +1313,7 @@ NAME: my-release | redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | +| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | | redis.service.labels | object | `{}` | Additional redis service labels | @@ -1500,6 +1506,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | | applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | +| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller | | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | @@ -1583,6 +1590,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | +| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 3938c25d..32205efd 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 4fb49bee..3c644c69 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -37,6 +37,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 060d20c5..9af597b2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 0f6ad38b..85d58e2b 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 500b2e44..9a15e596 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -47,6 +47,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index f20f2af0..f015c847 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -41,6 +41,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index bc9b4530..fa11aef6 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -43,6 +43,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 76e1b00a..65581665 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -33,6 +33,9 @@ spec: {{- end }} {{- end }} spec: + {{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 08a26b8b..8e1b8c39 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -44,6 +44,9 @@ global: ## Used for ingresses, certificates, SSO, notifications, etc. domain: argocd.example.com + # -- Runtime class name for all components + runtimeClassName: "" + # -- Common labels for the all resources additionalLabels: {} # app: argo-cd @@ -619,6 +622,10 @@ controller: ## like round-robin, then the shards will be well-balanced. dynamicClusterDistribution: false + # -- Runtime class name for the application controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + # -- Application controller heartbeat time # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution heartbeatTime: 10 @@ -919,6 +926,10 @@ dex: # -- Additional command line arguments to pass to the Dex server extraArgs: [] + # -- Runtime class name for Dex + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + metrics: # -- Deploy metrics service enabled: false @@ -1213,6 +1224,10 @@ redis: # -- Redis name name: redis + # -- Runtime class name for redis + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Redis Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -1701,6 +1716,10 @@ server: # -- The number of server pods to run replicas: 1 + # -- Runtime class name for the Argo CD server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Argo CD server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server @@ -2364,6 +2383,10 @@ repoServer: # -- The number of repo server pods to run replicas: 1 + # -- Runtime class name for the repo server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Repo server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server @@ -2752,6 +2775,10 @@ applicationSet: # -- The number of ApplicationSet controller pods to run replicas: 1 + # -- Runtime class name for the ApplicationSet controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## ApplicationSet controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -3119,6 +3146,10 @@ notifications: # @default -- `""` (defaults to https://`global.domain`) argocdUrl: "" + # -- Runtime class name for the notifications controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: From c5e6458cd6277c6f66816742e9e18256a6d8aaa9 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 20 Sep 2024 12:23:53 +0100 Subject: [PATCH 641/768] fix(argo-cd): Remove unwanted newline on redis-init-secret job's imagepullsecrets (#2931) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 210bbc7b..a3335e3b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.0 +version: 7.6.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Ability to set runtime class for all components + - kind: fixed + description: Remove unwanted newline on redis-init-secret job's imagepullsecrets diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 643dadc7..15bed02d 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -30,7 +30,7 @@ spec: spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: - {{ toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - command: From fd70c609bd6e98e8b067c7c4915957c51acd786c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 20 Sep 2024 16:08:21 +0100 Subject: [PATCH 642/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.11 (#2932) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 30ff622d..6071b4e8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.10 +appVersion: v3.5.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.2 +version: 0.42.3 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: add honorLabels config for ServiceMonitor resource + description: Bump argo-workflows to v3.5.11 From b50a0731e745e068bddda412081609810eeb54c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Sep 2024 19:35:15 +0900 Subject: [PATCH 643/768] chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 in the dependencies group (#2933) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b94e76ce..8cfa51f0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: sarif_file: results.sarif From edd04f6ec8b9a96617651a8c32d00099f9732089 Mon Sep 17 00:00:00 2001 From: Jonny Langefeld Date: Mon, 23 Sep 2024 10:27:10 -0700 Subject: [PATCH 644/768] fix(argo-cd): Remove namespace from cluster scope resource (#2833) * Remove namespace from cluster scope resource A few resources I noticed had the namespace set for cluster scoped resources. Signed-off-by: Jonny Langefeld * Update clusterrole.yaml Signed-off-by: Jonny Langefeld * chore: Apply changes from code review Signed-off-by: Marco Maurer --------- Signed-off-by: Jonny Langefeld Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 4 ++-- .../argo-cd/templates/argocd-applicationset/clusterrole.yaml | 1 - .../templates/argocd-applicationset/clusterrolebinding.yaml | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a3335e3b..c57b7c0f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.1 +version: 7.6.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Remove unwanted newline on redis-init-secret job's imagepullsecrets + description: Remove namespace field from cluster scoped resources diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 7b1f1998..2723e3d2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index af6d5297..9dcae8d2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: From 0afd9e66bf361724870ebe239c7ee049af15e604 Mon Sep 17 00:00:00 2001 From: l2h Date: Thu, 26 Sep 2024 00:17:55 +0900 Subject: [PATCH 645/768] feat(argo-cd): add multi-namespace support for ApplicationSet controller RBAC (#2935) * feat(argo-cd): support multiple namespaces in applicationsetcontroller Signed-off-by: leehosu * fetch upstream Signed-off-by: leehosu * update README Signed-off-by: leehosu * change a values about namespace Signed-off-by: leehosu --------- Signed-off-by: leehosu --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../argocd-applicationset/clusterrolebinding.yaml | 8 ++++++++ charts/argo-cd/values.yaml | 2 ++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c57b7c0f..128c408a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.2 +version: 7.6.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Remove namespace field from cluster scoped resources + - kind: added + description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5ed80a40..6d07f360 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -742,6 +742,7 @@ NAME: my-release | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index 9dcae8d2..c6c1beb7 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -13,4 +13,12 @@ subjects: - kind: ServiceAccount name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ include "argo-cd.namespace" . }} +{{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}} +{{- range $namespace := (split "," $namespaces) }} + {{- if $namespace }} + - kind: ServiceAccount + name: {{ include "argo-cd.applicationSet.serviceAccountName" $ }} + namespace: {{ $namespace | trim | quote }} + {{- end }} +{{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8e1b8c39..832d4184 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -278,6 +278,8 @@ configs: applicationsetcontroller.policy: sync # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) + applicationsetcontroller.namespaces: "" # -- Enables [Applications in any namespace] ## List of additional namespaces where applications may be created in and reconciled from. From 1773b67d65142bbd46543912139d9a080eb93a00 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 25 Sep 2024 23:31:02 +0200 Subject: [PATCH 646/768] chore(deps): update actions/checkout action to v4.2.0 (#2937) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 077a96f4..e4937114 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate uses: renovatebot/github-action@e1db501385ddcccbaae6fb9c06befae04f379f23 # v40.2.10 From 4b651b3474a0518cb01c0c3af35e4ea0c5b64a00 Mon Sep 17 00:00:00 2001 From: DoumLaberge <33817317+DoumLaberge@users.noreply.github.com> Date: Wed, 25 Sep 2024 18:04:50 -0400 Subject: [PATCH 647/768] fix(argo-cd): Align imagePullSecrets for redis-secret-init Job (#2928) * issue-2848 Correction of the imagepullsecret for redis * issue-2848 Bump chart version to 7.5.3 * chore: Add changelog entry Signed-off-by: Marco Maurer --------- Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: dlaberge Co-authored-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/redis-secret-init/job.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 128c408a..41132c7d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.3 +version: 7.6.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller. + - kind: fixed + description: Align imagePullSecrets for redis-secret-init Job with other manifests diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 15bed02d..8a280e35 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -28,7 +28,7 @@ spec: {{- end }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} From d0341cc441a6efc456067f0facc4a6fe34ae54a3 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Thu, 26 Sep 2024 01:17:08 +0200 Subject: [PATCH 648/768] chore(github): Use correct email of the Renovate bot (#2938) Signed-off-by: Marco Maurer Co-authored-by: Aikawa --- .github/configs/renovate-config.js | 3 ++- renovate.json | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js index 9118ffe9..f453f640 100644 --- a/.github/configs/renovate-config.js +++ b/.github/configs/renovate-config.js @@ -1,6 +1,7 @@ module.exports = { platform: 'github', - gitAuthor: 'renovate[bot] ', + // This ensures that the gitAuthor and gitSignOff fields match + gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>', autodiscover: false, allowPostUpgradeCommandTemplating: true, allowedPostUpgradeCommands: [".*"], diff --git a/renovate.json b/renovate.json index 4e068215..730f497e 100644 --- a/renovate.json +++ b/renovate.json @@ -5,7 +5,8 @@ }, "extends": [ "config:recommended", - "docker:enableMajor" + "docker:enableMajor", + ":gitSignOff" ], "labels": ["renovate"], "includePaths": [ From e94dc2ea10172909f55c477bbddab2c0e6bd504e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 16:37:59 +0900 Subject: [PATCH 649/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.4 (#2940) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 41132c7d..b260b1c9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.3 +appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.4 +version: 7.6.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Align imagePullSecrets for redis-secret-init Job with other manifests + - kind: changed + description: Bump argo-cd to v2.12.4 From 388c5aea6604f4a7bfe8d6cfd089a4a047632017 Mon Sep 17 00:00:00 2001 From: KrisF-Midnight <166425225+KrisF-Midnight@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:56:55 +0200 Subject: [PATCH 650/768] feat(argo-workflows): add configurable scrape interval for metrics and telemetry (#2942) feat: add configurable scrape interval for metrics and telemetry Signed-off-by: KrisF-Midnight --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 2 ++ .../controller/workflow-controller-servicemonitor.yaml | 4 ++-- charts/argo-workflows/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 6071b4e8..29130932 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.3 +version: 0.42.4 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.5.11 + description: Scrape interval for metrics and telemetry data can now be set diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 43e86677..7c6774ca 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -177,6 +177,7 @@ Fields to note: | controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | | controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.metricsConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes metrics | | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". | @@ -224,6 +225,7 @@ Fields to note: | controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service | | controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server | | controller.telemetryConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.telemetryConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes telemetry data | | controller.telemetryConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | | controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path | | controller.telemetryConfig.port | int | `8081` | telemetry container port | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 01844a87..46fd18dd 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -15,7 +15,7 @@ spec: {{- if .Values.controller.metricsConfig.enabled }} - port: {{ .Values.controller.metricsConfig.servicePortName }} path: {{ .Values.controller.metricsConfig.path }} - interval: 30s + interval: {{ .Values.controller.metricsConfig.interval }} {{- with .Values.controller.metricsConfig.relabelings }} relabelings: {{- toYaml . | nindent 8 }} @@ -29,7 +29,7 @@ spec: {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry path: {{ .Values.controller.telemetryConfig.path }} - interval: 30s + interval: {{ .Values.controller.telemetryConfig.interval }} {{- with .Values.controller.metricsConfig.relabelings }} relabelings: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index aa6e86b1..646ffc39 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -127,6 +127,8 @@ controller: enabled: false # -- Path is the path where metrics are emitted. Must start with a "/". path: /metrics + # -- Frequency at which prometheus scrapes metrics + interval: 30s # -- Port is the port where metrics are emitted port: 9090 # -- How often custom metrics are cleared from memory @@ -234,6 +236,8 @@ controller: enabled: false # -- telemetry path path: /telemetry + # -- Frequency at which prometheus scrapes telemetry data + interval: 30s # -- telemetry container port port: 8081 # -- How often custom metrics are cleared from memory From ebb2d15f1e370e6023770713596aa480c71b8914 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 28 Sep 2024 07:05:21 -0500 Subject: [PATCH 651/768] chore(deps): bump the dependencies group with 2 updates (#2943) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index a6ad9274..32bd1677 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7dc62234..3da3a390 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8cfa51f0..84395b6a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif From c8948d20963f945f611c74462cc775fafdc37bd5 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 12:59:02 +0200 Subject: [PATCH 652/768] chore(deps): update renovatebot/github-action action to v40.2.11 (#2946) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e4937114..8918c54a 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@e1db501385ddcccbaae6fb9c06befae04f379f23 # v40.2.10 + uses: renovatebot/github-action@718692a6e1205fb03bed8a101596ef5755b5f35d # v40.2.11 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 6b3f648f39b552f70785aa119e7ae8523534c8cc Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 20:23:55 +0900 Subject: [PATCH 653/768] chore(deps): update renovatebot/github-action action to v40.3.0 (#2947) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 8918c54a..0bc7ca25 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@718692a6e1205fb03bed8a101596ef5755b5f35d # v40.2.11 + uses: renovatebot/github-action@180db1547505e30c02d41959fe65ada1523ee207 # v40.3.0 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 32a3541b7fdc4426323039492c39d75d5b781042 Mon Sep 17 00:00:00 2001 From: charlychiu Date: Mon, 30 Sep 2024 20:24:51 +0800 Subject: [PATCH 654/768] chore(argo-cd): Add Proxy Extensions config (#2944) * chore(argo-cd): Add Proxy Extensions config Signed-off-by: charlychiu * chore(argo-cd): Update docs Signed-off-by: charlychiu --------- Signed-off-by: charlychiu Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/values.yaml | 21 +++++++++++++++++++++ 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b260b1c9..eff7d03e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.5 +version: 7.6.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.12.4 + - kind: added + description: Value configs.params."server.enable.proxy.extension" was added diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6d07f360..108c9673 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -754,6 +754,7 @@ NAME: my-release | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | | configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | +| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) | | configs.params."server.insecure" | bool | `false` | Run server without TLS | | configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 832d4184..e6479acb 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -228,6 +228,25 @@ configs: # - profile # - email + # Extension Configuration + ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/ + # extension.config: | + # extensions: + # - name: httpbin + # backend: + # connectionTimeout: 2s + # keepAlive: 15s + # idleConnectionTimeout: 60s + # maxIdleConnections: 30 + # services: + # - url: http://httpbin.org + # headers: + # - name: some-header + # value: '$some.argocd.secret.key' + # cluster: + # name: some-cluster + # server: https://some-cluster + # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: @@ -266,6 +285,8 @@ configs: server.disable.auth: false # -- Enable GZIP compression server.enable.gzip: true + # -- Enable proxy extension feature. (proxy extension is in Alpha phase) + server.enable.proxy.extension: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin From 687bedb94658acd2b990303e28536df5403d7b20 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 1 Oct 2024 03:24:31 +0900 Subject: [PATCH 655/768] fix(argo-cd): Arrange for ApplicationSet in any namespace (#2945) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- .../argocd-applicationset/clusterrolebinding.yaml | 8 -------- charts/argo-cd/values.yaml | 4 +++- 4 files changed, 7 insertions(+), 13 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index eff7d03e..16b11ae6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.6 +version: 7.6.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Value configs.params."server.enable.proxy.extension" was added + - kind: fixed + description: Arrange for ApplicationSet in any namespace. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 108c9673..b44bb431 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -742,7 +742,7 @@ NAME: my-release | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | -| configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) | +| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index c6c1beb7..9dcae8d2 100644 --- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -13,12 +13,4 @@ subjects: - kind: ServiceAccount name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} namespace: {{ include "argo-cd.namespace" . }} -{{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}} -{{- range $namespace := (split "," $namespaces) }} - {{- if $namespace }} - - kind: ServiceAccount - name: {{ include "argo-cd.applicationSet.serviceAccountName" $ }} - namespace: {{ $namespace | trim | quote }} - {{- end }} -{{- end }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index e6479acb..70dfb347 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -299,7 +299,9 @@ configs: applicationsetcontroller.policy: sync # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false - # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) + # @default -- `""` (default is only the ns where the controller is installed) + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/ applicationsetcontroller.namespaces: "" # -- Enables [Applications in any namespace] From c38d299f01aef4a0fa76bf9daae675b89facb72e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 22:03:14 +0200 Subject: [PATCH 656/768] chore(deps): update renovatebot/github-action action to v40.3.1 (#2950) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 0bc7ca25..c77544f0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Self-hosted Renovate - uses: renovatebot/github-action@180db1547505e30c02d41959fe65ada1523ee207 # v40.3.0 + uses: renovatebot/github-action@a1ed1d0adddfdf138192d1fbe3150a80094dee6a # v40.3.1 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 994838a2ef355feb82a5517ec51ef21154b5dd76 Mon Sep 17 00:00:00 2001 From: Maneesh Singh Date: Mon, 30 Sep 2024 23:03:26 -0700 Subject: [PATCH 657/768] feat(argocd-apps): finalizers for applicationset (#2952) --- charts/argocd-apps/Chart.yaml | 6 +++--- charts/argocd-apps/ci/applicationsets-values.yaml | 2 ++ charts/argocd-apps/templates/applicationsets.yaml | 4 ++++ charts/argocd-apps/values.yaml | 2 ++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml index f6cc3443..c4433fa4 100644 --- a/charts/argocd-apps/Chart.yaml +++ b/charts/argocd-apps/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-apps description: A Helm chart for managing additional Argo CD Applications and Projects type: application -version: 2.0.1 +version: 2.0.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -17,5 +17,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: not rendering empty app description + - kind: added + description: allow setting applicationset finalizers diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml index ed84c5fb..394e2c88 100644 --- a/charts/argocd-apps/ci/applicationsets-values.yaml +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -4,6 +4,8 @@ applicationsets: applicationset: additionalLabels: {} additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io # See PR #10026 (ArgoCD v2.5 or later) # goTemplate: false generators: diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml index e8ae2134..606d6078 100644 --- a/charts/argocd-apps/templates/applicationsets.yaml +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -17,6 +17,10 @@ metadata: {{- with $appSetData.namespace }} namespace: {{ . }} {{- end }} + {{- with $appSetData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if hasKey $appSetData "goTemplate" }} goTemplate: {{ $appSetData.goTemplate }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml index 1fad3941..127dc6a9 100644 --- a/charts/argocd-apps/values.yaml +++ b/charts/argocd-apps/values.yaml @@ -97,6 +97,8 @@ applicationsets: {} # namespace: argocd # additionalLabels: {} # additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io # # See PR #10026 (ArgoCD v2.5 or later) # # goTemplate: false # generators: From d61432be3c1e460e7037462b6b5d5f8f1bdcc6d7 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 2 Oct 2024 09:46:40 +0900 Subject: [PATCH 658/768] fix(argo-workflows): Avoid to create ClusterRole for cluster template when singleNamespace (#2955) --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-controller-cluster-roles.yaml | 2 +- .../templates/server/server-cluster-roles.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 29130932..20246486 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.11 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.4 +version: 0.42.5 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Scrape interval for metrics and telemetry data can now be set + - kind: fixed + description: Avoid to create ClusterRole for cluster template when singleNamespace diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 1b01b117..1e8f764c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -198,7 +198,7 @@ rules: - watch {{- end }} -{{- if .Values.controller.clusterWorkflowTemplates.enabled }} +{{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index dbb5ff9f..f0953099 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -118,7 +118,7 @@ rules: - patch - delete -{{- if .Values.server.clusterWorkflowTemplates.enabled }} +{{- if and .Values.server.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole From bbb38b310dc80ddb51e1094765a68fc714c08204 Mon Sep 17 00:00:00 2001 From: killianmuldoon <47175296+killianmuldoon@users.noreply.github.com> Date: Thu, 3 Oct 2024 14:53:05 +0100 Subject: [PATCH 659/768] feat(argo-cd): Add affinity to redisSecretInit Job (#2962) feat: Add affinity to redisSecretInit Job Signed-off-by: killianmuldoon --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/templates/redis-secret-init/job.yaml | 4 ++++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 16b11ae6..4a70abc4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.7 +version: 7.6.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Arrange for ApplicationSet in any namespace. + - kind: added + description: Set affinity in redis secret-init job. diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index b44bb431..f0d146b1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1394,6 +1394,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | Key | Type | Default | Description | |-----|------|---------|-------------| +| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml index 8a280e35..5fd41f64 100644 --- a/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -54,6 +54,10 @@ spec: priorityClassName: {{ . }} {{- end }} restartPolicy: OnFailure + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 70dfb347..be3cec78 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1725,6 +1725,9 @@ redisSecretInit: # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + # -- Assign custom [affinity] rules to the Redis secret-init Job + affinity: {} + # -- Node selector to be added to the Redis secret-init Job # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} From 7a831569e9165564d0eb67d4416146c11ed6c7d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 6 Oct 2024 10:19:07 +0200 Subject: [PATCH 660/768] chore(deps): bump github/codeql-action from 3.26.9 to 3.26.11 in the dependencies group (#2966) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 84395b6a..5ede643e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: results.sarif From 566e009934a82b33bf86bf3c59de1b775d1bc1d2 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 21:04:37 +0200 Subject: [PATCH 661/768] chore(deps): update actions/checkout action to v4.2.1 (#2969) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index c77544f0..d6b7833c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Self-hosted Renovate uses: renovatebot/github-action@a1ed1d0adddfdf138192d1fbe3150a80094dee6a # v40.3.1 From f6556f6ef03040a16068ddb9cd619717c958bfb9 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 20:50:15 -0500 Subject: [PATCH 662/768] chore(deps): update renovatebot/github-action action to v40.3.2 (#2971) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d6b7833c..569cbe9c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@a1ed1d0adddfdf138192d1fbe3150a80094dee6a # v40.3.1 + uses: renovatebot/github-action@b9486682a19fe4ea2dd1263c11b4e0c1fe1838fe # v40.3.2 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From cad02d827ac9472d3cc42206d97d87a76d5dfb46 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 12 Oct 2024 13:20:12 +0900 Subject: [PATCH 663/768] chore(deps): update renovatebot/github-action action to v40.3.3 (#2976) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 569cbe9c..95a0c045 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@b9486682a19fe4ea2dd1263c11b4e0c1fe1838fe # v40.3.2 + uses: renovatebot/github-action@7743ec9e19ceeb61a3862c5d4131e6710195af11 # v40.3.3 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 3ec746187befd1ccfa6f0960800ac7c5080ee2fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 12 Oct 2024 19:02:37 +0900 Subject: [PATCH 664/768] chore(deps): bump the dependencies group with 3 updates (#2977) --- .github/workflows/lint-and-test.yml | 4 ++-- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 32bd1677..9ed46c41 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3da3a390..34fcd94a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 5ede643e..fde89921 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: persist-credentials: false @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: results.sarif From 3ba89c1adde5c6846c88f913dcd13a988a0b3aef Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Tue, 15 Oct 2024 16:15:51 -0400 Subject: [PATCH 665/768] fix(argo-cd): add missing event permissions for run actions (#2980) Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/clusterrole.yaml | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4a70abc4..cb2bed53 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.8 +version: 7.6.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Set affinity in redis secret-init job. + - kind: fixed + description: added missing events create for run actions diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index c1439b0c..db54cf35 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -23,9 +23,7 @@ rules: - events verbs: - list - {{- if (index .Values.configs.params "application.namespaces") }} - create - {{- end }} - apiGroups: - "" resources: From 3c24fa1bfd4ebea347b0df8224cb5159f075e6cc Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 07:40:33 +0200 Subject: [PATCH 666/768] chore(deps): update renovatebot/github-action action to v40.3.4 (#2981) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 95a0c045..96ead3ff 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@7743ec9e19ceeb61a3862c5d4131e6710195af11 # v40.3.3 + uses: renovatebot/github-action@80eaf969abf68ad62aa94d9ab392421b31621634 # v40.3.4 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From f0c5ccc32a4282c55d1dc33bf7cdb4f6d18fea2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Gaci=C4=85g?= <9296199+adisong@users.noreply.github.com> Date: Wed, 16 Oct 2024 14:00:22 +0200 Subject: [PATCH 667/768] fix(argo-cd): fixed shard value in clusterCredentials Secret (#2982) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Adrian Gaciąg <9296199+adisong@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index cb2bed53..5b5f5119 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.9 +version: 7.6.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: added missing events create for run actions + description: fixed shard value in cluster credentials Secret to be string diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 0b4b1e11..d317eac2 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -20,7 +20,7 @@ metadata: type: Opaque stringData: {{- if $cluster_value.shard }} - shard: {{ $cluster_value.shard }} + shard: {{ $cluster_value.shard | quote }} {{- end }} name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} From 168350f803585847fe6f14c94e914114e4c71993 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 18 Oct 2024 08:16:15 +0100 Subject: [PATCH 668/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.5 (#2983) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5b5f5119..740ccf1d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.4 +appVersion: v2.12.5 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.10 +version: 7.6.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: fixed shard value in cluster credentials Secret to be string + - kind: changed + description: Bump argo-cd to v2.12.5 From b311cd20f0ce082660b7b688f2a2edb20e3a3760 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 18 Oct 2024 20:27:03 +0100 Subject: [PATCH 669/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.12.6 (#2984) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 740ccf1d..41d1b3b8 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.5 +appVersion: v2.12.6 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.11 +version: 7.6.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.5 + description: Bump argo-cd to v2.12.6 From 0d2e23fe5d7ac59dd1eb89ce6effa1cfef597656 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 19 Oct 2024 07:57:50 -0500 Subject: [PATCH 670/768] chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 in the dependencies group (#2985) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index fde89921..08f648f3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: results.sarif From 85121e84515910947759fd91fa7c0ae6bec1df58 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 12:32:29 -0500 Subject: [PATCH 671/768] chore(deps): update actions/checkout action to v4.2.2 (#2990) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 96ead3ff..80ead27d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -23,7 +23,7 @@ jobs: private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate uses: renovatebot/github-action@80eaf969abf68ad62aa94d9ab392421b31621634 # v40.3.4 From 909ece4d5937c25ee663dc0befad9811ef6e9ebe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 26 Oct 2024 05:11:41 -0500 Subject: [PATCH 672/768] chore(deps): bump the dependencies group with 4 updates (#2995) --- .github/workflows/lint-and-test.yml | 6 +++--- .github/workflows/pr-sizing.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 9ed46c41..188f37be 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -13,7 +13,7 @@ jobs: options: --user 1001 steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run ah lint working-directory: ./charts run: ah lint @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.9 diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index 660b9385..9bde9db4 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -25,6 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - uses: pascalgn/size-label-action@be08a2d5f857dc99c5b9426cdb5a8ea1aa7f0399 # v0.5.4 + - uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 34fcd94a..2e74eab1 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 08f648f3..13a9b58c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: results.sarif From ba2b0493994a4cd67f64686dfe405a65a55cd1a1 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 30 Oct 2024 19:40:18 +0900 Subject: [PATCH 673/768] feat(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.0 (#2992) * chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.0 Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> * feat(argocd-image-updater): update as following upstream Signed-off-by: yu-croco * fix(argocd-image-updater): add permission when createClusterRoles is false Signed-off-by: yu-croco --------- Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: yu-croco Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argocd-image-updater/Chart.yaml | 6 +-- charts/argocd-image-updater/README.md | 1 + .../argocd-image-updater/templates/rbac.yaml | 53 +++++++++++++++---- charts/argocd-image-updater/values.yaml | 5 ++ 4 files changed, 53 insertions(+), 12 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index c358515f..df988cd0 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.0 -appVersion: v0.14.0 +version: 0.11.1 +appVersion: v0.15.0 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.14.0 + description: Bump argocd-image-updater to v0.15.0 diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 5e51a8cd..7a35b881 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -87,6 +87,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.logLevel | string | `"info"` | Argo CD Image Update log level | | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | | extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 50d75876..0f631108 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -17,21 +17,14 @@ rules: - get - list - watch - - apiGroups: - - argoproj.io - resources: - - applications - verbs: - - get - - list - - update - - patch + {{- if not .Values.createClusterRoles }} - apiGroups: - "" resources: - events verbs: - create + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -49,3 +42,45 @@ subjects: name: {{ include "argocd-image-updater.serviceAccountName" . }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} {{- end }} +--- +{{- if and .Values.rbac.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 19291de9..4825833e 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -20,6 +20,11 @@ fullnameOverride: "" # -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override namespaceOverride: "" +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD Image Updater runs. +## If you want to use this, please set `.Values.rbac.enabled` true as well. +createClusterRoles: true + # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. # If a flag contains both key and value, they need to be split to a new entry extraArgs: [] From d5438bf6b3a99044a515315dd52401c68ca86417 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 06:55:05 -0500 Subject: [PATCH 674/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38.135.2 (#3001) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 80ead27d..8d1d7a7b 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.59.2 + renovate-version: 38.135.2 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From d17587e34710b8b724dce2f0248b49d86260be1e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 30 Oct 2024 22:24:35 +0900 Subject: [PATCH 675/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.5.12 (#3002) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 20246486..152d3403 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.11 +appVersion: v3.5.12 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.5 +version: 0.42.6 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Avoid to create ClusterRole for cluster template when singleNamespace + - kind: changed + description: Bump argo-workflows to v3.5.12 From ec2f23a3045e35a3787a875391b38148b1a69f12 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 00:13:52 -0500 Subject: [PATCH 676/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38.141.1 (#3005) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 8d1d7a7b..b4ad67dc 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.135.2 + renovate-version: 38.141.1 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 5a57de40a8e0a3f22ab084ee18224cf4e9e0e667 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 2 Nov 2024 08:23:44 +0900 Subject: [PATCH 677/768] feat(argo-workflows): Support lifecycle and terminationGracePeriodSeconds for server (#2997) Signed-off-by: yu-croco --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 ++ .../argo-workflows/templates/server/server-deployment.yaml | 7 +++++++ charts/argo-workflows/values.yaml | 6 ++++++ 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 152d3403..cf7daa93 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.5.12 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.6 +version: 0.42.7 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.5.12 + - kind: added + description: Support lifecycle and terminationGracePeriodSeconds for server diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 7c6774ca..965656af 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -306,6 +306,7 @@ Fields to note: | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | | server.ingress.paths | list | `["/"]` | List of ingress paths | | server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for server container | | server.loadBalancerClass | string | `""` | The class of the load balancer implementation | | server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` | | server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | @@ -351,6 +352,7 @@ Fields to note: | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. | | server.tolerations | list | `[]` | [Tolerations] for use with node taints | | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index a4b8df7b..ce0efa78 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -108,9 +108,16 @@ spec: {{- with .Values.server.volumeMounts }} {{- toYaml . | nindent 10}} {{- end }} + {{- with .Values.server.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.server.extraContainers }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} {{- with .Values.images.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 646ffc39..75135854 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -760,6 +760,12 @@ server: # -- Enables init containers to be added to the server deployment extraInitContainers: [] + # -- Specify postStart and preStop lifecycle hooks for server container + lifecycle: {} + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Array of extra K8s manifests to deploy extraObjects: [] # - apiVersion: secrets-store.csi.x-k8s.io/v1 From baef862c36c131d3cfb3764abbe2482317463518 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 16:30:47 +0900 Subject: [PATCH 678/768] chore(deps): update renovatebot/github-action action to v40.3.5 (#3008) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b4ad67dc..ee154574 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@80eaf969abf68ad62aa94d9ab392421b31621634 # v40.3.4 + uses: renovatebot/github-action@28bcd5c4900a4353b5c9af9e1bd61dd6377f0f0d # v40.3.5 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 69f3eddca8c049ff0a7bae351d44fb7ea8900c6a Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Tue, 5 Nov 2024 00:59:47 +0100 Subject: [PATCH 679/768] feat(argo-cd): Update to Argo CD 2.13 (#2999) --- charts/argo-cd/Chart.yaml | 6 +- charts/argo-cd/README.md | 2 +- .../deployment.yaml | 27 + .../statefulset.yaml | 27 + .../argocd-applicationset/deployment.yaml | 6 + .../argocd-notifications/deployment.yaml | 6 + .../templates/argocd-server/clusterrole.yaml | 11 +- .../templates/argocd-server/deployment.yaml | 39 + .../templates/crds/crd-application.yaml | 347 +++++++ .../templates/crds/crd-applicationset.yaml | 912 ++++++++++++++++++ .../argo-cd/templates/crds/crd-project.yaml | 26 + charts/argo-cd/templates/dex/deployment.yaml | 12 + charts/argo-cd/values.yaml | 2 +- 13 files changed, 1413 insertions(+), 10 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 41d1b3b8..f93ef2d9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.12.6 +appVersion: v2.13.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.12 +version: 7.7.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.12.6 + description: Bump argo-cd to v2.13.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f0d146b1..c14be77a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1164,7 +1164,7 @@ NAME: my-release | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.38.0"` | Dex image tag | +| dex.image.tag | string | `"v2.41.1"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 32205efd..e61a8525 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -157,6 +157,24 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -325,6 +343,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -378,6 +398,13 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 3c644c69..70620df6 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -156,6 +156,24 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -324,6 +342,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -376,6 +396,13 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 9af597b2..303106b5 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -205,6 +205,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.webhook.parallelism.limit + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 85d58e2b..cee627d5 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -102,6 +102,12 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index db54cf35..b6c5f81f 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -14,15 +14,16 @@ rules: resources: - '*' verbs: - - delete - - get - - patch + - delete # supports deletion a live object in UI + - get # supports viewing live object manifest in UI + - patch # supports `argocd app patch` + - list # supports `argocd appset generate` with cluster generator - apiGroups: - "" resources: - events verbs: - - list + - list # supports listing events in UI - create - apiGroups: - "" @@ -30,7 +31,7 @@ rules: - pods - pods/log verbs: - - get + - get # supports viewing pod logs from UI {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} - apiGroups: - "" diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index f015c847..b0cecd6c 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -343,6 +343,36 @@ spec: name: argocd-cmd-params-cm key: server.api.content.types optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -365,6 +395,8 @@ spec: name: styles - mountPath: /tmp name: tmp + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- if .Values.server.extensions.enabled }} - mountPath: /tmp/extensions name: extensions @@ -513,6 +545,13 @@ spec: path: tls.crt - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: server.profile.enabled + path: profiler.enabled {{- if .Values.server.hostNetwork }} hostNetwork: {{ .Values.server.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 1b75cebd..2874d885 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -244,6 +244,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -265,6 +272,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -322,6 +339,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -361,6 +385,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -580,6 +609,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -601,6 +637,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -659,6 +705,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -700,6 +753,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1035,6 +1093,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1056,6 +1121,15 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation @@ -1112,6 +1186,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1150,6 +1231,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1362,6 +1448,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1383,6 +1476,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -1440,6 +1543,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1479,6 +1589,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1854,6 +1969,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1875,6 +1997,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -1933,6 +2065,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1974,6 +2113,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -2192,6 +2336,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2214,6 +2365,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -2274,6 +2435,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2315,6 +2483,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -2673,6 +2846,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2697,6 +2877,16 @@ spec: not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -2759,6 +2949,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2801,6 +2998,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors @@ -3030,6 +3232,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3054,6 +3263,16 @@ spec: do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3118,6 +3337,13 @@ spec: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3161,6 +3387,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource @@ -3510,6 +3741,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3532,6 +3770,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -3592,6 +3840,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3633,6 +3888,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -3858,6 +4118,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3882,6 +4149,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3944,6 +4221,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3986,6 +4270,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4358,6 +4647,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4380,6 +4676,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -4440,6 +4746,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4481,6 +4794,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4706,6 +5024,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4730,6 +5055,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -4792,6 +5127,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4834,6 +5176,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 899c5d09..6cf09222 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -62,11 +62,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -204,6 +206,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -215,6 +221,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -246,6 +256,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -268,6 +282,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -420,6 +436,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -431,6 +451,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -462,6 +486,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -484,6 +512,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -659,11 +689,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -796,6 +828,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -807,6 +843,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -838,6 +878,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -860,6 +904,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1012,6 +1058,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1023,6 +1073,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1054,6 +1108,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1076,6 +1134,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1391,6 +1451,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1402,6 +1466,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1433,6 +1501,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1455,6 +1527,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1607,6 +1681,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1618,6 +1696,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1649,6 +1731,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1671,6 +1757,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1966,6 +2054,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1977,6 +2069,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2008,6 +2104,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2030,6 +2130,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2182,6 +2284,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2193,6 +2299,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2224,6 +2334,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2246,6 +2360,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2422,11 +2538,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2564,6 +2682,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2575,6 +2697,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2606,6 +2732,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2628,6 +2758,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2780,6 +2912,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2791,6 +2927,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2822,6 +2962,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2844,6 +2988,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3019,11 +3165,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3156,6 +3304,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3167,6 +3319,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3198,6 +3354,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3220,6 +3380,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3372,6 +3534,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3383,6 +3549,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3414,6 +3584,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3436,6 +3610,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3751,6 +3927,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3762,6 +3942,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3793,6 +3977,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3815,6 +4003,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3967,6 +4157,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3978,6 +4172,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4009,6 +4207,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4031,6 +4233,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4326,6 +4530,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4337,6 +4545,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4368,6 +4580,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4390,6 +4606,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4542,6 +4760,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4553,6 +4775,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4584,6 +4810,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4606,6 +4836,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4909,6 +5141,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4920,6 +5156,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4951,6 +5191,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4973,6 +5217,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5125,6 +5371,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5136,6 +5386,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5167,6 +5421,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5189,6 +5447,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5447,6 +5707,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -5522,6 +5809,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -5674,6 +5971,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5685,6 +5986,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5716,6 +6021,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5738,6 +6047,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5890,6 +6201,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5901,6 +6216,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5932,6 +6251,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5954,6 +6277,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6202,6 +6527,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -6282,6 +6634,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -6434,6 +6796,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6445,6 +6811,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6476,6 +6846,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6498,6 +6872,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6650,6 +7026,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6661,6 +7041,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6692,6 +7076,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6714,6 +7102,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6885,11 +7275,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7024,6 +7416,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7035,6 +7431,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7066,6 +7466,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7088,6 +7492,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7240,6 +7646,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7251,6 +7661,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7282,6 +7696,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7304,6 +7722,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7482,11 +7902,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7624,6 +8046,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7635,6 +8061,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7666,6 +8096,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7688,6 +8122,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7840,6 +8276,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7851,6 +8291,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7882,6 +8326,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7904,6 +8352,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8079,11 +8529,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8216,6 +8668,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8227,6 +8683,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8258,6 +8718,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8280,6 +8744,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8432,6 +8898,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8443,6 +8913,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8474,6 +8948,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8496,6 +8974,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8811,6 +9291,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8822,6 +9306,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8853,6 +9341,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8875,6 +9367,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9027,6 +9521,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9038,6 +9536,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9069,6 +9571,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9091,6 +9597,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9386,6 +9894,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9397,6 +9909,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9428,6 +9944,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9450,6 +9970,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9602,6 +10124,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9613,6 +10139,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9644,6 +10174,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9666,6 +10200,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9969,6 +10505,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9980,6 +10520,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10011,6 +10555,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10033,6 +10581,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10185,6 +10735,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10196,6 +10750,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10227,6 +10785,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10249,6 +10811,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10507,6 +11071,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -10582,6 +11173,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -10734,6 +11335,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10745,6 +11350,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10776,6 +11385,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10798,6 +11411,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10950,6 +11565,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10961,6 +11580,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10992,6 +11615,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11014,6 +11641,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11262,6 +11891,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -11342,6 +11998,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -11494,6 +12160,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11505,6 +12175,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11536,6 +12210,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11558,6 +12236,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11710,6 +12390,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11721,6 +12405,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11752,6 +12440,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11774,6 +12466,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11945,11 +12639,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12088,6 +12784,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12099,6 +12799,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12130,6 +12834,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12152,6 +12860,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12304,6 +13014,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12315,6 +13029,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12346,6 +13064,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12368,6 +13090,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12670,6 +13394,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12681,6 +13409,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12712,6 +13444,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12734,6 +13470,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12886,6 +13624,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12897,6 +13639,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12928,6 +13674,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12950,6 +13700,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13208,6 +13960,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -13283,6 +14062,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -13435,6 +14224,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13446,6 +14239,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13477,6 +14274,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13499,6 +14300,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13651,6 +14454,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13662,6 +14469,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13693,6 +14504,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13715,6 +14530,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13963,6 +14780,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -14043,6 +14887,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -14195,6 +15049,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14206,6 +15064,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14237,6 +15099,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14259,6 +15125,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14411,6 +15279,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14422,6 +15294,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14453,6 +15329,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14475,6 +15355,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14646,11 +15528,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14860,6 +15744,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14871,6 +15759,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14902,6 +15794,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14924,6 +15820,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15076,6 +15974,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15087,6 +15989,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15118,6 +16024,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15140,6 +16050,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: diff --git a/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml index f9910152..1865aa2d 100644 --- a/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -96,6 +96,32 @@ spec: description: description: Description contains optional project description type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array destinations: description: Destinations contains list of destinations available for deployment diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index fa11aef6..4c6209ad 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -83,6 +83,18 @@ spec: {{- with (concat .Values.global.env .Values.dex.env) }} {{- toYaml . | nindent 10 }} {{- end }} + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index be3cec78..97cc2a1e 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1010,7 +1010,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.38.0 + tag: v2.41.1 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From 1c95f37c68340326bd7fe1264d23fc1f35774a18 Mon Sep 17 00:00:00 2001 From: Robert Macaulay Date: Thu, 7 Nov 2024 17:17:27 -0600 Subject: [PATCH 680/768] fix(argo-rollouts): plugin block rendering was incorrect (#3014) * Fix the plugin block rendering Signed-off-by: Robert Macaulay * fixed chart.yaml Signed-off-by: Robert Macaulay * Update charts/argo-rollouts/Chart.yaml Co-authored-by: Marco Maurer (-Kilchhofer) Signed-off-by: Robert Macaulay --------- Signed-off-by: Robert Macaulay Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-rollouts/Chart.yaml | 6 +++--- charts/argo-rollouts/templates/controller/configmap.yaml | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 44abcb53..bd4cf96c 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.7 +version: 2.37.8 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: add description for manual secret creation + - kind: fixed + description: Fixed rendering of plugins in the ConfigMap diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml index 1978b2b6..a1971ab9 100644 --- a/charts/argo-rollouts/templates/controller/configmap.yaml +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -8,8 +8,10 @@ metadata: {{- include "argo-rollouts.labels" . | nindent 4 }} data: {{- with .Values.controller.metricProviderPlugins }} - {{- toYaml . | nindent 2 }} + metricProviderPlugins: |- + {{- toYaml . | nindent 4 }} {{- end }} {{- with .Values.controller.trafficRouterPlugins }} - {{- toYaml . | nindent 2 }} + trafficRouterPlugins: |- + {{- toYaml . | nindent 4 }} {{- end }} From 09b5c1a75451d5cb3b5edf8d28b35c82e67764ed Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:28:58 +0100 Subject: [PATCH 681/768] chore(deps): update renovatebot/github-action action to v40.3.6 (#3016) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index ee154574..c8410dc7 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@28bcd5c4900a4353b5c9af9e1bd61dd6377f0f0d # v40.3.5 + uses: renovatebot/github-action@0984fb80fc633b17e57f3e8b6c007fe0dc3e0d62 # v40.3.6 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From c19cba01f8b014aece37f326b732afc66c634525 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 21:43:53 -0600 Subject: [PATCH 682/768] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.1 (#3019) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argocd-image-updater/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index df988cd0..f74772f9 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.1 -appVersion: v0.15.0 +version: 0.11.2 +appVersion: v0.15.1 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.15.0 + description: Bump argocd-image-updater to v0.15.1 From 2aea9e4cab11af366bd2ba3b11ba082a01636ca2 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 18:39:46 +0900 Subject: [PATCH 683/768] chore(deps): update renovatebot/github-action action to v41 (#3017) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index c8410dc7..1cc60f28 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@0984fb80fc633b17e57f3e8b6c007fe0dc3e0d62 # v40.3.6 + uses: renovatebot/github-action@67a664fc9b4481b33a3eff6ee9edfb7a7b9dfa1e # v41.0.2 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 0f79d5af86d63dca501d2ae1f9ad327e2384b6e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 23:38:59 +0100 Subject: [PATCH 684/768] chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1 in the dependencies group (#3020) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 13a9b58c..e2766c9c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: sarif_file: results.sarif From 0061e14563571f1cd0447fcac0e90407a600bbc4 Mon Sep 17 00:00:00 2001 From: Etienne Divet <87660346+enneitex@users.noreply.github.com> Date: Sun, 10 Nov 2024 02:42:00 +0100 Subject: [PATCH 685/768] feat(argo-cd): Add honorLabels config for ServiceMonitor resources (#3018) add honorLabels config for ServiceMonitor resources Signed-off-by: DIVET Etienne Co-authored-by: DIVET Etienne Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 7 +++++++ .../servicemonitor.yaml | 1 + .../argocd-applicationset/servicemonitor.yaml | 1 + .../argocd-notifications/servicemonitor.yaml | 1 + .../argocd-repo-server/servicemonitor.yaml | 1 + .../templates/argocd-server/servicemonitor.yaml | 1 + charts/argo-cd/templates/dex/servicemonitor.yaml | 1 + charts/argo-cd/templates/redis/servicemonitor.yaml | 1 + charts/argo-cd/values.yaml | 14 ++++++++++++++ 10 files changed, 30 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f93ef2d9..f98e502c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.0 +version: 7.7.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.13.0 + description: add honorLabels config for ServiceMonitor resources diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c14be77a..db52b9da 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -834,6 +834,7 @@ NAME: my-release | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -928,6 +929,7 @@ NAME: my-release | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1078,6 +1080,7 @@ NAME: my-release | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1189,6 +1192,7 @@ NAME: my-release | dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1291,6 +1295,7 @@ NAME: my-release | redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped | | redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1483,6 +1488,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1570,6 +1576,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index a9edaf54..d1912470 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }} {{- with .Values.controller.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 8fac6a8d..52d70700 100644 --- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }} {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 0d2c704f..22b882a6 100644 --- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -41,6 +41,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }} namespaceSelector: matchNames: - {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 70995398..b02ba7a4 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -35,6 +35,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} + honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }} scheme: {{ . }} {{- end }} {{- with .Values.repoServer.metrics.serviceMonitor.tlsConfig }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 74902ef0..49c24138 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }} {{- with .Values.server.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 2c03e597..93c9fa32 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -31,6 +31,7 @@ spec: metricRelabelings: {{- toYaml . |nindent 8 }} {{- end }} + honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }} {{- with .Values.dex.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml index 4132c1ce..4710d286 100644 --- a/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -32,6 +32,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.redis.metrics.serviceMonitor.honorLabels }} {{- with .Values.redis.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 97cc2a1e..1694cc5a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -874,6 +874,8 @@ controller: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -970,6 +972,8 @@ dex: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -1529,6 +1533,8 @@ redis: enabled: false # -- Interval at which metrics should be scraped interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2164,6 +2170,8 @@ server: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2739,6 +2747,8 @@ repoServer: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2900,6 +2910,8 @@ applicationSet: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -3314,6 +3326,8 @@ notifications: scheme: "" # -- Prometheus ServiceMonitor tlsConfig tlsConfig: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion From 7a8cdf08430cab7d57e02d0a9024e7d79bc7bedf Mon Sep 17 00:00:00 2001 From: Frans Guelinckx Date: Tue, 12 Nov 2024 17:28:33 +0100 Subject: [PATCH 686/768] chore(argo-cd): Update Redis image to 7.4.1 (#3023) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index f98e502c..1e50e313 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.1 +version: 7.7.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: add honorLabels config for ServiceMonitor resources + description: Updated Redis image tag to 7.4.1 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index db52b9da..8d8eb50d 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1276,7 +1276,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag | +| redis.image.tag | string | `"7.4.1-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1362,7 +1362,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.4.1-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1694cc5a..fd390237 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1278,7 +1278,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.2.4-alpine + tag: 7.4.1-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1564,7 +1564,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.2.4-alpine + tag: 7.4.1-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar From 936101865d3090183fc4979546685ece7f78ac23 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Wed, 13 Nov 2024 19:57:10 +0900 Subject: [PATCH 687/768] chore(argo-cd): Upgrade redis-ha (#3026) Signed-off-by: yu-croco --- charts/argo-cd/Chart.lock | 6 +++--- charts/argo-cd/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index 309790fc..36656a14 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.27.6 -digest: sha256:69c6b20682f0a2a8044b71731b7c656a57118088a7b3611f59217b537167af2e -generated: "2024-08-28T13:02:33.763307+02:00" + version: 4.29.4 +digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7 +generated: "2024-11-13T09:07:36.494128+09:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1e50e313..a77f020a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.0 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.2 +version: 7.7.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -18,7 +18,7 @@ maintainers: url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.27.6 + version: 4.29.4 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled annotations: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Updated Redis image tag to 7.4.1 + description: Upgrade redis-ha From 5869c1d2bb85205e761ee93ee6e1f6157aa139ea Mon Sep 17 00:00:00 2001 From: Emmanuel Ferdman Date: Fri, 15 Nov 2024 11:04:53 +0200 Subject: [PATCH 688/768] docs(argo-rollouts): update security policy for Argo Rollouts in SECURITY.md (#3034) docs(SECURITY.md): update security policy for Argo Rollouts Signed-off-by: Emmanuel Ferdman --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index f4fb6002..a066f67f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ Each helm chart currently supports the designated application version in the Cha * [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md) * [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md) -* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md) +* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md) * [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md) * [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md) From 84329170e0707106274db4814c4a67ec5c043786 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 09:28:29 -0700 Subject: [PATCH 689/768] chore(deps): bump github/codeql-action from 3.27.1 to 3.27.4 in the dependencies group (#3039) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e2766c9c..19c09e4c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: sarif_file: results.sarif From 37b52a569393abe9d6fa30ef277a117cda8c34d8 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 21:36:19 -0800 Subject: [PATCH 690/768] chore(deps): update renovatebot/github-action action to v41.0.3 (#3040) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 1cc60f28..00e1b401 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@67a664fc9b4481b33a3eff6ee9edfb7a7b9dfa1e # v41.0.2 + uses: renovatebot/github-action@e02bf7b1c996027e55e910400653576a8293246c # v41.0.3 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 5ab558e91768ef2fd9c5917f7196b261d86a4f85 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:47:50 -0600 Subject: [PATCH 691/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.13.1 (#3043) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index a77f020a..6f17b1c2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.0 +appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.3 +version: 7.7.4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade redis-ha + description: Bump argo-cd to v2.13.1 From 7e397f75f3beca8aaa51695ecd63d8d99b66a10d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 21 Nov 2024 17:27:05 +0900 Subject: [PATCH 692/768] chore(argo-workflows): Upgrade Argo Workflows to v3.6.0 (#3037) * chore(argo-workflows): Upgrade Argo Workflows to v3.6.0 Signed-off-by: yu-croco * fix: clean up cache to pass CI Signed-off-by: yu-croco * test: rm cache clear. Try latest version of ct test Signed-off-by: Tim Collins * just trying all the things. sorry Signed-off-by: Tim Collins * add debug output Signed-off-by: Tim Collins * additional debug Signed-off-by: Tim Collins * MOAR debug Signed-off-by: Tim Collins * typo Signed-off-by: Tim Collins * specifically find files Signed-off-by: Tim Collins * use minimal crds Signed-off-by: Tim Collins * rm debug step Signed-off-by: Tim Collins --------- Signed-off-by: yu-croco Signed-off-by: Tim Collins Co-authored-by: Tim Collins Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- .github/workflows/lint-and-test.yml | 3 +- charts/argo-workflows/Chart.yaml | 8 +- .../argoproj.io_workflowartifactgctasks.yaml | 1150 ++++++++++++++++- .../argoproj.io_workfloweventbindings.yaml | 650 +++++++++- .../crds/argoproj.io_workflowtaskresults.yaml | 65 + 5 files changed, 1841 insertions(+), 35 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 188f37be..c8188a35 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -41,7 +41,7 @@ jobs: uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 with: # Note: Also update in scripts/lint.sh - version: v3.10.0 + version: v3.11.0 - name: List changed charts id: list-changed @@ -74,7 +74,6 @@ jobs: if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml - - name: Deploy latest ArgoCD CRDs when testing ArgoCD extensions if: | contains(steps.list-changed.outputs.changed_charts, 'argocd-image-updater') || diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index cf7daa93..fb008aa6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.5.12 +appVersion: v3.6.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.42.7 +version: 0.43.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support lifecycle and terminationGracePeriodSeconds for server + - kind: changed + description: Upgrade Argo Workflows to v3.6.0 diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml index dcebddb2..6a474715 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml @@ -17,34 +17,1130 @@ spec: listKind: WorkflowArtifactGCTaskList plural: workflowartifactgctasks shortNames: - - wfat + - wfat singular: workflowartifactgctask scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + artifactsByNode: + additionalProperties: + properties: + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + type: object + artifacts: + additionalProperties: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: object + type: object + type: object + type: object + status: + properties: + artifactResultsByNode: + additionalProperties: + properties: + artifactResults: + additionalProperties: + properties: + error: + type: string + name: + type: string + success: + type: boolean + required: + - name + type: object + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} {{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml index 097fa5cd..f11df956 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml @@ -32,9 +32,655 @@ spec: metadata: type: object spec: + properties: + event: + properties: + selector: + type: string + required: + - selector + type: object + submit: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + metadata: + type: object + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + required: + - workflowTemplateRef + type: object + required: + - event type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true required: - metadata - spec diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml index 861f1df8..02f3f08b 100644 --- a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml @@ -81,12 +81,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic url: type: string usernameSecret: @@ -94,12 +96,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - url type: object @@ -110,12 +114,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic blob: type: string container: @@ -146,12 +152,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - key type: object @@ -170,17 +178,21 @@ spec: type: array insecureIgnoreHostKey: type: boolean + insecureSkipTLS: + type: boolean passwordSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic repo: type: string revision: @@ -192,23 +204,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic usernameSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic required: - repo type: object @@ -220,6 +236,8 @@ spec: items: type: string type: array + dataTransferProtection: + type: string force: type: boolean hdfsUser: @@ -229,34 +247,40 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbConfigConfigMap: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbKeytabSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic krbRealm: type: string krbServicePrincipalName: @@ -279,23 +303,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic usernameSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object clientCert: properties: @@ -304,23 +332,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic clientKeySecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object oauth2: properties: @@ -329,23 +361,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic clientSecretSecret: properties: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic endpointParams: items: properties: @@ -366,12 +402,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object type: object headers: @@ -405,12 +443,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic bucket: type: string createBucketIfNotPresent: @@ -433,12 +473,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic securityToken: type: string useSDKCreds: @@ -464,12 +506,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic bucket: type: string caSecret: @@ -477,12 +521,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic createBucketIfNotPresent: properties: objectLocking: @@ -501,12 +547,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object endpoint: type: string @@ -523,12 +571,27 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic useSDKCreds: type: boolean type: object @@ -564,12 +627,14 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean required: - key type: object + x-kubernetes-map-type: atomic default: type: string event: From 81dc44c4a5ccd42c799469a78eb96a68048a4987 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Thu, 21 Nov 2024 01:58:52 -0700 Subject: [PATCH 693/768] fix(argo-workflows): Remove excessive wf controller RBAC permissions (#3044) Signed-off-by: Tim Collins --- charts/argo-workflows/Chart.yaml | 6 +++--- .../templates/controller/workflow-role.yaml | 21 ------------------- 2 files changed, 3 insertions(+), 24 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index fb008aa6..f8ced494 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.43.0 +version: 0.44.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.6.0 + - kind: fixed + description: Remove excessive RBAC privileges from workflow-role. diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 14265372..e99369a2 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -11,27 +11,6 @@ metadata: namespace: {{ . }} {{- end }} rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - apiGroups: - argoproj.io resources: From 8a1d39610c9aebf1f32e79a736dbbfa577b035a5 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 21 Nov 2024 21:36:55 +0900 Subject: [PATCH 694/768] fix(argo-cd): Update application CRD (#3047) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/crds/crd-application.yaml | 11 +++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6f17b1c2..9f7925d2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.4 +version: 7.7.5 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.13.1 + - kind: fixed + description: Update application CRD diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 2874d885..7e3afda6 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -125,6 +125,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync @@ -2720,6 +2725,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync @@ -5356,3 +5366,4 @@ spec: storage: true subresources: {} {{- end }} + From ccfa0651cba45454d7462dcb153d4222ef1feb72 Mon Sep 17 00:00:00 2001 From: Robert Macaulay Date: Thu, 21 Nov 2024 07:02:51 -0600 Subject: [PATCH 695/768] fix(argo-rollouts): Change type of trafficRouterPlugins and trafficRouterPlugins as list (#3036) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/README.md | 4 ++-- charts/argo-rollouts/values.yaml | 14 ++++++-------- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index bd4cf96c..1eb766af 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.37.8 +version: 2.38.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Fixed rendering of plugins in the ConfigMap + description: Updated plugin values.yaml example and it's implementation to not need to include the stringification or the plugins block that it used to diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 126a1dcd..927a2098 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -102,7 +102,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.kloglevel | string | `"0"` | Set the klog logging level | | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | -| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller | +| controller.metricProviderPlugins | list | `[]` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | | controller.metrics.service.annotations | object | `{}` | Service annotations | | controller.metrics.service.port | int | `8090` | Metrics service port | @@ -127,7 +127,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | -| controller.trafficRouterPlugins | object | `{}` | Configures 3rd party traffic router plugins for controller | +| controller.trafficRouterPlugins | list | `[]` | Configures 3rd party traffic router plugins for controller | | controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container | | controller.volumes | list | `[]` | Additional volumes to add to the controller pod | | podAnnotations | object | `{}` | Annotations for the all deployed pods | diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index b6b5821c..fdc58a44 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -209,17 +209,15 @@ controller: # -- Configures 3rd party metric providers for controller ## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/ - metricProviderPlugins: {} - # metricProviderPlugins: |- - # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration - # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + metricProviderPlugins: [] + # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// # -- Configures 3rd party traffic router plugins for controller ## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/ - trafficRouterPlugins: {} - # trafficRouterPlugins: |- - # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration - # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + trafficRouterPlugins: [] + # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// serviceAccount: # -- Specifies whether a service account should be created From e888b374c99149f4991afca8614e6e7b59e3d993 Mon Sep 17 00:00:00 2001 From: Scott Melhop <31436287+scottmelhop@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:40:29 +0100 Subject: [PATCH 696/768] fix(argo-workflows): Updated chart to reflect change to ARGO_BASE_HREF env (#3049) * Updated chart to reflect change to ARGO_BASE_HREF env Signed-off-by: Scott Melhop * Update changelog Signed-off-by: Scott Melhop * remove ide formatting Signed-off-by: Scott Melhop --------- Signed-off-by: Scott Melhop --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/templates/server/server-deployment.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index f8ced494..25a548e1 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.44.0 +version: 0.44.1 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Remove excessive RBAC privileges from workflow-role. + description: Change BASE_HREF to ARGO_BASE_HREF. diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index ce0efa78..b9a2541b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -95,7 +95,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: BASE_HREF + - name: ARGO_BASE_HREF value: {{ .Values.server.baseHref | quote }} {{- with .Values.server.extraEnv }} {{- toYaml . | nindent 12 }} From 90eef9ef1f8c5e58e6fdb0459047363d62a2e328 Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Fri, 22 Nov 2024 15:19:46 +0000 Subject: [PATCH 697/768] fix(argo-workflows): Make Argo Agent and Artifact GC permissions optional for workflows SA (#3048) --- charts/argo-workflows/Chart.yaml | 4 +-- charts/argo-workflows/README.md | 2 ++ .../templates/controller/agent-rb.yaml | 29 +++++++++++++++++++ .../templates/controller/agent-role.yaml | 29 +++++++++++++++++++ .../templates/controller/artifact-gc-rb.yaml | 29 +++++++++++++++++++ .../controller/artifact-gc-role.yaml | 29 +++++++++++++++++++ .../templates/controller/workflow-role.yaml | 15 ---------- charts/argo-workflows/values.yaml | 4 +++ 8 files changed, 124 insertions(+), 17 deletions(-) create mode 100644 charts/argo-workflows/templates/controller/agent-rb.yaml create mode 100644 charts/argo-workflows/templates/controller/agent-role.yaml create mode 100644 charts/argo-workflows/templates/controller/artifact-gc-rb.yaml create mode 100644 charts/argo-workflows/templates/controller/artifact-gc-role.yaml diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 25a548e1..4b7e834e 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.44.1 +version: 0.45.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Change BASE_HREF to ARGO_BASE_HREF. + description: Make Argo Agent and Artifact GC permissions optional for workflows SA diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 965656af..6a82eb5f 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -133,6 +133,8 @@ Fields to note: | Key | Type | Default | Description | |-----|------|---------|-------------| | workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. | +| workflow.rbac.agentPermissions | bool | `false` | Allows permissions for the Argo Agent. Only required if using http/plugin templates | +| workflow.rbac.artifactGC | bool | `false` | Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc | | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) | | workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding | | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | diff --git a/charts/argo-workflows/templates/controller/agent-rb.yaml b/charts/argo-workflows/templates/controller/agent-rb.yaml new file mode 100644 index 00000000..67e49955 --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/agent-role.yaml b/charts/argo-workflows/templates/controller/agent-role.yaml new file mode 100644 index 00000000..577567b2 --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtasksets + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowtasksets/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml new file mode 100644 index 00000000..279b2c50 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-role.yaml b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml new file mode 100644 index 00000000..48218b83 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index e99369a2..81c20048 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -18,21 +18,6 @@ rules: verbs: - create - patch - - apiGroups: - - argoproj.io - resources: - - workflowtasksets - - workflowartifactgctasks - verbs: - - list - - watch - - apiGroups: - - argoproj.io - resources: - - workflowtasksets/status - - workflowartifactgctasks/status - verbs: - - patch {{- end }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 75135854..8101898b 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -69,6 +69,10 @@ workflow: # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) create: true + # -- Allows permissions for the Argo Agent. Only required if using http/plugin templates + agentPermissions: false + # -- Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc + artifactGC: false # -- Extra service accounts to be added to the RoleBinding serviceAccounts: [] # - name: my-service-account From 4909b4287091fa75e22d6b25117e445366261df5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Nov 2024 05:57:50 -0600 Subject: [PATCH 698/768] chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5 in the dependencies group (#3050) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 19c09e4c..7442ff0b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif From 3e1b02da23a7398f5be6401bd763c7a0c5e41859 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 19:53:13 +0900 Subject: [PATCH 699/768] chore(deps): update renovatebot/github-action action to v41.0.4 (#3051) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 00e1b401..94d21965 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@e02bf7b1c996027e55e910400653576a8293246c # v41.0.3 + uses: renovatebot/github-action@757597d1bb6993c6406e207997a85f2b20ff39be # v41.0.4 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From d0b5926c0bf61e09a7ecbb0f705c33f5e1034c26 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 28 Nov 2024 05:43:45 +0900 Subject: [PATCH 700/768] feat(argo-events): Upgrade Argo Events to v1.9.3 (#3055) --- charts/argo-events/Chart.yaml | 8 ++++---- charts/argo-events/README.md | 2 ++ .../templates/argo-events-controller/config.yaml | 2 ++ charts/argo-events/values.yaml | 4 ++++ 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index dc6af9ac..519ebe66 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.2 +appVersion: v1.9.3 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.8 +version: 2.4.9 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: events-webhook Service using non-default port + - kind: changed + description: Bump argo-events to v1.9.3 diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 5d2c036b..10b26972 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -60,11 +60,13 @@ done |-----|------|---------|-------------| | configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) | | configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) | +| configs.jetstream.streamConfig.discard | int | `0` | 0: DiscardOld, 1: DiscardNew | | configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment | | configs.jetstream.streamConfig.maxAge | string | `"72h"` | Maximum age of existing messages, i.e. “72h”, “4h35m” | | configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | | | configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message | | configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 | +| configs.jetstream.streamConfig.retention | int | `0` | 0: Limits, 1: Interest, 2: WorkQueue | | configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | | configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | | configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | | diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml index 119c10f5..e3047de7 100644 --- a/charts/argo-events/templates/argo-events-controller/config.yaml +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -32,6 +32,8 @@ data: maxBytes: {{ .Values.configs.jetstream.streamConfig.maxBytes }} replicas: {{ .Values.configs.jetstream.streamConfig.replicas }} duplicates: {{ .Values.configs.jetstream.streamConfig.duplicates }} + retention: {{ .Values.configs.jetstream.streamConfig.retention }} + discard: {{ .Values.configs.jetstream.streamConfig.discard }} versions: {{- range .Values.configs.jetstream.versions }} - version: {{ .version }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 09a2d9ea..5c2206d6 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -94,6 +94,10 @@ configs: replicas: 3 # -- Not documented at the moment duplicates: 300s + # -- 0: Limits, 1: Interest, 2: WorkQueue + retention: 0 + # -- 0: DiscardOld, 1: DiscardNew + discard: 0 # Supported versions of JetStream eventbus versions: - version: latest From 07c5b5df98b3f0ba47024de38d42ac8222aef813 Mon Sep 17 00:00:00 2001 From: Bhavin Kotak Date: Wed, 27 Nov 2024 18:41:56 -0600 Subject: [PATCH 701/768] fix(argo-cd): Fix REDIS_PASSWORD optional flag (#3058) * fix(argo-cd): Fix REDIS_PASSWORD optional flag Signed-off-by: Bhavin Kotak * update charge version Signed-off-by: Bhavin Kotak --------- Signed-off-by: Bhavin Kotak --- charts/argo-cd/Chart.yaml | 4 ++-- .../templates/argocd-application-controller/statefulset.yaml | 2 +- charts/argo-cd/templates/argocd-repo-server/deployment.yaml | 2 +- charts/argo-cd/templates/argocd-server/deployment.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9f7925d2..31552637 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.5 +version: 7.7.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Update application CRD + description: REDIS_PASSWORD optional flag change diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 70620df6..a907ac76 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -228,10 +228,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 9a15e596..2617251d 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -187,10 +187,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index b0cecd6c..cc5f7bfe 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -255,10 +255,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: From b1333d849113a0c6c9356a068f328ea3c613a6b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Nov 2024 19:54:13 +0900 Subject: [PATCH 702/768] chore(deps): bump renovatebot/github-action from 41.0.4 to 41.0.5 in the dependencies group (#3061) chore(deps): bump renovatebot/github-action in the dependencies group Bumps the dependencies group with 1 update: [renovatebot/github-action](https://github.com/renovatebot/github-action). Updates `renovatebot/github-action` from 41.0.4 to 41.0.5 - [Release notes](https://github.com/renovatebot/github-action/releases) - [Changelog](https://github.com/renovatebot/github-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/renovatebot/github-action/compare/757597d1bb6993c6406e207997a85f2b20ff39be...936628dfbff213ab2eb95033c5e123cfcaf09ebb) --- updated-dependencies: - dependency-name: renovatebot/github-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 94d21965..35f688c3 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@757597d1bb6993c6406e207997a85f2b20ff39be # v41.0.4 + uses: renovatebot/github-action@936628dfbff213ab2eb95033c5e123cfcaf09ebb # v41.0.5 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 344fcae2a1aaacd189b03690b6b3f8c9348cfb7f Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sun, 1 Dec 2024 10:12:10 +0100 Subject: [PATCH 703/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v38.142.7 (#3062) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 35f688c3..896c46f0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.141.1 + renovate-version: 38.142.7 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 3767e5b8aea8272bb70987c25185df25e8373b31 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 10:17:06 +0000 Subject: [PATCH 704/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v39 (#3063) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 896c46f0..361ea06c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 38.142.7 + renovate-version: 39.43.0 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 0195a3581e94e33bac23b7a2b2edd3abb0c0671e Mon Sep 17 00:00:00 2001 From: Garry O'Donnell Date: Mon, 2 Dec 2024 14:19:44 +0000 Subject: [PATCH 705/768] feat(argo-cd): Template server ingress extraTls arguments (#3056) Signed-off-by: Garry O'Donnell --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 31552637..446c4b57 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.6 +version: 7.7.7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: REDIS_PASSWORD optional flag change + - kind: added + description: Allowed the use of templates in the server.ingress.extraTls field diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 84668373..31f72ed6 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -63,7 +63,7 @@ spec: secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- end }} {{- end }} From 168bc63bd6b65586720ebbcea197dbce123c03f5 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 09:39:27 -0800 Subject: [PATCH 706/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.6.1 (#3064) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 4b7e834e..77ca7d7d 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.6.0 +appVersion: v3.6.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.0 +version: 0.45.1 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Make Argo Agent and Artifact GC permissions optional for workflows SA + - kind: changed + description: Bump argo-workflows to v3.6.2 From 9bf8f97811c3d52696faa3be0c0a362b68039eab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 04:13:07 -0600 Subject: [PATCH 707/768] chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 in the dependencies group (#3069) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7442ff0b..a52762aa 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 with: sarif_file: results.sarif From cf8b6950f194c88296f8f1d5a029fc2421c7719f Mon Sep 17 00:00:00 2001 From: Takumi Sue <23391543+mikutas@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:17:14 +0900 Subject: [PATCH 708/768] feat(argo-cd): Bump argocd-extension-installer to 0.0.8 (#3070) Bump argocd-extension-installer to 0.0.8 Signed-off-by: mikutas <23391543+mikutas@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 446c4b57..8f971efe 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.7 +version: 7.7.8 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Allowed the use of templates in the server.ingress.extraTls field + - kind: changed + description: Bump argocd-extension-installer to v0.0.8 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 8d8eb50d..8cea8341 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1023,7 +1023,7 @@ NAME: my-release | server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | -| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index fd390237..f2ca736a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1847,7 +1847,7 @@ server: # -- Repository to use for extension installer image repository: "quay.io/argoprojlabs/argocd-extension-installer" # -- Tag to use for extension installer image - tag: "v0.0.5" + tag: "v0.0.8" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From eb53a916b8664de33532842e0a110919ebed1c1d Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 08:36:00 -0600 Subject: [PATCH 709/768] chore(deps): update renovatebot/github-action action to v41.0.6 (#3071) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 361ea06c..e267fcc8 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@936628dfbff213ab2eb95033c5e123cfcaf09ebb # v41.0.5 + uses: renovatebot/github-action@e3a862510f27d57a380efb11f0b52ad7e8dbf213 # v41.0.6 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From e72297ca734f3505cd86e195745eb32398627941 Mon Sep 17 00:00:00 2001 From: Symeon Meichanetzoglou Date: Wed, 11 Dec 2024 16:36:09 +0100 Subject: [PATCH 710/768] fix(argo-cd): Fix repo-server honorLabels config template (#3075) * FIX: move honorLabels config out of condition Signed-off-by: symaras * update changelog Signed-off-by: symaras * bump chart version Signed-off-by: symaras * adjust changelog Signed-off-by: symaras --------- Signed-off-by: symaras --- charts/argo-cd/Chart.yaml | 6 +++--- .../templates/argocd-repo-server/servicemonitor.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 8f971efe..110f1bc2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.8 +version: 7.7.9 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argocd-extension-installer to v0.0.8 + - kind: fixed + description: Fix honorLabels config template diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index b02ba7a4..3d7cc497 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -34,8 +34,8 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }} + {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} {{- with .Values.repoServer.metrics.serviceMonitor.tlsConfig }} From 5e8ac12acdedb969e20c9fc0d2714a3aa90baf91 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 05:33:06 +0000 Subject: [PATCH 711/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.13.2 (#3076) --- charts/argo-cd/Chart.yaml | 8 ++++---- charts/argo-cd/templates/argocd-server/clusterrole.yaml | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 110f1bc2..6f399bbb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.1 +appVersion: v2.13.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.9 +version: 7.7.10 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fix honorLabels config template + - kind: changed + description: Bump argo-cd to v2.13.2 diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index b6c5f81f..1bc9aed5 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -17,7 +17,6 @@ rules: - delete # supports deletion a live object in UI - get # supports viewing live object manifest in UI - patch # supports `argocd app patch` - - list # supports `argocd appset generate` with cluster generator - apiGroups: - "" resources: From 21d9d3e18a50a08882a445be8f089a44258994ce Mon Sep 17 00:00:00 2001 From: Frederic M <43849398+fad3t@users.noreply.github.com> Date: Fri, 13 Dec 2024 12:27:26 +0100 Subject: [PATCH 712/768] fix(argocd-image-updater): update RBAC namespaced role (#3073) Signed-off-by: Frederic Mereu Co-authored-by: Aikawa --- charts/argocd-image-updater/Chart.yaml | 4 ++-- charts/argocd-image-updater/templates/rbac.yaml | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index f74772f9..4cbb96e5 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.2 +version: 0.11.3 appVersion: v0.15.1 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.15.1 + description: Update permissions for namespaced Role diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 0f631108..867d5b59 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -24,6 +24,15 @@ rules: - events verbs: - create + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 From c6e5aba59081dd3cf08e5d8f2e8932e67302f20e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 Dec 2024 12:35:51 -0600 Subject: [PATCH 713/768] chore(deps): bump github/codeql-action from 3.27.6 to 3.27.9 in the dependencies group (#3078) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a52762aa..efed22af 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: sarif_file: results.sarif From f9856eb58376062f8f3697d79c0579c19aad14ac Mon Sep 17 00:00:00 2001 From: Kazuma Inamura <8310973+inamuu@users.noreply.github.com> Date: Tue, 17 Dec 2024 06:31:09 +0900 Subject: [PATCH 714/768] fix(argo-workflows): a link in values.yaml for Kubernetes Ingress docs (#3079) Signed-off-by: inamuu <8310973+inamuu@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 77ca7d7d..86f35660 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.1 +version: 0.45.2 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.6.2 + - kind: fixed + description: Reference to ingress link was fixed diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 8101898b..3de0ad8d 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -625,7 +625,7 @@ server: volumes: [] ## Ingress configuration. - # ref: https://kubernetes.io/docs/user-guide/ingress/ + # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: # -- Enable an ingress resource enabled: false From 46b76061b58f7ae71777708479ab622927dca923 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 08:52:31 +0900 Subject: [PATCH 715/768] chore(deps): update actions/create-github-app-token action to v1.11.1 (#3085) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e267fcc8..86872311 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 + uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 06af22458fe106226be98830664e7a421afadbce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 05:13:42 -0600 Subject: [PATCH 716/768] chore(deps): bump the dependencies group with 3 updates (#3086) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index c8188a35..cf03b150 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index efed22af..0205ce8c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif From ca63415d8ac840e2fb855404e5bf22642f5f38f8 Mon Sep 17 00:00:00 2001 From: Davor Gajic <47570664+gajicdev@users.noreply.github.com> Date: Sat, 21 Dec 2024 13:05:37 +0100 Subject: [PATCH 717/768] fix(argo-cd): add functionality to en/disable argocd-ssh-known-hosts-cm (#3083) Signed-off-by: Davor Gajic Co-authored-by: Davor Gajic Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml | 2 ++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 6f399bbb..ac2842e4 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.10 +version: 7.7.11 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.13.2 + - kind: added + description: Added functionality to en/disable argocd-ssh-known-hosts-cm diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 8cea8341..226c37a9 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -783,6 +783,7 @@ NAME: my-release | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | | configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | | configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap | +| configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. | | configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories | | configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. | | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index b0695ed3..0218d40b 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.ssh.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -17,3 +18,4 @@ data: {{- with .Values.configs.ssh.extraHosts }} {{- . | nindent 4 }} {{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index f2ca736a..66522279 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -371,6 +371,9 @@ configs: # SSH known hosts for Git repositories ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys ssh: + # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. + create: true + # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap annotations: {} From ef90ecc84466b2d78adf479dd1f162e8760a037c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 14:47:18 +0900 Subject: [PATCH 718/768] chore(deps): update renovatebot/github-action action to v41.0.7 (#3087) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 86872311..b7e3508d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@e3a862510f27d57a380efb11f0b52ad7e8dbf213 # v41.0.6 + uses: renovatebot/github-action@2be773c4be8361d8182cc1b750e75bbc75af71b0 # v41.0.7 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 74376f6cab408d9c78c645dd61dffc5c4b138e15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 28 Dec 2024 11:52:27 -0600 Subject: [PATCH 719/768] chore(deps): bump helm/kind-action from 1.11.0 to 1.12.0 in the dependencies group (#3091) --- .github/workflows/lint-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index cf03b150..4c4db950 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -70,7 +70,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml From 0877c58e19cd2ffd96e613520938a4a744b424b7 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 31 Dec 2024 02:19:17 +0900 Subject: [PATCH 720/768] fix(argo-rollouts): Correct outdated URL for ingress (#3093) --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 1eb766af..33d77781 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.38.0 +version: 2.38.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Updated plugin values.yaml example and it's implementation to not need to include the stringification or the plugins block that it used to + description: Correct outdated URL for ingress diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index fdc58a44..c95f88bf 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -397,7 +397,7 @@ dashboard: maxUnavailable: # 0 ## Ingress configuration. - ## ref: https://kubernetes.io/docs/user-guide/ingress/ + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: # -- Enable dashboard ingress support From 9bd03f64b225a77d7ebbf86ba2b3a887aeefeff4 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Tue, 31 Dec 2024 21:17:39 +0900 Subject: [PATCH 721/768] docs(argo-events): Correct outdated URL for doc (#3096) --- charts/argo-events/Chart.yaml | 6 +++--- charts/argo-events/README.md | 8 ++++---- charts/argo-events/README.md.gotmpl | 8 ++++---- charts/argo-events/values.yaml | 8 ++++---- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 519ebe66..fdd4233f 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.3 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.9 +version: 2.4.10 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-events to v1.9.3 + - kind: fixed + description: Correct outdated URL for doc diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 10b26972..7e9f6e37 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -234,9 +234,9 @@ done ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/README.md.gotmpl b/charts/argo-events/README.md.gotmpl index c25a3e97..505217ba 100644 --- a/charts/argo-events/README.md.gotmpl +++ b/charts/argo-events/README.md.gotmpl @@ -89,9 +89,9 @@ done ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 5c2206d6..fb9878c9 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -243,7 +243,7 @@ controller: # runAsNonRoot: true ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -281,7 +281,7 @@ controller: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the events controller - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -409,7 +409,7 @@ webhook: # runAsNonRoot: true ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -447,7 +447,7 @@ webhook: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the event controller - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 From 279930e1333880ba0fc176fdae7dafbc0435ca8e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 15:17:29 +0900 Subject: [PATCH 722/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v39.86.4 (#3099) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b7e3508d..932f2a8f 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 39.43.0 + renovate-version: 39.86.4 token: '${{ steps.get_token.outputs.token }}' env: LOG_LEVEL: 'debug' From 2436051d5c67a7ef6497742b667eabcdd60b1920 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Thu, 2 Jan 2025 15:18:00 +0900 Subject: [PATCH 723/768] docs(argo-cd): Correct outdated URL for doc (#3097) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 12 ++++++------ charts/argo-cd/README.md.gotmpl | 12 ++++++------ charts/argo-cd/values.yaml | 33 +++++++++++++++++---------------- 4 files changed, 32 insertions(+), 31 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ac2842e4..d0c28f55 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.11 +version: 7.7.12 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added functionality to en/disable argocd-ssh-known-hosts-cm + - kind: fixed + description: Correct outdated URL for doc diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 226c37a9..3b2b999a 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1623,26 +1623,26 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index ef75ddfe..bd63c755 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -817,26 +817,26 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 66522279..d5056840 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -141,7 +141,7 @@ global: # - antarctica-west1 # -- Default [TopologySpreadConstraints] rules for all components - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector of the component topologySpreadConstraints: [] # - maxSkew: 1 @@ -792,7 +792,7 @@ controller: - ALL # Readiness probe for application controller - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -826,7 +826,7 @@ controller: # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1228,7 +1228,7 @@ dex: # -- Assign custom [TopologySpreadConstraints] rules to dex # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1315,7 +1315,7 @@ redis: - ALL ## Probes for Redis exporter (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis exporter (optional) enabled: false @@ -1373,7 +1373,7 @@ redis: # name: secret-name ## Probes for Redis server (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis server enabled: false @@ -1483,7 +1483,7 @@ redis: # -- Assign custom [TopologySpreadConstraints] rules to redis # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1632,7 +1632,7 @@ redis-ha: tolerations: [] # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ topologySpreadConstraints: # -- Enable Redis HA topology spread constraints enabled: false @@ -1991,7 +1991,7 @@ server: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -2037,7 +2037,7 @@ server: # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -2138,7 +2138,8 @@ server: # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer + ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb loadBalancerSourceRanges: [] # -- Server service external IPs externalIPs: [] @@ -2638,7 +2639,7 @@ repoServer: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -2680,7 +2681,7 @@ repoServer: # -- Assign custom [TopologySpreadConstraints] rules to the repo server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -3007,7 +3008,7 @@ applicationSet: - ALL ## Probes for ApplicationSet controller (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for ApplicationSet controller enabled: false @@ -3384,7 +3385,7 @@ notifications: - ALL ## Probes for notifications controller Pods (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for notifications controller Pods enabled: false @@ -3430,7 +3431,7 @@ notifications: # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 From 91ad82947c65cbfa2216e42a9681383bc36a48a8 Mon Sep 17 00:00:00 2001 From: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> Date: Fri, 3 Jan 2025 16:07:27 +0200 Subject: [PATCH 724/768] feat(argo-rollouts): Add lifecyle and terminationGracePeriodSeconds settings for controller (#3100) * feat(argo-rollouts): Add lifecyle and terminationGracePeriodSeconds settings for controller Signed-off-by: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> * Update charts/argo-rollouts/templates/controller/deployment.yaml Co-authored-by: Aikawa Signed-off-by: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> * Update charts/argo-rollouts/templates/controller/deployment.yaml Co-authored-by: JM (Jason Meridth) Signed-off-by: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> --------- Signed-off-by: AviorSchreiber <80765239+AviorSchreiber@users.noreply.github.com> Co-authored-by: Aikawa Co-authored-by: JM (Jason Meridth) --- charts/argo-rollouts/Chart.yaml | 8 +++++--- charts/argo-rollouts/README.md | 2 ++ charts/argo-rollouts/templates/controller/deployment.yaml | 6 ++++++ charts/argo-rollouts/values.yaml | 4 ++++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 33d77781..757a6329 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.2 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.38.1 +version: 2.38.2 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,5 +18,7 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Correct outdated URL for ingress + - kind: added + description: Add lifecycle settings for controller + - kind: added + description: Add terminationGracePeriodSeconds for controller diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 927a2098..aa09ca14 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -98,6 +98,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use | | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | | controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | +| controller.lifecycle | object | `{}` | Specify lifecycle hooks for the controller | | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | | controller.logging.kloglevel | string | `"0"` | Set the klog logging level | @@ -125,6 +126,7 @@ For full list of changes please check ArtifactHub [changelog]. | controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller | | controller.replicas | int | `2` | The number of controller pods to run | | controller.resources | object | `{}` | Resource limits and requests for the controller pods. | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | controller.tolerations | list | `[]` | [Tolerations] for use with node taints | | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | | controller.trafficRouterPlugins | list | `[]` | Configures 3rd party traffic router plugins for controller | diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml index df5dc4db..7aea72a4 100644 --- a/charts/argo-rollouts/templates/controller/deployment.yaml +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -78,6 +78,9 @@ spec: {{- toYaml .Values.controller.readinessProbe | nindent 10 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 10 }} + {{- with .Values.controller.lifecycle }} + lifecycle: {{ toYaml . | nindent 10 }} + {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} volumeMounts: @@ -101,6 +104,9 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} {{- if .Values.controller.tolerations }} tolerations: {{- toYaml .Values.controller.tolerations | nindent 8 }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index c95f88bf..26633455 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -79,6 +79,10 @@ controller: # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Specify lifecycle hooks for the controller + lifecycle: {} # -- [priorityClassName] for the controller priorityClassName: "" # -- The number of controller pods to run From 844afb6611224b0a1b1d11abb61eef1970ed76b6 Mon Sep 17 00:00:00 2001 From: Bart Versteeg <8367621+bmjhversteeg@users.noreply.github.com> Date: Fri, 3 Jan 2025 16:15:59 +0100 Subject: [PATCH 725/768] feat(argo-workflows): Support ephemeral credentials for s3 (#3101) feat(argo-workflows) Support ephemeral credentials for s3 Signed-off-by: Bart Versteeg <8367621+bmjhversteeg@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- .../controller/workflow-controller-config-map.yaml | 5 +++++ charts/argo-workflows/values.yaml | 3 +++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 86f35660..658d613f 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.2 +version: 0.45.3 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Reference to ingress link was fixed + - kind: added + description: Support ephemeral credentials for s3 artifact repository diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index d93a910e..a269f6e5 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -83,6 +83,11 @@ data: secretKeySecret: key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }} name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }} + {{- if .Values.artifactRepository.s3.sessionTokenSecret }} + sessionTokenSecret: + key: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.name . }} + {{- end }} {{- end }} bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 3de0ad8d..035945d2 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -812,6 +812,9 @@ artifactRepository: # secretKeySecret: # name: "{{ .Release.Name }}-minio" # key: secretkey + # sessionTokenSecret: + # name: "{{ .Release.Name }}-minio" + # key: sessionToken # # insecure will disable TLS. Primarily used for minio installs not configured with TLS # insecure: false # caSecret: From a0831126ccaab5d8bcb12b1a4834232b28e6c11d Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 4 Jan 2025 09:07:39 +0900 Subject: [PATCH 726/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.13.3 (#3103) --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d0c28f55..51f0efb6 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.2 +appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.12 +version: 7.7.13 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Correct outdated URL for doc + - kind: changed + description: Bump argo-cd to v2.13.3 From 02db043ff11d6ac18d67beef2d84e2a32828a675 Mon Sep 17 00:00:00 2001 From: Takumi Sue <23391543+mikutas@users.noreply.github.com> Date: Sat, 4 Jan 2025 18:07:48 +0900 Subject: [PATCH 727/768] chore(github): add includePath to renovate.json (#3072) --- renovate.json | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json b/renovate.json index 730f497e..f4b35531 100644 --- a/renovate.json +++ b/renovate.json @@ -12,6 +12,7 @@ "includePaths": [ "**/charts/argo-workflows/Chart.yaml", "**/charts/argo-cd/Chart.yaml", + "**/charts/argo-cd/values.yaml", "**/charts/argo-events/Chart.yaml", "**/charts/argo-rollouts/Chart.yaml", "**/charts/argocd-image-updater/Chart.yaml", From b594e6bd2047dd45c22425df9d32cd307943769d Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sat, 4 Jan 2025 23:02:01 +0900 Subject: [PATCH 728/768] fix(argo-events): Support initContainers to controller (#3098) Signed-off-by: yu-croco --- charts/argo-events/Chart.yaml | 4 ++-- .../templates/argo-events-controller/deployment.yaml | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index fdd4233f..76d675a3 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.9.3 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.10 +version: 2.4.11 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: fixed - description: Correct outdated URL for doc + description: Support initContainers to controller diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml index 75d0cdb2..17bf0a6a 100644 --- a/charts/argo-events/templates/argo-events-controller/deployment.yaml +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -108,6 +108,10 @@ spec: {{- with .Values.controller.extraContainers }} {{- toYaml . | nindent 6 }} {{- end -}} + {{- with .Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.controller.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From 89f40fd00117c90f16e14caa64133d9ba8403e43 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Sun, 5 Jan 2025 13:56:16 +0900 Subject: [PATCH 729/768] chore(github): Support redis-exporter to Renovate (#3105) --- renovate.json | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/renovate.json b/renovate.json index f4b35531..dcf91249 100644 --- a/renovate.json +++ b/renovate.json @@ -101,6 +101,13 @@ "matchPackagePatterns": ["redis-ha"], "enabled": false }, + { + "matchPackagePatterns": ["public.ecr.aws/bitnami/redis-exporter"], + "commitMessagePrefix": "chore({{{replace 'public.ecr.aws/' '' depName}}}):", + "postUpgradeTasks": { + "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + } + }, { "matchPackageNames": ["ghcr.io/renovatebot/renovate"], "extends": ["schedule:monthly"] From 3b2d2767d95a4b6df74fcfc04a62525067b07942 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 16:29:18 +0900 Subject: [PATCH 730/768] chore(deps): update renovatebot/github-action action to v41.0.8 (#3107) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 932f2a8f..eeea7755 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@2be773c4be8361d8182cc1b750e75bbc75af71b0 # v41.0.7 + uses: renovatebot/github-action@f24426972367551f3391720e34317783a92fd32b # v41.0.8 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 796f6c8dc3595afa6a3b7153a7ce283eb2f74677 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 08:04:10 +0100 Subject: [PATCH 731/768] chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.15.2 (#3109) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argocd-image-updater/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index 4cbb96e5..f3880ec5 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.3 -appVersion: v0.15.1 +version: 0.11.4 +appVersion: v0.15.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Update permissions for namespaced Role + description: Bump argocd-image-updater to v0.15.2 From 9946d3dfeeb75d4106fa89edb0c610ccc01de12f Mon Sep 17 00:00:00 2001 From: gyajangi1 Date: Tue, 7 Jan 2025 17:32:31 +0530 Subject: [PATCH 732/768] feat(argo-cd): Add DRY support for Ingress (#3081) * Updated tpl function Signed-off-by: gyajangi1 * Update ingress.yaml Signed-off-by: gyajangi1 * reverted changes Signed-off-by: gyajangi1 * Updated ingress.yaml Signed-off-by: gyajangi1 * Update charts/argo-cd/templates/argocd-server/ingress.yaml Co-authored-by: Marco Maurer (-Kilchhofer) Signed-off-by: gyajangi1 * Update charts/argo-cd/templates/argocd-server/ingress.yaml Co-authored-by: Marco Maurer (-Kilchhofer) Signed-off-by: gyajangi1 * update changelog for tpl function in ingress Signed-off-by: gyajangi1 * update changelog for tpl function in ingress Signed-off-by: gyajangi1 * Update chart version 7.7.14 Signed-off-by: gyajangi1 * Update charts/argo-cd/Chart.yaml Co-authored-by: Marco Maurer (-Kilchhofer) Signed-off-by: gyajangi1 * fix: Drop trailing spaces Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: gyajangi1 Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-server/ingress.yaml | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 51f0efb6..1e799493 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.13 +version: 7.7.14 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.13.3 + - kind: added + description: Added `tpl` function support for `server.ingress`. diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 31f72ed6..88c2f99a 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -9,20 +9,20 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- with .Values.server.ingress.annotations }} annotations: {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} + {{ $key }}: {{ tpl $value $ | quote }} {{- end }} {{- end }} spec: {{- with .Values.server.ingress.ingressClassName }} - ingressClassName: {{ . }} + ingressClassName: {{ tpl . $ }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -36,7 +36,7 @@ spec: port: number: {{ $servicePort }} {{- range .Values.server.ingress.extraHosts }} - - host: {{ .name | quote }} + - host: {{ tpl .name $ | quote }} http: paths: - path: {{ default $.Values.server.ingress.path .path }} @@ -54,10 +54,10 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - - {{ .name }} + - {{ tpl .name $ }} {{- end }} {{- end }} secretName: argocd-server-tls From d963962c569150d9138a6751f3b75a95154c873b Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 17:36:39 +0900 Subject: [PATCH 733/768] chore(argo-events): Update dependency argoproj/argo-events to v1.9.4 (#3112) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-events/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 76d675a3..55a7bd51 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.3 +appVersion: v1.9.4 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.11 +version: 2.4.12 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -18,5 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Support initContainers to controller + - kind: changed + description: Bump argo-events to v1.9.4 From 6c5e25c74332ece7b1d30115b3f4e800cbb2ea00 Mon Sep 17 00:00:00 2001 From: Aikawa Date: Fri, 10 Jan 2025 16:17:52 +0900 Subject: [PATCH 734/768] fix(argo-cd): Correct ingress listen-ports example on README (#3120) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/README.md.gotmpl | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 1e799493..ce7bac6b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.14 +version: 7.7.15 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added `tpl` function support for `server.ingress`. + - kind: fixed + description: Correct ingress listen-ports example diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3b2b999a..afc0e9bb 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -191,7 +191,7 @@ server: alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index bd63c755..0520c40f 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -190,7 +190,7 @@ server: alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip From 23b484de9c0a21de761b542c50a5b44fa1e63b69 Mon Sep 17 00:00:00 2001 From: Cristhian Roa Date: Fri, 10 Jan 2025 11:23:36 +0100 Subject: [PATCH 735/768] feat(argo-workflows): Support workflowEvent configuration to Argo Workflow Controller (#3115) Support workflowEvent configuration to Argo Workflow Controller Signed-off-by: Cristhian Roa Co-authored-by: Aikawa --- charts/argo-workflows/Chart.yaml | 4 ++-- charts/argo-workflows/README.md | 1 + .../controller/workflow-controller-config-map.yaml | 2 ++ charts/argo-workflows/values.yaml | 6 ++++++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 658d613f..be8df0c6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.2 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.3 +version: 0.45.4 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: added - description: Support ephemeral credentials for s3 artifact repository + description: Support configuring workflow events in the controller diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 6a82eb5f..323524c2 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -239,6 +239,7 @@ Fields to note: | controller.volumeMounts | list | `[]` | Additional volume mounts to the controller main container | | controller.volumes | list | `[]` | Additional volumes to the controller pod | | controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ | +| controller.workflowEvents.enabled | bool | `true` | Enable to emit events on workflow status changes. | | controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. | | controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ | | controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers | diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index a269f6e5..49616768 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -200,6 +200,8 @@ data: {{- end }} nodeEvents: enabled: {{ .Values.controller.nodeEvents.enabled }} + workflowEvents: + enabled: {{ .Values.controller.workflowEvents.enabled }} {{- with .Values.controller.kubeConfig }} kubeConfig: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 035945d2..cf9b08d8 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -402,6 +402,12 @@ controller: ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" enabled: true + workflowEvents: + # -- Enable to emit events on workflow status changes. + ## This can take up a lot of space in k8s (typically etcd), resulting in errors when trying to create new events: + ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" + enabled: true + # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads, # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. # @default -- `{}` (See [values.yaml]) From b10de0302629918c2ad22223e19f7b3974c1c74c Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 04:22:29 -0600 Subject: [PATCH 736/768] chore(argo-events): Update dependency argoproj/argo-events to v1.9.5 (#3121) --- charts/argo-events/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 55a7bd51..a184cb91 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.9.4 +appVersion: v1.9.5 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.4.12 +version: 2.4.13 home: https://github.com/argoproj/argo-helm icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-events to v1.9.4 + description: Bump argo-events to v1.9.5 From 191e7688ab34afa504451813e1dd9169d1f3b967 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 10:24:22 +0000 Subject: [PATCH 737/768] chore(deps): bump the dependencies group with 2 updates (#3122) --- .github/workflows/scorecard.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0205ce8c..231f25c1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif From b0578c400163e9c65f90b3918a7b97ac50e3ac46 Mon Sep 17 00:00:00 2001 From: nhershman Date: Tue, 14 Jan 2025 02:17:29 -0800 Subject: [PATCH 738/768] fix(argo-cd): Adding conditionals around argocd-tls-cert-cm.yaml helm creation (#3124) * chore(argo-events): Update dependency argoproj/argo-events to v1.9.5 (#3121) Signed-off-by: nhershman * chore(deps): bump the dependencies group with 2 updates (#3122) Signed-off-by: nhershman * adding conditional for argocd-tls-certs-cm.yaml to be created by Helm Signed-off-by: nhershman * adding changelog Signed-off-by: nhershman --------- Signed-off-by: nhershman Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nicole Hershman --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + .../templates/argocd-configs/argocd-tls-certs-cm.yaml | 2 ++ charts/argo-cd/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ce7bac6b..2eb5a0cf 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.15 +version: 7.7.16 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Correct ingress listen-ports example + - kind: added + description: Added conditional around argocd-tls-certs-cm.yaml helm creation diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index afc0e9bb..2b223a6f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -789,6 +789,7 @@ NAME: my-release | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | | configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap | | configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories | +| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. | ## Argo CD Controller diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index db582e6d..3aad4011 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.tls.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -15,3 +16,4 @@ metadata: data: {{- toYaml . | nindent 2 }} {{- end }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d5056840..c5dcf150 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -412,6 +412,9 @@ configs: # ... # -----END CERTIFICATE----- + # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm. + create: true + # ConfigMap for Config Management Plugins # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ cmp: From 8ba5f22bdf71467113d30055a0e143e1ce0eadd1 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 18 Jan 2025 19:22:42 -0600 Subject: [PATCH 739/768] chore(deps): update renovatebot/github-action action to v41.0.9 (#3125) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index eeea7755..ebc1adf8 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@f24426972367551f3391720e34317783a92fd32b # v41.0.8 + uses: renovatebot/github-action@531c6786d6cf05ef148c4cfe251745c2c6de442c # v41.0.9 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 27ef4ecd7dd30dbccea61180ff529d3102b9c30e Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 17:18:21 +0900 Subject: [PATCH 740/768] chore(deps): update renovatebot/github-action action to v41.0.10 (#3128) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index ebc1adf8..de804f3f 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@531c6786d6cf05ef148c4cfe251745c2c6de442c # v41.0.9 + uses: renovatebot/github-action@3f10d7a25cf0aa7b37519aa771ed9143fcbb5da5 # v41.0.10 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From bf9830c670970904b8dad642e997d2107b14fb18 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Fri, 24 Jan 2025 14:04:22 +0100 Subject: [PATCH 741/768] fix(argo-cd): Address ingress regression of PR #3081 (#3137) Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/argocd-server/ingress.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2eb5a0cf..05c614ff 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.16 +version: 7.7.17 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Added conditional around argocd-tls-certs-cm.yaml helm creation + - kind: fixed + description: Address ingress regression of PR #3081, use toString before tpl function diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 88c2f99a..8724baa7 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -14,7 +14,7 @@ metadata: {{- with .Values.server.ingress.annotations }} annotations: {{- range $key, $value := . }} - {{ $key }}: {{ tpl $value $ | quote }} + {{ $key }}: {{ tpl (toString $value) $ | quote }} {{- end }} {{- end }} spec: From 79ec8fdb942aaffaeba5cd1cdf7e0184cd7a16f0 Mon Sep 17 00:00:00 2001 From: AvivGuiser Date: Sat, 25 Jan 2025 15:31:37 +0200 Subject: [PATCH 742/768] feat(argocd-image-updater): Make cm and secret names configurable (#2998) * feat: made argocd image updater cm and secret name templated Signed-off-by: AvivGuiser * fix indention Signed-off-by: AvivGuiser * update Chart.yaml Signed-off-by: AvivGuiser * chore: Apply changes from code review Signed-off-by: Marco Maurer * chore: Reflect changes from review inside changelog Signed-off-by: Marco Maurer (-Kilchhofer) --------- Signed-off-by: AvivGuiser Signed-off-by: Marco Maurer Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: Marco Maurer --- charts/argocd-image-updater/Chart.yaml | 4 +-- charts/argocd-image-updater/README.md | 6 +++- .../templates/configmap-authscripts.yaml | 2 +- .../templates/configmap-sshconfig.yaml | 10 ++++-- .../templates/configmap.yaml | 2 +- .../templates/deployment.yaml | 32 +++++++++---------- .../templates/secret.yaml | 2 +- charts/argocd-image-updater/values.yaml | 12 +++++-- 8 files changed, 44 insertions(+), 26 deletions(-) diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml index f3880ec5..02438363 100644 --- a/charts/argocd-image-updater/Chart.yaml +++ b/charts/argocd-image-updater/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-image-updater description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD type: application -version: 0.11.4 +version: 0.12.0 appVersion: v0.15.2 home: https://github.com/argoproj-labs/argocd-image-updater icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png @@ -19,4 +19,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argocd-image-updater to v0.15.2 + description: ConfigMap and Secret names are now configurable diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 7a35b881..d77ee710 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -70,6 +70,7 @@ The `config.registries` value can be used exactly as it looks in the documentati |-----|------|---------|-------------| | affinity | object | `{}` | Kubernetes affinity settings for the deployment | | authScripts.enabled | bool | `false` | Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` | +| authScripts.name | string | `"argocd-image-updater-authscripts"` | Name of the authentication scripts ConfigMap | | authScripts.scripts | object | `{}` | Map of key-value pairs where the key consists of the name of the script and the value the contents | | config.applicationsAPIKind | string | `""` | API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) | | config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | @@ -77,6 +78,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. | | config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address | | config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | +| config.argocd.tokenSecretName | string | `"argocd-image-updater-secret"` | Name of the Secret containing the token | | config.disableKubeEvents | bool | `false` | Disable kubernetes events | | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | | config.gitCommitSignOff | bool | `false` | Enables sign off on commits | @@ -85,8 +87,10 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.gitCommitTemplate | string | `""` | Changing the Git commit message | | config.gitCommitUser | string | `""` | Username to use for Git commits | | config.logLevel | string | `"info"` | Argo CD Image Update log level | +| config.name | string | `"argocd-image-updater-config"` | Name of the ConfigMap | | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | -| config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | +| config.sshConfig.config | string | `""` | Argo CD Image Updater ssh client parameter configuration. | +| config.sshConfig.name | string | `"argocd-image-updater-ssh-config"` | Name of the sshConfig ConfigMap | | createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml index fbb345e3..259054f6 100644 --- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -4,7 +4,7 @@ kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-authscripts + name: {{ .Values.authScripts.name }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- toYaml .Values.authScripts.scripts | nindent 2}} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml index 9fd83d92..9ff9ba61 100644 --- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -1,11 +1,17 @@ +{{- $sshConfig := omit .Values.config.sshConfig "name" }} +{{- range $key, $val := $sshConfig }} + {{- if not $val }} + {{ $_ := unset $sshConfig $key }} + {{- end }} +{{- end }} apiVersion: v1 kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-ssh-config + name: {{ .Values.config.sshConfig.name }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} -{{- with .Values.config.sshConfig }} +{{- with $sshConfig }} data: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml index 46ee3b80..8eb0e704 100644 --- a/charts/argocd-image-updater/templates/configmap.yaml +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -4,7 +4,7 @@ kind: ConfigMap metadata: labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} - name: argocd-image-updater-config + name: {{ .Values.config.name }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} data: {{- with .Values.config.applicationsAPIKind }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml index 4aaa83b3..87f1fbf4 100644 --- a/charts/argocd-image-updater/templates/deployment.yaml +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -44,79 +44,79 @@ spec: valueFrom: configMapKeyRef: key: applications_api - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_GRPC_WEB valueFrom: configMapKeyRef: key: argocd.grpc_web - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_SERVER valueFrom: configMapKeyRef: key: argocd.server_addr - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_INSECURE valueFrom: configMapKeyRef: key: argocd.insecure - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_PLAINTEXT valueFrom: configMapKeyRef: key: argocd.plaintext - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: ARGOCD_TOKEN valueFrom: secretKeyRef: key: argocd.token - name: argocd-image-updater-secret + name: {{ .Values.config.argocd.tokenSecretName }} optional: true - name: IMAGE_UPDATER_LOGLEVEL valueFrom: configMapKeyRef: key: log.level - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_USER valueFrom: configMapKeyRef: key: git.user - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_EMAIL valueFrom: configMapKeyRef: key: git.email - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: IMAGE_UPDATER_KUBE_EVENTS valueFrom: configMapKeyRef: key: kube.events - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_SIGNING_KEY valueFrom: configMapKeyRef: key: git.commit-signing-key - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_SIGNING_METHOD valueFrom: configMapKeyRef: key: git.commit-signing-method - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true - name: GIT_COMMIT_SIGN_OFF valueFrom: configMapKeyRef: key: git.commit-sign-off - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true {{- with .Values.extraEnv }} {{- toYaml . | nindent 10 }} @@ -177,13 +177,13 @@ spec: path: registries.conf - key: git.commit-message-template path: commit.template - name: argocd-image-updater-config + name: {{ .Values.config.name }} optional: true name: image-updater-conf {{- if .Values.authScripts.enabled }} - configMap: defaultMode: 0777 - name: argocd-image-updater-authscripts + name: {{ .Values.authScripts.name }} name: authscripts {{- end }} - configMap: @@ -191,7 +191,7 @@ spec: optional: true name: ssh-known-hosts - configMap: - name: argocd-image-updater-ssh-config + name: {{ .Values.config.sshConfig.name }} optional: true name: ssh-config - name: ssh-signing-key diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml index 08955095..171add82 100644 --- a/charts/argocd-image-updater/templates/secret.yaml +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-image-updater-secret + name: {{ .Values.config.argocd.tokenSecretName }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} labels: {{- include "argocd-image-updater.labels" . | nindent 4 }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 4825833e..15832520 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -109,6 +109,8 @@ volumes: [] # emptyDir: {} config: + # -- Name of the ConfigMap + name: argocd-image-updater-config # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) applicationsAPIKind: "" @@ -125,6 +127,8 @@ config: plaintext: false # -- If specified, the secret with Argo CD API key will be created. token: "" + # -- Name of the Secret containing the token + tokenSecretName: "argocd-image-updater-secret" # -- Disable kubernetes events disableKubeEvents: false @@ -175,9 +179,11 @@ config: # credentials: ext:/scripts/auth1.sh # credsexpire: 10h - # -- Argo CD Image Updater ssh client parameter configuration. sshConfig: - {} + # -- Name of the sshConfig ConfigMap + name: argocd-image-updater-ssh-config + # -- Argo CD Image Updater ssh client parameter configuration. + config: "" # config: | # Host * # PubkeyAcceptedAlgorithms +ssh-rsa @@ -188,6 +194,8 @@ config: authScripts: # -- Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` enabled: false + # -- Name of the authentication scripts ConfigMap + name: argocd-image-updater-authscripts # -- Map of key-value pairs where the key consists of the name of the script and the value the contents scripts: {} # auth1.sh: | From 296362871281cc4b4b7b2389a83ec8d190430aaf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 Jan 2025 18:30:41 +0000 Subject: [PATCH 743/768] chore(deps): bump the dependencies group with 4 updates (#3141) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/stale.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 4c4db950..f8f9fe02 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -38,7 +38,7 @@ jobs: - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 with: # Note: Also update in scripts/lint.sh version: v3.11.0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2e74eab1..f6dcec99 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -59,7 +59,7 @@ jobs: PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" - name: Run chart-releaser - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 with: config: "./.github/configs/cr.yaml" env: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 231f25c1..e9a10387 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index d0813423..159a0e8e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale From eed462224dfc1ee7541de28d5f4868eaecbd0911 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 08:57:29 +0100 Subject: [PATCH 744/768] chore(deps): update renovatebot/github-action action to v41.0.11 (#3142) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index de804f3f..aa66cad0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@3f10d7a25cf0aa7b37519aa771ed9143fcbb5da5 # v41.0.10 + uses: renovatebot/github-action@d385c88822a237acaead89c462fa0aef7502748f # v41.0.11 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From c2f3d9967d2f8b626ec48fe60784477a3477eaf4 Mon Sep 17 00:00:00 2001 From: Nick Heijmink <75807895+Nheijmink19@users.noreply.github.com> Date: Mon, 27 Jan 2025 16:31:51 +0100 Subject: [PATCH 745/768] feat(argo-cd): Add an extra feature toggle to the argocd configmap that allows sync impersonation (#3138) --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 1 + charts/argo-cd/values.yaml | 4 ++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 05c614ff..d7c85587 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.17 +version: 7.7.18 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Address ingress regression of PR #3081, use toString before tpl function + - kind: added + description: Add feature toggle to ArgoCD configmap allowing sync impersonation diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 2b223a6f..04d8f1ad 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -726,6 +726,7 @@ NAME: my-release | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index c5dcf150..b802d1ea 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -175,6 +175,10 @@ configs: # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance + # -- Enable control of the service account used for the sync operation (alpha) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ + application.sync.impersonation.enabled: false + # -- Enable logs RBAC enforcement ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement server.rbac.log.enforce.enable: false From 692bd040cedfb1db6126d1dee99e00c452315f87 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Tue, 28 Jan 2025 06:51:33 +0100 Subject: [PATCH 746/768] feat(github): Support redis and extension-installer in Renovate - alternative (#3143) --- .github/workflows/renovate.yaml | 1 + renovate.json | 27 ++++++++------------ scripts/renovate-bump-version.sh | 42 ++++++++++++++++++++------------ 3 files changed, 37 insertions(+), 33 deletions(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index aa66cad0..087e124d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -32,6 +32,7 @@ jobs: # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate renovate-version: 39.86.4 token: '${{ steps.get_token.outputs.token }}' + mount-docker-socket: true env: LOG_LEVEL: 'debug' RENOVATE_REPOSITORIES: '${{ github.repository }}' diff --git a/renovate.json b/renovate.json index dcf91249..1ee051f5 100644 --- a/renovate.json +++ b/renovate.json @@ -83,31 +83,24 @@ "argoproj/argo-workflows", "argoproj/argo-cd", "argoproj/argo-events", - "argoproj/argo-rollouts" + "argoproj/argo-rollouts", + "argoproj-labs/argocd-image-updater", + "argoprojlabs/argocd-extension-installer", + "public.ecr.aws/bitnami/redis-exporter", + "public.ecr.aws/docker/library/redis" ], - "commitMessagePrefix": "chore({{{replace 'argoproj/' '' depName}}}):", + "commitMessagePrefix": "chore({{parentDir}}):", "postUpgradeTasks": { - "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] - } - }, - { - "matchPackagePatterns": ["argoproj-labs/argocd-image-updater"], - "commitMessagePrefix": "chore({{{replace 'argoproj-labs/' '' depName}}}):", - "postUpgradeTasks": { - "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] + "commands": [ + "./scripts/renovate-bump-version.sh -c {{parentDir}} -d {{depName}} -v {{newVersion}}", + "./scripts/helm-docs.sh" + ] } }, { "matchPackagePatterns": ["redis-ha"], "enabled": false }, - { - "matchPackagePatterns": ["public.ecr.aws/bitnami/redis-exporter"], - "commitMessagePrefix": "chore({{{replace 'public.ecr.aws/' '' depName}}}):", - "postUpgradeTasks": { - "commands": ["./scripts/renovate-bump-version.sh {{depName}}"] - } - }, { "matchPackageNames": ["ghcr.io/renovatebot/renovate"], "extends": ["schedule:monthly"] diff --git a/scripts/renovate-bump-version.sh b/scripts/renovate-bump-version.sh index 1ec6e125..80f1ae11 100755 --- a/scripts/renovate-bump-version.sh +++ b/scripts/renovate-bump-version.sh @@ -1,31 +1,41 @@ #!/bin/bash -depName="${1}" -if [ -z "${depName}" ]; then - echo "Missing argument 'depName'" >&2 - echo "Example usage: $0 argoproj/argo-cd" >&2 +while getopts c:d:v: opt; do + case ${opt} in + c) chart=${OPTARG} ;; + d) dependency_name=${OPTARG} ;; + v) dependency_version=${OPTARG} ;; + *) + echo 'Usage:' >&2 + echo '-c: chart Related Helm chart name' >&2 + echo '-d dependency Name of the updated dependency' >&2 + echo '-v version New version of the updated dependency' >&2 + exit 1 + esac +done + +if [ -z "${dependency_name}" ] || [ -z "${dependency_version}" ] || [ -z "${chart}" ] ; then + echo 'Missing relevant CLI flag(s).' >&2 exit 1 fi -chartName=$(echo "$depName" | sed -e "s+^argoproj/++" -e "s+^argoproj-labs/++") -echo "Changed chart name is: $chartName" -echo "----------------------------------------" - -parentDir="charts/${chartName}" +chart_yaml_path="charts/${chart}/Chart.yaml" +# Split dependency by '/' and only use last element +# This way we can drop prefixes like "argoproj/..." , "argoproj-labs/..." , "quay.io/foo/..." +dependency_name="${dependency_name##*/}" # Bump the chart version by one patch version -version=$(grep '^version:' "${parentDir}/Chart.yaml" | awk '{print $2}') +version=$(grep '^version:' "${chart_yaml_path}" | awk '{print $2}') major=$(echo "${version}" | cut -d. -f1) minor=$(echo "${version}" | cut -d. -f2) patch=$(echo "${version}" | cut -d. -f3) patch=$((patch + 1)) -sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${parentDir}/Chart.yaml" +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${chart_yaml_path}" # Add a changelog entry -appVersion=$(grep '^appVersion:' "${parentDir}/Chart.yaml" | awk '{print $2}') -sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${parentDir}/Chart.yaml" +sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${chart_yaml_path}" { echo " artifacthub.io/changes: |" echo " - kind: changed" - echo " description: Bump ${chartName} to ${appVersion}" -} >> "${parentDir}/Chart.yaml" -cat "${parentDir}/Chart.yaml" + echo " description: Bump ${dependency_name} to ${dependency_version}" +} >> "${chart_yaml_path}" +cat "${chart_yaml_path}" From d81ca4b23baabb985714a632d33c406050a38c7b Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 09:00:07 +0100 Subject: [PATCH 747/768] chore(argo-cd): Update public.ecr.aws/docker/library/redis Docker tag to v7.4.2 (#3108) * chore(argo-cd): Update public.ecr.aws/docker/library/redis Docker tag to v7.4.2 Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> * fix version Signed-off-by: yu-croco Signed-off-by: Aikawa --------- Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: Aikawa Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 4 ++-- charts/argo-cd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index d7c85587..385e942d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.18 +version: 7.7.19 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add feature toggle to ArgoCD configmap allowing sync impersonation + - kind: changed + description: Bump redis to 7.4.2 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 04d8f1ad..5023edc7 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1279,7 +1279,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.4.1-alpine"` | Redis tag | +| redis.image.tag | string | `"7.4.2-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1365,7 +1365,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.4.1-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.4.2-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index b802d1ea..ede8459a 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1288,7 +1288,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.4.1-alpine + tag: 7.4.2-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1574,7 +1574,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.4.1-alpine + tag: 7.4.2-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar From d75b9d35a3ec11ea9c290a0dac450c2f32f232b1 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 17:14:07 +0900 Subject: [PATCH 748/768] chore(argo-cd): Update public.ecr.aws/bitnami/redis-exporter Docker tag to v1.67.0 (#3104) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: Marco Maurer (-Kilchhofer) Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: Marco Maurer (-Kilchhofer) --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 385e942d..3aac908c 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.19 +version: 7.7.20 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump redis to 7.4.2 + description: Bump redis-exporter to 1.67.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5023edc7..3a4a2560 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1261,7 +1261,7 @@ NAME: my-release | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.67.0"` | Tag to use for the redis-exporter | | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ede8459a..4c069086 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1304,7 +1304,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.58.0 + tag: 1.67.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" From 2685b861d2b2af4f5797522ec3cef8140c3d6049 Mon Sep 17 00:00:00 2001 From: atgane <52873067+atgane@users.noreply.github.com> Date: Tue, 28 Jan 2025 18:57:48 +0900 Subject: [PATCH 749/768] fix(argo-cd): Fix required cluster credentials name (#3136) * fix required cluster credential name Signed-off-by: atgane * fix Signed-off-by: atgane * update changelog & docs Signed-off-by: atgane * chore: Drop unnecessary docs inside README.md and README.md.gotmpl Signed-off-by: Marco Maurer --------- Signed-off-by: atgane Signed-off-by: Marco Maurer Co-authored-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 6 +++--- .../argo-cd/templates/argocd-configs/cluster-secrets.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 3aac908c..e29eb6fb 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.3 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.20 +version: 7.7.21 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump redis-exporter to 1.67.0 + - kind: fixed + description: remove required function in $cluster_key from clusterCredentials diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index d317eac2..956bbf54 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -22,7 +22,7 @@ stringData: {{- if $cluster_value.shard }} shard: {{ $cluster_value.shard | quote }} {{- end }} - name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} + name: {{ $cluster_key }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} {{- if $cluster_value.namespaces }} namespaces: {{ $cluster_value.namespaces }} From 56c5a31c9e4367f643f8458fe8d8c18674c50f0f Mon Sep 17 00:00:00 2001 From: Tim Collins <45351296+tico24@users.noreply.github.com> Date: Wed, 29 Jan 2025 13:43:03 +0000 Subject: [PATCH 750/768] feat(github): Analyse past release times (#3135) * feat(github): Analyse past release times Signed-off-by: Tim Collins * typo Signed-off-by: Tim Collins * add megalinter config. Fix my rubbish code to appease the linter Signed-off-by: Tim Collins --------- Signed-off-by: Tim Collins Co-authored-by: Aikawa --- scripts/release-analysis/.mega-linter.yaml | 21 + scripts/release-analysis/Dockerfile | 8 + scripts/release-analysis/README.md | 27 + .../release-analysis/argo_helm_releases.csv | 1019 +++++++++++++++++ scripts/release-analysis/argo_releases.csv | 877 ++++++++++++++ .../release-analysis/fetch_helmet_releases.py | 90 ++ scripts/release-analysis/fetch_releases.py | 57 + scripts/release-analysis/main.py | 31 + scripts/release-analysis/merge_csvs.py | 108 ++ scripts/release-analysis/merged_releases.csv | 195 ++++ scripts/release-analysis/plot_graph.py | 58 + scripts/release-analysis/requirements.txt | 2 + .../time_difference_plot_argo-cd.png | Bin 0 -> 84009 bytes .../time_difference_plot_argo-events.png | Bin 0 -> 68592 bytes .../time_difference_plot_argo-rollouts.png | Bin 0 -> 75003 bytes .../time_difference_plot_argo-workflows.png | Bin 0 -> 70676 bytes 16 files changed, 2493 insertions(+) create mode 100644 scripts/release-analysis/.mega-linter.yaml create mode 100644 scripts/release-analysis/Dockerfile create mode 100644 scripts/release-analysis/README.md create mode 100644 scripts/release-analysis/argo_helm_releases.csv create mode 100644 scripts/release-analysis/argo_releases.csv create mode 100644 scripts/release-analysis/fetch_helmet_releases.py create mode 100644 scripts/release-analysis/fetch_releases.py create mode 100644 scripts/release-analysis/main.py create mode 100644 scripts/release-analysis/merge_csvs.py create mode 100644 scripts/release-analysis/merged_releases.csv create mode 100644 scripts/release-analysis/plot_graph.py create mode 100644 scripts/release-analysis/requirements.txt create mode 100644 scripts/release-analysis/time_difference_plot_argo-cd.png create mode 100644 scripts/release-analysis/time_difference_plot_argo-events.png create mode 100644 scripts/release-analysis/time_difference_plot_argo-rollouts.png create mode 100644 scripts/release-analysis/time_difference_plot_argo-workflows.png diff --git a/scripts/release-analysis/.mega-linter.yaml b/scripts/release-analysis/.mega-linter.yaml new file mode 100644 index 00000000..024abb2b --- /dev/null +++ b/scripts/release-analysis/.mega-linter.yaml @@ -0,0 +1,21 @@ +# Configuration file for MegaLinter +# Run megalinter locally with: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v8` +ENABLE: + - DOCKERFILE + - PYTHON + +DISABLE_LINTERS: + - PYTHON_FLAKE8 + - PYTHON_PYRIGHT + - PYTHON_RUFF + - PYTHON_BANDIT + +CLEAR_REPORT_FOLDER: true +PYTHON_PYLINT_PRE_COMMANDS: + - command: pip install -r /tmp/lint/requirements.txt + venv: pylint +REPORT_OUTPUT_FOLDER: none + + +# You might want to enable this locally to fix some stuff without guessing what you need to change. Check before committing to git. +#APPLY_FIXES: all diff --git a/scripts/release-analysis/Dockerfile b/scripts/release-analysis/Dockerfile new file mode 100644 index 00000000..17674252 --- /dev/null +++ b/scripts/release-analysis/Dockerfile @@ -0,0 +1,8 @@ +FROM python:3.13-slim +WORKDIR /app +COPY requirements.txt ./ +RUN pip install --no-cache-dir -r requirements.txt + +COPY main.py fetch_releases.py fetch_helmet_releases.py merge_csvs.py plot_graph.py ./ +RUN chmod +x main.py fetch_releases.py fetch_helmet_releases.py merge_csvs.py plot_graph.py +CMD [ "python", "-u", "./main.py" ] diff --git a/scripts/release-analysis/README.md b/scripts/release-analysis/README.md new file mode 100644 index 00000000..ab746cee --- /dev/null +++ b/scripts/release-analysis/README.md @@ -0,0 +1,27 @@ +# argo-helm release analysis + +Compare the time of the upstream release to the time of the equivalent Helm Chart release to determine the time it takes for a new release to be available in argo-helm. + + +## How to run +This is quite github-api-intensive, so you'll need a github PAT + +```bash +# Build the container +docker build . -t team-helm-analysis + +# Delete any existing data +rm -f argo_helm_releases.csv argo_releases.csv merged_releases.csv time_difference_plot_argo*.png + +# Run the container +GITHUB_TOKEN=your_token_here +docker run --rm -e GITHUB_TOKEN=$GITHUB_TOKEN -v ${PWD}:/app team-helm-analysis +``` + +You should get 3 csvs and 4 graphs once this completes. It takes around 5 mins to run. + + +## Linting +I ran megalinter against this just to give some confidence that it's not completely broken. It's not perfect, but it's something. + +Run megalinter locally against this directory with: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v8` diff --git a/scripts/release-analysis/argo_helm_releases.csv b/scripts/release-analysis/argo_helm_releases.csv new file mode 100644 index 00000000..58046fc1 --- /dev/null +++ b/scripts/release-analysis/argo_helm_releases.csv @@ -0,0 +1,1019 @@ +Release Name,Release Date,Release Time,App Version +argo-cd-7.7.16,2025-01-14,10:17:50,v2.13.3 +argo-events-2.4.13,2025-01-11,10:22:47,v1.9.5 +argo-workflows-0.45.4,2025-01-10,10:23:52,v3.6.2 +argo-cd-7.7.15,2025-01-10,07:18:13,v2.13.3 +argo-events-2.4.12,2025-01-08,08:37:01,v1.9.4 +argocd-image-updater-0.11.4,2025-01-07,07:04:30,v0.15.2 +argo-cd-7.7.14,2025-01-07,12:02:49,v2.13.3 +argo-events-2.4.11,2025-01-04,14:02:19,v1.9.3 +argo-cd-7.7.13,2025-01-04,00:07:55,v2.13.3 +argo-workflows-0.45.3,2025-01-03,15:16:16,v3.6.2 +argo-rollouts-2.38.2,2025-01-03,14:07:45,v1.7.2 +argo-cd-7.7.12,2025-01-02,06:18:17,v2.13.2 +argo-events-2.4.10,2024-12-31,12:18:02,v1.9.3 +argo-rollouts-2.38.1,2024-12-30,17:19:34,v1.7.2 +argo-cd-7.7.11,2024-12-21,12:06:50,v2.13.2 +argo-workflows-0.45.2,2024-12-16,21:31:29,v3.6.2 +argocd-image-updater-0.11.3,2024-12-13,11:27:43,v0.15.1 +argo-cd-7.7.10,2024-12-12,05:33:28,v2.13.2 +argo-cd-7.7.9,2024-12-11,15:36:30,v2.13.1 +argo-cd-7.7.8,2024-12-09,09:17:31,v2.13.1 +argo-workflows-0.45.1,2024-12-02,17:39:46,v3.6.2 +argo-cd-7.7.7,2024-12-02,14:20:02,v2.13.1 +argo-cd-7.7.6,2024-11-28,00:42:14,v2.13.1 +argo-events-2.4.9,2024-11-27,20:44:06,v1.9.3 +argo-workflows-0.45.0,2024-11-22,15:20:08,v3.6.0 +argo-workflows-0.44.1,2024-11-22,11:40:45,v3.6.0 +argo-workflows-0.44.0,2024-11-21,08:59:15,v3.6.0 +argo-workflows-0.43.0,2024-11-21,08:27:21,v3.6.0 +argo-rollouts-2.38.0,2024-11-21,13:03:08,v1.7.2 +argo-cd-7.7.5,2024-11-21,12:43:12,v2.13.1 +argo-cd-7.7.4,2024-11-20,20:48:11,v2.13.1 +argo-cd-7.7.3,2024-11-13,10:57:32,v2.13.0 +argo-cd-7.7.2,2024-11-12,16:28:52,v2.13.0 +argo-cd-7.7.1,2024-11-10,01:42:21,v2.13.0 +argocd-image-updater-0.11.2,2024-11-09,03:44:12,v0.15.1 +argo-rollouts-2.37.8,2024-11-07,23:17:48,v1.7.2 +argo-cd-7.7.0,2024-11-05,00:00:06,v2.13.0 +argo-workflows-0.42.7,2024-11-01,23:24:01,v3.5.12 +argocd-image-updater-0.11.1,2024-10-30,10:40:35,v0.15.0 +argo-workflows-0.42.6,2024-10-30,13:24:53,v3.5.12 +argo-cd-7.6.12,2024-10-18,19:27:20,v2.12.6 +argo-cd-7.6.11,2024-10-18,07:16:30,v2.12.5 +argo-cd-7.6.10,2024-10-16,12:00:46,v2.12.4 +argo-cd-7.6.9,2024-10-15,20:16:09,v2.12.4 +argo-cd-7.6.8,2024-10-03,13:53:23,v2.12.4 +argo-workflows-0.42.5,2024-10-02,00:47:02,v3.5.11 +argocd-apps-2.0.2,2024-10-01,06:03:45, +argo-cd-7.6.7,2024-09-30,18:24:52,v2.12.4 +argo-cd-7.6.6,2024-09-30,12:25:12,v2.12.4 +argo-workflows-0.42.4,2024-09-27,09:57:14,v3.5.11 +argo-cd-7.6.5,2024-09-26,07:42:42,v2.12.4 +argo-cd-7.6.4,2024-09-25,22:05:12,v2.12.3 +argo-cd-7.6.3,2024-09-25,15:18:12,v2.12.3 +argo-cd-7.6.2,2024-09-23,17:27:28,v2.12.3 +argo-workflows-0.42.3,2024-09-20,15:08:40,v3.5.11 +argo-events-2.4.8,2024-09-20,00:10:14,v1.9.2 +argo-cd-7.6.1,2024-09-20,11:24:11,v2.12.3 +argo-cd-7.6.0,2024-09-20,07:59:20,v2.12.3 +argo-rollouts-2.37.7,2024-09-16,13:38:21,v1.7.2 +argo-workflows-0.42.2,2024-09-13,14:02:16,v3.5.10 +argocd-apps-2.0.1,2024-09-10,21:55:59, +argo-cd-7.5.2,2024-09-02,15:33:28,v2.12.3 +argo-cd-7.5.1,2024-09-02,08:59:12,v2.12.3 +argo-workflows-0.42.1,2024-09-01,15:06:01,v3.5.10 +argo-rollouts-2.37.6,2024-08-31,10:13:12,v1.7.2 +argo-cd-7.5.0,2024-08-28,15:27:35,v2.12.3 +argo-cd-7.4.7,2024-08-27,13:30:34,v2.12.3 +argo-cd-7.4.6,2024-08-27,08:49:06,v2.12.2 +argo-cd-7.4.5,2024-08-23,08:51:19,v2.12.2 +argo-workflows-0.42.0,2024-08-20,19:07:24,v3.5.10 +argo-cd-7.4.4,2024-08-16,21:36:53,v2.12.1 +argo-rollouts-2.37.5,2024-08-14,08:31:31,v1.7.2 +argo-rollouts-2.37.4,2024-08-12,09:08:55,v1.7.1 +argo-cd-7.4.3,2024-08-12,15:29:49,v2.12.0 +argo-cd-7.4.2,2024-08-08,15:02:24,v2.12.0 +argo-cd-7.4.1,2024-08-06,10:14:35,v2.12.0 +argo-cd-7.4.0,2024-08-05,15:22:06,v2.12.0 +argo-workflows-0.41.14,2024-08-02,10:42:56,v3.5.10 +argo-workflows-0.41.13,2024-08-01,07:19:01,v3.5.10 +argo-workflows-0.41.12,2024-07-30,07:39:23,v3.5.9 +argo-rollouts-2.37.3,2024-07-29,07:25:40,v1.7.1 +argo-cd-7.3.11,2024-07-24,11:44:52,v2.11.7 +argo-cd-7.3.10,2024-07-22,17:14:41,v2.11.6 +argo-cd-7.3.9,2024-07-19,10:23:10,v2.11.5 +argo-cd-7.3.8,2024-07-17,23:52:54,v2.11.5 +argo-cd-7.3.7,2024-07-16,01:17:05,v2.11.5 +argo-cd-7.3.6,2024-07-11,23:05:06,v2.11.4 +argo-cd-7.3.5,2024-07-10,21:01:22,v2.11.4 +argocd-image-updater-0.11.0,2024-07-09,21:31:56,v0.14.0 +argo-cd-7.3.4,2024-07-02,20:43:46,v2.11.4 +argo-rollouts-2.37.2,2024-07-01,10:02:31,v1.7.1 +argo-cd-7.3.3,2024-06-28,21:52:33,v2.11.3 +argo-rollouts-2.37.1,2024-06-26,10:39:20,v1.7.1 +argo-rollouts-2.37.0,2024-06-26,09:10:19,v1.7.1 +argo-events-2.4.7,2024-06-26,05:28:07,v1.9.2 +argo-cd-7.3.2,2024-06-26,11:29:01,v2.11.3 +argo-rollouts-2.36.2,2024-06-25,13:04:55,v1.7.0 +argo-cd-7.3.1,2024-06-25,12:26:06,v2.11.3 +argo-cd-7.3.0,2024-06-25,03:48:21,v2.11.3 +argo-rollouts-2.36.1,2024-06-22,10:11:43,v1.7.0 +argo-cd-7.2.1,2024-06-21,21:01:50,v2.11.3 +argo-cd-7.2.0,2024-06-20,10:25:45,v2.11.3 +argo-workflows-0.41.11,2024-06-19,07:01:05,v3.5.8 +argo-cd-7.1.5,2024-06-19,14:04:21,v2.11.3 +argo-workflows-0.41.10,2024-06-18,07:47:04,v3.5.8 +argo-cd-7.1.4,2024-06-18,01:13:46,v2.11.3 +argo-workflows-0.41.9,2024-06-17,18:59:46,v3.5.7 +argocd-image-updater-0.10.2,2024-06-14,07:54:15,v0.13.1 +argo-rollouts-2.36.0,2024-06-14,09:00:46,v1.7.0 +argo-events-2.4.6,2024-06-14,05:09:08,v1.9.2 +argo-workflows-0.41.8,2024-06-09,22:18:37,v3.5.7 +argo-cd-7.1.3,2024-06-09,05:23:01,v2.11.3 +argo-cd-7.1.2,2024-06-06,10:51:51,v2.11.3 +argo-cd-7.1.1,2024-06-01,23:45:19,v2.11.2 +argo-cd-7.1.0,2024-05-31,12:05:08,v2.11.2 +argocd-image-updater-0.10.1,2024-05-28,05:32:50,v0.13.1 +argo-cd-7.0.0,2024-05-28,13:38:40,v2.11.2 +argo-workflows-0.41.7,2024-05-27,08:09:42,v3.5.7 +argo-events-2.4.5,2024-05-24,03:05:11,v1.9.1 +argo-rollouts-2.35.3,2024-05-23,07:30:12,v1.6.6 +argo-cd-6.11.1,2024-05-23,15:37:21,v2.11.2 +argo-cd-6.11.0,2024-05-23,12:37:05,v2.11.1 +argo-cd-6.10.2,2024-05-22,11:21:15,v2.11.1 +argo-cd-6.10.1,2024-05-22,07:17:23,v2.11.1 +argo-cd-6.10.0,2024-05-21,16:36:49,v2.11.1 +argo-workflows-0.41.6,2024-05-19,10:22:36,v3.5.6 +argo-workflows-0.41.5,2024-05-19,07:34:43,v3.5.6 +argo-cd-6.9.3,2024-05-17,15:18:31,v2.11.0 +argocd-image-updater-0.10.0,2024-05-16,11:07:10,v0.13.0 +argo-cd-6.9.2,2024-05-14,15:17:50,v2.11.0 +argo-cd-6.9.1,2024-05-13,22:59:29,v2.11.0 +argo-cd-6.9.0,2024-05-13,04:32:05,v2.11.0 +argo-cd-6.8.1,2024-05-10,08:32:52,v2.11.0 +argo-cd-6.8.0,2024-05-08,06:21:31,v2.11.0 +argo-rollouts-2.35.2,2024-05-06,00:24:30,v1.6.6 +argo-workflows-0.41.4,2024-05-01,13:37:43,v3.5.6 +argo-cd-6.7.18,2024-04-30,17:14:22,v2.10.9 +argo-workflows-0.41.3,2024-04-29,20:30:08,v3.5.6 +argo-cd-6.7.17,2024-04-26,19:36:10,v2.10.8 +argo-cd-6.7.16,2024-04-26,14:21:35,v2.10.8 +argo-cd-6.7.15,2024-04-24,07:08:13,v2.10.7 +argo-cd-6.7.14,2024-04-21,20:54:29,v2.10.7 +argo-workflows-0.41.2,2024-04-20,04:55:21,v3.5.6 +argo-cd-6.7.13,2024-04-19,14:07:44,v2.10.7 +argocd-image-updater-0.9.7,2024-04-18,21:41:42,v0.12.2 +argo-cd-6.7.12,2024-04-15,10:43:13,v2.10.7 +argo-cd-6.7.11,2024-04-10,20:06:04,v2.10.6 +argo-cd-6.7.10,2024-04-05,05:00:08,v2.10.6 +argo-cd-6.7.9,2024-04-04,18:47:39,v2.10.5 +argo-workflows-0.41.1,2024-04-02,17:26:26,v3.5.5 +argo-cd-6.7.8,2024-04-02,13:36:54,v2.10.5 +argo-cd-6.7.7,2024-04-02,05:03:54,v2.10.5 +argo-cd-6.7.6,2024-03-29,16:13:47,v2.10.5 +argo-cd-6.7.5,2024-03-29,08:13:55,v2.10.5 +argo-cd-6.7.4,2024-03-28,17:30:11,v2.10.5 +argo-rollouts-2.35.1,2024-03-26,08:36:07,v1.6.6 +argo-workflows-0.41.0,2024-03-24,20:27:11,v3.5.5 +argocd-apps-2.0.0,2024-03-23,15:39:16, +argo-rollouts-2.35.0,2024-03-23,20:47:25,v1.6.6 +argo-events-2.4.4,2024-03-23,11:07:16,v1.9.1 +argo-rollouts-2.34.4,2024-03-22,16:10:10,v1.6.6 +argocd-image-updater-0.9.6,2024-03-20,23:53:18,v0.12.2 +argo-cd-6.7.3,2024-03-18,09:36:58,v2.10.4 +argo-cd-6.7.2,2024-03-13,20:46:14,v2.10.3 +argo-cd-6.7.1,2024-03-11,23:08:40,v2.10.2 +argo-cd-6.7.0,2024-03-11,18:26:24,v2.10.2 +argo-workflows-0.40.14,2024-03-03,19:13:02,v3.5.5 +argo-cd-6.6.0,2024-03-02,11:20:32,v2.10.2 +argocd-image-updater-0.9.5,2024-03-01,08:41:39,v0.12.2 +argo-workflows-0.40.13,2024-03-01,17:17:28,v3.5.5 +argo-workflows-0.40.12,2024-03-01,00:03:01,v3.5.5 +argo-cd-6.5.1,2024-03-01,22:33:17,v2.10.2 +argo-cd-6.5.0,2024-02-29,19:46:25,v2.10.1 +argo-cd-6.4.1,2024-02-28,06:28:55,v2.10.1 +argocd-apps-1.6.2,2024-02-25,13:11:58, +argo-cd-6.4.0,2024-02-25,12:47:16,v2.10.1 +argo-cd-6.3.1,2024-02-23,18:05:37,v2.10.1 +argo-cd-6.3.0,2024-02-23,14:18:18,v2.10.1 +argo-cd-6.2.5,2024-02-23,13:58:38,v2.10.1 +argo-cd-6.2.4,2024-02-23,12:16:07,v2.10.1 +argo-cd-6.2.3,2024-02-20,12:05:21,v2.10.1 +argo-cd-6.2.2,2024-02-20,11:41:51,v2.10.1 +argo-cd-6.2.1,2024-02-19,08:37:59,v2.10.1 +argocd-image-updater-0.9.4,2024-02-18,18:44:43,v0.12.2 +argo-cd-6.2.0,2024-02-18,22:06:45,v2.10.1 +argo-workflows-0.40.11,2024-02-17,09:14:52,v3.5.4 +argo-cd-6.1.0,2024-02-16,14:45:12,v2.10.1 +argo-rollouts-2.34.3,2024-02-14,08:50:21,v1.6.6 +argo-events-2.4.3,2024-02-14,08:53:00,v1.9.1 +argo-cd-6.0.14,2024-02-14,21:04:43,v2.10.1 +argo-cd-6.0.13,2024-02-14,10:52:49,v2.10.0 +argo-cd-6.0.9,2024-02-13,11:14:02,v2.10.0 +argo-cd-6.0.8,2024-02-13,08:23:55,v2.10.0 +argo-cd-6.0.12,2024-02-13,15:26:57,v2.10.0 +argo-cd-6.0.11,2024-02-13,11:42:46,v2.10.0 +argo-cd-6.0.10,2024-02-13,11:27:29,v2.10.0 +argo-cd-6.0.7,2024-02-12,18:36:55,v2.10.0 +argo-cd-6.0.6,2024-02-11,14:52:39,v2.10.0 +argo-cd-6.0.5,2024-02-09,12:14:21,v2.10.0 +argo-cd-6.0.4,2024-02-09,11:46:10,v2.10.0 +argo-cd-6.0.3,2024-02-08,17:47:08,v2.10.0 +argo-cd-6.0.2,2024-02-08,14:26:38,v2.10.0 +argo-cd-6.0.1,2024-02-08,10:59:10,v2.10.0 +argo-cd-6.0.0,2024-02-07,21:40:22,v2.10.0 +argo-cd-5.55.0,2024-02-07,07:10:30,v2.10.0 +argo-cd-5.54.0,2024-02-06,13:11:44,v2.9.6 +argo-cd-5.53.14,2024-02-05,06:25:59,v2.9.6 +argo-workflows-0.40.10,2024-02-03,00:45:13,v3.5.4 +argocd-apps-1.6.1,2024-02-02,09:37:44, +argo-cd-5.53.13,2024-02-02,22:50:34,v2.9.6 +argocd-apps-1.6.0,2024-01-30,00:34:21, +argo-cd-5.53.12,2024-01-30,16:58:22,v2.9.5 +argo-cd-5.53.11,2024-01-30,10:46:50,v2.9.5 +argo-cd-5.53.10,2024-01-29,13:58:51,v2.9.5 +argo-workflows-0.40.9,2024-01-26,21:35:38,v3.5.4 +argo-rollouts-2.34.2,2024-01-26,06:31:27,v1.6.5 +argo-cd-5.53.9,2024-01-26,07:36:02,v2.9.5 +argocd-apps-1.5.0,2024-01-25,07:07:46, +argo-workflows-0.40.8,2024-01-24,23:58:13,v3.5.4 +argo-cd-5.53.8,2024-01-23,01:07:46,v2.9.5 +argo-cd-5.53.7,2024-01-22,23:55:07,v2.9.5 +argo-cd-5.53.6,2024-01-22,13:09:31,v2.9.5 +argo-cd-5.53.5,2024-01-22,10:14:54,v2.9.5 +argo-cd-5.53.4,2024-01-21,13:36:02,v2.9.5 +argo-cd-5.53.3,2024-01-20,12:21:38,v2.9.5 +argo-cd-5.53.2,2024-01-19,20:20:14,v2.9.5 +argo-cd-5.53.1,2024-01-19,05:48:47,v2.9.4 +argocd-image-updater-0.9.3,2024-01-18,06:21:59,v0.12.2 +argo-cd-5.53.0,2024-01-18,13:56:51,v2.9.3 +argo-workflows-0.40.7,2024-01-17,07:56:36,v3.5.4 +argo-cd-5.52.2,2024-01-15,09:13:02,v2.9.3 +argo-workflows-0.40.6,2024-01-14,08:11:19,v3.5.4 +argo-workflows-0.40.5,2024-01-11,07:20:47,v3.5.3 +argo-events-2.4.2,2024-01-09,10:14:30,v1.9.0 +argo-rollouts-2.34.1,2024-01-07,04:31:05,v1.6.4 +argo-workflows-0.40.4,2024-01-06,04:17:52,v3.5.2 +argocd-image-updater-0.9.2,2024-01-05,15:29:00,v0.12.2 +argo-cd-5.52.1,2024-01-05,12:57:15,v2.9.3 +argo-cd-5.52.0,2023-12-30,17:02:29,v2.9.3 +argo-workflows-0.40.3,2023-12-24,06:14:14,v3.5.2 +argo-workflows-0.40.2,2023-12-24,00:29:03,v3.5.2 +argo-rollouts-2.34.0,2023-12-22,12:07:26,v1.6.4 +argo-workflows-0.40.1,2023-12-15,07:45:38,v3.5.2 +argo-workflows-0.40.0,2023-12-14,07:56:49,v3.5.2 +argo-rollouts-2.33.0,2023-12-14,08:39:41,v1.6.4 +argo-rollouts-2.32.8,2023-12-13,06:59:39,v1.6.4 +argo-workflows-0.39.9,2023-12-12,06:27:57,v3.5.2 +argo-workflows-0.39.8,2023-12-08,22:45:23,v3.5.2 +argo-rollouts-2.32.7,2023-12-08,15:06:58,v1.6.3 +argo-workflows-0.39.7,2023-12-07,07:23:32,v3.5.2 +argo-rollouts-2.32.6,2023-12-07,17:50:17,v1.6.2 +argo-workflows-0.39.6,2023-12-05,05:55:41,v3.5.2 +argo-cd-5.51.6,2023-12-02,11:03:49,v2.9.3 +argo-rollouts-2.32.5,2023-11-29,13:34:59,v1.6.2 +argo-cd-5.51.5,2023-11-29,18:40:17,v2.9.2 +argo-workflows-0.39.5,2023-11-27,21:13:09,v3.5.2 +argo-workflows-0.39.4,2023-11-27,17:45:21,v3.5.1 +argo-cd-5.51.4,2023-11-20,18:50:04,v2.9.2 +argo-cd-5.51.3,2023-11-19,22:19:14,v2.9.1 +argo-workflows-0.39.3,2023-11-16,12:32:11,v3.5.1 +argo-workflows-0.39.2,2023-11-15,13:33:12,v3.5.1 +argo-workflows-0.39.1,2023-11-15,13:17:27,v3.5.1 +argo-rollouts-2.32.4,2023-11-15,13:09:53,v1.6.2 +argo-rollouts-2.32.3,2023-11-15,10:00:45,v1.6.1 +argo-cd-5.51.2,2023-11-15,05:59:33,v2.9.1 +argo-cd-5.51.1,2023-11-10,12:41:27,v2.9.0 +argo-workflows-0.39.0,2023-11-08,16:05:21,v3.5.1 +argo-cd-5.51.0,2023-11-06,12:54:52,v2.9.0 +argo-workflows-0.38.0,2023-11-04,05:58:06,v3.5.1 +argo-workflows-0.37.1,2023-11-03,20:39:25,v3.5.0 +argo-cd-5.50.1,2023-11-02,09:44:09,v2.8.6 +argo-cd-5.50.0,2023-10-31,18:12:30,v2.8.6 +argo-rollouts-2.32.2,2023-10-30,17:43:02,v1.6.0 +argo-cd-5.49.0,2023-10-30,14:42:51,v2.8.5 +argo-cd-5.48.1,2023-10-30,08:52:14,v2.8.5 +argo-cd-5.48.0,2023-10-28,07:29:05,v2.8.5 +argo-cd-5.47.0,2023-10-27,09:44:15,v2.8.4 +argo-workflows-0.37.0,2023-10-24,12:35:14,v3.5.0 +argo-workflows-0.36.2,2023-10-24,10:06:53,v3.5.0 +argo-rollouts-2.32.1,2023-10-24,12:40:04,v1.6.0 +argo-workflows-0.36.1,2023-10-17,23:53:35,v3.5.0 +argo-workflows-0.36.0,2023-10-17,15:41:00,v3.5.0 +argo-workflows-0.35.0,2023-10-13,22:07:38,v3.5.0 +argo-workflows-0.34.0,2023-10-12,14:15:08,v3.4.11 +argo-cd-5.46.8,2023-10-12,09:51:17,v2.8.4 +argo-cd-5.46.7,2023-09-22,15:50:57,v2.8.4 +argo-cd-5.46.6,2023-09-19,09:02:08,v2.8.4 +argo-cd-5.46.5,2023-09-18,13:26:16,v2.8.4 +argo-cd-5.46.4,2023-09-15,10:48:20,v2.8.4 +argo-cd-5.46.3,2023-09-14,04:56:22,v2.8.4 +argo-cd-5.46.2,2023-09-11,23:33:17,v2.8.3 +argo-cd-5.46.1,2023-09-11,13:24:46,v2.8.3 +argo-workflows-0.33.3,2023-09-10,01:57:47,v3.4.11 +argo-cd-5.46.0,2023-09-09,08:59:25,v2.8.3 +argo-workflows-0.33.2,2023-09-08,04:20:30,v3.4.11 +argo-cd-5.45.5,2023-09-08,14:58:30,v2.8.3 +argo-cd-5.45.4,2023-09-08,14:02:48,v2.8.3 +argo-cd-5.45.3,2023-09-08,00:13:52,v2.8.3 +argo-rollouts-2.32.0,2023-09-07,12:23:50,v1.6.0 +argo-cd-5.45.2,2023-09-07,14:01:34,v2.8.2 +argo-events-2.4.1,2023-09-04,01:15:35,v1.8.1 +argo-cd-5.45.1,2023-09-04,11:01:56,v2.8.2 +argo-cd-5.45.0,2023-08-28,08:12:52,v2.8.2 +argo-cd-5.44.0,2023-08-27,19:07:41,v2.8.2 +argo-cd-5.43.8,2023-08-27,02:21:03,v2.8.2 +argo-cd-5.43.7,2023-08-25,10:52:23,v2.8.2 +argo-cd-5.43.6,2023-08-25,08:46:11,v2.8.2 +argo-cd-5.43.5,2023-08-23,03:57:35,v2.8.1 +argo-workflows-0.33.1,2023-08-19,06:00:08,v3.4.10 +argo-workflows-0.33.0,2023-08-17,12:08:23,v3.4.10 +argo-workflows-0.32.3,2023-08-16,11:00:55,v3.4.10 +argo-rollouts-2.31.6,2023-08-16,07:02:05,v1.5.1 +argo-cd-5.43.4,2023-08-15,08:58:54,v2.8.0 +argo-workflows-0.32.2,2023-08-11,01:15:12,v3.4.9 +argo-rollouts-2.31.5,2023-08-09,00:04:20,v1.5.1 +argo-cd-5.43.3,2023-08-09,22:18:57,v2.8.0 +argo-cd-5.43.2,2023-08-09,08:36:10,v2.8.0 +argo-cd-5.43.1,2023-08-09,08:20:17,v2.8.0 +argo-cd-5.43.0,2023-08-08,14:36:04,v2.8.0 +argo-cd-5.42.3,2023-08-08,06:11:54,v2.7.11 +argo-rollouts-2.31.4,2023-08-05,10:27:42,v1.5.1 +argo-cd-5.42.2,2023-08-05,10:18:36,v2.7.10 +argo-rollouts-2.31.3,2023-08-01,09:07:36,v1.5.1 +argo-cd-5.42.1,2023-08-01,05:57:37,v2.7.10 +argo-workflows-0.32.1,2023-07-27,13:58:12,v3.4.9 +argo-cd-5.42.0,2023-07-27,22:05:30,v2.7.9 +argo-rollouts-2.31.2,2023-07-25,00:23:11,v1.5.1 +argo-cd-5.41.2,2023-07-25,02:10:03,v2.7.9 +argocd-apps-1.4.1,2023-07-23,04:26:08, +argocd-apps-1.4.0,2023-07-22,13:46:54, +argo-workflows-0.32.0,2023-07-20,23:20:17,v3.4.9 +argo-rollouts-2.31.1,2023-07-20,17:26:45,v1.5.1 +argo-cd-5.41.1,2023-07-19,22:26:30,v2.7.8 +argo-cd-5.41.0,2023-07-18,06:51:38,v2.7.7 +argo-cd-5.40.0,2023-07-17,12:21:05,v2.7.7 +argo-cd-5.39.1,2023-07-17,09:56:36,v2.7.7 +argo-cd-5.39.0,2023-07-13,14:07:28,v2.7.7 +argocd-apps-1.3.0,2023-07-11,16:16:56, +argo-workflows-0.31.0,2023-07-11,12:07:29,v3.4.8 +argo-cd-5.38.1,2023-07-11,13:01:22,v2.7.7 +argo-cd-5.38.0,2023-07-10,08:14:40,v2.7.7 +argo-cd-5.37.1,2023-07-06,08:26:09,v2.7.7 +argo-cd-5.37.0,2023-07-04,14:07:24,v2.7.6 +argo-cd-5.36.15,2023-07-04,09:22:40,v2.7.6 +argo-cd-5.36.14,2023-07-03,17:55:22,v2.7.6 +argo-cd-5.36.13,2023-07-02,08:07:38,v2.7.6 +argo-cd-5.36.12,2023-07-02,03:16:49,v2.7.6 +argo-cd-5.36.11,2023-06-29,16:02:41,v2.7.6 +argo-cd-5.36.9,2023-06-26,14:41:11,v2.7.6 +argo-cd-5.36.10,2023-06-26,14:55:27,v2.7.6 +argo-workflows-0.30.0,2023-06-24,22:29:03,v3.4.8 +argo-workflows-0.29.3,2023-06-23,16:35:23,v3.4.8 +argo-cd-5.36.7,2023-06-23,13:59:34,v2.7.6 +argo-events-2.4.0,2023-06-21,12:41:55,v1.8.0 +argo-cd-5.36.6,2023-06-21,14:54:37,v2.7.6 +argo-cd-5.36.5,2023-06-21,04:27:57,v2.7.6 +argo-cd-5.36.4,2023-06-20,13:07:45,v2.7.5 +argo-cd-5.36.3,2023-06-20,00:05:45,v2.7.5 +argo-cd-5.36.2,2023-06-17,04:55:38,v2.7.5 +argo-workflows-0.29.2,2023-06-08,03:48:28,v3.4.8 +argo-cd-5.36.1,2023-06-08,22:52:40,v2.7.4 +argo-cd-5.36.0,2023-06-07,08:52:24,v2.7.4 +argo-cd-5.35.1,2023-06-06,04:53:38,v2.7.4 +argo-workflows-0.29.1,2023-06-05,14:15:25,v3.4.8 +argo-cd-5.35.0,2023-06-05,14:31:31,v2.7.3 +argo-rollouts-2.31.0,2023-06-04,11:08:02,v1.5.0 +argo-workflows-0.29.0,2023-06-03,14:41:13,v3.4.8 +argo-cd-5.34.6,2023-05-29,04:32:37,v2.7.3 +argo-rollouts-2.30.1,2023-05-27,14:52:04,v1.5.0 +argo-workflows-0.28.2,2023-05-26,04:19:27,v3.4.8 +argo-workflows-0.28.1,2023-05-25,12:31:09,v3.4.7 +argo-cd-5.34.5,2023-05-24,23:23:36,v2.7.3 +argo-rollouts-2.30.0,2023-05-23,07:07:55,v1.5.0 +argo-cd-5.34.4,2023-05-23,20:29:47,v2.7.2 +argo-cd-5.34.3,2023-05-23,02:47:12,v2.7.2 +argo-cd-5.34.2,2023-05-22,17:07:33,v2.7.2 +argocd-apps-1.2.0,2023-05-21,07:19:50, +argo-rollouts-2.29.0,2023-05-20,15:39:35,v1.5.0 +argocd-apps-1.1.0,2023-05-19,09:35:18, +argo-workflows-0.28.0,2023-05-19,10:35:50,v3.4.7 +argo-cd-5.34.1,2023-05-17,14:25:05,v2.7.2 +argo-cd-5.34.0,2023-05-17,13:40:41,v2.7.2 +argo-cd-5.33.4,2023-05-16,09:24:22,v2.7.2 +argo-cd-5.33.3,2023-05-13,11:01:42,v2.7.2 +argo-cd-5.33.2,2023-05-12,15:19:23,v2.7.2 +argo-workflows-0.27.0,2023-05-11,06:39:40,v3.4.7 +argo-workflows-0.26.6,2023-05-11,00:09:56,v3.4.7 +argo-cd-5.33.1,2023-05-11,14:07:07,v2.7.1 +argo-cd-5.33.0,2023-05-11,00:40:17,v2.7.1 +argocd-image-updater-0.9.1,2023-05-10,16:46:54,v0.12.2 +argocd-apps-1.0.1,2023-05-10,16:59:38, +argo-workflows-0.26.5,2023-05-10,14:21:35,v3.4.7 +argo-workflows-0.26.4,2023-05-10,10:16:35,v3.4.7 +argo-rollouts-2.28.0,2023-05-10,15:37:42,v1.5.0 +argo-events-2.3.3,2023-05-10,15:49:04,v1.7.6 +argo-cd-5.32.2,2023-05-10,13:50:04,v2.7.1 +argo-workflows-0.26.3,2023-05-09,03:42:14,v3.4.7 +argo-events-2.3.2,2023-05-09,00:38:41,v1.7.6 +argo-workflows-0.26.2,2023-05-08,20:03:24,v3.4.7 +argo-cd-5.32.1,2023-05-08,11:23:13,v2.7.1 +argo-events-2.3.1,2023-05-07,14:18:59,v1.7.6 +argo-workflows-0.26.1,2023-05-06,16:20:35,v3.4.7 +argo-rollouts-2.27.0,2023-05-06,11:32:12,v1.4.1 +argo-events-2.3.0,2023-05-06,11:18:40,v1.7.6 +argo-workflows-0.26.0,2023-05-05,14:31:11,v3.4.7 +argo-workflows-0.25.2,2023-05-05,14:14:01,v3.4.7 +argo-cd-5.32.0,2023-05-05,20:19:39,v2.7.1 +argo-cd-5.31.1,2023-05-03,09:48:25,v2.7.1 +argo-cd-5.31.0,2023-05-02,12:29:53,v2.7.0 +argo-cd-5.30.1,2023-05-02,10:28:37,v2.7.0 +argo-cd-5.30.0,2023-05-02,07:29:11,v2.7.0 +argo-rollouts-2.26.1,2023-04-28,07:54:50,v1.4.1 +argocd-apps-1.0.0,2023-04-27,12:49:28, +argo-workflows-0.25.1,2023-04-24,16:57:53,v3.4.7 +argo-workflows-0.25.0,2023-04-24,05:47:37,v3.4.7 +argo-rollouts-2.26.0,2023-04-24,14:41:03,v1.4.1 +argocd-image-updater-0.9.0,2023-04-16,08:13:22,v0.12.2 +argo-workflows-0.24.1,2023-04-14,13:55:07,v3.4.7 +argo-workflows-0.24.0,2023-04-13,09:25:33,v3.4.7 +argo-rollouts-2.25.0,2023-04-13,23:59:09,v1.4.1 +argo-rollouts-2.24.0,2023-04-13,18:16:41,v1.4.1 +argo-events-2.2.0,2023-04-13,18:38:28,v1.7.6 +argo-cd-5.29.1,2023-04-13,23:44:42,v2.6.7 +argo-cd-5.29.0,2023-04-13,14:09:40,v2.6.7 +argo-workflows-0.23.2,2023-04-12,04:52:48,v3.4.7 +argo-workflows-0.23.1,2023-04-11,13:50:51,v3.4.6 +argo-cd-5.28.2,2023-04-11,13:34:12,v2.6.7 +argo-events-2.1.6,2023-04-07,12:46:03,v1.7.6 +argocd-image-updater-0.8.5,2023-04-06,13:52:44,v0.12.2 +argo-workflows-0.23.0,2023-04-06,23:43:19,v3.4.6 +argo-cd-5.28.1,2023-04-06,16:17:02,v2.6.7 +argo-workflows-0.22.16,2023-04-04,11:10:35,v3.4.6 +argo-cd-5.28.0,2023-04-03,09:59:17,v2.6.7 +argo-events-2.1.5,2023-04-01,20:40:27,v1.7.6 +argo-cd-5.27.5,2023-03-30,16:33:34,v2.6.7 +argo-rollouts-2.23.0,2023-03-29,09:16:56,v1.4.1 +argo-cd-5.27.4,2023-03-28,13:49:13,v2.6.7 +argo-cd-5.27.3,2023-03-24,09:57:20,v2.6.7 +argo-cd-5.27.2,2023-03-24,00:09:05,v2.6.7 +argo-workflows-0.22.15,2023-03-23,07:09:27,v3.4.5 +argo-cd-5.27.1,2023-03-17,08:25:05,v2.6.6 +argo-workflows-0.22.14,2023-03-16,11:05:16,v3.4.5 +argo-cd-5.27.0,2023-03-16,00:09:12,v2.6.5 +argo-events-2.1.4,2023-03-15,17:34:46,v1.7.6 +argo-cd-5.26.3,2023-03-15,19:28:01,v2.6.5 +argo-cd-5.26.2,2023-03-15,14:00:41,v2.6.5 +argo-cd-5.26.1,2023-03-14,18:42:39,v2.6.5 +argo-cd-5.26.0,2023-03-12,14:00:47,v2.6.4 +argo-cd-5.25.0,2023-03-09,12:05:22,v2.6.4 +argo-cd-5.24.4,2023-03-09,10:48:48,v2.6.4 +argo-cd-5.24.3,2023-03-08,07:46:54,v2.6.4 +argo-cd-5.24.2,2023-03-08,07:13:22,v2.6.4 +argo-cd-5.24.1,2023-03-03,17:53:36,v2.6.3 +argocd-apps-0.0.9,2023-03-02,14:59:22, +argo-rollouts-2.22.3,2023-03-02,15:08:16,v1.4.1 +argo-cd-5.24.0,2023-03-02,14:29:29,v2.6.3 +argo-cd-5.23.5,2023-02-28,23:30:25,v2.6.3 +argo-cd-5.23.4,2023-02-28,21:53:42,v2.6.3 +argo-cd-5.23.3,2023-02-28,08:32:15,v2.6.3 +argo-cd-5.23.2,2023-02-26,16:34:21,v2.6.2 +argo-workflows-0.22.13,2023-02-24,21:57:04,v3.4.5 +argo-workflows-0.22.12,2023-02-23,17:44:23,v3.4.5 +argo-cd-5.23.1,2023-02-23,18:12:14,v2.6.2 +argo-cd-5.23.0,2023-02-23,16:57:40,v2.6.2 +argo-events-2.1.3,2023-02-21,01:14:54,v1.7.6 +argo-cd-5.22.1,2023-02-19,12:38:23,v2.6.2 +argo-cd-5.22.0,2023-02-17,16:38:41,v2.6.2 +argo-cd-5.21.1,2023-02-17,08:23:54,v2.6.2 +argo-cd-5.21.0,2023-02-15,00:11:41,v2.6.1 +argo-cd-5.20.5,2023-02-14,12:21:52,v2.6.1 +argo-cd-5.20.4,2023-02-13,11:22:38,v2.6.1 +argo-workflows-0.22.11,2023-02-10,05:32:10,v3.4.5 +argocd-apps-0.0.8,2023-02-09,22:44:40, +argo-cd-5.20.3,2023-02-08,20:15:43,v2.6.1 +argo-cd-5.20.2,2023-02-08,16:42:35,v2.6.0 +argo-cd-5.20.1,2023-02-08,01:10:02,v2.6.0 +argo-workflows-0.22.10,2023-02-07,15:11:29,v3.4.5 +argo-cd-5.20.0,2023-02-07,15:02:47,v2.6.0 +argo-cd-5.19.15,2023-02-06,04:40:38,v2.5.10 +argo-cd-5.19.14,2023-02-02,21:56:38,v2.5.10 +argo-cd-5.19.13,2023-02-02,04:11:31,v2.5.9 +argocd-image-updater-0.8.4,2023-02-01,21:07:41,v0.12.2 +argocd-image-updater-0.8.3,2023-01-29,18:59:51,v0.12.0 +argocd-apps-0.0.7,2023-01-29,19:17:57, +argo-workflows-0.22.9,2023-01-29,18:48:45,v3.4.4 +argo-rollouts-2.22.2,2023-01-29,19:14:29,v1.4.0 +argo-events-2.1.2,2023-01-29,19:07:55,v1.7.5 +argo-events-2.1.1,2023-01-29,12:16:37,v1.7.5 +argo-cd-5.19.12,2023-01-29,15:23:26,v2.5.9 +argo-cd-5.19.11,2023-01-28,13:41:15,v2.5.9 +argo-cd-5.19.9,2023-01-27,14:47:36,v2.5.8 +argo-cd-5.19.10,2023-01-27,23:20:39,v2.5.8 +argo-cd-5.19.8,2023-01-26,12:06:45,v2.5.8 +argo-cd-5.19.7,2023-01-26,08:23:02,v2.5.8 +argo-events-2.1.0,2023-01-25,21:46:36,v1.7.4 +argo-cd-5.19.6,2023-01-24,00:18:44,v2.5.7 +argo-cd-5.19.5,2023-01-22,19:22:59,v2.5.7 +argo-cd-5.19.4,2023-01-22,17:20:54,v2.5.7 +argocd-image-updater-0.8.2,2023-01-21,11:38:12,v0.12.0 +argo-cd-5.19.3,2023-01-21,19:11:20,v2.5.7 +argo-cd-5.19.2,2023-01-21,12:19:10,v2.5.7 +argo-cd-5.19.1,2023-01-21,12:08:16,v2.5.7 +argo-cd-5.19.0,2023-01-21,09:25:14,v2.5.7 +argo-rollouts-2.22.1,2023-01-20,16:42:17,v1.4.0 +argo-cd-5.18.1,2023-01-20,14:34:15,v2.5.7 +argo-rollouts-2.22.0,2023-01-19,21:14:27,v1.4.0 +argo-rollouts-2.21.3,2023-01-19,10:37:43,v1.3.1 +argo-cd-5.18.0,2023-01-19,22:15:14,v2.5.7 +argo-rollouts-2.21.2,2023-01-18,02:39:11,v1.3.1 +argo-cd-5.17.4,2023-01-18,13:01:18,v2.5.7 +argo-cd-5.17.2,2023-01-18,06:44:45,v2.5.7 +argo-cd-5.17.1,2023-01-11,06:33:59,v2.5.6 +argo-workflows-0.22.8,2023-01-10,00:03:48,v3.4.4 +argo-cd-5.17.0,2023-01-10,12:32:17,v2.5.5 +argo-cd-5.16.15,2023-01-10,08:59:08,v2.5.5 +argo-cd-5.16.14,2023-01-04,09:49:57,v2.5.5 +argo-workflows-0.22.7,2023-01-03,01:46:24,v3.4.4 +argo-workflows-0.22.6,2022-12-30,05:21:07,v3.4.4 +argo-workflows-0.22.5,2022-12-29,16:31:57,v3.4.4 +argo-events-2.0.11,2022-12-29,17:55:54,v1.7.4 +argo-cd-5.16.13,2022-12-29,16:26:56,v2.5.5 +argo-cd-5.16.12,2022-12-29,15:47:53,v2.5.5 +argo-cd-5.16.11,2022-12-29,11:49:31,v2.5.5 +argo-cd-5.16.10,2022-12-27,12:12:26,v2.5.5 +argocd-apps-0.0.6,2022-12-25,13:56:50, +argo-events-2.0.10,2022-12-24,19:41:24,v1.7.4 +argo-workflows-0.22.4,2022-12-22,13:00:59,v3.4.4 +argo-cd-5.16.9,2022-12-20,13:18:36,v2.5.5 +argo-cd-5.16.8,2022-12-20,11:54:14,v2.5.5 +argo-workflows-0.22.3,2022-12-19,09:08:04,v3.4.4 +argo-workflows-0.22.2,2022-12-18,23:42:17,v3.4.4 +argo-events-2.0.9,2022-12-17,00:45:45,v1.7.3 +argo-cd-5.16.7,2022-12-17,11:36:17,v2.5.5 +argo-events-2.0.8,2022-12-15,08:33:57,v1.7.3 +argo-cd-5.16.6,2022-12-15,06:03:36,v2.5.4 +argo-cd-5.16.5,2022-12-14,21:13:18,v2.5.4 +argo-cd-5.16.4,2022-12-13,21:31:30,v2.5.4 +argo-cd-5.16.3,2022-12-13,06:19:38,v2.5.4 +argocd-apps-0.0.5,2022-12-10,14:50:54, +argo-workflows-0.22.1,2022-12-09,06:50:29,v3.4.4 +argo-events-2.0.7,2022-12-09,13:08:09,v1.7.3 +argo-cd-5.16.2,2022-12-07,07:41:56,v2.5.4 +argocd-apps-0.0.4,2022-12-02,13:26:38, +argo-workflows-0.22.0,2022-12-02,13:51:34,v3.4.4 +argo-workflows-0.21.0,2022-12-02,10:29:52,v3.4.4 +argo-cd-5.16.1,2022-12-02,14:48:40,v2.5.3 +argo-workflows-0.20.12,2022-11-30,15:26:09,v3.4.4 +argo-cd-5.16.0,2022-11-30,23:28:36,v2.5.3 +argo-cd-5.15.2,2022-11-30,21:58:12,v2.5.3 +argo-cd-5.15.1,2022-11-30,21:38:35,v2.5.3 +argo-cd-5.15.0,2022-11-29,21:15:00,v2.5.3 +argo-cd-5.14.3,2022-11-28,22:10:18,v2.5.3 +argo-workflows-0.20.11,2022-11-26,01:08:34,v3.4.3 +argo-workflows-0.20.10,2022-11-25,00:36:01,v3.4.3 +argo-cd-5.14.2,2022-11-25,17:40:10,v2.5.2 +argo-workflows-0.20.9,2022-11-23,07:18:21,v3.4.3 +argo-cd-5.14.1,2022-11-21,10:39:57,v2.5.2 +argo-cd-5.14.0,2022-11-20,13:30:05,v2.5.2 +argo-cd-5.13.9,2022-11-17,15:26:43,v2.5.2 +argo-workflows-0.20.8,2022-11-14,11:20:39,v3.4.3 +argo-cd-5.13.8,2022-11-11,02:11:52,v2.5.2 +argo-workflows-0.20.7,2022-11-10,00:36:36,v3.4.3 +argo-cd-5.13.7,2022-11-10,01:56:07,v2.5.2 +argo-cd-5.13.6,2022-11-08,16:04:52,v2.5.2 +argo-cd-5.13.5,2022-11-07,21:55:16,v2.5.1 +argo-cd-5.13.4,2022-11-06,21:13:41,v2.5.1 +argo-cd-5.13.3,2022-11-06,04:19:47,v2.5.1 +argo-cd-5.13.2,2022-11-03,08:37:01,v2.5.1 +argo-cd-5.13.1,2022-11-02,07:31:33,v2.5.1 +argo-workflows-0.20.6,2022-11-01,09:26:43,v3.4.3 +argo-cd-5.13.0,2022-11-01,19:27:19,v2.5.0 +argo-cd-5.12.3,2022-11-01,14:57:44,v2.5.0 +argo-cd-5.12.2,2022-10-31,17:38:56,v2.5.0 +argo-cd-5.9.1,2022-10-30,17:48:16,v2.5.0 +argo-cd-5.9.0,2022-10-30,15:38:31,v2.5.0 +argo-cd-5.12.1,2022-10-30,23:48:29,v2.5.0 +argo-cd-5.12.0,2022-10-30,22:03:51,v2.5.0 +argo-cd-5.11.0,2022-10-30,20:44:31,v2.5.0 +argo-cd-5.10.0,2022-10-30,19:13:05,v2.5.0 +argo-cd-5.8.7,2022-10-29,19:08:37,v2.5.0 +argo-cd-5.8.6,2022-10-29,09:24:01,v2.5.0 +argo-cd-5.8.5,2022-10-28,10:18:33,v2.5.0 +argo-cd-5.8.4,2022-10-28,08:50:11,v2.5.0 +argo-workflows-0.20.5,2022-10-27,01:05:01,v3.4.2 +argo-cd-5.8.3,2022-10-27,12:18:27,v2.5.0 +argo-cd-5.8.2,2022-10-26,13:19:29,v2.5.0 +argo-cd-5.8.1,2022-10-26,11:11:40,v2.5.0 +argo-workflows-0.20.4,2022-10-25,06:19:19,v3.4.2 +argo-cd-5.8.0,2022-10-25,21:22:42,v2.5.0 +argo-cd-5.7.0,2022-10-25,17:05:58,v2.4.15 +argo-cd-5.6.8,2022-10-25,14:09:11,v2.4.15 +argo-cd-5.6.7,2022-10-25,13:30:20,v2.4.15 +argo-cd-5.6.6,2022-10-25,06:42:17,v2.4.15 +argo-workflows-0.20.3,2022-10-24,05:53:54,v3.4.2 +argo-cd-5.6.5,2022-10-24,21:48:21,v2.4.15 +argo-cd-5.6.4,2022-10-24,17:06:09,v2.4.15 +argo-workflows-0.20.2,2022-10-22,07:37:48,v3.4.1 +argo-cd-5.6.3,2022-10-22,12:59:43,v2.4.15 +argo-cd-5.6.2,2022-10-21,08:11:20,v2.4.15 +argo-cd-5.6.1,2022-10-20,11:23:48,v2.4.15 +argocd-apps-0.0.3,2022-10-13,22:07:34, +argo-cd-5.6.0,2022-10-13,22:30:23,v2.4.14 +argo-cd-5.5.25,2022-10-13,16:17:41,v2.4.14 +argocd-apps-0.0.2,2022-10-12,08:34:02, +argo-cd-5.5.24,2022-10-12,12:55:54,v2.4.14 +argo-cd-5.5.23,2022-10-12,11:46:40,v2.4.14 +argo-cd-5.5.22,2022-10-12,08:04:42,v2.4.14 +argocd-image-updater-0.8.1,2022-10-11,22:21:29,v0.12.0 +argo-cd-5.5.21,2022-10-11,14:12:05,v2.4.14 +argo-cd-5.5.20,2022-10-11,14:00:11,v2.4.14 +argo-cd-5.5.19,2022-10-11,12:29:07,v2.4.14 +argo-cd-5.5.18,2022-10-10,20:46:29,v2.4.14 +argo-cd-5.5.17,2022-10-10,19:09:27,v2.4.14 +argo-cd-5.5.16,2022-10-09,13:23:27,v2.4.14 +argo-cd-5.5.15,2022-10-09,08:34:22,v2.4.14 +argo-cd-5.5.14,2022-10-08,22:23:13,v2.4.14 +argo-cd-5.5.13,2022-10-08,11:28:42,v2.4.14 +argo-cd-5.5.12,2022-10-07,10:52:38,v2.4.14 +argo-cd-5.5.9,2022-10-06,14:32:23,v2.4.13 +argo-cd-5.5.11,2022-10-06,22:23:50,v2.4.14 +argo-cd-5.5.10,2022-10-06,21:05:05,v2.4.14 +argo-cd-5.5.8,2022-10-04,00:58:31,v2.4.13 +argo-workflows-0.20.1,2022-10-02,09:28:15,v3.4.1 +argo-rollouts-2.21.1,2022-09-30,22:29:28,v1.3.1 +argo-cd-5.5.7,2022-09-30,13:26:36,v2.4.12 +argo-rollouts-2.21.0,2022-09-29,06:43:50,v1.3.0 +argo-events-2.0.6,2022-09-29,15:55:01,v1.7.3 +argo-workflows-0.20.0,2022-09-28,13:51:07,v3.4.0 +argo-cd-5.5.6,2022-09-28,11:06:18,v2.4.12 +argo-workflows-0.19.6,2022-09-27,12:44:09,v3.4.0 +argo-workflows-0.19.5,2022-09-27,09:53:23,v3.4.0 +argo-workflows-0.19.4,2022-09-26,04:11:17,v3.4.0 +argo-workflows-0.19.3,2022-09-26,01:49:55,v3.4.0 +argo-cd-5.5.5,2022-09-25,17:03:01,v2.4.12 +argo-workflows-0.19.2,2022-09-24,00:03:59,v3.4.0 +argo-cd-5.5.4,2022-09-22,17:20:47,v2.4.12 +argo-cd-5.5.3,2022-09-22,08:53:07,v2.4.12 +argo-workflows-0.19.1,2022-09-21,12:51:22,v3.4.0 +argo-workflows-0.19.0,2022-09-21,10:35:00,v3.4.0 +argo-cd-5.5.2,2022-09-21,19:06:26,v2.4.12 +argo-cd-5.5.1,2022-09-21,18:21:31,v2.4.12 +argo-cd-5.5.0,2022-09-21,11:48:56,v2.4.12 +argo-cd-5.4.8,2022-09-21,07:32:29,v2.4.12 +argo-events-2.0.5,2022-09-20,11:55:01,v1.7.2 +argo-workflows-0.18.0,2022-09-19,16:10:42,v3.4.0 +argo-cd-5.4.7,2022-09-19,21:37:54,v2.4.12 +argo-cd-5.4.6,2022-09-19,12:57:09,v2.4.12 +argo-cd-5.4.5,2022-09-19,11:44:57,v2.4.12 +argo-cd-5.4.4,2022-09-16,08:58:43,v2.4.12 +argo-cd-5.4.3,2022-09-08,17:00:01,v2.4.11 +argo-cd-5.4.2,2022-09-06,10:13:54,v2.4.11 +argo-cd-5.4.1,2022-09-04,08:48:29,v2.4.11 +argo-cd-5.4.0,2022-08-30,15:30:53,v2.4.11 +argo-workflows-0.17.1,2022-08-26,09:03:18,v3.3.9 +argo-rollouts-2.20.0,2022-08-26,16:40:20,v1.2.2 +argo-rollouts-2.19.2,2022-08-26,09:03:17,v1.2.2 +argo-events-2.0.4,2022-08-26,09:03:16,v1.7.1 +argo-cd-5.3.6,2022-08-26,16:15:52,v2.4.11 +argo-cd-5.3.5,2022-08-26,13:38:01,v2.4.11 +argo-cd-5.3.4,2022-08-26,09:03:15,v2.4.11 +argo-cd-5.3.3,2022-08-25,22:09:36,v2.4.11 +argo-cd-5.3.2,2022-08-25,21:39:21,v2.4.11 +argo-cd-5.3.1,2022-08-25,11:35:35,v2.4.11 +argo-cd-5.3.0,2022-08-25,10:42:01,v2.4.11 +argo-cd-5.2.2,2022-08-25,10:13:10,v2.4.11 +argo-cd-5.2.1,2022-08-25,09:08:04,v2.4.11 +argo-cd-5.2.0,2022-08-25,08:43:06,v2.4.11 +argo-cd-5.1.0,2022-08-25,06:41:11,v2.4.11 +argo-cd-5.0.0,2022-08-24,15:12:21,v2.4.11 +argo-rollouts-2.19.0,2022-08-23,02:43:29,v1.2.0 +argocd-apps-0.0.1,2022-08-22,12:32:28, +argo-cd-4.10.9,2022-08-22,14:04:30,v2.4.11 +argo-cd-4.10.8,2022-08-19,19:37:44,v2.4.10 +argo-cd-4.10.7,2022-08-18,00:28:21,v2.4.10 +argo-workflows-0.17.0,2022-08-17,00:07:26,v3.3.9 +argo-cd-4.10.6,2022-08-11,20:43:51,v2.4.9 +argo-workflows-0.16.9,2022-08-10,11:43:41,v3.3.9 +argo-cd-4.10.5,2022-08-02,10:02:11,v2.4.8 +argo-cd-4.10.4,2022-08-01,13:49:17,v2.4.8 +argo-cd-4.10.3,2022-07-31,12:20:12,v2.4.7 +argo-cd-4.10.2,2022-07-29,18:15:36,v2.4.7 +argo-cd-4.10.1,2022-07-29,14:40:58,v2.4.7 +argo-workflows-0.16.8,2022-07-27,00:51:07,v3.3.8 +argo-cd-4.10.0,2022-07-21,09:53:44,v2.4.7 +argo-cd-4.9.16,2022-07-19,12:48:08,v2.4.7 +argo-cd-4.9.15,2022-07-19,06:25:53,v2.4.7 +argo-rollouts-2.18.0,2022-07-15,11:43:33,v1.2.0 +argo-cd-4.9.14,2022-07-14,13:03:20,v2.4.6 +argo-workflows-0.16.7,2022-07-13,00:10:56,v3.3.8 +argo-cd-4.9.13,2022-07-13,20:43:07,v2.4.6 +argo-cd-4.9.12,2022-07-07,16:46:25,v2.4.4 +argo-events-2.0.3,2022-07-06,12:39:16,v1.7.1 +argo-events-2.0.2,2022-07-04,09:50:24,v1.7.1 +argo-cd-4.9.11,2022-06-29,13:10:22,v2.4.3 +argo-cd-4.9.9,2022-06-28,13:20:49,v2.4.3 +argo-cd-4.9.10,2022-06-28,15:14:22,v2.4.3 +argo-events-2.0.1,2022-06-27,21:35:46,v1.7.0 +argo-cd-4.9.8,2022-06-27,17:45:36,v2.4.2 +argo-workflows-0.16.6,2022-06-24,05:47:50,v3.3.8 +argo-workflows-0.16.5,2022-06-23,16:01:09,v3.3.7 +argo-workflows-0.16.4,2022-06-23,09:30:17,v3.3.6 +argo-cd-4.9.7,2022-06-23,14:43:59,v2.4.2 +argo-cd-4.9.6,2022-06-23,06:34:16,v2.4.2 +argo-cd-4.9.5,2022-06-23,05:50:20,v2.4.2 +argo-rollouts-2.17.0,2022-06-17,08:13:21,v1.2.0 +argo-cd-4.9.4,2022-06-17,07:01:22,v2.4.0 +argo-cd-4.9.3,2022-06-16,11:24:09,v2.4.0 +argo-cd-4.9.2,2022-06-15,13:16:32,v2.4.0 +argo-events-2.0.0,2022-06-14,15:38:27,v1.7.0 +argo-cd-4.9.1,2022-06-14,12:32:16,v2.4.0 +argo-cd-4.9.0,2022-06-14,10:10:37,v2.4.0 +argo-workflows-0.16.3,2022-06-10,16:50:21,v3.3.6 +argo-cd-4.8.3,2022-06-08,06:04:29,v2.3.4 +argo-cd-4.8.2,2022-06-02,12:26:38,v2.3.4 +argo-cd-4.8.1,2022-06-02,12:06:47,v2.3.4 +argo-workflows-0.16.2,2022-06-01,17:56:41,v3.3.6 +argo-rollouts-2.16.0,2022-06-01,17:10:16,v1.2.0 +argo-cd-4.8.0,2022-05-30,16:20:13,v2.3.4 +argo-workflows-0.16.1,2022-05-26,11:20:50,v3.3.6 +argo-rollouts-2.15.0,2022-05-26,12:00:18,v1.2.0 +argo-workflows-0.16.0,2022-05-25,09:30:37,v3.3.5 +argo-workflows-0.15.4,2022-05-25,08:52:21,v3.3.5 +argo-cd-4.7.0,2022-05-25,11:07:09,v2.3.4 +argo-rollouts-2.14.1,2022-05-23,05:05:29,v1.2.0 +argo-cd-4.6.5,2022-05-23,04:47:27,v2.3.4 +argo-workflows-0.15.3,2022-05-22,07:43:33,v3.3.5 +argo-cd-4.6.4,2022-05-22,11:52:08,v2.3.4 +argo-workflows-0.15.2,2022-05-20,21:14:27,v3.3.5 +argo-workflows-0.15.1,2022-05-20,19:19:26,v3.3.2 +argo-cd-4.6.3,2022-05-20,18:11:16,v2.3.4 +argo-cd-4.6.2,2022-05-19,17:54:21,v2.3.4 +argo-cd-4.6.1,2022-05-19,11:51:31,v2.3.3 +argo-cd-4.6.0,2022-05-10,07:41:16,v2.3.3 +argo-workflows-0.15.0,2022-05-09,20:45:52,v3.3.2 +argo-workflows-0.14.5,2022-05-09,20:36:39,v3.3.2 +argo-workflows-0.14.4,2022-05-09,20:24:35,v3.3.2 +argo-workflows-0.14.3,2022-05-09,19:51:22,v3.3.2 +argo-workflows-0.14.2,2022-05-09,19:37:38,v3.3.2 +argo-cd-4.5.12,2022-05-09,19:18:36,v2.3.3 +argo-cd-4.5.11,2022-05-07,20:58:56,v2.3.3 +argo-cd-4.5.10,2022-05-05,21:59:44,v2.3.3 +argo-cd-4.5.9,2022-05-04,16:40:52,v2.3.3 +argo-workflows-0.14.1,2022-05-01,11:44:50,v3.3.2 +argo-cd-4.5.8,2022-04-30,12:31:18,v2.3.3 +argo-events-1.13.0,2022-04-23,07:25:52,v1.6.0 +argocd-notifications-1.8.1,2022-04-22,09:42:54,v1.2.1 +argocd-applicationset-1.12.1,2022-04-22,09:42:52,v0.4.1 +argocd-applicationset-1.12.0,2022-04-22,07:23:43,v0.4.1 +argo-workflows-0.14.0,2022-04-22,07:09:42,v3.3.2 +argo-cd-4.5.7,2022-04-22,09:55:26,v2.3.3 +argo-cd-4.5.6,2022-04-22,08:34:16,v2.3.3 +argo-cd-4.5.5,2022-04-21,22:02:41,v2.3.3 +argo-cd-4.5.4,2022-04-19,11:02:10,v2.3.3 +argo-cd-4.5.3,2022-04-12,14:28:36,v2.3.3 +argo-cd-4.5.2,2022-04-12,12:32:08,v2.3.3 +argo-cd-4.5.1,2022-04-11,14:33:48,v2.3.3 +argo-rollouts-2.14.0,2022-04-05,11:38:27,v1.2.0 +argo-cd-4.5.0,2022-04-03,09:14:25,v2.3.3 +argo-cd-4.4.1,2022-04-02,18:45:18,v2.3.3 +argo-rollouts-2.13.0,2022-03-31,17:32:03,v1.2.0 +argo-cd-4.4.0,2022-03-31,12:20:18,v2.3.3 +argo-cd-4.3.2,2022-03-31,11:59:31,v2.3.3 +argo-cd-4.3.1,2022-03-30,13:40:17,v2.3.3 +argo-cd-4.3.0,2022-03-29,11:24:34,v2.3.2 +argo-cd-4.2.4,2022-03-28,21:02:42,v2.3.2 +argo-cd-4.2.3,2022-03-28,13:18:14,v2.3.2 +argo-workflows-0.13.1,2022-03-23,13:18:49,v3.2.9 +argo-rollouts-2.12.0,2022-03-23,21:12:12,v1.2.0 +argo-cd-4.2.2,2022-03-23,09:53:45,v2.3.2 +argo-cd-4.2.1,2022-03-18,21:25:50,v2.3.1 +argo-cd-4.2.0,2022-03-18,16:42:44,v2.3.1 +argocd-image-updater-0.8.0,2022-03-17,19:34:59,v0.12.0 +argo-cd-4.1.0,2022-03-17,17:16:25,v2.3.1 +argo-cd-4.0.1,2022-03-17,12:54:21,v2.3.1 +argo-cd-4.0.0,2022-03-16,21:02:33,v2.3.1 +argo-rollouts-2.11.0,2022-03-14,21:13:07,v1.1.1 +argo-workflows-0.13.0,2022-03-12,17:55:49,v3.2.9 +argo-workflows-0.12.0,2022-03-12,17:14:00,v3.2.9 +argo-cd-3.35.4,2022-03-12,18:59:29,v2.2.5 +argo-cd-3.35.3,2022-03-10,10:45:45,v2.2.5 +argo-cd-3.35.2,2022-03-06,15:54:11,v2.2.5 +argo-cd-3.35.1,2022-03-06,12:08:36,v2.2.5 +argo-workflows-0.11.2,2022-03-05,08:51:50,v3.2.9 +argo-workflows-0.11.1,2022-03-03,14:02:23,v3.2.7 +argocd-image-updater-0.7.0,2022-03-01,10:26:52,v0.11.3 +argo-workflows-0.11.0,2022-03-01,09:53:15,v3.2.7 +argo-cd-3.35.0,2022-03-01,21:58:21,v2.2.5 +argo-cd-3.34.0,2022-03-01,17:37:13,v2.2.5 +argo-cd-3.33.8,2022-02-26,20:07:35,v2.2.5 +argo-cd-3.33.7,2022-02-23,11:02:53,v2.2.5 +argocd-image-updater-0.6.3,2022-02-20,17:56:33,v0.11.3 +argo-rollouts-2.10.0,2022-02-20,23:01:55,v1.1.1 +argo-events-1.12.0,2022-02-20,20:57:50,v1.6.0 +argo-events-1.11.0,2022-02-20,18:31:57,v1.6.0 +argocd-applicationset-1.11.0,2022-02-17,08:19:49,v0.3.0 +argo-cd-3.33.6,2022-02-17,11:37:47,v2.2.5 +argocd-applicationset-1.10.0,2022-02-16,18:44:07,v0.3.0 +argo-workflows-0.10.1,2022-02-09,23:06:55,v3.2.7 +argo-cd-3.33.5,2022-02-05,16:32:53,v2.2.5 +argo-cd-3.33.4,2022-02-05,12:55:15,v2.2.5 +argo-cd-3.33.3,2022-02-04,09:19:44,v2.2.4 +argo-cd-3.33.2,2022-02-03,09:36:59,v2.2.3 +argocd-notifications-1.8.0,2022-02-01,21:49:11,v1.2.1 +argo-cd-3.33.1,2022-01-31,19:26:33,v2.2.3 +argo-cd-3.33.0,2022-01-31,15:37:35,v2.2.3 +argo-workflows-0.10.0,2022-01-28,13:45:09,v3.2.6 +argo-cd-3.32.1,2022-01-27,10:15:36,v2.2.3 +argo-cd-3.32.0,2022-01-26,15:14:35,v2.2.3 +argo-rollouts-2.9.3,2022-01-25,12:43:34,v1.1.1 +argocd-notifications-1.7.1,2022-01-24,19:19:34,v1.2.1 +argocd-image-updater-0.6.2,2022-01-24,19:19:33,v0.11.2 +argocd-applicationset-1.9.1,2022-01-24,19:19:32,v0.3.0 +argo-workflows-0.9.5,2022-01-24,19:19:30,v3.2.6 +argo-rollouts-2.9.2,2022-01-24,19:19:29,v1.1.1 +argo-events-1.10.2,2022-01-24,19:19:28,v1.5.6 +argo-cd-3.31.1,2022-01-24,19:19:26,v2.2.2 +argo-cd-3.31.0,2022-01-20,10:52:27,v2.2.2 +argo-cd-3.30.1,2022-01-19,19:26:25,v2.2.2 +argo-events-1.10.1,2022-01-18,22:20:08,v1.5.6 +argo-events-1.10.0,2022-01-17,14:02:09,v1.5.0 +argo-cd-3.30.0,2022-01-16,05:24:18,v2.2.2 +argocd-image-updater-0.6.1,2022-01-11,22:07:52,v0.11.2 +argo-rollouts-2.9.1,2022-01-11,22:35:51,v1.1.1 +argo-rollouts-2.9.0,2022-01-10,20:46:21,v1.1.1 +argo-rollouts-2.8.1,2022-01-10,18:21:14,v1.1.1 +argo-events-1.9.0,2022-01-10,19:56:43,v1.5.0 +argocd-applicationset-1.9.0,2022-01-09,18:08:02,v0.3.0 +argocd-applicationset-1.8.0,2022-01-06,18:36:05,v0.3.0 +argo-rollouts-2.8.0,2022-01-05,12:32:16,v1.1.0 +argo-cd-3.29.5,2022-01-04,10:16:28,v2.2.2 +argocd-notifications-1.7.0,2021-12-20,18:18:19,v1.2.1 +argo-workflows-0.9.4,2021-12-20,11:00:00,v3.2.6 +argo-rollouts-2.7.0,2021-12-20,19:13:47,v1.1.0 +argo-cd-3.29.4,2021-12-20,17:27:35,v2.2.1 +argo-cd-3.29.3,2021-12-18,22:09:23,v2.2.1 +argo-cd-3.29.2,2021-12-17,18:39:32,v2.2.1 +argo-cd-3.29.1,2021-12-17,10:06:18,v2.2.1 +argocd-notifications-1.6.1,2021-12-16,09:58:40,v1.2.1 +argo-cd-3.29.0,2021-12-15,10:15:30,v2.2.0 +argo-cd-3.28.1,2021-12-11,19:32:10,v2.1.7 +argo-cd-3.28.0,2021-12-10,15:23:06,v2.1.7 +argocd-applicationset-1.7.0,2021-12-09,14:56:54,v0.2.0 +argo-rollouts-2.6.0,2021-12-09,15:13:24,v1.1.0 +argocd-image-updater-0.6.0,2021-12-07,06:40:34,v0.11.0 +argo-workflows-0.9.3,2021-12-06,10:02:15,v3.2.4 +argo-cd-3.27.1,2021-12-03,22:41:42,v2.1.7 +argo-cd-3.27.0,2021-12-03,22:19:58,v2.1.7 +argo-cd-3.26.12,2021-11-29,10:51:49,v2.1.7 +argocd-notifications-1.6.0,2021-11-25,17:39:42,v1.2.0 +argocd-image-updater-0.5.0,2021-11-24,20:47:21,v0.11.0 +argo-cd-3.26.11,2021-11-24,16:30:38,v2.1.7 +argo-workflows-0.9.2,2021-11-23,10:12:37,v3.2.4 +argocd-image-updater-0.4.2,2021-11-22,07:18:47,v0.10.3 +argo-workflows-0.9.1,2021-11-22,09:41:06,v3.2.4 +argo-workflows-0.9.0,2021-11-22,09:33:03,v3.2.4 +argo-workflows-0.8.3,2021-11-21,18:59:21,v3.2.4 +argo-cd-3.26.10,2021-11-21,12:48:45,v2.1.7 +argo-workflows-0.8.2,2021-11-19,21:36:02,v3.2.0 +argocd-image-updater-0.4.1,2021-11-17,09:50:53,v0.10.3 +argo-cd-3.26.9,2021-11-17,07:43:03,v2.1.6 +argocd-image-updater-0.4.0,2021-11-15,23:19:27,v0.10.1 +argo-rollouts-2.5.0,2021-11-15,07:02:31,v1.1.0 +argocd-notifications-1.5.2,2021-11-12,09:25:30,v1.1.1 +argo-cd-3.26.8,2021-11-11,15:00:04,v2.1.6 +argo-cd-3.26.7,2021-11-10,17:18:47,v2.1.6 +argocd-image-updater-0.3.0,2021-11-09,21:14:43,v0.10.1 +argo-rollouts-2.4.0,2021-11-09,20:50:12,v1.1.0 +argo-cd-3.26.6,2021-11-06,08:23:57,v2.1.6 +argo-workflows-0.8.1,2021-11-01,18:13:26,v3.2.0 +argo-cd-3.26.5,2021-10-31,19:32:18,v2.1.6 +argo-cd-3.26.4,2021-10-31,11:57:25,v2.1.6 +argo-events-1.8.0,2021-10-27,15:13:58,v1.5.0 +argo-cd-3.26.3,2021-10-21,20:56:35,v2.1.5 +argo-cd-3.26.2,2021-10-21,11:34:14,2.1.4 +argo-cd-3.26.1,2021-10-20,06:32:59,2.1.4 +argo-workflows-0.8.0,2021-10-19,15:37:06,v3.2.0 +argo-cd-3.26.0,2021-10-19,17:02:52,2.1.3 +argo-cd-3.25.3,2021-10-19,15:51:33,2.1.3 +argo-rollouts-2.3.0,2021-10-18,12:29:40,v1.1.0 +argocd-applicationset-1.6.0,2021-10-17,18:30:56,v0.2.0 +argo-rollouts-2.2.1,2021-10-17,12:08:48,v1.1.0 +argo-cd-3.25.2,2021-10-17,10:33:22,2.1.3 +argo-workflows-0.7.3,2021-10-15,10:22:13,v3.2.0 +argo-workflows-0.7.2,2021-10-15,09:42:17,v3.1.8 +argo-rollouts-2.2.0,2021-10-14,14:58:28,v1.1.0 +argo-cd-3.25.1,2021-10-14,12:40:36,2.1.3 +argo-cd-3.25.0,2021-10-12,18:49:49,2.1.3 +argo-cd-3.24.0,2021-10-06,22:13:09,2.1.3 +argo-cd-3.23.1,2021-10-06,15:28:20,2.1.3 +argo-cd-3.23.0,2021-10-04,22:20:00,2.1.2 +argocd-notifications-1.5.1,2021-09-29,15:15:42,1.1.1 +argo-cd-3.22.1,2021-09-29,09:07:29,2.1.2 +argocd-applicationset-1.5.1,2021-09-27,13:58:05,v0.2.0 +argocd-applicationset-1.5.0,2021-09-27,12:06:48,v0.2.0 +argo-workflows-0.7.1,2021-09-27,15:18:14,v3.1.8 +argo-workflows-0.7.0,2021-09-27,07:14:58,v3.1.8 +argo-rollouts-2.1.1,2021-09-27,15:10:06,v1.0.2 +argo-cd-3.22.0,2021-09-27,19:32:54,2.1.2 +argo-cd-3.21.1,2021-09-27,10:04:46,2.1.2 +argocd-image-updater-0.2.1,2021-09-20,14:43:20,v0.10.1 +argo-workflows-0.6.0,2021-09-17,19:51:33,v3.1.8 +argo-rollouts-2.1.0,2021-09-17,16:39:27,v1.0.2 +argo-cd-3.21.0,2021-09-17,20:14:56,2.1.2 +argo-cd-3.20.0,2021-09-17,17:47:39,2.1.2 +argo-cd-3.19.0,2021-09-17,13:57:58,2.1.2 +argocd-image-updater-0.2.0,2021-09-16,18:59:58,v0.10.1 +argocd-image-updater-0.1.1,2021-09-16,17:30:59,v0.10.1 +argo-rollouts-2.0.2,2021-09-16,19:06:11,v1.0.2 +argo-cd-3.18.0,2021-09-16,17:59:45,2.1.2 +argo-workflows-0.5.2,2021-09-15,22:27:25,v3.1.8 +argo-cd-3.17.7,2021-09-15,10:31:26,2.1.2 +argo-workflows-0.5.1,2021-09-13,16:21:35,v3.1.8 +argo-cd-3.17.6,2021-09-02,21:59:12,2.1.2 +argo-rollouts-2.0.1,2021-08-30,06:46:48,v1.0.2 +argocd-notifications-1.5.0,2021-08-27,13:12:54,1.1.1 +argocd-applicationset-1.4.0,2021-08-27,12:33:43,v0.2.0 +argo-workflows-0.5.0,2021-08-27,12:59:50,v3.1.8 +argo-cd-3.17.5,2021-08-27,13:47:25,2.1.1 +argo-cd-3.17.4,2021-08-27,10:06:21,2.1.1 +argo-cd-3.17.3,2021-08-26,15:11:19,2.1.1 +argo-cd-3.17.2,2021-08-26,14:22:27,2.1.1 +argo-cd-3.17.1,2021-08-26,13:55:36,2.1.0 +argo-cd-3.17.0,2021-08-26,13:43:13,2.1.0 +argocd-notifications-1.4.4,2021-08-25,12:14:37,1.1.1 +argocd-applicationset-1.3.1,2021-08-25,07:05:41,v0.2.0 +argo-cd-3.16.0,2021-08-25,15:05:03,2.1.0 +argo-cd-3.15.0,2021-08-24,12:48:33,2.1.0 +argo-cd-3.14.0,2021-08-24,12:38:02,2.1.0 +argocd-applicationset-1.3.0,2021-08-23,13:05:32,v0.2.0 +argocd-applicationset-1.2.0,2021-08-23,12:23:43,v0.2.0 +argo-workflows-0.4.2,2021-08-23,11:13:42,v3.1.8 +argo-cd-3.13.2,2021-08-23,17:23:36,2.1.0 +argo-cd-3.13.1,2021-08-23,13:01:57,2.1.0 +argo-cd-3.13.0,2021-08-23,12:14:11,2.1.0 +argo-workflows-0.4.1,2021-08-20,16:24:43,v3.1.5 +argocd-notifications-1.4.3,2021-08-18,10:02:11,1.1.1 +argocd-notifications-1.4.2,2021-08-17,09:13:14,1.1.1 +argo-workflows-0.4.0,2021-08-17,07:31:04,v3.1.5 +argocd-image-updater-0.1.0,2021-08-16,15:23:23,v0.10.1 +argo-rollouts-2.0.0,2021-08-16,15:27:43,v1.0.2 +argo-cd-3.12.1,2021-08-14,11:03:56,2.0.5 +argocd-applicationset-1.1.0,2021-08-13,16:37:25,v0.1.0 +argo-cd-3.12.0,2021-08-13,20:15:28,2.0.5 +argo-workflows-0.3.0,2021-08-11,07:32:31,v3.0.7 +argo-cd-3.11.5,2021-08-11,15:44:45,2.0.5 +argo-cd-3.11.4,2021-08-11,07:14:57,2.0.5 +argo-workflows-0.2.13,2021-08-10,13:45:31,v3.0.7 +argo-rollouts-1.0.4,2021-08-10,06:39:57,v1.0.2 +argo-cd-3.11.3,2021-08-09,08:58:30,2.0.5 +argo-events-1.7.0,2021-08-07,22:43:47,1.3.1 +argo-cd-3.11.2,2021-08-07,13:08:09,2.0.5 +argo-cd-3.11.1,2021-07-28,15:42:38,2.0.5 +argo-cd-3.11.0,2021-07-28,14:37:27,2.0.5 +argo-cd-3.10.2,2021-07-27,11:07:30,2.0.5 +argo-cd-3.10.1,2021-07-27,01:33:24,2.0.5 +argo-workflows-0.2.12,2021-07-21,16:02:29,v3.0.7 +argo-workflows-0.2.9,2021-07-20,18:18:54,v3.0.7 +argo-workflows-0.2.8,2021-07-20,18:10:55,v3.0.7 +argo-workflows-0.2.11,2021-07-20,21:51:21,v3.0.7 +argo-workflows-0.2.10,2021-07-20,18:25:05,v3.0.7 +argo-cd-3.10.0,2021-07-20,11:41:23,2.0.4 +argo-cd-3.9.0,2021-07-13,06:35:52,2.0.4 +argo-cd-3.8.2,2021-07-13,06:26:07,2.0.4 +argocd-applicationset-1.0.0,2021-07-12,10:54:40,v0.1.0 +argo-cd-3.8.1,2021-07-12,11:07:21,2.0.4 +argocd-notifications-1.4.1,2021-07-09,11:09:14,1.1.1 +argocd-applicationset-0.1.7,2021-07-09,11:09:13,v0.1.0 +argo-workflows-0.2.7,2021-07-09,11:09:12,v3.0.7 +argo-rollouts-1.0.3,2021-07-09,11:09:12,v1.0.2 +argo-events-1.6.4,2021-07-09,11:09:11,1.3.1 +argo-cd-3.8.0,2021-07-09,12:34:38,2.0.4 +argo-cd-3.7.2,2021-07-09,11:09:10,2.0.4 +argo-rollouts-1.0.2,2021-07-07,15:18:22,v1.0.2 +argo-cd-3.7.1,2021-07-05,09:53:30,2.0.4 +argo-cd-3.7.0,2021-07-05,09:42:21,2.0.4 +argo-cd-3.6.11,2021-06-29,08:49:22,2.0.4 +argo-cd-3.6.10,2021-06-26,15:05:26,2.0.3 +argo-workflows-0.2.6,2021-06-25,06:16:05,v3.0.7 +argo-cd-3.6.9,2021-06-25,06:07:25,2.0.3 +argo-workflows-0.2.5,2021-06-08,13:15:23,v3.0.2 +argo-events-1.6.2,2021-06-07,08:36:00,1.3.1 +argo-cd-3.6.8,2021-06-07,09:40:13,2.0.3 +argo-cd-3.6.7,2021-06-07,08:52:24,2.0.3 +argocd-notifications-1.4.0,2021-06-03,10:08:10,1.1.1 +argocd-applicationset-0.1.6,2021-06-03,17:50:44,v0.1.0 +argo-workflows-0.2.4,2021-06-03,17:11:17,v3.0.2 +argo-workflows-0.2.3,2021-06-03,11:08:38,v3.0.2 +argo-cd-3.6.6,2021-06-02,17:55:17,2.0.3 +argo-workflows-0.2.2,2021-05-31,20:15:38,v3.0.2 +argo-workflows-0.2.1,2021-05-31,16:32:09,v3.0.2 +argo-workflows-0.2.0,2021-05-31,16:18:32,v3.0.2 +argo-rollouts-1.0.1,2021-05-31,21:23:24,v1.0.1 +argo-rollouts-1.0.0,2021-05-31,16:06:49,v1.0.1 +argo-events-1.6.1,2021-05-31,16:09:51,1.3.1 +argo-cd-3.6.5,2021-05-31,20:15:37,2.0.3 +argo-events-1.6.0,2021-05-29,10:30:24,1.3.1 +argo-cd-3.6.4,2021-05-29,14:37:41,2.0.3 +argo-cd-3.6.3,2021-05-29,08:42:00,2.0.3 +argo-workflows-0.1.5,2021-05-27,16:33:49,v3.0.2 +argocd-notifications-1.3.2,2021-05-26,21:41:54,1.1.1 +argo-workflows-0.1.4,2021-05-26,10:00:42,v3.0.2 +argo-rollouts-0.5.5,2021-05-26,09:44:42,0.10.2 +argo-events-1.5.0,2021-05-26,21:27:33,1.3.1 +argo-events-1.4.3,2021-05-26,21:13:44,1.3.1 +argo-cd-3.6.2,2021-05-26,10:35:46,2.0.1 +argo-workflows-0.1.3,2021-05-25,06:06:50,v3.0.2 +argo-rollouts-0.5.4,2021-05-24,21:34:19,0.10.2 +argo-cd-3.6.1,2021-05-24,19:21:16,2.0.1 +argo-cd-3.6.0,2021-05-23,12:25:54,2.0.1 +argocd-notifications-1.3.1,2021-05-21,16:00:09,1.1.1 +argocd-applicationset-0.1.5,2021-05-21,16:00:08,v0.1.0 +argo-workflows-0.1.2,2021-05-21,16:50:29,v3.0.2 +argo-workflows-0.1.1,2021-05-21,16:00:07,v3.0.2 +argo-rollouts-0.5.3,2021-05-21,16:00:06,0.10.2 +argo-events-1.4.2,2021-05-21,16:00:05,1.3.1 +argo-cd-3.5.0,2021-05-21,16:43:57,2.0.1 +argo-cd-3.4.1,2021-05-21,16:00:04,2.0.1 +argo-1.0.0,2021-05-21,16:00:03,v2.12.5 diff --git a/scripts/release-analysis/argo_releases.csv b/scripts/release-analysis/argo_releases.csv new file mode 100644 index 00000000..f630abe7 --- /dev/null +++ b/scripts/release-analysis/argo_releases.csv @@ -0,0 +1,877 @@ +Repository,Release Tag,Release Date,Release Time +argo-cd,v2.14.0-rc6,2025-01-21,21:40:31 +argo-cd,v2.14.0-rc5,2025-01-08,20:16:38 +argo-cd,v2.13.3,2025-01-03,19:23:42 +argo-cd,v2.12.9,2025-01-03,19:21:15 +argo-cd,v2.14.0-rc4,2025-01-02,22:36:35 +argo-cd,v2.14.0-rc3,2024-12-18,19:22:51 +argo-cd,v2.14.0-rc2,2024-12-17,18:43:53 +argo-cd,v2.13.2,2024-12-11,19:18:46 +argo-cd,v2.12.8,2024-12-11,19:17:57 +argo-cd,v2.13.1,2024-11-20,17:11:22 +argo-cd,v2.12.7,2024-11-05,16:08:15 +argo-cd,v2.11.12,2024-11-05,16:09:52 +argo-cd,v2.13.0,2024-11-04,12:46:49 +argo-cd,v2.13.0-rc5,2024-10-18,21:56:52 +argo-cd,v2.12.6,2024-10-18,19:07:18 +argo-cd,v2.11.11,2024-10-18,19:10:03 +argo-cd,v2.13.0-rc4,2024-10-17,22:20:25 +argo-cd,v2.12.5,2024-10-17,22:03:45 +argo-cd,v2.11.10,2024-10-17,22:04:22 +argo-cd,v2.10.18,2024-10-17,22:02:48 +argo-cd,v2.13.0-rc3,2024-10-07,14:11:10 +argo-cd,v2.12.4,2024-09-26,07:14:39 +argo-cd,v2.11.9,2024-09-26,07:39:46 +argo-cd,v2.10.17,2024-09-26,07:39:53 +argo-cd,v2.13.0-rc2,2024-09-20,12:16:17 +argo-cd,v2.13.0-rc1,2024-09-16,09:07:32 +argo-cd,v2.11.8,2024-09-11,07:18:22 +argo-cd,v2.12.3,2024-08-27,12:33:34 +argo-cd,v2.12.2,2024-08-23,04:05:09 +argo-cd,v2.9.22,2024-08-22,18:09:07 +argo-cd,v2.8.21,2024-08-22,00:15:46 +argo-cd,v2.12.1,2024-08-16,17:16:36 +argo-cd,v2.12.0,2024-08-05,14:02:15 +argo-cd,v2.12.0-rc5,2024-08-02,00:02:42 +argo-cd,v2.11.7,2024-07-24,10:27:18 +argo-cd,v2.10.16,2024-07-24,10:27:30 +argo-cd,v2.9.21,2024-07-24,10:27:35 +argo-cd,v2.11.6,2024-07-22,15:19:04 +argo-cd,v2.10.15,2024-07-22,15:28:11 +argo-cd,v2.9.20,2024-07-22,15:26:01 +argo-cd,v2.12.0-rc4,2024-07-15,18:31:03 +argo-cd,v2.11.5,2024-07-15,18:32:15 +argo-cd,v2.10.14,2024-07-15,18:43:13 +argo-cd,v2.9.19,2024-07-15,19:10:33 +argo-cd,v2.12.0-rc3,2024-07-02,19:11:39 +argo-cd,v2.11.4,2024-07-02,19:52:42 +argo-cd,v2.10.13,2024-07-02,19:16:33 +argo-cd,v2.9.18,2024-07-02,20:06:18 +argo-cd,v2.12.0-rc2,2024-06-24,21:07:03 +argo-cd,v2.12.0-rc1,2024-06-18,13:46:04 +argo-cd,v2.11.3,2024-06-06,09:43:29 +argo-cd,v2.10.12,2024-06-06,09:44:03 +argo-cd,v2.9.17,2024-06-06,09:47:39 +argo-cd,v2.11.2,2024-05-23,14:14:51 +argo-cd,v2.10.11,2024-05-23,14:20:08 +argo-cd,v2.9.16,2024-05-23,14:28:35 +argo-cd,v2.8.20,2024-05-23,14:22:46 +argo-cd,v2.11.1,2024-05-21,15:03:58 +argo-cd,v2.10.10,2024-05-21,15:04:04 +argo-cd,v2.9.15,2024-05-21,15:03:15 +argo-cd,v2.8.19,2024-05-21,15:02:42 +argo-cd,v2.11.0,2024-05-07,16:37:25 +argo-cd,v2.10.9,2024-04-30,16:55:10 +argo-cd,v2.9.14,2024-04-30,17:52:42 +argo-cd,v2.8.18,2024-04-30,18:11:05 +argo-cd,v2.11.0-rc3,2024-04-29,20:34:30 +argo-cd,v2.10.8,2024-04-26,14:04:02 +argo-cd,v2.9.13,2024-04-26,13:54:31 +argo-cd,v2.8.17,2024-04-26,13:32:45 +argo-cd,v2.11.0-rc2,2024-04-15,20:21:25 +argo-cd,v2.10.7,2024-04-15,09:21:23 +argo-cd,v2.9.12,2024-04-15,09:23:39 +argo-cd,v2.8.16,2024-04-15,09:24:55 +argo-cd,v2.11.0-rc1,2024-04-05,12:48:47 +argo-cd,v2.10.6,2024-04-05,01:04:01 +argo-cd,v2.9.11,2024-04-05,00:33:21 +argo-cd,v2.8.15,2024-04-05,00:08:33 +argo-cd,v2.7.18,2024-04-04,23:10:16 +argo-cd,v2.10.5,2024-03-28,16:29:02 +argo-cd,v2.9.10,2024-03-28,17:14:04 +argo-cd,v2.8.14,2024-03-28,17:14:13 +argo-cd,v2.10.4,2024-03-18,08:44:51 +argo-cd,v2.9.9,2024-03-18,08:44:29 +argo-cd,v2.8.13,2024-03-18,08:43:03 +argo-cd,v2.10.3,2024-03-13,19:53:05 +argo-cd,v2.9.8,2024-03-13,19:50:14 +argo-cd,v2.8.12,2024-03-13,19:49:30 +argo-cd,v2.8.11,2024-03-08,15:35:57 +argo-cd,v2.10.2,2024-03-01,22:03:43 +argo-cd,v2.9.7,2024-03-01,23:28:36 +argo-cd,v2.10.1,2024-02-14,18:12:43 +argo-cd,v2.10.0,2024-02-06,15:03:51 +argo-cd,v2.9.6,2024-02-02,19:51:46 +argo-cd,v2.8.10,2024-02-02,19:01:36 +argo-cd,v2.7.17,2024-02-02,19:00:32 +argo-cd,v2.10.0-rc4,2024-01-25,21:50:37 +argo-cd,v2.10.0-rc3,2024-01-19,18:33:17 +argo-cd,v2.9.5,2024-01-19,18:32:02 +argo-cd,v2.8.9,2024-01-19,18:47:44 +argo-cd,v2.8.8,2024-01-19,15:17:36 +argo-cd,v2.7.16,2024-01-19,19:38:49 +argo-cd,v2.10.0-rc2,2024-01-18,21:14:40 +argo-cd,v2.9.4,2024-01-18,21:24:02 +argo-cd,v2.10.0-rc1,2023-12-18,21:20:13 +argo-cd,v2.7.15,2023-12-06,15:59:27 +argo-cd,v2.9.3,2023-12-01,23:39:19 +argo-cd,v2.9.2,2023-11-20,17:52:41 +argo-cd,v2.8.7,2023-11-20,17:52:04 +argo-cd,v2.9.1,2023-11-14,15:55:51 +argo-cd,v2.9.0,2023-11-06,05:27:12 +argo-cd,v2.8.6,2023-11-01,17:29:59 +argo-cd,v2.9.0-rc4,2023-10-31,22:28:01 +argo-cd,v2.8.5,2023-10-31,19:30:03 +argo-cd,v2.9.0-rc3,2023-10-25,19:54:22 +argo-cd,v2.9.0-rc2,2023-10-03,16:24:24 +argo-cd,v2.9.0-rc1,2023-09-27,01:06:19 +argo-cd,v2.8.4,2023-09-13,20:08:07 +argo-cd,v2.8.3,2023-09-07,18:06:07 +argo-cd,v2.7.14,2023-09-07,18:05:20 +argo-cd,v2.6.15,2023-09-07,18:32:42 +argo-cd,v2.5.22,2023-08-25,15:21:48 +argo-cd,v2.8.2,2023-08-24,21:05:33 +argo-cd,v2.7.13,2023-08-24,20:58:11 +argo-cd,v2.6.14,2023-08-24,22:01:58 +argo-cd,v2.8.1,2023-08-22,21:19:28 +argo-cd,v2.7.12,2023-08-23,15:02:27 +argo-cd,v2.8.0,2023-08-07,20:03:46 +argo-cd,v2.7.11,2023-08-07,20:07:16 +argo-cd,v2.8.0-rc7,2023-08-03,16:20:46 +argo-cd,v2.7.10,2023-07-31,22:51:19 +argo-cd,v2.8.0-rc6,2023-07-28,14:47:33 +argo-cd,v2.7.9,2023-07-24,18:50:30 +argo-cd,v2.8.0-rc5,2023-07-19,18:28:18 +argo-cd,v2.7.8,2023-07-19,15:58:13 +argo-cd,v2.6.13,2023-07-19,18:32:25 +argo-cd,v2.5.21,2023-07-19,16:18:16 +argo-cd,v2.8.0-rc4,2023-07-19,01:04:24 +argo-cd,v2.8.0-rc3,2023-07-12,21:02:10 +argo-cd,v2.8.0-rc2,2023-07-05,20:16:20 +argo-cd,v2.7.7,2023-07-05,20:25:54 +argo-cd,v2.6.12,2023-07-05,20:26:58 +argo-cd,v2.5.20,2023-07-05,20:21:44 +argo-cd,v2.8.0-rc1,2023-06-27,14:35:51 +argo-cd,v2.7.6,2023-06-20,21:46:46 +argo-cd,v2.6.11,2023-06-20,21:40:36 +argo-cd,v2.7.5,2023-06-16,15:24:00 +argo-cd,v2.6.10,2023-06-16,15:30:18 +argo-cd,v2.5.19,2023-06-16,15:14:25 +argo-cd,v2.7.4,2023-06-05,19:40:08 +argo-cd,v2.6.9,2023-06-05,20:00:21 +argo-cd,v2.5.18,2023-06-05,19:37:35 +argo-cd,v2.6.8,2023-05-25,16:35:40 +argo-cd,v2.5.17,2023-05-25,16:37:48 +argo-cd,v2.7.3,2023-05-24,16:14:02 +argo-cd,v2.7.2,2023-05-12,14:41:07 +argo-cd,v2.7.1,2023-05-02,17:24:44 +argo-cd,v2.7.0,2023-05-02,00:51:25 +argo-cd,v2.7.0-rc2,2023-04-11,16:29:33 +argo-cd,v2.7.0-rc1,2023-03-27,14:42:25 +argo-cd,v2.6.7,2023-03-23,15:45:09 +argo-cd,v2.5.16,2023-03-23,15:34:49 +argo-cd,v2.4.28,2023-03-23,15:35:38 +argo-cd,v2.6.6,2023-03-16,23:07:31 +argo-cd,v2.5.15,2023-03-16,23:35:35 +argo-cd,v2.4.27,2023-03-16,23:05:14 +argo-cd,v2.6.5,2023-03-14,14:59:49 +argo-cd,v2.5.14,2023-03-14,15:03:12 +argo-cd,v2.4.26,2023-03-14,15:01:43 +argo-cd,v2.6.4,2023-03-07,23:29:08 +argo-cd,v2.5.13,2023-03-07,23:28:04 +argo-cd,v2.4.25,2023-03-07,22:29:10 +argo-cd,v2.6.3,2023-02-27,15:20:04 +argo-cd,v2.5.12,2023-02-27,15:21:29 +argo-cd,v2.4.24,2023-02-27,15:22:21 +argo-cd,v2.6.2,2023-02-16,15:43:42 +argo-cd,v2.5.11,2023-02-16,15:46:31 +argo-cd,v2.4.23,2023-02-16,15:41:44 +argo-cd,v2.3.17,2023-02-16,16:01:23 +argo-cd,v2.6.1,2023-02-08,19:39:04 +argo-cd,v2.6.0,2023-02-06,22:04:33 +argo-cd,v2.6.0-rc7,2023-02-02,16:04:58 +argo-cd,v2.5.10,2023-02-02,15:48:00 +argo-cd,v2.4.22,2023-02-02,16:06:04 +argo-cd,v2.3.16,2023-02-02,16:20:13 +argo-cd,v2.6.0-rc6,2023-01-28,00:07:50 +argo-cd,v2.5.9,2023-01-28,00:04:28 +argo-cd,v2.4.21,2023-01-28,00:07:25 +argo-cd,v2.3.15,2023-01-28,01:20:18 +argo-cd,v2.6.0-rc5,2023-01-25,18:35:37 +argo-cd,v2.5.8,2023-01-25,17:05:03 +argo-cd,v2.4.20,2023-01-25,16:19:24 +argo-cd,v2.3.14,2023-01-25,17:07:36 +argo-cd,v2.6.0-rc4,2023-01-18,03:00:03 +argo-cd,v2.5.7,2023-01-18,03:00:02 +argo-cd,v2.4.19,2023-01-18,02:59:01 +argo-cd,v2.3.13,2023-01-18,04:02:17 +argo-cd,v2.6.0-rc3,2023-01-13,20:36:52 +argo-cd,v2.5.6,2023-01-10,20:14:18 +argo-cd,v2.6.0-rc2,2023-01-05,16:02:06 +argo-cd,v2.6.0-rc1,2022-12-19,17:27:17 +argo-cd,v2.5.5,2022-12-16,16:53:08 +argo-cd,v2.4.18,2022-12-16,16:47:09 +argo-cd,v2.3.12,2022-12-16,17:40:00 +argo-cd,v2.5.4,2022-12-06,20:26:51 +argo-cd,v2.5.3,2022-11-28,17:28:00 +argo-cd,v2.5.2,2022-11-07,17:23:44 +argo-cd,v2.4.17,2022-11-07,17:05:27 +argo-cd,v2.5.1,2022-11-01,21:53:59 +argo-cd,v2.4.16,2022-11-01,22:03:02 +argo-cd,v2.3.11,2022-11-01,22:39:18 +argo-cd,v2.2.16,2022-11-01,20:44:20 +argo-cd,v2.5.0,2022-10-25,15:32:28 +argo-cd,v2.2.15,2022-10-18,22:08:59 +argo-cd,v2.5.0-rc3,2022-10-17,18:39:09 +argo-cd,v2.4.15,2022-10-17,21:17:43 +argo-cd,v2.3.10,2022-10-18,01:09:30 +argo-cd,v2.5.0-rc2,2022-10-11,19:55:49 +argo-cd,v2.5.0-rc1,2022-10-05,18:00:34 +argo-cd,v2.4.14,2022-10-05,17:53:31 +argo-cd,v2.3.9,2022-10-05,18:24:18 +argo-cd,v2.2.14,2022-10-05,17:17:02 +argo-cd,v2.4.13,2022-10-03,21:38:39 +argo-cd,v2.3.8,2022-10-03,22:36:32 +argo-cd,v2.2.13,2022-10-03,21:05:16 +argo-cd,v2.4.12,2022-09-16,01:33:23 +argo-cd,v2.4.11,2022-08-22,09:52:10 +argo-cd,v2.4.10,2022-08-17,21:44:09 +argo-cd,v2.4.9,2022-08-11,15:59:47 +argo-cd,v2.4.8,2022-07-29,17:38:38 +argo-cd,v2.3.7,2022-07-29,16:11:01 +argo-cd,v2.2.12,2022-07-29,14:58:00 +argo-cd,v2.4.7,2022-07-18,21:54:21 +argo-cd,v2.4.6,2022-07-12,23:14:34 +argo-cd,v2.4.5,2022-07-12,17:05:35 +argo-cd,v2.3.6,2022-07-12,17:56:53 +argo-cd,v2.2.11,2022-07-12,16:23:51 +argo-cd,v2.4.4,2022-07-07,07:59:34 +argo-cd,v2.4.3,2022-06-27,21:39:15 +argo-cd,v2.4.2,2022-06-21,21:19:40 +argo-cd,v2.4.1,2022-06-21,17:18:01 +argo-cd,v2.3.5,2022-06-21,18:28:28 +argo-cd,v2.2.10,2022-06-21,16:42:53 +argo-cd,v2.1.16,2022-06-21,16:34:29 +argo-cd,v2.4.0,2022-06-10,17:59:33 +argo-cd,v2.4.0-rc5,2022-06-06,19:57:45 +argo-cd,v2.4.0-rc4,2022-06-01,23:51:49 +argo-cd,v2.4.0-rc3,2022-05-31,20:14:43 +argo-cd,v2.4.0-rc2,2022-05-18,13:20:52 +argo-cd,v2.3.4,2022-05-18,13:14:17 +argo-cd,v2.2.9,2022-05-18,12:11:30 +argo-cd,v2.1.15,2022-05-18,12:48:12 +argo-cd,v2.4.0-rc1,2022-05-06,23:59:23 +argo-cd,v2.3.3,2022-03-30,01:55:37 +argo-cd,v2.3.2,2022-03-23,02:12:12 +argo-cd,v2.2.8,2022-03-23,00:38:55 +argo-cd,v2.1.14,2022-03-23,00:25:37 +argo-cd,v2.3.1,2022-03-11,00:07:41 +argo-cd,v2.2.7,2022-03-09,01:16:04 +argo-cd,v2.1.12,2022-03-09,01:06:39 +argo-cd,v2.3.0,2022-03-06,07:59:28 +argo-cd,v2.2.6,2022-03-06,06:08:26 +argo-cd,v2.1.11,2022-03-06,05:44:19 +argo-cd,v2.2.5,2022-02-05,01:42:13 +argo-cd,v2.1.10,2022-02-05,01:27:00 +argo-cd,v2.3.0-rc5,2022-02-05,00:52:33 +argo-cd,v2.3.0-rc4,2022-02-03,23:22:13 +argo-cd,v2.2.4,2022-02-03,20:50:43 +argo-cd,v2.1.9,2022-02-03,20:38:47 +argo-cd,v2.3.0-rc2,2022-02-02,23:59:42 +argo-cd,v2.3.0-rc1,2022-01-30,23:19:12 +argo-cd,v2.2.3,2022-01-18,18:03:37 +argo-cd,v2.2.2,2022-01-01,06:38:42 +argo-cd,v2.2.1,2021-12-17,01:41:25 +argo-cd,v2.2.0,2021-12-14,18:19:23 +argo-cd,v2.1.8,2021-12-13,23:26:15 +argo-cd,v2.1.7,2021-11-17,22:18:58 +argo-cd,v2.2.0-rc1,2021-11-12,16:44:39 +argo-cd,v2.1.6,2021-10-28,20:08:23 +argo-cd,v2.1.5,2021-10-20,15:25:12 +argo-cd,v2.1.4,2021-10-20,00:47:38 +argo-cd,v2.1.3,2021-09-29,21:59:28 +argo-cd,v2.1.2,2021-09-02,18:13:57 +argo-cd,v2.1.1,2021-08-25,15:20:05 +argo-cd,v2.1.0,2021-08-20,05:40:42 +argo-cd,v2.1.0-rc3,2021-08-11,19:54:48 +argo-cd,v2.1.0-rc2,2021-08-03,17:17:22 +argo-cd,v2.1.0-rc1,2021-07-28,22:39:33 +argo-cd,v2.0.5,2021-07-22,21:00:58 +argo-cd,v2.0.4,2021-06-23,01:36:22 +argo-cd,v2.0.3,2021-05-27,17:47:33 +argo-cd,v2.0.2,2021-05-20,19:38:10 +argo-cd,v2.0.1,2021-04-15,22:40:37 +argo-cd,v2.0.0,2021-04-07,06:07:51 +argo-cd,v2.0.0-rc4,2021-04-05,23:22:38 +argo-cd,v2.0.0-rc3,2021-04-02,17:59:51 +argo-cd,v2.0.0-rc2,2021-03-29,21:39:06 +argo-cd,v2.0.0-rc1,2021-03-19,21:37:41 +argo-cd,v1.8.7,2021-03-03,07:20:14 +argo-cd,v1.7.14,2021-03-03,18:45:51 +argo-cd,v1.8.6,2021-02-26,21:29:08 +argo-cd,v1.7.13,2021-02-26,17:29:32 +argo-cd,v1.8.5,2021-02-20,05:47:09 +argo-cd,v1.8.4,2021-02-05,18:02:18 +argo-cd,v1.7.12,2021-02-05,20:29:49 +argo-cd,v1.8.3,2021-01-21,22:26:34 +argo-cd,v1.8.2,2021-01-10,05:47:08 +argo-cd,v1.8.1,2020-12-10,03:05:37 +argo-cd,v1.7.11,2020-12-10,02:47:15 +argo-cd,v1.8.0,2020-12-09,18:35:24 +argo-cd,v1.8.0-rc2,2020-12-03,05:15:48 +argo-cd,v1.8.0-rc1,2020-11-25,18:21:18 +argo-cd,v1.7.10,2020-11-20,19:57:30 +argo-cd,v1.7.9,2020-11-17,23:26:31 +argo-cd,v1.7.8,2020-10-15,22:39:54 +argo-cd,v1.7.7,2020-09-29,05:02:51 +argo-cd,v1.7.6,2020-09-19,00:58:10 +argo-cd,v1.7.5,2020-09-15,23:10:12 +argo-cd,v1.7.4,2020-09-05,02:51:36 +argo-cd,v1.7.3,2020-09-01,23:25:39 +argo-cd,v1.7.2,2020-08-27,23:40:37 +argo-cd,v1.7.1,2020-08-26,21:17:44 +argo-cd,v1.7.0,2020-08-25,19:05:00 +argo-cd,v1.7.0-rc1,2020-08-15,19:37:04 +argo-cd,v1.6.2,2020-07-31,23:51:10 +argo-cd,v1.6.1,2020-06-19,00:47:03 +argo-cd,v1.6.0,2020-06-16,22:46:48 +argo-cd,v1.5.8,2020-06-16,20:05:59 +argo-cd,v1.6.0-rc2,2020-06-09,22:29:03 +argo-cd,v1.5.7,2020-06-09,18:46:23 +argo-cd,v1.6.0-rc1,2020-06-03,04:11:50 +argo-cd,v1.5.6,2020-06-02,19:13:17 +argo-cd,v1.5.5,2020-05-16,15:22:14 +argo-cd,v1.5.4,2020-05-05,19:25:30 +argo-cd,v1.5.3,2020-05-02,04:58:47 +argo-cd,v1.5.2,2020-04-15,19:05:41 +argo-cd,v1.4.3,2020-04-15,19:09:30 +argo-cd,v1.5.1,2020-04-06,16:35:44 +argo-cd,v1.5.0,2020-04-02,18:49:53 +argo-cd,v1.5.0-rc3,2020-03-30,22:42:52 +argo-cd,v1.5.0-rc2,2020-03-26,06:12:25 +argo-cd,v1.5.0-rc1,2020-03-20,23:02:28 +argo-cd,v1.4.2,2020-01-24,01:18:02 +argo-cd,v1.4.1,2020-01-22,23:10:57 +argo-cd,v1.4.0,2020-01-18,06:12:51 +argo-cd,v1.4.0-rc1,2020-01-13,20:48:09 +argo-cd,v1.3.6,2019-12-10,22:54:07 +argo-cd,v1.3.5,2019-12-09,21:25:22 +argo-cd,v1.3.4,2019-12-05,23:31:46 +argo-cd,v1.3.3,2019-12-05,22:55:32 +argo-cd,v1.3.2,2019-12-03,21:40:15 +argo-cd,v1.3.1,2019-12-02,22:35:57 +argo-cd,v1.3.0,2019-11-13,02:17:35 +argo-cd,v1.3.0-rc5,2019-11-11,21:34:47 +argo-cd,v1.3.0-rc4,2019-11-04,06:53:16 +argo-cd,v1.3.0-rc3,2019-10-29,20:19:18 +argo-cd,v1.2.5,2019-10-29,00:14:59 +argo-cd,v1.3.0-rc2,2019-10-23,01:36:08 +argo-cd,v1.2.4,2019-10-23,20:11:59 +argo-cd,v1.3.0-rc1,2019-10-16,21:46:33 +argo-cd,v1.2.3,2019-10-01,21:10:16 +argo-cd,v1.2.2,2019-09-24,19:34:55 +argo-cd,v1.2.1,2019-09-12,17:31:17 +argo-cd,v1.2.0,2019-09-04,21:39:00 +argo-cd,v1.2.0-rc2,2019-08-21,16:04:14 +argo-cd,v1.2.0-rc1,2019-08-06,20:26:20 +argo-cd,v1.1.2,2019-07-30,18:02:46 +argo-cd,v1.1.1,2019-07-24,17:44:23 +argo-cd,v1.1.0,2019-07-24,17:22:37 +argo-cd,v1.1.0-rc8,2019-07-19,22:33:59 +argo-cd,v1.1.0-rc7,2019-07-17,23:30:42 +argo-cd,v1.1.0-rc6,2019-07-16,16:43:32 +argo-cd,v1.1.0-rc5,2019-07-09,21:43:03 +argo-cd,v1.1.0-rc4,2019-07-03,21:23:36 +argo-cd,v1.1.0-rc3,2019-06-28,21:09:41 +argo-cd,v1.1.0-rc2,2019-06-21,23:41:40 +argo-cd,v1.1.0-rc1,2019-06-14,18:42:47 +argo-cd,v1.0.2,2019-06-14,17:23:08 +argo-cd,v1.0.1,2019-05-28,17:32:09 +argo-cd,v1.0.0,2019-05-16,22:13:10 +argo-cd,v1.0.0-rc3,2019-05-09,17:28:45 +argo-cd,v1.0.0-rc2,2019-04-30,21:30:50 +argo-cd,v0.12.3,2019-04-30,06:17:03 +argo-cd,v1.0.0-rc1,2019-04-24,18:21:02 +argo-cd,v0.12.2,2019-04-22,21:50:44 +argo-cd,v0.12.1,2019-04-09,21:28:28 +argo-cd,v0.12.0,2019-03-23,01:35:42 +argo-cd,v0.12.0-rc6,2019-03-20,22:50:14 +argo-cd,v0.12.0-rc5,2019-03-19,08:07:36 +argo-cd,v0.12.0-rc4,2019-03-12,21:55:07 +argo-cd,v0.12.0-rc3,2019-03-07,02:51:44 +argo-cd,v0.12.0-rc2,2019-03-06,11:20:06 +argo-cd,v0.12.0-rc1,2019-03-06,03:04:20 +argo-cd,v0.11.2,2019-02-19,18:00:25 +argo-cd,v0.11.1,2019-01-18,21:14:24 +argo-cd,v0.11.0,2019-01-11,02:13:53 +argo-cd,v0.11.0-rc6,2019-01-10,00:42:34 +argo-cd,v0.11.0-rc5,2019-01-09,00:13:56 +argo-cd,v0.11.0-rc4,2019-01-04,21:48:23 +argo-cd,v0.11.0-rc3,2019-01-03,23:58:08 +argo-cd,v0.11.0-rc2,2018-12-28,01:33:08 +argo-cd,v0.11.0-rc1,2018-12-10,17:50:56 +argo-cd,v0.10.6,2018-11-15,03:01:53 +argo-cd,v0.10.5,2018-11-14,02:40:13 +argo-cd,v0.10.4,2018-11-08,02:06:57 +argo-cd,v0.10.3,2018-10-29,07:03:10 +argo-cd,v0.10.2,2018-10-25,20:12:36 +argo-cd,v0.10.1,2018-10-24,20:28:59 +argo-cd,v0.10.0,2018-10-19,22:01:34 +argo-cd,v0.9.2,2018-09-28,16:59:16 +argo-cd,v0.9.1,2018-09-24,21:46:35 +argo-cd,v0.9.0,2018-09-24,20:41:50 +argo-cd,v0.8.2,2018-09-12,08:55:44 +argo-cd,v0.8.1,2018-09-11,01:34:30 +argo-cd,v0.8.0,2018-09-05,01:10:25 +argo-cd,v0.7.2,2018-08-21,08:22:07 +argo-cd,v0.7.1,2018-08-03,20:45:14 +argo-cd,v0.7.0,2018-07-28,01:30:19 +argo-cd,v0.6.2,2018-07-24,10:04:03 +argo-cd,v0.6.1,2018-07-18,07:44:11 +argo-cd,v0.6.0,2018-07-17,09:42:25 +argo-cd,v0.5.4,2018-06-27,23:25:33 +argo-cd,v0.5.3,2018-06-21,00:09:10 +argo-cd,v0.5.2,2018-06-14,20:19:39 +argo-cd,v0.5.1,2018-06-13,21:46:40 +argo-cd,v0.5.0,2018-06-12,20:39:05 +argo-cd,v0.4.7,2018-06-07,18:37:20 +argo-cd,v0.4.6,2018-06-06,18:12:48 +argo-cd,v0.4.5,2018-05-31,10:29:26 +argo-cd,v0.4.4,2018-05-30,23:40:52 +argo-cd,v0.4.3,2018-05-21,22:38:11 +argo-cd,v0.4.2,2018-05-21,08:25:50 +argo-cd,v0.4.1,2018-05-18,20:40:11 +argo-cd,v0.4.0,2018-05-17,09:55:08 +argo-cd,v0.4.0-alpha1,2018-05-11,23:59:31 +argo-cd,v0.3.2,2018-05-03,18:25:30 +argo-cd,v0.3.1,2018-04-24,23:32:12 +argo-cd,v0.3.0,2018-04-23,08:29:14 +argo-cd,v0.2.0,2018-04-03,18:19:24 +argo-cd,v0.1.0,2018-03-13,00:38:20 +argo-workflows,v3.6.2,2024-12-02,14:12:44 +argo-workflows,v3.5.13,2024-12-02,13:09:39 +argo-workflows,v3.6.0,2024-11-14,19:02:01 +argo-workflows,v3.6.0-rc4,2024-10-31,11:56:16 +argo-workflows,v3.5.12,2024-10-30,11:49:27 +argo-workflows,v3.6.0-rc3,2024-10-24,10:51:47 +argo-workflows,v3.4.18,2024-12-16,09:03:37 +argo-workflows,v3.6.0-rc2,2024-10-03,07:48:59 +argo-workflows,v3.5.11,2024-09-20,14:08:00 +argo-workflows,v3.6.0-rc1,2024-09-18,10:03:03 +argo-workflows,v3.5.10,2024-08-01,06:03:16 +argo-workflows,v3.5.9,2024-07-30,06:58:49 +argo-workflows,v3.5.8,2024-06-18,04:52:31 +argo-workflows,v3.5.7,2024-05-27,07:13:30 +argo-workflows,v3.4.17,2024-05-13,02:47:39 +argo-workflows,v3.5.6,2024-04-19,21:43:07 +argo-workflows,v3.5.5,2024-02-29,21:47:50 +argo-workflows,v3.5.4,2024-01-14,06:19:09 +argo-workflows,v3.4.16,2024-01-14,06:17:57 +argo-workflows,v3.4.15,2024-01-13,23:29:40 +argo-workflows,v3.5.3,2024-01-11,03:12:46 +argo-workflows,v3.5.2,2023-11-27,19:16:42 +argo-workflows,v3.4.14,2023-11-27,18:56:22 +argo-workflows,v3.5.1,2023-11-03,19:57:45 +argo-workflows,v3.4.13,2023-11-03,21:07:31 +argo-workflows,v3.4.12,2023-10-20,13:00:24 +argo-workflows,v3.5.0,2023-10-13,15:00:44 +argo-workflows,v3.5.0-rc2,2023-09-20,19:20:10 +argo-workflows,v3.4.11,2023-09-08,01:14:16 +argo-workflows,v3.5.0-rc1,2023-08-15,20:01:35 +argo-workflows,v3.4.10,2023-08-15,18:59:38 +argo-workflows,v3.4.9,2023-07-20,15:28:41 +argo-workflows,v3.4.8,2023-05-25,23:37:40 +argo-workflows,v3.4.7,2023-04-11,17:26:32 +argo-workflows,v3.4.6,2023-03-31,20:16:18 +argo-workflows,v3.4.5,2023-02-07,13:26:29 +argo-workflows,v3.4.4,2022-11-29,21:15:21 +argo-workflows,v3.3.10,2022-11-29,21:24:54 +argo-workflows,v3.4.3,2022-10-31,09:17:41 +argo-workflows,v3.4.2,2022-10-23,07:36:55 +argo-workflows,v3.4.1,2022-10-01,16:09:34 +argo-workflows,v3.4.0,2022-09-19,05:23:46 +argo-workflows,v3.4.0-rc4,2022-09-10,19:34:15 +argo-workflows,v3.4.0-rc3,2022-09-01,01:28:29 +argo-workflows,v3.4.0-rc2,2022-08-19,14:51:26 +argo-workflows,v3.4.0-rc1,2022-08-10,07:13:17 +argo-workflows,v3.3.9,2022-08-10,01:08:09 +argo-workflows,v3.3.8,2022-06-24,01:18:03 +argo-workflows,v3.3.7,2022-06-21,00:41:49 +argo-workflows,v3.3.6,2022-05-26,01:22:39 +argo-workflows,v3.3.5,2022-05-04,01:13:34 +argo-workflows,v3.2.11,2022-05-03,22:59:55 +argo-workflows,v3.3.4,2022-04-29,19:54:39 +argo-workflows,v3.3.3,2022-04-25,23:19:39 +argo-workflows,v3.3.2,2022-04-20,23:16:10 +argo-workflows,v3.3.1,2022-03-18,19:45:27 +argo-workflows,v3.3.0,2022-03-14,23:06:47 +argo-workflows,v3.3.0-rc10,2022-03-07,23:50:34 +argo-workflows,v3.3.0-rc9,2022-03-05,19:01:28 +argo-workflows,v3.2.9,2022-03-02,23:04:35 +argo-workflows,v3.3.0-rc8,2022-03-01,02:52:15 +argo-workflows,v3.3.0-rc7,2022-02-25,21:14:31 +argo-workflows,v3.3.0-rc6,2022-02-21,20:27:19 +argo-workflows,v3.3.0-rc5,2022-02-21,20:07:56 +argo-workflows,v3.3.0-rc4,2022-02-08,20:05:39 +argo-workflows,v3.2.8,2022-02-04,20:19:52 +argo-workflows,v3.3.0-rc3,2022-02-03,20:31:05 +argo-workflows,v0.0.0-dev-bom-1,2022-02-02,21:21:47 +argo-workflows,v3.3.0-rc2,2022-01-30,01:45:04 +argo-workflows,v3.3.0-rc1,2022-01-29,01:08:13 +argo-workflows,v3.2.7,2022-01-28,02:28:31 +argo-workflows,v3.2.6,2021-12-17,21:12:28 +argo-workflows,v3.2.5,2021-12-16,00:34:48 +argo-workflows,v0.0.0-dev-kc-7,2021-11-19,01:36:27 +argo-workflows,v3.2.4,2021-11-18,00:41:27 +argo-workflows,v3.1.15,2021-11-17,18:46:01 +argo-workflows,v0.0.0-dev-kc-6,2021-11-18,00:10:06 +argo-workflows,v0.0.0-dev-kc-5,2021-11-16,20:03:24 +argo-workflows,v0.0.0-dev-kc-4,2021-11-16,18:38:30 +argo-workflows,v0.0.0-dev-kc-3,2021-11-15,21:54:04 +argo-workflows,v0.0.0-dev-kc-2,2021-11-15,21:36:23 +argo-workflows,v0.0.0-dev-kc-1,2021-11-09,21:24:30 +argo-workflows,v0.0.0-dev-kc-0,2021-11-09,17:10:14 +argo-workflows,v3.2.3,2021-10-27,02:22:57 +argo-workflows,v3.2.2,2021-10-21,18:24:56 +argo-workflows,v3.1.14,2021-10-20,02:52:43 +argo-workflows,v3.2.1,2021-10-19,22:11:39 +argo-workflows,v3.2.0,2021-10-12,16:28:36 +argo-workflows,v3.2.0-rc6,2021-10-06,02:26:30 +argo-workflows,v3.2.0-rc5,2021-09-29,18:09:20 +argo-workflows,v3.1.13,2021-09-28,20:07:21 +argo-workflows,v3.2.0-rc4,2021-09-21,21:03:56 +argo-workflows,v3.1.12,2021-09-16,14:12:07 +argo-workflows,v3.2.0-rc3,2021-09-14,19:40:01 +argo-workflows,v3.1.11,2021-09-14,07:41:28 +argo-workflows,v3.1.10,2021-09-10,18:58:55 +argo-workflows,v3.1.9,2021-09-03,22:39:13 +argo-workflows,v3.2.0-rc2,2021-09-01,23:45:48 +argo-workflows,v0.0.0-dev-mc-4,2021-08-31,18:10:35 +argo-workflows,v0.0.0-dev-mc-3,2021-08-30,17:45:10 +argo-workflows,v0.0.0-dev-mc-2,2021-08-30,17:40:57 +argo-workflows,v0.0.0-dev-mc-1,2021-08-30,00:26:16 +argo-workflows,v0.0.0-dev-mc-0,2021-08-28,02:06:29 +argo-workflows,v3.2.0-rc1,2021-08-20,02:49:34 +argo-workflows,v3.1.8,2021-08-19,00:19:56 +argo-workflows,v3.1.7,2021-08-18,18:21:43 +argo-workflows,v3.0.10,2021-08-18,23:53:38 +argo-workflows,v3.0.9,2021-08-18,17:03:34 +argo-workflows,v2.12.13,2021-08-18,23:42:45 +argo-workflows,v2.12.12,2021-08-18,17:57:06 +argo-workflows,v3.1.6,2021-08-13,00:39:51 +argo-workflows,v0.0.0-dev-dataflow-41,2021-08-11,04:28:21 +argo-workflows,v3.1.5,2021-08-04,07:14:30 +argo-workflows,v0.0.0-dev-dataflow-40,2021-08-04,02:06:40 +argo-workflows,v3.1.4,2021-08-04,01:06:06 +argo-workflows,v0.0.0-dev-dataflow-39,2021-07-30,20:53:39 +argo-workflows,v3.1.3,2021-07-28,05:38:36 +argo-workflows,v0.0.0-dev-dataflow-37,2021-07-23,23:23:18 +argo-workflows,v0.0.0-dev-dataflow-36,2021-07-22,01:29:29 +argo-workflows,v0.0.0-dev-dataflow-34,2021-07-20,18:17:04 +argo-workflows,v0.0.0-dev-dataflow-33,2021-07-16,23:18:16 +argo-workflows,v3.1.2,2021-07-15,22:04:54 +argo-workflows,v0.0.0-dev-dataflow-31,2021-07-14,16:55:52 +argo-workflows,v0.0.0-dev-dataflow-30,2021-07-12,18:40:24 +argo-workflows,v3.1.1,2021-06-28,21:31:33 +argo-workflows,v0.0.0-dev-dataflow-29,2021-06-28,18:51:44 +argo-workflows,v0.0.0-dev-dataflow-28,2021-06-25,03:44:24 +argo-workflows,v3.1.0,2021-06-21,23:35:00 +argo-workflows,v3.0.8,2021-06-21,23:52:48 +argo-workflows,v0.0.0-dev-dataflow-27,2021-06-21,23:00:03 +argo-workflows,v0.0.0-dev-dataflow-26,2021-06-16,00:01:26 +argo-workflows,v0.0.0-dev-dataflow-25,2021-06-16,00:01:43 +argo-workflows,v3.1.0-rc14,2021-06-10,19:18:50 +argo-workflows,v0.0.0-dev-dataflow-24,2021-06-10,17:34:10 +argo-workflows,v0.0.0-dev-dataflow-23,2021-06-10,02:31:42 +argo-workflows,v3.1.0-rc13,2021-06-08,16:45:35 +argo-workflows,v0.0.0-dev-dataflow-22,2021-06-09,20:38:24 +argo-workflows,v0.0.0-dev-dataflow-20,2021-06-08,02:42:49 +argo-workflows,v0.0.0-dev-dataflow-19,2021-06-06,20:41:36 +argo-workflows,v0.0.0-dev-docker-0,2021-06-06,19:00:54 +argo-workflows,v0.0.0-dev-dataflow-18,2021-06-05,00:59:50 +argo-workflows,v0.0.0-dev-dataflow-17,2021-06-04,01:23:11 +argo-workflows,v0.0.0-dev-dataflow-16,2021-06-04,01:03:00 +argo-workflows,v3.1.0-rc12,2021-06-03,01:40:44 +argo-workflows,v3.1.0-rc11,2021-06-01,19:02:58 +argo-workflows,v0.0.0-dev-dataflow-15,2021-06-01,22:31:59 +argo-workflows,v0.0.0-dev-dataflow-14,2021-06-01,20:34:22 +argo-workflows,v0.0.0-dev-dataflow-13,2021-06-01,19:06:07 +argo-workflows,v3.1.0-rc10,2021-05-28,00:00:15 +argo-workflows,v0.0.0-dev-dataflow-11,2021-05-27,02:01:59 +argo-workflows,v3.1.0-rc8,2021-05-25,18:06:14 +argo-workflows,v3.0.7,2021-05-25,19:08:55 +argo-workflows,v0.0.0-dev-dataflow-10,2021-05-25,18:22:42 +argo-workflows,v3.1.0-rc7,2021-05-24,20:15:18 +argo-workflows,v3.0.6,2021-05-24,22:03:27 +argo-workflows,v3.0.5,2021-05-24,20:16:47 +argo-workflows,v3.1.0-rc6,2021-05-21,16:46:01 +argo-workflows,v0.0.0-dev-dataflow-9,2021-05-21,20:56:00 +argo-workflows,v0.0.0-dev-dataflow-8,2021-05-21,06:32:47 +argo-workflows,v0.0.0-dev-dataflow-7,2021-05-21,03:02:41 +argo-workflows,v0.0.0-dev-dataflow-6,2021-05-20,23:34:42 +argo-workflows,v0.0.0-dev-dataflow-5,2021-05-19,23:23:04 +argo-workflows,v0.0.0-dev-dataflow-4,2021-05-19,00:02:40 +argo-workflows,v3.1.0-rc5,2021-05-17,22:42:30 +argo-workflows,v3.1.0-rc4,2021-05-14,21:20:57 +argo-workflows,v3.0.4,2021-05-14,06:52:02 +argo-workflows,v3.1.0-rc3,2021-05-13,21:46:01 +argo-workflows,v3.1.0-rc2,2021-05-13,00:17:44 +argo-workflows,v3.1.0-rc1,2021-05-12,21:19:04 +argo-workflows,v3.0.3,2021-05-11,22:31:06 +argo-workflows,v3.0.2,2021-04-20,15:37:15 +argo-workflows,v2.12.11,2021-04-06,18:10:38 +argo-workflows,v3.0.1,2021-04-01,19:52:20 +argo-workflows,v3.0.0,2021-03-30,20:25:33 +argo-workflows,v3.0.0-rc9,2021-03-23,19:04:46 +argo-workflows,v3.0.0-rc8,2021-03-17,19:30:33 +argo-workflows,v3.0.0-rc7,2021-03-16,23:25:22 +argo-workflows,v3.0.0-rc6,2021-03-10,01:08:31 +argo-workflows,v3.0.0-rc5,2021-03-09,19:50:05 +argo-workflows,v2.12.10,2021-03-08,22:57:52 +argo-workflows,v3.0.0-rc4,2021-03-02,22:26:56 +argo-workflows,v3.0.0-rc3,2021-02-23,21:38:38 +argo-workflows,v3.0.0-rc2,2021-02-16,18:09:12 +argo-workflows,v2.12.9,2021-02-17,01:28:49 +argo-workflows,v3.0.0-rc1,2021-02-09,00:36:27 +argo-workflows,v2.12.8,2021-02-09,00:36:17 +argo-workflows,v2.12.7,2021-02-01,22:21:36 +argo-workflows,v2.12.6,2021-01-25,20:24:13 +argo-workflows,v2.12.5,2021-01-19,22:49:21 +argo-workflows,v2.12.4,2021-01-12,20:53:35 +argo-workflows,v2.12.3,2021-01-05,02:00:00 +argo-workflows,v2.12.2,2020-12-18,18:17:19 +argo-workflows,v2.12.1,2020-12-18,01:11:16 +argo-workflows,v2.12.0,2020-12-17,19:35:41 +argo-workflows,v2.12.0-rc6,2020-12-15,19:00:45 +argo-workflows,v2.12.0-rc5,2020-12-10,13:50:01 +argo-workflows,v2.12.0-rc4,2020-12-03,00:55:16 +argo-workflows,v2.12.0-rc3,2020-11-23,13:35:50 +argo-workflows,v2.11.8,2020-11-21,16:36:24 +argo-workflows,v2.12.0-rc2,2020-11-12,16:23:14 +argo-workflows,v2.12.0-rc1,2020-11-06,19:14:19 +argo-workflows,v2.11.7,2020-11-02,21:50:13 +argo-workflows,v2.11.6,2020-10-19,20:51:22 +argo-workflows,v2.11.5,2020-10-15,23:14:34 +argo-workflows,v2.11.4,2020-10-14,22:30:23 +argo-workflows,v2.11.3,2020-10-07,23:20:10 +argo-workflows,v2.11.2,2020-10-06,00:19:46 +argo-workflows,v2.11.1,2020-09-29,17:55:55 +argo-workflows,v2.11.0,2020-09-17,23:09:05 +argo-workflows,v2.11.0-rc3,2020-09-15,16:50:33 +argo-workflows,v2.10.2,2020-09-14,17:45:20 +argo-workflows,v2.11.0-rc2,2020-09-09,17:43:25 +argo-workflows,v2.10.1,2020-09-03,00:02:01 +argo-workflows,v2.11.0-rc1,2020-09-01,20:17:41 +argo-workflows,v2.10.0,2020-08-18,23:15:58 +argo-workflows,v2.10.0-rc7,2020-08-14,15:48:45 +argo-workflows,v2.10.0-rc6,2020-08-06,23:31:38 +argo-workflows,v2.9.5,2020-08-06,22:45:49 +argo-workflows,v2.10.0-rc5,2020-08-03,23:21:27 +argo-workflows,v2.10.0-rc4,2020-07-29,00:15:54 +argo-workflows,v2.9.4,2020-07-24,21:59:33 +argo-workflows,v2.10.0-rc3,2020-07-23,23:04:45 +argo-workflows,v2.10.0-rc1,2020-07-17,20:10:06 +argo-workflows,v2.9.3,2020-07-15,01:33:15 +argo-workflows,v2.9.2,2020-07-09,00:21:41 +argo-workflows,v2.9.1,2020-07-03,15:28:51 +argo-workflows,v2.9.0,2020-07-02,01:43:01 +argo-workflows,v2.9.0-rc4,2020-06-26,23:05:54 +argo-workflows,v2.9.0-rc3,2020-06-23,19:15:20 +argo-workflows,v2.8.2,2020-06-22,22:28:02 +argo-workflows,v2.9.0-rc2,2020-06-17,04:36:44 +argo-workflows,v2.9.0-rc1,2020-06-11,00:19:33 +argo-workflows,v2.8.1,2020-05-29,00:31:04 +argo-workflows,v2.8.0,2020-05-11,23:50:27 +argo-workflows,v2.8.0-rc4,2020-05-06,23:58:00 +argo-workflows,v2.7.7,2020-05-06,23:32:46 +argo-workflows,v2.8.0-rc3,2020-04-28,16:46:57 +argo-workflows,v2.7.6,2020-04-28,17:31:48 +argo-workflows,v2.8.0-rc2,2020-04-23,23:29:50 +argo-workflows,v2.8.0-rc1,2020-04-21,15:36:43 +argo-workflows,v2.7.5,2020-04-21,01:35:36 +argo-workflows,v2.7.4,2020-04-16,18:20:58 +argo-workflows,v2.6.4,2020-04-16,03:02:24 +argo-workflows,v2.7.3,2020-04-16,02:03:38 +argo-workflows,v2.7.2,2020-04-10,20:29:17 +argo-workflows,v2.7.1,2020-04-07,17:16:19 +argo-workflows,v2.7.0,2020-04-01,03:13:14 +argo-workflows,v2.7.0-rc4,2020-03-30,22:13:50 +argo-workflows,v2.7.0-rc3,2020-03-25,20:18:44 +argo-workflows,v2.7.0-rc2,2020-03-23,18:38:05 +argo-workflows,v2.7.0-rc1,2020-03-19,02:11:45 +argo-workflows,v2.6.3,2020-03-16,18:24:24 +argo-workflows,v2.6.2,2020-03-12,16:23:45 +argo-workflows,v2.6.1,2020-03-04,21:33:38 +argo-workflows,v2.6.0,2020-02-28,23:39:10 +argo-workflows,v2.6.0-rc3,2020-02-25,17:32:04 +argo-workflows,v2.5.2,2020-02-24,23:10:36 +argo-workflows,v2.6.0-rc2,2020-02-22,00:36:29 +argo-workflows,v2.5.1,2020-02-20,18:30:07 +argo-workflows,v2.6.0-rc1,2020-02-19,18:48:23 +argo-workflows,v2.5.0,2020-02-19,02:54:07 +argo-workflows,v2.5.0-rc12,2020-02-14,00:08:36 +argo-workflows,v2.5.0-rc11,2020-02-11,22:25:57 +argo-workflows,v2.5.0-rc10,2020-02-08,00:23:39 +argo-workflows,v2.5.0-rc9,2020-02-07,00:40:24 +argo-workflows,v2.5.0-rc8,2020-02-04,01:25:11 +argo-workflows,v2.5.0-rc7,2020-01-31,22:43:09 +argo-workflows,v2.5.0-rc6,2020-01-30,22:14:51 +argo-workflows,v2.5.0-rc5,2020-01-30,03:13:49 +argo-workflows,v2.5.0-rc4,2020-01-27,21:08:05 +argo-workflows,v2.5.0-rc3,2020-01-27,19:37:31 +argo-workflows,v2.5.0-rc2,2020-01-24,21:43:45 +argo-workflows,v2.5.0-rc1,2020-01-24,20:59:49 +argo-workflows,v2.4.3,2019-12-06,05:53:42 +argo-workflows,v2.4.2,2019-10-21,19:06:52 +argo-workflows,v2.4.1,2019-10-09,00:01:23 +argo-workflows,v2.4.0,2019-10-07,20:35:32 +argo-workflows,v2.4.0-rc1,2019-08-08,22:12:22 +argo-workflows,v2.3.0,2019-05-20,22:34:35 +argo-workflows,v2.3.0-rc3,2019-05-08,00:11:00 +argo-workflows,v2.3.0-rc2,2019-04-21,08:32:04 +argo-workflows,v2.3.0-rc1,2019-04-10,16:08:39 +argo-workflows,v2.2.1,2018-10-11,16:44:01 +argo-workflows,v2.2.0,2018-08-30,09:00:24 +argo-workflows,v2.1.1,2018-05-29,20:52:07 +argo-workflows,v2.1.0,2018-05-01,20:33:03 +argo-workflows,v2.1.0-beta2,2018-03-29,20:55:26 +argo-workflows,v2.1.0-beta1,2018-03-29,15:35:56 +argo-workflows,v2.1.0-alpha1,2018-02-21,22:54:53 +argo-workflows,v2.0.0,2018-02-06,21:55:25 +argo-workflows,v2.0.0-beta1,2018-01-18,22:58:14 +argo-workflows,v2.0.0-alpha3,2018-01-02,21:32:11 +argo-workflows,v2.0.0-alpha2,2017-12-05,05:13:12 +argo-workflows,v2.0.0-alpha1,2017-11-16,22:10:07 +argo-events,v1.9.5,2025-01-10,18:11:20 +argo-events,v1.9.4,2025-01-08,07:48:18 +argo-events,v1.9.3,2024-11-27,06:51:10 +argo-events,v1.9.2,2024-06-14,00:38:39 +argo-events,v1.9.1,2024-02-13,21:21:44 +argo-events,v1.9.0,2024-01-09,08:31:10 +argo-events,v1.8.1,2023-08-31,23:49:47 +argo-events,v1.8.0,2023-05-08,05:54:59 +argo-events,v1.7.6,2023-02-10,07:30:54 +argo-events,v1.7.5,2023-01-23,08:23:36 +argo-events,v1.7.4,2022-12-12,07:45:11 +argo-events,v1.7.3,2022-09-28,22:10:34 +argo-events,v1.7.2,2022-09-12,23:46:11 +argo-events,v1.7.1,2022-06-09,06:27:31 +argo-events,v1.7.0,2022-05-04,22:47:01 +argo-events,v1.7.0-rc1,2022-04-23,07:22:52 +argo-events,v1.6.3,2022-03-03,20:56:12 +argo-events,v1.6.2,2022-03-02,05:39:57 +argo-events,v1.6.1,2022-02-27,08:51:59 +argo-events,v1.6.0,2022-02-13,06:42:27 +argo-events,v1.5.6,2022-01-12,05:18:08 +argo-events,v1.5.5,2021-12-19,03:32:55 +argo-events,v1.5.4,2021-12-10,08:49:46 +argo-events,v1.5.3,2021-11-22,18:36:36 +argo-events,v1.5.2,2021-11-09,20:01:58 +argo-events,v1.5.1,2021-11-08,07:35:38 +argo-events,v1.5.0,2021-10-12,18:48:33 +argo-events,v1.4.3,2021-09-30,15:49:41 +argo-events,v1.4.2,2021-09-21,18:29:51 +argo-events,v1.4.1,2021-09-01,00:37:05 +argo-events,v1.4.0,2021-07-12,16:33:29 +argo-events,v1.3.1,2021-05-04,17:40:52 +argo-events,v1.3.0,2021-04-12,18:14:51 +argo-events,v1.3.0-rc4,2021-04-08,06:37:06 +argo-events,v1.3.0-rc3,2021-04-05,20:42:52 +argo-events,v1.3.0-rc2,2021-03-31,21:34:56 +argo-events,v1.3.0-rc1,2021-03-23,18:05:01 +argo-events,v1.2.3,2021-02-18,17:52:54 +argo-events,v1.2.2,2021-01-27,17:40:28 +argo-events,v1.2.1,2021-01-26,08:22:50 +argo-events,v1.2.0,2021-01-08,08:30:04 +argo-events,v1.1.0,2020-11-16,20:07:55 +argo-events,v1.1.0-rc1,2020-11-05,06:36:21 +argo-events,v1.0.0,2020-09-04,20:57:04 +argo-events,v1.0.0-rc3,2020-08-26,04:36:48 +argo-events,v1.0.0-rc2,2020-08-16,21:20:09 +argo-events,v1.0.0-rc1,2020-08-10,18:25:28 +argo-events,v0.17.0,2020-07-24,12:40:33 +argo-events,v0.16.0,2020-06-14,23:52:44 +argo-events,v0.15.0,2020-05-08,13:42:18 +argo-events,v0.14.0,2020-04-12,23:34:58 +argo-events,v0.13.0,2020-03-21,01:21:15 +argo-events,v0.13.0-rc,2020-02-26,01:33:31 +argo-events,v0.12,2020-01-17,04:51:55 +argo-events,v0.12-rc,2019-12-12,04:52:49 +argo-events,v0.11,2019-11-11,17:11:35 +argo-events,v0.10,2019-10-07,12:51:38 +argo-events,v0.9.3,2019-07-15,12:16:22 +argo-events,v0.9.2,2019-04-26,01:11:53 +argo-events,v0.9.1,2019-04-26,00:33:03 +argo-events,v.0.9,2019-03-30,13:07:25 +argo-events,v0.8.3,2019-03-18,21:09:05 +argo-events,v0.8.2,2019-03-14,10:32:46 +argo-events,v0.8.1,2019-03-11,13:42:08 +argo-events,v0.8,2019-02-27,18:08:21 +argo-events,v0.7,2019-01-30,04:12:58 +argo-events,v0.6,2018-11-27,11:46:02 +argo-events,v0.5,2018-10-18,19:51:19 +argo-events,v0.5-beta1,2018-07-27,15:00:03 +argo-events,v0.5-alpha1,2018-06-20,19:23:36 +argo-rollouts,v1.8.0-rc2,2025-01-16,19:43:44 +argo-rollouts,v1.8.0-rc1,2024-12-09,14:28:35 +argo-rollouts,v1.7.2,2024-08-13,18:42:47 +argo-rollouts,v1.7.1,2024-06-25,01:38:31 +argo-rollouts,v1.7.0,2024-06-13,20:23:14 +argo-rollouts,v1.7.0-rc1,2024-04-05,18:24:00 +argo-rollouts,v1.6.6,2024-02-13,15:56:59 +argo-rollouts,v1.6.5,2024-01-25,20:19:53 +argo-rollouts,v1.6.4,2023-12-11,21:54:30 +argo-rollouts,v1.6.3,2023-12-05,14:36:31 +argo-rollouts,v1.6.2,2023-11-02,19:58:08 +argo-rollouts,v1.6.1,2023-11-01,21:19:43 +argo-rollouts,v1.6.0,2023-09-06,19:00:06 +argo-rollouts,v1.6.0-rc1,2023-08-11,14:22:24 +argo-rollouts,v1.5.1,2023-05-24,19:26:51 +argo-rollouts,v1.5.0,2023-05-08,15:34:06 +argo-rollouts,v1.5.0-rc1,2023-03-27,20:09:25 +argo-rollouts,v1.4.1,2023-02-25,15:23:34 +argo-rollouts,v1.3.3,2023-02-25,04:38:57 +argo-rollouts,v1.4.0,2023-01-09,21:43:34 +argo-rollouts,v1.4.0-rc1,2022-12-20,02:07:55 +argo-rollouts,v1.3.2,2022-12-15,17:05:26 +argo-rollouts,v1.3.1,2022-09-29,17:43:19 +argo-rollouts,v1.3.0,2022-09-19,03:29:00 +argo-rollouts,v1.3.0-rc3,2022-09-15,16:00:07 +argo-rollouts,v1.3.0-rc2,2022-08-25,20:49:49 +argo-rollouts,v1.3.0-rc1,2022-07-29,19:54:34 +argo-rollouts,v1.2.2,2022-07-26,17:49:31 +argo-rollouts,v1.2.1,2022-05-13,20:57:34 +argo-rollouts,v1.2.0,2022-03-22,17:16:13 +argo-rollouts,v1.2.0-rc2,2022-02-25,16:54:46 +argo-rollouts,v1.2.0-rc1,2022-02-07,20:00:22 +argo-rollouts,v1.1.1,2021-11-29,21:44:13 +argo-rollouts,v1.1.0,2021-10-12,17:02:30 +argo-rollouts,v1.1.0-rc2,2021-10-05,23:41:25 +argo-rollouts,v1.0.7,2021-09-29,18:02:01 +argo-rollouts,v1.1.0-rc1,2021-09-21,23:23:21 +argo-rollouts,v1.0.6,2021-08-26,18:13:19 +argo-rollouts,v1.0.4,2021-08-03,04:38:07 +argo-rollouts,v1.0.3,2021-08-03,04:36:59 +argo-rollouts,v1.0.2,2021-06-15,22:33:04 +argo-rollouts,v1.0.1,2021-05-26,08:43:12 +argo-rollouts,v1.0.0,2021-05-20,04:11:28 +argo-rollouts,v1.0.0-rc1,2021-04-29,20:29:41 +argo-rollouts,v0.10.2,2020-12-17,21:20:44 +argo-rollouts,v0.10.1,2020-12-05,01:23:44 +argo-rollouts,v0.10.0,2020-11-14,00:21:31 +argo-rollouts,v0.9.3,2020-11-05,23:24:15 +argo-rollouts,v0.9.2,2020-10-17,04:41:56 +argo-rollouts,v0.9.1,2020-09-28,22:52:01 +argo-rollouts,v0.9.0,2020-08-17,22:17:04 +argo-rollouts,v0.8.3,2020-06-04,00:49:11 +argo-rollouts,v0.8.2,2020-05-06,20:40:16 +argo-rollouts,v0.8.1,2020-04-20,23:55:07 +argo-rollouts,v0.8.0,2020-04-13,16:40:32 +argo-rollouts,v0.7.2,2020-02-25,19:46:06 +argo-rollouts,v0.7.1,2020-02-10,18:01:08 +argo-rollouts,v0.7.0,2020-01-22,05:09:28 +argo-rollouts,v0.6.3,2020-01-22,04:40:30 +argo-rollouts,v0.6.2,2019-12-16,17:14:42 +argo-rollouts,v0.6.1,2019-12-06,00:25:57 +argo-rollouts,v0.6.0,2019-11-17,21:16:29 +argo-rollouts,v0.5.0,2019-09-23,17:59:31 +argo-rollouts,v0.4.2,2019-08-19,20:21:15 +argo-rollouts,v0.4.1,2019-06-26,16:07:32 +argo-rollouts,v0.4.0,2019-06-21,17:48:41 +argo-rollouts,v0.3.2,2019-06-13,17:58:53 +argo-rollouts,v0.3.1,2019-05-18,21:27:51 +argo-rollouts,v0.3.0,2019-05-01,06:36:28 +argo-rollouts,v0.2.2,2019-04-16,23:10:01 +argo-rollouts,v0.2.1,2019-04-04,21:43:44 +argo-rollouts,v0.2.0,2019-03-04,22:30:55 +argo-rollouts,v0.1.0,2019-02-01,19:03:49 diff --git a/scripts/release-analysis/fetch_helmet_releases.py b/scripts/release-analysis/fetch_helmet_releases.py new file mode 100644 index 00000000..77e2fcb3 --- /dev/null +++ b/scripts/release-analysis/fetch_helmet_releases.py @@ -0,0 +1,90 @@ +import csv +import os +from datetime import datetime + +import requests + +# GitHub repository URL +repo_url = "https://api.github.com/repos/argoproj/argo-helm/releases" + +# Get the GitHub token from environment variables +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + + +# Function to fetch all releases with pagination +def fetch_all_releases(url): + releases = [] + headers = {"Authorization": f"token {github_token}"} + while url: + response = requests.get(url, headers=headers) + response.raise_for_status() + releases.extend(response.json()) + url = response.links.get("next", {}).get("url") + return releases + + +# Function to get the content of Chart.yaml in a release +def get_chart_yaml(repo, tag, chart_path): + url = f"https://raw.githubusercontent.com/{repo}/refs/tags/{tag}/charts/{chart_path}/Chart.yaml" + headers = {"Authorization": f"token {github_token}"} + response = requests.get(url, headers=headers) + if response.status_code == 200: + return response.text + return None + + +# Function to extract appVersion from Chart.yaml content +def extract_app_version(chart_yaml): + for line in chart_yaml.splitlines(): + if line.startswith("appVersion:"): + return line.split(":")[1].strip() + return None + + +# Function to fetch releases and write to a CSV file +def fetch_and_write_helmet_releases(csv_file): + # Fetch all releases + releases = fetch_all_releases(repo_url) + + # Write the release data to the CSV file + with open(csv_file, mode="w", newline="") as file: + writer = csv.writer(file, quoting=csv.QUOTE_NONE, escapechar="\\") + writer.writerow(["Release Name", "Release Date", "Release Time", "App Version"]) + + for release in releases: + tag_name = release["tag_name"] + published_at = release["published_at"] + release_date = datetime.strptime(published_at, "%Y-%m-%dT%H:%M:%SZ").date() + release_time = datetime.strptime(published_at, "%Y-%m-%dT%H:%M:%SZ").time() + + # Extract chart path from the release name + chart_path = "-".join(tag_name.split("-")[:-1]) + current_chart_yaml = get_chart_yaml( + "argoproj/argo-helm", tag_name, chart_path + ) + + if current_chart_yaml: + current_app_version = extract_app_version(current_chart_yaml) + writer.writerow( + [tag_name, release_date, release_time, current_app_version] + ) + + # Read the CSV file, remove any instances of `\"`, and write back the cleaned content + with open(csv_file, mode="r") as file: + content = file.read() + + cleaned_content = content.replace('\\"', "") + + with open(csv_file, mode="w", newline="") as file: + file.write(cleaned_content) + + print( + f'Release data has been written to {csv_file} and cleaned of any instances of \\"' + ) + + +# Example usage +if __name__ == "__main__": + fetch_and_write_helmet_releases("argo_helm_releases.csv") diff --git a/scripts/release-analysis/fetch_releases.py b/scripts/release-analysis/fetch_releases.py new file mode 100644 index 00000000..6d27faee --- /dev/null +++ b/scripts/release-analysis/fetch_releases.py @@ -0,0 +1,57 @@ +import csv +import os +from datetime import datetime + +import requests + +# List of GitHub repository URLs we care about +repos = [ + ("argo-cd", "https://api.github.com/repos/argoproj/argo-cd/releases"), + ("argo-workflows", "https://api.github.com/repos/argoproj/argo-workflows/releases"), + ("argo-events", "https://api.github.com/repos/argoproj/argo-events/releases"), + ("argo-rollouts", "https://api.github.com/repos/argoproj/argo-rollouts/releases"), +] + +# Get the GitHub token from environment variables +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + + +# Fetch all releases with pagination +def fetch_all_releases(url): + releases = [] + headers = {"Authorization": f"token {github_token}"} + while url: + response = requests.get(url, headers=headers) + response.raise_for_status() + releases.extend(response.json()) + url = response.links.get("next", {}).get("url") + return releases + + +# Fetch releases and write to a CSV file +def fetch_and_write_releases(csv_file): + with open(csv_file, mode="w", newline="") as file: + writer = csv.writer(file) + writer.writerow(["Repository", "Release Tag", "Release Date", "Release Time"]) + + for repo_name, repo_url in repos: + releases = fetch_all_releases(repo_url) + for release in releases: + tag_name = release["tag_name"] + published_at = release["published_at"] + release_date = datetime.strptime( + published_at, "%Y-%m-%dT%H:%M:%SZ" + ).date() + release_time = datetime.strptime( + published_at, "%Y-%m-%dT%H:%M:%SZ" + ).time() + writer.writerow([repo_name, tag_name, release_date, release_time]) + + print(f"Release data has been written to {csv_file}") + + +# Example usage +if __name__ == "__main__": + fetch_and_write_releases("argo_releases.csv") diff --git a/scripts/release-analysis/main.py b/scripts/release-analysis/main.py new file mode 100644 index 00000000..3fcf21ed --- /dev/null +++ b/scripts/release-analysis/main.py @@ -0,0 +1,31 @@ +import os + +from fetch_helmet_releases import fetch_and_write_helmet_releases +from fetch_releases import fetch_and_write_releases +from merge_csvs import merge_csv_files +from plot_graph import plot_time_difference + +# Check there is a github token +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + +# Do the thing +print("Fetching releases...") +fetch_and_write_releases("argo_releases.csv") +print("Done") + +print("Fetching Team Helmet releases...") +fetch_and_write_helmet_releases("argo_helm_releases.csv") +print("Done") + +print("Merging release info...") +merge_csv_files("argo_releases.csv", "argo_helm_releases.csv", "merged_releases.csv") +print("Done") + +print("Plotting time difference graphs...") +plot_time_difference("merged_releases.csv") +print("Done") + +# Delete __pycache__ directories +os.system("rm -rf __pycache__") diff --git a/scripts/release-analysis/merge_csvs.py b/scripts/release-analysis/merge_csvs.py new file mode 100644 index 00000000..72b6917b --- /dev/null +++ b/scripts/release-analysis/merge_csvs.py @@ -0,0 +1,108 @@ +import csv +from datetime import datetime + + +def merge_csv_files(csv_file_1, csv_file_2, output_csv_file): + # Read the first CSV file into a dictionary + releases_1 = {} + with open(csv_file_1, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + key = (row["Repository"], row["Release Tag"]) + releases_1[key] = row + + # Read the second CSV file and find the oldest release for each appVersion + oldest_releases = {} + valid_repos = {"argo-cd", "argo-events", "argo-workflows", "argo-rollouts"} + with open(csv_file_2, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + release_name = row["Release Name"] + repo_name = "-".join(release_name.split("-")[:-1]) + if repo_name in valid_repos: + app_version = row["App Version"] + release_datetime = datetime.strptime( + f"{row['Release Date']} {row['Release Time']}", "%Y-%m-%d %H:%M:%S" + ) + if ( + repo_name, + app_version, + ) not in oldest_releases or release_datetime < oldest_releases[ + (repo_name, app_version) + ][ + "datetime" + ]: + oldest_releases[(repo_name, app_version)] = { + "row": row, + "datetime": release_datetime, + } + + # Merge the oldest releases with the first CSV file + merged_releases = [] + for (repo_name, app_version), data in oldest_releases.items(): + row = data["row"] + for key, release in releases_1.items(): + if ( + repo_name == release["Repository"] + and app_version == release["Release Tag"] + ): + time_difference = data["datetime"] - datetime.strptime( + f"{release['Release Date']} {release['Release Time']}", + "%Y-%m-%d %H:%M:%S", + ) + time_difference_hours = ( + time_difference.total_seconds() / 3600 + ) # Convert to hours + merged_row = { + "Repository": release["Repository"], + "Release Tag": release["Release Tag"], + "Release Date": release["Release Date"], + "Release Time": release["Release Time"], + "App Version": app_version, + "Release Name": row["Release Name"], + "Release Date 2": row["Release Date"], + "Release Time 2": row["Release Time"], + "Time Difference": time_difference_hours, + } + merged_releases.append(merged_row) + break + else: + merged_row = { + "Repository": repo_name, + "Release Tag": "", + "Release Date": "", + "Release Time": "", + "App Version": app_version, + "Release Name": row["Release Name"], + "Release Date 2": row["Release Date"], + "Release Time 2": row["Release Time"], + "Time Difference": "", + } + merged_releases.append(merged_row) + + # Write the merged data to a new CSV file + with open(output_csv_file, mode="w", newline="") as file: + fieldnames = [ + "Repository", + "Release Tag", + "Release Date", + "Release Time", + "App Version", + "Release Name", + "Release Date 2", + "Release Time 2", + "Time Difference", + ] + writer = csv.DictWriter(file, fieldnames=fieldnames) + writer.writeheader() + for row in merged_releases: + writer.writerow(row) + + print(f"Merged data has been written to {output_csv_file}") + + +# Example usage +if __name__ == "__main__": + merge_csv_files( + "argo_releases.csv", "argo_helm_releases.csv", "merged_releases.csv" + ) diff --git a/scripts/release-analysis/merged_releases.csv b/scripts/release-analysis/merged_releases.csv new file mode 100644 index 00000000..a4c13445 --- /dev/null +++ b/scripts/release-analysis/merged_releases.csv @@ -0,0 +1,195 @@ +Repository,Release Tag,Release Date,Release Time,App Version,Release Name,Release Date 2,Release Time 2,Time Difference +argo-cd,v2.13.3,2025-01-03,19:23:42,v2.13.3,argo-cd-7.7.13,2025-01-04,00:07:55,4.736944444444444 +argo-events,v1.9.5,2025-01-10,18:11:20,v1.9.5,argo-events-2.4.13,2025-01-11,10:22:47,16.190833333333334 +argo-workflows,v3.6.2,2024-12-02,14:12:44,v3.6.2,argo-workflows-0.45.1,2024-12-02,17:39:46,3.4505555555555554 +argo-events,v1.9.4,2025-01-08,07:48:18,v1.9.4,argo-events-2.4.12,2025-01-08,08:37:01,0.8119444444444445 +argo-events,v1.9.3,2024-11-27,06:51:10,v1.9.3,argo-events-2.4.9,2024-11-27,20:44:06,13.882222222222222 +argo-rollouts,v1.7.2,2024-08-13,18:42:47,v1.7.2,argo-rollouts-2.37.5,2024-08-14,08:31:31,13.812222222222223 +argo-cd,v2.13.2,2024-12-11,19:18:46,v2.13.2,argo-cd-7.7.10,2024-12-12,05:33:28,10.245 +argo-cd,v2.13.1,2024-11-20,17:11:22,v2.13.1,argo-cd-7.7.4,2024-11-20,20:48:11,3.613611111111111 +argo-workflows,v3.6.0,2024-11-14,19:02:01,v3.6.0,argo-workflows-0.43.0,2024-11-21,08:27:21,157.42222222222222 +argo-cd,v2.13.0,2024-11-04,12:46:49,v2.13.0,argo-cd-7.7.0,2024-11-05,00:00:06,11.221388888888889 +argo-workflows,v3.5.12,2024-10-30,11:49:27,v3.5.12,argo-workflows-0.42.6,2024-10-30,13:24:53,1.5905555555555555 +argo-cd,v2.12.6,2024-10-18,19:07:18,v2.12.6,argo-cd-7.6.12,2024-10-18,19:27:20,0.3338888888888889 +argo-cd,v2.12.5,2024-10-17,22:03:45,v2.12.5,argo-cd-7.6.11,2024-10-18,07:16:30,9.2125 +argo-cd,v2.12.4,2024-09-26,07:14:39,v2.12.4,argo-cd-7.6.5,2024-09-26,07:42:42,0.4675 +argo-workflows,v3.5.11,2024-09-20,14:08:00,v3.5.11,argo-workflows-0.42.3,2024-09-20,15:08:40,1.011111111111111 +argo-cd,v2.12.3,2024-08-27,12:33:34,v2.12.3,argo-cd-7.4.7,2024-08-27,13:30:34,0.95 +argo-events,v1.9.2,2024-06-14,00:38:39,v1.9.2,argo-events-2.4.6,2024-06-14,05:09:08,4.508055555555556 +argo-workflows,v3.5.10,2024-08-01,06:03:16,v3.5.10,argo-workflows-0.41.13,2024-08-01,07:19:01,1.2625 +argo-cd,v2.12.2,2024-08-23,04:05:09,v2.12.2,argo-cd-7.4.5,2024-08-23,08:51:19,4.769444444444445 +argo-cd,v2.12.1,2024-08-16,17:16:36,v2.12.1,argo-cd-7.4.4,2024-08-16,21:36:53,4.338055555555556 +argo-rollouts,v1.7.1,2024-06-25,01:38:31,v1.7.1,argo-rollouts-2.37.0,2024-06-26,09:10:19,31.53 +argo-cd,v2.12.0,2024-08-05,14:02:15,v2.12.0,argo-cd-7.4.0,2024-08-05,15:22:06,1.3308333333333333 +argo-workflows,v3.5.9,2024-07-30,06:58:49,v3.5.9,argo-workflows-0.41.12,2024-07-30,07:39:23,0.6761111111111111 +argo-cd,v2.11.7,2024-07-24,10:27:18,v2.11.7,argo-cd-7.3.11,2024-07-24,11:44:52,1.2927777777777778 +argo-cd,v2.11.6,2024-07-22,15:19:04,v2.11.6,argo-cd-7.3.10,2024-07-22,17:14:41,1.9269444444444443 +argo-cd,v2.11.5,2024-07-15,18:32:15,v2.11.5,argo-cd-7.3.7,2024-07-16,01:17:05,6.747222222222222 +argo-cd,v2.11.4,2024-07-02,19:52:42,v2.11.4,argo-cd-7.3.4,2024-07-02,20:43:46,0.8511111111111112 +argo-cd,v2.11.3,2024-06-06,09:43:29,v2.11.3,argo-cd-7.1.2,2024-06-06,10:51:51,1.1394444444444445 +argo-rollouts,v1.7.0,2024-06-13,20:23:14,v1.7.0,argo-rollouts-2.36.0,2024-06-14,09:00:46,12.625555555555556 +argo-workflows,v3.5.8,2024-06-18,04:52:31,v3.5.8,argo-workflows-0.41.10,2024-06-18,07:47:04,2.9091666666666667 +argo-workflows,v3.5.7,2024-05-27,07:13:30,v3.5.7,argo-workflows-0.41.7,2024-05-27,08:09:42,0.9366666666666666 +argo-cd,v2.11.2,2024-05-23,14:14:51,v2.11.2,argo-cd-6.11.1,2024-05-23,15:37:21,1.375 +argo-events,v1.9.1,2024-02-13,21:21:44,v1.9.1,argo-events-2.4.3,2024-02-14,08:53:00,11.52111111111111 +argo-rollouts,v1.6.6,2024-02-13,15:56:59,v1.6.6,argo-rollouts-2.34.3,2024-02-14,08:50:21,16.889444444444443 +argo-cd,v2.11.1,2024-05-21,15:03:58,v2.11.1,argo-cd-6.10.0,2024-05-21,16:36:49,1.5475 +argo-workflows,v3.5.6,2024-04-19,21:43:07,v3.5.6,argo-workflows-0.41.2,2024-04-20,04:55:21,7.203888888888889 +argo-cd,v2.11.0,2024-05-07,16:37:25,v2.11.0,argo-cd-6.8.0,2024-05-08,06:21:31,13.735 +argo-cd,v2.10.9,2024-04-30,16:55:10,v2.10.9,argo-cd-6.7.18,2024-04-30,17:14:22,0.32 +argo-cd,v2.10.8,2024-04-26,14:04:02,v2.10.8,argo-cd-6.7.16,2024-04-26,14:21:35,0.2925 +argo-cd,v2.10.7,2024-04-15,09:21:23,v2.10.7,argo-cd-6.7.12,2024-04-15,10:43:13,1.363888888888889 +argo-cd,v2.10.6,2024-04-05,01:04:01,v2.10.6,argo-cd-6.7.10,2024-04-05,05:00:08,3.935277777777778 +argo-cd,v2.10.5,2024-03-28,16:29:02,v2.10.5,argo-cd-6.7.4,2024-03-28,17:30:11,1.0191666666666668 +argo-workflows,v3.5.5,2024-02-29,21:47:50,v3.5.5,argo-workflows-0.40.12,2024-03-01,00:03:01,2.2530555555555556 +argo-cd,v2.10.4,2024-03-18,08:44:51,v2.10.4,argo-cd-6.7.3,2024-03-18,09:36:58,0.8686111111111111 +argo-cd,v2.10.3,2024-03-13,19:53:05,v2.10.3,argo-cd-6.7.2,2024-03-13,20:46:14,0.8858333333333334 +argo-cd,v2.10.2,2024-03-01,22:03:43,v2.10.2,argo-cd-6.5.1,2024-03-01,22:33:17,0.49277777777777776 +argo-cd,v2.10.1,2024-02-14,18:12:43,v2.10.1,argo-cd-6.0.14,2024-02-14,21:04:43,2.8666666666666667 +argo-workflows,v3.5.4,2024-01-14,06:19:09,v3.5.4,argo-workflows-0.40.6,2024-01-14,08:11:19,1.8694444444444445 +argo-cd,v2.10.0,2024-02-06,15:03:51,v2.10.0,argo-cd-5.55.0,2024-02-07,07:10:30,16.110833333333332 +argo-cd,v2.9.6,2024-02-02,19:51:46,v2.9.6,argo-cd-5.53.13,2024-02-02,22:50:34,2.98 +argo-cd,v2.9.5,2024-01-19,18:32:02,v2.9.5,argo-cd-5.53.2,2024-01-19,20:20:14,1.8033333333333332 +argo-rollouts,v1.6.5,2024-01-25,20:19:53,v1.6.5,argo-rollouts-2.34.2,2024-01-26,06:31:27,10.192777777777778 +argo-cd,v2.9.4,2024-01-18,21:24:02,v2.9.4,argo-cd-5.53.1,2024-01-19,05:48:47,8.4125 +argo-cd,v2.9.3,2023-12-01,23:39:19,v2.9.3,argo-cd-5.51.6,2023-12-02,11:03:49,11.408333333333333 +argo-workflows,v3.5.3,2024-01-11,03:12:46,v3.5.3,argo-workflows-0.40.5,2024-01-11,07:20:47,4.133611111111111 +argo-events,v1.9.0,2024-01-09,08:31:10,v1.9.0,argo-events-2.4.2,2024-01-09,10:14:30,1.7222222222222223 +argo-rollouts,v1.6.4,2023-12-11,21:54:30,v1.6.4,argo-rollouts-2.32.8,2023-12-13,06:59:39,33.08583333333333 +argo-workflows,v3.5.2,2023-11-27,19:16:42,v3.5.2,argo-workflows-0.39.5,2023-11-27,21:13:09,1.9408333333333334 +argo-rollouts,v1.6.3,2023-12-05,14:36:31,v1.6.3,argo-rollouts-2.32.7,2023-12-08,15:06:58,72.5075 +argo-rollouts,v1.6.2,2023-11-02,19:58:08,v1.6.2,argo-rollouts-2.32.4,2023-11-15,13:09:53,305.1958333333333 +argo-cd,v2.9.2,2023-11-20,17:52:41,v2.9.2,argo-cd-5.51.4,2023-11-20,18:50:04,0.9563888888888888 +argo-workflows,v3.5.1,2023-11-03,19:57:45,v3.5.1,argo-workflows-0.38.0,2023-11-04,05:58:06,10.005833333333333 +argo-cd,v2.9.1,2023-11-14,15:55:51,v2.9.1,argo-cd-5.51.2,2023-11-15,05:59:33,14.061666666666667 +argo-rollouts,v1.6.1,2023-11-01,21:19:43,v1.6.1,argo-rollouts-2.32.3,2023-11-15,10:00:45,324.6838888888889 +argo-cd,v2.9.0,2023-11-06,05:27:12,v2.9.0,argo-cd-5.51.0,2023-11-06,12:54:52,7.461111111111111 +argo-workflows,v3.5.0,2023-10-13,15:00:44,v3.5.0,argo-workflows-0.35.0,2023-10-13,22:07:38,7.115 +argo-cd,v2.8.6,2023-11-01,17:29:59,v2.8.6,argo-cd-5.50.0,2023-10-31,18:12:30,-23.29138888888889 +argo-rollouts,v1.6.0,2023-09-06,19:00:06,v1.6.0,argo-rollouts-2.32.0,2023-09-07,12:23:50,17.395555555555557 +argo-cd,v2.8.5,2023-10-31,19:30:03,v2.8.5,argo-cd-5.48.0,2023-10-28,07:29:05,-84.01611111111112 +argo-cd,v2.8.4,2023-09-13,20:08:07,v2.8.4,argo-cd-5.46.3,2023-09-14,04:56:22,8.804166666666667 +argo-workflows,v3.4.11,2023-09-08,01:14:16,v3.4.11,argo-workflows-0.33.2,2023-09-08,04:20:30,3.1038888888888887 +argo-cd,v2.8.3,2023-09-07,18:06:07,v2.8.3,argo-cd-5.45.3,2023-09-08,00:13:52,6.129166666666666 +argo-cd,v2.8.2,2023-08-24,21:05:33,v2.8.2,argo-cd-5.43.6,2023-08-25,08:46:11,11.677222222222222 +argo-events,v1.8.1,2023-08-31,23:49:47,v1.8.1,argo-events-2.4.1,2023-09-04,01:15:35,73.43 +argo-cd,v2.8.1,2023-08-22,21:19:28,v2.8.1,argo-cd-5.43.5,2023-08-23,03:57:35,6.635277777777778 +argo-workflows,v3.4.10,2023-08-15,18:59:38,v3.4.10,argo-workflows-0.32.3,2023-08-16,11:00:55,16.02138888888889 +argo-rollouts,v1.5.1,2023-05-24,19:26:51,v1.5.1,argo-rollouts-2.31.1,2023-07-20,17:26:45,1365.9983333333332 +argo-cd,v2.8.0,2023-08-07,20:03:46,v2.8.0,argo-cd-5.43.0,2023-08-08,14:36:04,18.538333333333334 +argo-workflows,v3.4.9,2023-07-20,15:28:41,v3.4.9,argo-workflows-0.32.0,2023-07-20,23:20:17,7.86 +argo-cd,v2.7.11,2023-08-07,20:07:16,v2.7.11,argo-cd-5.42.3,2023-08-08,06:11:54,10.077222222222222 +argo-cd,v2.7.10,2023-07-31,22:51:19,v2.7.10,argo-cd-5.42.1,2023-08-01,05:57:37,7.105 +argo-cd,v2.7.9,2023-07-24,18:50:30,v2.7.9,argo-cd-5.41.2,2023-07-25,02:10:03,7.325833333333334 +argo-cd,v2.7.8,2023-07-19,15:58:13,v2.7.8,argo-cd-5.41.1,2023-07-19,22:26:30,6.471388888888889 +argo-cd,v2.7.7,2023-07-05,20:25:54,v2.7.7,argo-cd-5.37.1,2023-07-06,08:26:09,12.004166666666666 +argo-workflows,v3.4.8,2023-05-25,23:37:40,v3.4.8,argo-workflows-0.28.2,2023-05-26,04:19:27,4.6963888888888885 +argo-cd,v2.7.6,2023-06-20,21:46:46,v2.7.6,argo-cd-5.36.5,2023-06-21,04:27:57,6.686388888888889 +argo-events,v1.8.0,2023-05-08,05:54:59,v1.8.0,argo-events-2.4.0,2023-06-21,12:41:55,1062.7822222222221 +argo-cd,v2.7.5,2023-06-16,15:24:00,v2.7.5,argo-cd-5.36.2,2023-06-17,04:55:38,13.527222222222223 +argo-cd,v2.7.4,2023-06-05,19:40:08,v2.7.4,argo-cd-5.35.1,2023-06-06,04:53:38,9.225 +argo-cd,v2.7.3,2023-05-24,16:14:02,v2.7.3,argo-cd-5.34.5,2023-05-24,23:23:36,7.1594444444444445 +argo-rollouts,v1.5.0,2023-05-08,15:34:06,v1.5.0,argo-rollouts-2.28.0,2023-05-10,15:37:42,48.06 +argo-workflows,v3.4.7,2023-04-11,17:26:32,v3.4.7,argo-workflows-0.23.2,2023-04-12,04:52:48,11.437777777777777 +argo-cd,v2.7.2,2023-05-12,14:41:07,v2.7.2,argo-cd-5.33.2,2023-05-12,15:19:23,0.6377777777777778 +argo-cd,v2.7.1,2023-05-02,17:24:44,v2.7.1,argo-cd-5.31.1,2023-05-03,09:48:25,16.39472222222222 +argo-events,v1.7.6,2023-02-10,07:30:54,v1.7.6,argo-events-2.1.3,2023-02-21,01:14:54,257.73333333333335 +argo-rollouts,v1.4.1,2023-02-25,15:23:34,v1.4.1,argo-rollouts-2.22.3,2023-03-02,15:08:16,119.745 +argo-cd,v2.7.0,2023-05-02,00:51:25,v2.7.0,argo-cd-5.30.0,2023-05-02,07:29:11,6.629444444444444 +argo-cd,v2.6.7,2023-03-23,15:45:09,v2.6.7,argo-cd-5.27.2,2023-03-24,00:09:05,8.398888888888889 +argo-workflows,v3.4.6,2023-03-31,20:16:18,v3.4.6,argo-workflows-0.22.16,2023-04-04,11:10:35,86.90472222222222 +argo-workflows,v3.4.5,2023-02-07,13:26:29,v3.4.5,argo-workflows-0.22.10,2023-02-07,15:11:29,1.75 +argo-cd,v2.6.6,2023-03-16,23:07:31,v2.6.6,argo-cd-5.27.1,2023-03-17,08:25:05,9.292777777777777 +argo-cd,v2.6.5,2023-03-14,14:59:49,v2.6.5,argo-cd-5.26.1,2023-03-14,18:42:39,3.713888888888889 +argo-cd,v2.6.4,2023-03-07,23:29:08,v2.6.4,argo-cd-5.24.2,2023-03-08,07:13:22,7.737222222222222 +argo-cd,v2.6.3,2023-02-27,15:20:04,v2.6.3,argo-cd-5.23.3,2023-02-28,08:32:15,17.203055555555554 +argo-cd,v2.6.2,2023-02-16,15:43:42,v2.6.2,argo-cd-5.21.1,2023-02-17,08:23:54,16.67 +argo-cd,v2.6.1,2023-02-08,19:39:04,v2.6.1,argo-cd-5.20.3,2023-02-08,20:15:43,0.6108333333333333 +argo-cd,v2.6.0,2023-02-06,22:04:33,v2.6.0,argo-cd-5.20.0,2023-02-07,15:02:47,16.970555555555556 +argo-cd,v2.5.10,2023-02-02,15:48:00,v2.5.10,argo-cd-5.19.14,2023-02-02,21:56:38,6.143888888888889 +argo-cd,v2.5.9,2023-01-28,00:04:28,v2.5.9,argo-cd-5.19.11,2023-01-28,13:41:15,13.613055555555556 +argo-workflows,v3.4.4,2022-11-29,21:15:21,v3.4.4,argo-workflows-0.20.12,2022-11-30,15:26:09,18.18 +argo-rollouts,v1.4.0,2023-01-09,21:43:34,v1.4.0,argo-rollouts-2.22.0,2023-01-19,21:14:27,239.51472222222222 +argo-events,v1.7.5,2023-01-23,08:23:36,v1.7.5,argo-events-2.1.1,2023-01-29,12:16:37,147.88361111111112 +argo-cd,v2.5.8,2023-01-25,17:05:03,v2.5.8,argo-cd-5.19.7,2023-01-26,08:23:02,15.299722222222222 +argo-events,v1.7.4,2022-12-12,07:45:11,v1.7.4,argo-events-2.0.10,2022-12-24,19:41:24,299.93694444444446 +argo-cd,v2.5.7,2023-01-18,03:00:02,v2.5.7,argo-cd-5.17.2,2023-01-18,06:44:45,3.745277777777778 +argo-rollouts,v1.3.1,2022-09-29,17:43:19,v1.3.1,argo-rollouts-2.21.1,2022-09-30,22:29:28,28.769166666666667 +argo-cd,v2.5.6,2023-01-10,20:14:18,v2.5.6,argo-cd-5.17.1,2023-01-11,06:33:59,10.328055555555556 +argo-cd,v2.5.5,2022-12-16,16:53:08,v2.5.5,argo-cd-5.16.7,2022-12-17,11:36:17,18.719166666666666 +argo-events,v1.7.3,2022-09-28,22:10:34,v1.7.3,argo-events-2.0.6,2022-09-29,15:55:01,17.740833333333335 +argo-cd,v2.5.4,2022-12-06,20:26:51,v2.5.4,argo-cd-5.16.2,2022-12-07,07:41:56,11.251388888888888 +argo-cd,v2.5.3,2022-11-28,17:28:00,v2.5.3,argo-cd-5.14.3,2022-11-28,22:10:18,4.705 +argo-workflows,v3.4.3,2022-10-31,09:17:41,v3.4.3,argo-workflows-0.20.6,2022-11-01,09:26:43,24.150555555555556 +argo-cd,v2.5.2,2022-11-07,17:23:44,v2.5.2,argo-cd-5.13.6,2022-11-08,16:04:52,22.685555555555556 +argo-cd,v2.5.1,2022-11-01,21:53:59,v2.5.1,argo-cd-5.13.1,2022-11-02,07:31:33,9.626111111111111 +argo-cd,v2.5.0,2022-10-25,15:32:28,v2.5.0,argo-cd-5.8.0,2022-10-25,21:22:42,5.8372222222222225 +argo-workflows,v3.4.2,2022-10-23,07:36:55,v3.4.2,argo-workflows-0.20.3,2022-10-24,05:53:54,22.283055555555556 +argo-cd,v2.4.15,2022-10-17,21:17:43,v2.4.15,argo-cd-5.6.1,2022-10-20,11:23:48,62.10138888888889 +argo-workflows,v3.4.1,2022-10-01,16:09:34,v3.4.1,argo-workflows-0.20.1,2022-10-02,09:28:15,17.31138888888889 +argo-cd,v2.4.14,2022-10-05,17:53:31,v2.4.14,argo-cd-5.5.10,2022-10-06,21:05:05,27.192777777777778 +argo-cd,v2.4.13,2022-10-03,21:38:39,v2.4.13,argo-cd-5.5.8,2022-10-04,00:58:31,3.331111111111111 +argo-cd,v2.4.12,2022-09-16,01:33:23,v2.4.12,argo-cd-5.4.4,2022-09-16,08:58:43,7.4222222222222225 +argo-rollouts,v1.3.0,2022-09-19,03:29:00,v1.3.0,argo-rollouts-2.21.0,2022-09-29,06:43:50,243.24722222222223 +argo-workflows,v3.4.0,2022-09-19,05:23:46,v3.4.0,argo-workflows-0.18.0,2022-09-19,16:10:42,10.782222222222222 +argo-events,v1.7.2,2022-09-12,23:46:11,v1.7.2,argo-events-2.0.5,2022-09-20,11:55:01,180.1472222222222 +argo-cd,v2.4.11,2022-08-22,09:52:10,v2.4.11,argo-cd-4.10.9,2022-08-22,14:04:30,4.205555555555556 +argo-workflows,v3.3.9,2022-08-10,01:08:09,v3.3.9,argo-workflows-0.16.9,2022-08-10,11:43:41,10.592222222222222 +argo-rollouts,v1.2.2,2022-07-26,17:49:31,v1.2.2,argo-rollouts-2.19.2,2022-08-26,09:03:17,735.2294444444444 +argo-events,v1.7.1,2022-06-09,06:27:31,v1.7.1,argo-events-2.0.2,2022-07-04,09:50:24,603.3813888888889 +argo-rollouts,v1.2.0,2022-03-22,17:16:13,v1.2.0,argo-rollouts-2.12.0,2022-03-23,21:12:12,27.933055555555555 +argo-cd,v2.4.10,2022-08-17,21:44:09,v2.4.10,argo-cd-4.10.7,2022-08-18,00:28:21,2.736666666666667 +argo-cd,v2.4.9,2022-08-11,15:59:47,v2.4.9,argo-cd-4.10.6,2022-08-11,20:43:51,4.734444444444445 +argo-cd,v2.4.8,2022-07-29,17:38:38,v2.4.8,argo-cd-4.10.4,2022-08-01,13:49:17,68.1775 +argo-cd,v2.4.7,2022-07-18,21:54:21,v2.4.7,argo-cd-4.9.15,2022-07-19,06:25:53,8.525555555555556 +argo-workflows,v3.3.8,2022-06-24,01:18:03,v3.3.8,argo-workflows-0.16.6,2022-06-24,05:47:50,4.496388888888889 +argo-cd,v2.4.6,2022-07-12,23:14:34,v2.4.6,argo-cd-4.9.13,2022-07-13,20:43:07,21.475833333333334 +argo-cd,v2.4.4,2022-07-07,07:59:34,v2.4.4,argo-cd-4.9.12,2022-07-07,16:46:25,8.780833333333334 +argo-cd,v2.4.3,2022-06-27,21:39:15,v2.4.3,argo-cd-4.9.9,2022-06-28,13:20:49,15.692777777777778 +argo-events,v1.7.0,2022-05-04,22:47:01,v1.7.0,argo-events-2.0.0,2022-06-14,15:38:27,976.8572222222223 +argo-cd,v2.4.2,2022-06-21,21:19:40,v2.4.2,argo-cd-4.9.5,2022-06-23,05:50:20,32.51111111111111 +argo-workflows,v3.3.7,2022-06-21,00:41:49,v3.3.7,argo-workflows-0.16.5,2022-06-23,16:01:09,63.32222222222222 +argo-workflows,v3.3.6,2022-05-26,01:22:39,v3.3.6,argo-workflows-0.16.1,2022-05-26,11:20:50,9.969722222222222 +argo-cd,v2.4.0,2022-06-10,17:59:33,v2.4.0,argo-cd-4.9.0,2022-06-14,10:10:37,88.18444444444444 +argo-cd,v2.3.4,2022-05-18,13:14:17,v2.3.4,argo-cd-4.6.2,2022-05-19,17:54:21,28.66777777777778 +argo-workflows,v3.3.5,2022-05-04,01:13:34,v3.3.5,argo-workflows-0.15.2,2022-05-20,21:14:27,404.01472222222225 +argo-workflows,v3.3.2,2022-04-20,23:16:10,v3.3.2,argo-workflows-0.14.0,2022-04-22,07:09:42,31.892222222222223 +argo-cd,v2.3.3,2022-03-30,01:55:37,v2.3.3,argo-cd-4.3.1,2022-03-30,13:40:17,11.744444444444444 +argo-events,v1.6.0,2022-02-13,06:42:27,v1.6.0,argo-events-1.11.0,2022-02-20,18:31:57,179.825 +argo-cd,v2.3.2,2022-03-23,02:12:12,v2.3.2,argo-cd-4.2.2,2022-03-23,09:53:45,7.6925 +argo-workflows,v3.2.9,2022-03-02,23:04:35,v3.2.9,argo-workflows-0.11.2,2022-03-05,08:51:50,57.7875 +argo-cd,v2.3.1,2022-03-11,00:07:41,v2.3.1,argo-cd-4.0.0,2022-03-16,21:02:33,140.91444444444446 +argo-rollouts,v1.1.1,2021-11-29,21:44:13,v1.1.1,argo-rollouts-2.8.1,2022-01-10,18:21:14,1004.6169444444445 +argo-cd,v2.2.5,2022-02-05,01:42:13,v2.2.5,argo-cd-3.33.4,2022-02-05,12:55:15,11.217222222222222 +argo-workflows,v3.2.7,2022-01-28,02:28:31,v3.2.7,argo-workflows-0.10.1,2022-02-09,23:06:55,308.64 +argo-cd,v2.2.4,2022-02-03,20:50:43,v2.2.4,argo-cd-3.33.3,2022-02-04,09:19:44,12.483611111111111 +argo-cd,v2.2.3,2022-01-18,18:03:37,v2.2.3,argo-cd-3.32.0,2022-01-26,15:14:35,189.18277777777777 +argo-workflows,v3.2.6,2021-12-17,21:12:28,v3.2.6,argo-workflows-0.9.4,2021-12-20,11:00:00,61.79222222222222 +argo-events,v1.5.6,2022-01-12,05:18:08,v1.5.6,argo-events-1.10.1,2022-01-18,22:20:08,161.03333333333333 +argo-cd,v2.2.2,2022-01-01,06:38:42,v2.2.2,argo-cd-3.29.5,2022-01-04,10:16:28,75.62944444444445 +argo-events,v1.5.0,2021-10-12,18:48:33,v1.5.0,argo-events-1.8.0,2021-10-27,15:13:58,356.4236111111111 +argo-rollouts,v1.1.0,2021-10-12,17:02:30,v1.1.0,argo-rollouts-2.2.0,2021-10-14,14:58:28,45.93277777777778 +argo-cd,v2.2.1,2021-12-17,01:41:25,v2.2.1,argo-cd-3.29.1,2021-12-17,10:06:18,8.414722222222222 +argo-cd,v2.2.0,2021-12-14,18:19:23,v2.2.0,argo-cd-3.29.0,2021-12-15,10:15:30,15.935277777777777 +argo-cd,v2.1.7,2021-11-17,22:18:58,v2.1.7,argo-cd-3.26.10,2021-11-21,12:48:45,86.49638888888889 +argo-workflows,v3.2.4,2021-11-18,00:41:27,v3.2.4,argo-workflows-0.8.3,2021-11-21,18:59:21,90.29833333333333 +argo-workflows,v3.2.0,2021-10-12,16:28:36,v3.2.0,argo-workflows-0.7.3,2021-10-15,10:22:13,65.89361111111111 +argo-cd,v2.1.6,2021-10-28,20:08:23,v2.1.6,argo-cd-3.26.4,2021-10-31,11:57:25,63.81722222222222 +argo-cd,v2.1.5,2021-10-20,15:25:12,v2.1.5,argo-cd-3.26.3,2021-10-21,20:56:35,29.523055555555555 +argo-cd,,,,2.1.4,argo-cd-3.26.1,2021-10-20,06:32:59, +argo-cd,,,,2.1.3,argo-cd-3.23.1,2021-10-06,15:28:20, +argo-workflows,v3.1.8,2021-08-19,00:19:56,v3.1.8,argo-workflows-0.4.2,2021-08-23,11:13:42,106.89611111111111 +argo-cd,,,,2.1.2,argo-cd-3.17.6,2021-09-02,21:59:12, +argo-rollouts,v1.0.2,2021-06-15,22:33:04,v1.0.2,argo-rollouts-1.0.2,2021-07-07,15:18:22,520.755 +argo-cd,,,,2.1.1,argo-cd-3.17.2,2021-08-26,14:22:27, +argo-cd,,,,2.1.0,argo-cd-3.13.0,2021-08-23,12:14:11, +argo-workflows,v3.1.5,2021-08-04,07:14:30,v3.1.5,argo-workflows-0.4.0,2021-08-17,07:31:04,312.2761111111111 +argo-cd,,,,2.0.5,argo-cd-3.10.1,2021-07-27,01:33:24, +argo-workflows,v3.0.7,2021-05-25,19:08:55,v3.0.7,argo-workflows-0.2.6,2021-06-25,06:16:05,731.1194444444444 +argo-events,,,,1.3.1,argo-events-1.4.2,2021-05-21,16:00:05, +argo-cd,,,,2.0.4,argo-cd-3.6.11,2021-06-29,08:49:22, +argo-cd,,,,2.0.3,argo-cd-3.6.3,2021-05-29,08:42:00, +argo-workflows,v3.0.2,2021-04-20,15:37:15,v3.0.2,argo-workflows-0.1.1,2021-05-21,16:00:07,744.3811111111111 +argo-rollouts,v1.0.1,2021-05-26,08:43:12,v1.0.1,argo-rollouts-1.0.0,2021-05-31,16:06:49,127.39361111111111 +argo-rollouts,,,,0.10.2,argo-rollouts-0.5.3,2021-05-21,16:00:06, +argo-cd,,,,2.0.1,argo-cd-3.4.1,2021-05-21,16:00:04, diff --git a/scripts/release-analysis/plot_graph.py b/scripts/release-analysis/plot_graph.py new file mode 100644 index 00000000..8657fe20 --- /dev/null +++ b/scripts/release-analysis/plot_graph.py @@ -0,0 +1,58 @@ +import csv + +import matplotlib.pyplot as plt +from packaging import version + + +def plot_time_difference(csv_file): + # Read the CSV file and process the data + data = {"argo-cd": [], "argo-events": [], "argo-workflows": [], "argo-rollouts": []} + release_tags = { + "argo-cd": [], + "argo-events": [], + "argo-workflows": [], + "argo-rollouts": [], + } + with open(csv_file, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + repo = row["Repository"] + time_diff_str = row["Time Difference"] + release_tag = row["Release Tag"] + if repo in data and time_diff_str: + time_diff = float(time_diff_str) + data[repo].append(time_diff) + release_tags[repo].append(release_tag) + + # Sort the release tags based on semantic versioning + for repo in release_tags: + sorted_indices = sorted( + range(len(release_tags[repo])), + key=lambda i: version.parse(release_tags[repo][i]), + ) + release_tags[repo] = [release_tags[repo][i] for i in sorted_indices] + data[repo] = [data[repo][i] for i in sorted_indices] + + # Plot the data + for repo, time_diffs in data.items(): + plt.figure(figsize=(10, 6)) + plt.plot(release_tags[repo], time_diffs, marker="o", label=repo) + plt.axhline(y=72, color="r", linestyle="--", label="SLA (72 hours)") + plt.xlabel("Upstream Release Tag") + plt.ylabel( + "Time difference between upstream release and Helm Chart release (hours)" + ) + plt.title(f"Time to Release Helm Chart for {repo}") + plt.legend() + plt.grid(True) + plt.xticks(rotation=45) + plt.tight_layout() + plt.savefig(f"time_difference_plot_{repo}.png") + plt.close() + + print("The plots have been saved as 'time_difference_plot_.png'") + + +# Example usage +if __name__ == "__main__": + plot_time_difference("merged_releases.csv") diff --git a/scripts/release-analysis/requirements.txt b/scripts/release-analysis/requirements.txt new file mode 100644 index 00000000..1c1b383e --- /dev/null +++ b/scripts/release-analysis/requirements.txt @@ -0,0 +1,2 @@ +requests +matplotlib diff --git a/scripts/release-analysis/time_difference_plot_argo-cd.png b/scripts/release-analysis/time_difference_plot_argo-cd.png new file mode 100644 index 0000000000000000000000000000000000000000..738c0b983d2b5b7ef9b2e0782ba7637c5fb6588c GIT binary patch literal 84009 zcmb@ucRZKx`#yeaASok+j1UQtRYvwqrEJN}9+8zj3fVMB$sXCOl075Ygj7~ml-}n2+&*SlWzs1w@dEeJ{Ugvq7$8nr@;7vujV+7O$7=|6YA}_6sVFxEM z?0_adF8pMku7w%?Psl+=(?P|?#KFnH&KSFH;Be2%#=*+`&guKccJ}5r*1VkD7dS6) zoHlcCxMwfK#dY^zui&(?Gv$h~)3k$kIdV__mOX|M8KD1g(#6uuF&qrLA}yin9P?+u z$yvpC6K~GuDa)_85FSgaCRO4?R1XilAtNW2(IvZAv0(oYKb`f5c)i~Vy~ttAgPi1n z#w{K)nFwYcV^wk1=Q9`0U-7wkdYzfzGk2p zF_QhS9yZ6jH@pM(zbF$j&82CUTwYJh@)51-`VEA`d z-p3vdJ)OR;(~Qc#?KrM*Y4bl{+1wea3lwntO~%8^Ti~{8Z8cO$>wlb9(!hYBa{cEi z%^Y=y*+E)8&-K)&i!6+pQL1c_a(amr0yx!)QvMfA+i13yd-Z~Joql~zRSXwlWIWIs z&Hn*i>&l;7G7XuQs%+$R&OdOXimr$i>6G0+?4mx%&cRXFUt(|j%{YqT;zbH2C8f#k zj1wj;FCN%WwDmN_w8aYh3)=s5rZIZeY66RcTT)WuyuI8z-*`6u^!fAW^PinzOcH9C zAYDDF=T0K^h|t!pOgAq|tkZpGeS&<~CnO+UbYtwlef%VcPAM6@zTv?^yyE`MFl>3jUA#Kzme}%9gg?f zsriy~yR*nfFRc&$;ZnZz`Kmjt%`r_BFh1}_V7V-SKWLlR* zjtQ3mW0JngSgccfoCvIv*w}0pY1FC!=)1_YF=x*XepTRa@8;HRPM za(K3U@wir@h2P|)86n+eO4GKO2gC>3MK?L3FWH2pr?d7ukA{9~ZOyS8n62DAuA$>d ze&@~|;*%%+r*g}V;}Owi-{-s<#aaJ?+YrNgwe3TjmA9ORJWkRI-}lwclk0kY-FA0- zl}Su&XrjTZM@<7K-WZ)3$454hRa8goTDPrjq)!#pE(4f}dla*m-b9M)-yu>zEXT#zC-kEpdva4rfm{s5VV?!o`Vpr_uo< zp5b3<@v=qM1CJj+_I~k#Qrodd?du!k;4YW2yqAZMQY1J|ed(B5c3vHDvaKiAz%Z8U z(PzZsqd0YbFW6p-5g^&#T*brCVPK1FGH+e_+4^d{SM|;vM(gro?Sk%27$|M`Go^r zXlG|9D+k9R%zb@4YO*8oAgoYlhRRuYICz|!wrlSX#7-<( z9BXJiAR7dSSddw#^0hva{6DQd&kPQ7)WrZN7nCq*9bbNhd-6 zB;>Zup%;SoEJ98*A{r_SjshAFOa2c%HjD)k{PqvP3-SzIgreeBBANp-K_#({3!U>G7X!vB45PxCRSj zjRLMqtQ4Hu0Yjdf$HcamPQ25~=?zyQ2zd7N>6jsevUI$tM@RN8-j*1_6WrX~Ya_v2 z_qwiM8iq_<`{@bOfUeEr&sNHdR+OcVQ;)vAHI>RyH*9>$OnE^cLp1^=fA1WUuMjjL z1%?etE{i|crt+%t?+r_$tR&ztNt~3NJl?QXdz9g!7?;+ATvr;CPkM@JoEK6E5Xaa(k=_S-d|*DSbm7$s&% z$%bF^4KORq?_yhXQvLV)?iNqPx!qJ%^_2;xF!=PCVGYVaRzx<}tv82KQ&abnWbYKW z-IzQXIXQ~`j}@zf>|T`JWllCx_8Y5JyP+nn(FTL%F3yvQ{`Vl{6Ch7x-q&AUG=L8> z>&Ybl+49oo=~L43<>*AUSq-OOTEkACm9ei)~?IHS^PN_r9#`4tsSHtk(Ki}S>GGw_`aULp! z)1b>)q5FRV8tA=f0s{lTmN{`j9`=X3z`-caYx$x8pByN=MCUR_5_8#w6um2?u+Aiz zVCsg`jF~5V4~&eC*3XYN_z_E%L-^d8`%xo_&+y)6h!e7DZXL0-^jIyV7_R<`$Qv&% zNTj5uHV&B@8R26|1|J?Viizoo?m*@~ijBN!<~(8Y_Lit;-`%1kv5IFEu3m-rgoO{R ztCO~E7g-euwcputdGh%2&2eXARLil`aDyWbm)Y5`PC5v2JJ0DG6lji(+Ei`7$4*ml z>1t0qMseI?!~$SH0wIV3cum^^$l28c9vwSHP@&7!79+?MFMRKZcxQ>d={olj2HzeF z@(QJEcxY#Ul+UV*PS*C+p{~uKL1W-6@CcH<0r2u@NXd z&%<@@e={B_oyyHxDR2?ebHcjU5QJIZUL=tWfUJHLyR*J9zEHp<7lw~X=BNk54akUA zdTzVoh;!U}lk$DtY5Kd`nKNg)*96$xYvw1k)zw*)RaELHJCnx^$H&K$va?%$Rl>fWaPNR4&3z5PQ%CYVsD}Te*WbQIafMaHdIX6q- zi$bk_+XmW&0yxF6+VA_U7tP8)e^yTGeYWJh{UWtgsVB>#IvA zWn^R)3Lr%hV2ZQnv($4)u{!&9kqL+0S2mTm(pA~kZKRzR78hl-wPPl~y-j01ch0u- zx@*PDYb>4VN=%)pS5Kx54M3je!q6IM2;)NDOq35SBbL++FEsCBA*2_j!8(#;jz-0Q zKS822O~q?M2$gVb)@|j_k?QxA0L5y56*n3^6;8D2FD6-EUoW11-}g8+_Pm!lAN3N% zvVu!~+Qqxy4?S!2m7{a1GjE*|S?%|MW!akb+FhI!^1(eO`Qgzq2-u_j?u)GeCu@H9 zWObIi*kkXX4#7Q+KEG`(p``TW@@`BF4Q%tFhA>+DzGaW0N)Lhie<(kOp7MuZtXJat z;2gv|UPmOhb$VBrlAN4*sNL!!)7i6lcfY@rfD#5Ln`!9zix&Ytctj(RtvDN&Oe@1s zVYBKlE@SI5<_zVFQuu!M);4pL_Ctv4cQ!-1o^d$j?Iln?)ZHp-Yilid|IGaS z@%5QRS{EufiiU8f5Z;(~kA;l2HD^ zoMjXggfsLjHEQI$WnO*Jkmv1jQK-l9a=l-smKUZP?-ZPdi-zkc9(#IKTlC|R6D$HE zPVInJ#dg*XI`!M)-7z#AAB9RS2hb#TW)m{1WOC<^M1MLvp`FR(a7p|JkbrZ)msrD& zK!8B~Gl_f@#uiC{Pn3F!wmzQ709v^JPIfz?aZtd<~eq&J( zuswGB!h}353WVswG{4J4tkb>u`jg2C2^dt&kFYTqoarIYtut=hf6p&K|4Nsbdw^{KC~FLnIw z89)xblyz=A{wXPE{tQ(O{rW0L@8PSV=RqzPM)TmC)${PQv^0&9*I9-N_g4GyteVBX z}NXkj;#XZd+Wr^%0NWo%rf= zjvA)$%MW!cTp1V`a3C}c8^Roa?+oPWiNy%m9vE_8Ja*CQt2gW!abDGq(4gC_2x<{L z0l_MSOibA~$KId*ZZJDoAz=SAq`@*oglekmhFCr7$PhXyXrPmVs`ik-U3)924| zF~C&mDl9EVJPb@sAJPg^^rxaNb88^khrZ-BZR-7EQK+k@;`(QPex85OsXmDO#RY={ zx*p4F>zd}~8O>o!jg5^j_{>QG8~eiUEdh=L&|3qo)pW1B2g#rL%iMSB@ZDFwnXWB$ z-I#~s$bNqSs#XHTy=IABYS*G263iC&@8lq zlT-jv0R(Wv+NV9$Z}dBQGP9zJ%uID>^$r~Nj$aPWi>;Sp-^2t{oR^f4z{xF}5sLrm z2CYXjq&LlceH^Its9Ye#xYq8qU3R1U%?ZoeGBJp8$vm+ltQPdMFZi*1B@t1T_i(NiX03^HphlB`JyV^7_~_ zT|Es2I)Rty@4L3y^u2F2x75KXMcoBBD2@(#Zr)8BMKKJNLcd5A>=7lO+2gIA zv>WtT^^Y1K5@;Jw>N?{9oK)<6OeY0turuF4svP=n#oKF~I;GutLpUT#=}IYd1<+*+ zxGWe|e=#G0S{Mv%POaZjTS&m83(Z^&uqo&-V?;fu5%%jyyAjXkl_324bLvq(>SL%! zAR{9a&+9d;_Qo;mPA8%B+Olnl6+S8Df4u(KrG9T%?IySD!WXv|zCbN{1ZYzq`g;VX z=KxJ4*bG%p_LuO^luXdQv*;l}C={0OLDlX~Src6+X`xmqI;~JjrJz7^n}0ro+AY)e zxccYkZxhqghx1#0!LZz_9ar~-#Ckanp&vlr>@|-uF(Ie{ zfTQ93;{o27y?bn4-a`@H>+iJAtLJJ5LhF*KSLIne{`@xFB)wUo7R_a6;^rtWIc4Ri z%@rM4_JCgv$D1NitA(P;$jImi0CTueT5V5kQ~?;JCs2rCiHU4&ZK32#K(A4;b9)lD z^doeR9l&MvJND`^wX?`9_VTxe{lS z=8~k@*I<(rAy8$qZ@ra`5q469ofhzbAkklY)B3%ctLl$KT-kJd%5*bL(eTqYdLE+y z*a6}vPo5+}21DG~9pK6M+g70gCCh00cEq^+}I9_LIf)BK)=Yy#g+Hb zvh-CNv7{yk1?qdze?Zf4`Vzz2oEQlco*~Z2$dJtH34+!q5Sl&RY|VnCruLMD=l7t< zlS5u6J$LS$WL|IZyLWuH&F6~(pjPUNp5@}YaV?tf3ZGerc-_a3K@3ul0sssLz>ByI zY7ecKLno#Ph(_uR3ri4?FrB$N!t>DCAAQz1#`pT{q9dMn@$SxM#YV~c#^SG`s;Wsi z5RtZ@KY!M?KC3a%&(_@BeBy@K_B)8;w*g^c6zJ~ZM2)~co_zW8C4XDuf@O_GVG#7F zf$*V;y;Cx+K&YJ%fh2(TP?r-x!c+%< zAg1lf`&(uAh9CBE(?mXh9t0&`mCyXMG%y5#q8=Lo&=erFD}48g`an4>+hV)e$?5Nf zCtNFZ9e#IT0sc!Xgib{3on>#^uX0FE+{R60o$t(55&_`#y}w(J_Ve9&gX`*fy60V2 zXU^}^xGqgHh;IJjO|u{LSk-wF7sm;JeR8m(Y;D+|KJzjQl&WjY(#L4EF8?S#A2u4z z!Ei{GO)c_`C?kAjzAAP2^$=Pf#1R#WkTWLbCj$h}a~mQ>H*3c8s`X}us-iHT)j%mZ z9CzV3x0w>H7{G07%4dA`_~zkp$Z)j@5 zi72i=`4q919fA8Kc;>{a=p+WGY+@-gGSUwsco?xUa0h#A-rn10A9gsl0Wjx+<8ReJ zgB8LzrHJ==X}`lVUlPi?ifs)6sPH|OIuz4mQD0&|0rcI3>iZk}?D?2H{sUNexRdU2 z<+*59(u7$EsHPNPkLQ5_Ndk6HRAPXEWG8wRw&-0r=;`0G1-N#-ZvdaOjqQO|!HH;tu*ZvE1Sjf{3W7 z(ZI8DsIJ&fb}-b{)nVA{YcC(}ZqItHL5+ak*c*?|8G|!e3rFEl^_Q3#Xi23kEZ97E z)=iB}OwjrDR?n(0cUim~EvKzbgY^*!h>8xTHINcQy+3u)3cWc*B6*dF_D6g_!8zMU zy)L2iqH0ui9@|bSC-f)s(OwK71JS z9vd^ls)3+2xcG|OtmE{03}DejnpUc*( z(ybgY<6~rD!36^HJe**4<80VIec-Rv!npJ*X@IZw6gj@Xb_9ALH$je)l8|_C<7x_d zV}clMgGl{i5DQk z=c4}|DAf(OivD#BuxcY7Bv%0;R@AH$1D*Ih!tXEiDe;-d)8f>FE1_A_!vTkQ8to zu-H0niLWQzuETl1{m$$GRCqezL2QL8p=8Fd5zHqgVsctRu7l~7R4BR3?a8f z^(=1JB{MjXh$Tk)#<)GSLSJ%qg5g9YYvk!7V#)W&iMbZu_BFnQFn3 zoQmq#MOMC-*Ko@Av#PVJVggVnINsW+Iyxm~T(FF1Z^VUkcdM3f{LVrwJcdp86*U0; zs)y7lQJt=5gN}e`oPqT~aJ^XM?D_M@;85kz4AXsfcs#hZkH@&8CEbHiP8>W;1Q{{O$Luc9i=^5kZ9E z9bokDfqumR`(|!#je6vI#}MnN!z-|#P+VU@x-JNzvXYVq=-lTd05YiC^JfNvXl-DSxV8NGDwhG& zfv=^G>~?l`G1ed`tJ+nPedJJo5KC3^H8!WVEks*0o8P8T4lRr735G)(n(J3 zYS4)wY##uLtnEHuzc7uMGaaV^KP06rOc{NJI)5QzY#HbJ%-9hl*ZdB zQc08iM!8HM@4@EfS~x*-u(XD-T%X$7p1%cJAYL|2F&4uB21T`V0SJN`=L3jeTl96O z83M}dm2if24(=g6AorCkD~gLLH&>>mpnZ7~6Z7W{&&J&F z2h_;Ngz319M?yqp#f$lEG*4g^pdl%=`TRZ?tfoH`EoFT*KovvlZ7H1c#*hV_&Gj=1 zSv85Kk5mP%3$>I~HGPZM1k!un_f%DxjNKV|8r^Hc73*-gG>uuk#LL(fN`x6PvZnYQfE&IA`uWIouPw{rIS-tjTjldx$Lg%;|aJp zuT9KtB|A?_iE@*lsaN;QOf>fR*3BS2-u}E$29$d;!xT~_-*MKCYeXoHE^VvbJ(YAt z@=Sl~Bh`FI`>M>lQhQwIT`?#;m`Xdu3*To&K#R z$Je)};aeV1w88B#2OMH!LyHNo=jQY!RA#UaAXGpim)$wweU+<%3>MYCOtAvqOYzt! zrn(+iK5Fmn39{agq1_#)!q{B`0s^>c`UL1J*MQ9c+e5A9bAS4?uC8=wF`tO>S&*BA z=O50Al(PJ_`He~FP)aH9xpPOLA$EqA-xj!OtHE+Aun1($dlFrq!*sp29Z``)w?gN+ zW-vBB-bjBOR`CZU`8wpOu^tej5puv^?YAcik!1on&so%4fkcq#=pbaBh|=?{ff_Uq zt{4NrrkJ-sy(c9i#Gf)>odeJ?g4&oGAH2wQgKibksA76}GsKPMR;*}&p(p8fku};x zWF-Jz12~jnXaI^qTIKfIaR+@yyU|7Eg&En&j7gWh?7Tz$J>v*PSXFtG=wt?t^_^_> ztoikc_)*XYBq6d80%&je4>~JJku!z5|DhGugQU={6UuqTC6&!XfWu+Sw(%woUG^1 zqn7+0DEGj(v{O$isfprEqNScL?41MZU=)%&Jt&c3uw98MDTj_x^X)OU7PP&sOy)R_9-j(i8S3ONT0wXTG zQ#s*a{sfAWi&?@+&AB}Gj;!lUCT)8NzygVPfb&Jic(+w~cUD-9B3|5Wg=q4Qlh7QJ z+KU)61by^P_|d zXMG>@PMT<(O4_&7`3cG#SORYCD82g}4kGJ7@>q99suXD7tlWqE1fSIh*=3#QF~yDD zTi)MH@CP9wgbn~rnrtg{iF|4j>WImHh8R<^$rg~YaR~E)lA;`fX8-38d;BU zXg_Fx-cb)83N6b~cG3jUd<;Q7Q47nvU345`LgNnH3$9AZ)~2XQ{bJD!#Q6oF ze?bZ(b*-QS_>Fu)$jY@I6U_jhlH&h^BM-$f|Zl=_@2#t>d?2|K9|O8q_R5tbXthAVVYPM1#M`&WDpl8i6!ORz9ewh(T(En7-doE2 z5|*IEG|@*pD{S?mD4lhgN2XW_uj7)!7jT z0ydX}`TQb%l^(*t-l$D)!$$c4V^Ulp!pnOCuJQw@cskQxRbF3{K*lOa$`%b*6%=X_ z2n7~t7%sg5!mQwK-$kq%z#&T6d(7zX%&dFhBsKW<#uy!o9k3RuxeYV{TRI06ZxVzu z3My1ek?qcFds+VKRfPZMJEVvN2hzY6bm8SS0k55M4a0L1(B*zSWm5-vjj&oh8sIV! z>MD!pKb|T8V-`BfrhIB_wx;`L;$?J{ZD;xg(Y7G52pKVv!=T0P`bF!0e4m=rQT3P1 zIxr-B+g^7B5mUv*%^2k(uw`aVSBio)4-}e?99UH2vOAWbIp?>K%oS zOAc&ZmN9ASS&kdJsmf}?RZZO%{JzAB4cd`a4Rv)OTY@GCUd$ih>5>9o0(A(Z;C_yF3+V-#Jx+&QRlK!|~Yg`ud{?@m{`nblJaX~dEv_4I*Ela5;>d$~9$IM8-i zP0&qypk#&6GIWA10d|qj)Xv_{Zm#vx&=1JY4PX%+%R|&_LPElK=1<`7`8fQ+UuO^~ z^oz*X1wJs-$Ua|UB*-BfH;M)5XX8ZjEf6aUiRx>KeOi~HFlgWXlR0pODA-gU&sa>^ zXh0&l07NOWHEyoXHUMMj2gaJ_B6@*)7vfTa#l105U` z91I*I45FgCXe+t*^@inJii*drE0)#!!R1j5j3QD|Q9la;Uhe1mZSegl)}(`6VrR#L zShSRslpkQ@0pqA$={B;xjMN7Y-1mjgKV7*tax|*wyly!q+`Ust?$*xcYy&`^d1z9Z zAlXf{#{+tU9{r&<+e{8D#|Sz)$V0TdH6aH5{D+p8yq(~XblCwL2R{%*-jGU1!E*i) zXze*T?>&@Wxj=USeqOukoPYE$eeYU z0mAGdd~lQAK&j&g0M7-$phJcKd`=)L1T;y@FWFCeT{JF&)ey<2kX;>xbZ_4Dj%3$p zx<0{nyZ9ahbTb$9t1%Fwj)QA(FBGBA>1~MjZH49mHKQogO!j1*^d;6TyPu;?4JgK~ z94aoNp-{dWh6G*@4U|Q>HPC{nN`hx60s1HB*@{(kWD+5B0mU}20scmil^XKaHx-@` zZa`RuKu9t|){N4*|I*$4NA&|Bs!~X$Zoc5nuiFD)zqu=P!vVo0Ho4k^+6Z8IeY0w3 zBdf_H)gGzT={>pj`OxIo0YlS27zgVPXOBLwVuc#HCqFfuASJ!2t^J1&Pfj_ogwG$k z`65Gk$l_Y#Ux5~$;gbb5xj&$MVKky27Im+EZgT;CHj_3Dv~bi!_m!LnBdCb$Qgx(; z?yYGt>0@yL1?*c zQ=tYR@TmlzHwxfjuFC3PU1>m7$5`J6Gl%krn=kI{1J3mO%q%QI#tBo&zgJv{a6wFi zv?K@uU?_C|qj1TOzFB>QMy|kR(FA;gdyqA`QP8Ii`vDD@JWNY50NNPm@Cny zJmZ-R?0laaVr=ryu!(9FsAgxGnZZngk0A#!=ztgo{5w%{XF7t(DVWGPEj;gi+_ezj zZ4e`W<$+aFn*6h3&+QEZV6c(h0IbhGs9}9|$>t*ze{L{iqKiB`?GtC!p71sp5ium| z3RyicDZ&80H2}uoq~I*td83sB74JXz)YC^8!0&%=xb`q42Dpd%hMQ-^y`aBT($XTp zoWYa;sutqw4FT`H;J19f7i$s!u7jeV&G^g)%LP$Qht2}A)ohWOO)ir75fKrG{!Q}N zAfG<4KDc922VmVmEn460vEVmpi^-@n&WOv`Jgm^th9ktgH@`C${`IS7N?O`pU4ZnE z&|{GmV|ek^JTQs>@tzNW{6WN5J`p}yAKo_LBxFoegvkp8WJ9U>YavAa;X@G;P&g)K zAWzWtAc%jmWv>l+QUy%`urM%K@QWwm=+eIk@ZUl*b_<|JNdfJM$dp#ur|W&-bi&X!&dfj^-4+IsMWNlsmG5DYzl0ob9j;`R~oq08wNKbeSAP3nYT zIAf+4Fy7FsJ$d=^*7zD2+EIo@8*k$9DPd|Kn=&T3Dm=kFz)}x`7Pv?#i&Quai2#XG zK%jh}b?Q%qK>JAeI*71Td&Jt{pV_G8V7Ly@H#@*U@XoCB0NgO54ZJ7hlT zti*GD_kr5sdGTIvsN|6h>KAyb_gX{O-{(*)qd)sz$o~EP-K@Itb1hWUR7;exvYfVD zyu9Lj{C?7gOo2xSP68-{X5ZeVK8;Fo71x3r4c8Cci&~PN+dxM^bF;kG4VN~1gnXZWLR=!v`rg@ zMx`FGFv$0{FA`hgBziR*Z1JpO`SP!Epb`l$TWe){Uw(F)x>w6|~< zT99tNP84bFy)4O98o(_`sR#gac;zW)=oe}sqDtGom0y8S!l1?WSgAtlLv`cZZf&x* zdn>3K&#F8kipVS)0bPCb zBT*i=0&#tiHqdMml434U5>oP8kO99K3_y7=zFm%$w!I(J)_T z85BY~L^m-1lwJ-1-!nwWTM^pA6)bi?H8N(R7h4u;fnQWFu;iwQ(Hl)A>!I1pS~l$o zeVcWWFH8Os5=1fz{SD#t;V`Ul&h}iUX^1hog!8-i%7MbGd)*wI80jZ0wgA=;$&H8{ z>w!`R7M72{Rv-Yc2O6*vUZL$@Cb5t<>%MUNJUR2szp}X(>r)A_dp|JFsx3R1r5FZ= zuntbkcplX9b@u^!&ovyRoWQwDRL(#EF|7}1YWzrr@g;tk^h>jc5uN!wukE8?b&|h! ztq#%UAQi+uXifedbhV~#}C|q;GiY}RtvClE%>~G$D5<@jM~Oxn`rxSPD`H0()Him`}^kf zfSMohKqpOj>SFeHdl>UUV&&j{(BdIvk5_H4oGNviJ&rlU=)?sej?e%Q@ShnY_AIlX zs2p_aRsNQ8ReC=M@0mbwzb66DDi2+pH_pL1urM<~Cxant8%Rn`HG&u+H6K3keZo#N zbx>=wwDZ7@2vchdtA2idFn87Xvh^n>Mm==J-u{xDmkm)jrJrnHyO2WKbFYuefn^2R zzuU`mMceel!MA|_5hQ4TePm(yfB80wThico4JGK!#3BFNw{dYQeOs}w6!00yqOXc) zsIsA{r{Z6)UyT_eBmoQqIETVeokti2oGIY%1F6~vVTR;z(OPH}V{>~TZzIp|j57vUI z1!}19NeKz!J3?Uo#ZJF@`_`|~h~OI+G@>vj!%T=PC2kF?NWbkMnbNAsKBK#l<=*yH zLnHVdm1X_IV{)}WZE@ZH%kHt~RKed{x_?|ObJ586u%dDQK8%V04t5W6BR^-m3%xe- z{z*#<=;fA|(||U^3rQ@k?gGCB%<@q4nR$;kgc|}_l?N24uC5*_IR5izsZLQY2=IK- z2eBOWqdDrQ9=ot-ymr}eEBkEtH7bEgmY#wBnL>Z_;eOq;T#>f#)c@1w{Xe$!|3ksQ zERyzqO_)mtTxdU|Eg!#nb$i?y8Ee6Q!Tf0M6BPGQ7+C;I+93>C9f2D)1h!^D5J1)= zXqvzb>2s0GuKlJ-a7Qw2(XF>)?AQBELib5e62P63`01*dYz@#q5}!CRy66}j9E_BU z^-W+y|MV3Rfq_|GQSl>8iXu@Qh%n>~d;wJd_jl$#pe$n8cNkPf)_Jg!A)grD+ixMr zmjvL&7;lx>fbZM;Tfw$pO|H+3{0qI3R2^_Ix3Pl}O%Mx&A|Ku6pn!}>592s1>l=`^ z?V74@#0rsP7r-nC$|5o9G!a(=#%<(C14GA0=%=Un!l51yKft3yQsY0eeK`z?iM9tu z7+<)unILS^aW{0hsi}nMpL9g;d3X{;Bg~3w31u)Ujpq7OkiIh~ERGCRFyRTxaKsCu9^OYh z8kQY*clmEc9P2p$-vaSW)Qx>J+2L1=I{kX?^D>uLz8Y#me+NBdN*!}X9Pr>_%rl>< z9p2hqANfN2sji>jA5=F2ai8$;X~}24@-1|oI8ws=N>(&`=!{Vhyl6w<3I#S#N**!?-EIm;S$rk83f9EP3?RXulzo?(Mkj21`+X` zQp=C~>(QT(TB0j2u{^E@lcwU>O`I2HKZ$dv9}|RXjjuZIgPlrXbkUdwX;h-CJezI! z7d4}fLbmZ0iQWHJ3++0y9D{~NQFDOWgD2R45{x}xV|mt90DWGnf8quG0)mJaS-6u5 z&x=jTONiP$1jF|Nob~3`%*b&Jrg@P3h74&ysKJ=2pa)5b@<_)aPFeaFq^q*FPlDq1 zWOr#YR;Va2HQfMi6GWd)F1sSe4$VkMgEKr_Y)2Dt5Fyp{?d%LSZ_%WY3`zz^Tdq|x z@!2PFAuLCp+$$>8KAZp|CfFV}MJVG$3xG5a@#rMFa|TghR`;@?#>v5B$K`on9@PojTle~gPJZan{G ze{GDQrz-;UH`x9$Z^TzZyNc;IXP;$Zfx&-2hU5%*BXQVEHEdjc_n<>HMT$*4H`aRM zu7qoN@Y8&cj~MR6-cFM7AWI8)$xx?(U9kUot$eXfI3OgX4zMKh!<|F#=hNtjt1~s1 zt(w%Llcbb|xt;TPr}*K`{kFU9XRERxBx_X2FQ# z*?Y~b2ni?rj^?JEfKK*HCK(m>?it^9MZWC&QzBB!^H6g2JV zVLL6EBUz%BkgfeqytGbNT`#Gc!g@al6_h!|!EiJ?4<2nMc6N~b?dRS)&)-RXlz8Dz z#H%_r59;4c-K>{xk)5|aDf!7Q?{5c`C=2}xSliGjT?a6zkb&#Wn>iSrQtp09DvV|; z`o-9N;RQ#~A3x4>>_w8l1<&%Q|AT(XA;=I?L@YCq#X5n_N+JxAuNsP>9r|;$vzd%T z#;GOxKR$?ahUM82NRH|w%Bta?bow3Dcqd)mysh7`o|KOgI5e*PPgjPnX&d-UB=bcU zll3qupLEioa`3=-Cc})U_xnc}KbSA6^Z4DJv9NnPN4*?w{_8vQ6KI*ie4l2o=Qhnh zWGZivRf-y|+#l3Sr2be%Kb!u0&BPwo1uF9Wm>zOJ-T^x_wd4VYDh$IrPIFJF?UC(R zSVU)7XGv2+-^2Sd2bUCXEt0CnS6aCJ`7Zop?K(YT)OK;s{fjlCH?epHUKc$g3q(GVjKCBfluA0f(8d7 zj6fN;!YNiE4L+m!<`Vfo-sq-L41CJ_r zb@8qwC>R&u_{p#+49jSF<%Zv6l2lo?PxAibqkGO!w`6Rec1pjvPLA3aWY|S>FwX%g zqIN+NADL&ILA09x#1t-`)x*ZGLBO=IVSf@(yT3#d>+5?Igd+=%XEC`yh&F{1%0ghykh&Z_d;BW6-b6c$?tdrI^LXl5*qjD9Wqix zWI;;#r$v(t7}Dv-5yyW3QiVPY{eNm|df4-uMm0yfL>bzz5V)dCec6qW%yB1WdH;ro z1C(1a7;N7gezMFh!3EdYBZXAukvC)?6~_1{`6G(izn)Q~>(U)*`_~;ns`dg>3yGwU zi0E_c#?$FwA#^`nv?MTwLd&3+#psi(eLrq5vwzYH%9gkRLpd7Qqfw9V)jT05OL{FpyH-6_Whq! zc{8PM8<_VR(|C_ZV2m413g&zW!bhnGfJ_BKDFf+2yn*XLE6hgb&up*y>E95pHf3A05aaY0z zCSw<9YJY%Z$#6szw8MVm2>Q&tudBGT?ALflCgr>1>w&)cBu8?bQut>{eGq;qBfH4n zIs|Mb$s2tJ%L3TN*`b9#%eErnq%tx?%ola;@vrAi-++-Yqm5fmC75};pGL-rfa600 zoG36s*+@kT{kW{StPz+THhFgDCXSsvaxU&ZQR09%c$1$COOEfK3rRml<{9V~{5#F0 zK^Y{WrPWEjqHS%ROZwp^Wya*ljF3;Raz;Y<&E#$?HC7+%GT8{lgON=X>8Gw!SQi2y zfG-9xta^Z%MnU`0?<2u#pN@U+KRoH3(^AoG<<~gk<;{6FgTgq^CcHb-fbUk!d%gW) zl6gJI(e~^@L|5FH>*@`O3iX2#&w+r>1H3&tr}wsh;Gcv0ew`-aBn5@5JLf6rThFno zXT_8iYP{CC$F=lS0mn6EyXs#>q;>)m;pQ&*xZUPQ4DNz_){e2@T7Ok*y5!*W6~Qyp ze%8tfU8NC);hzOfI%@uIFb@<2)aZ|0PN(DkDqLLFcjtOic>aLyYjN+H2#J&L`6t5~ z_6xPeE3ifG?rcYbm5xdIV&4FT<~B!eVWLiAhi~tEqG7X1Yw8W}dz{TiP!qVwzB?!v>oj_$2O=+R27qBd2S~==4HF1L;q$oMW zgHeu=u10@JVAmMYZ6e(7Ec^r@bO78X!MKB37&1V^(+<#Uo#P~m4tIiw^%d=xgo6Qh zo(b%iIBoy|VEce)fjCEw!n1qi&}ju27*Nnsi90Y#Sb6|Zy#E2MiMwAk_oYASM08WA z%RkfP zSVo$Yn!d-^%sv1RS@>_737BUW2Mc&$*D5?dr+RCBk-Sf98kCA^@M?xY#$p2L3XMis zm;Pc|zt3>Uq&+Sa#RWW~06pgec~C%1Y??q6BRB@@kRY>fA}74p z)Jd!tn$kw5aYCWLG+qZ{P#@g6K)I)}#X1ezx@^KFpa)%z00H&^8B|Z4K&^JdyLYOh z6MDNFCy&!z4uHCG2TC{s{`UY);!ZIb7G zfSd2G#C!&~-6PO+OUkd~KLEp(KJwhdW#VAK=W`=}3Cy(`0243ZzIFjU9|S#41{MJi zL(erqqp-RzM+%<83(lFgXlrH;B%r9TV3sF2s%TJK9D?*PR2jPjh3# z%lhqphD@x@Biw)oI>c5MY2~Z|Xt(`QjgvMCk16pH`%vrvpMr@45{eDGWZkb>ISq>l z0~AlXrlFhzh4H*S1D+1>Z?X=1`;GAJx9qQ5ku0sP12o$eIvL!)>5wc7MXpb4x?b`8DTJwR?-B+^er`z9kOWjD%}wuxa~=^9Q%#nTA%r*_GCSK z6Ny@@oV476nx?a+k4fi&F0RFG!81B(=I^QrHyxWes+aWc`n1m~g;7&C?VIX)KAG{| z=`Xg0X)bYiPQ&U+V#h-mlGdAt;stCaF=Chqbri~j1ULfzP*NDF1lu;u=1w}4eY2vV z4wVH(>hrk3{{`WvVG(kpN}Kt!NjAAT?-v5YE9Qm0Yx9#XPc9nf6#pDQ@7X%sH?&Iu zzY97ww4+p6kzTABCugE-8@qMu(Z+vGu+2qF{cl5Jh)}Bnp7AiIbo1s9mHtzoua9It z1F{r+Uhd%A1vA!B?6%+roV)QB=RDmC&^f~){*%Exi+O{^;R8(2!Ynjr-hT|^z*Ox6 zmkR`$<}i;lGt2*{XSzc!orL_>^28tK&=>OHWi={LFNwQkf8kqHzT6b!n4xRz@eO?b zrluU$lWbAF1k3TpIxqj{p{@V?>E6Bk&ulRo&KsF6mlP7`0t*Dwtf+b9c~ewGU{|2Z=6wgJs(2l2-v^jX=lmy@Z~}KsP@{+ex-p$ zLLvR;BuoBEk2uv4PM=)Ezg5&9CJG)NK03CG#5#D?jz7xrFkXatLvGaH-dJ}2osqT` zcgBw>FS<_f(3r8w(K{lOTQdrQF%nM4=b)NA^SVB{k98w{*n5kj(du1D1)-*KF1SE> zdAt9ClelL{LrzKx8Iwt0d+#|8fQS+9tQU;5I0rcHHbvG5=MB}v{p4xUhFQ@Q@S zX&(L;7wp+cr%SqXtkksrRB1qv;!GtQf5|tKP@TWcGGM$7$Wmxp-Vg!<9xQYg(+34x zv&foObnVAMMEx*0*{GvT# z4>X6QV~_vxa4N>Pw)T}1xy6BZ155O?gjS!uWtI$Q#1X=fn+N(mmEU$`ughB#*p)}D z^{Qs9kGbZrNa#78KJiR!z^6&LG@gsKe(c67BHyS|_EKn%A()=QDvt1yx;jO+`h@}n98PIH+XbiAL^jZ#@G&;bzL%!9kXHHD z%wET$dINg6U6|`ZR#rU%KY zb`>+?uSX1{$2>ZGR7R`|gMvs`wOSJXi*&6GXQWyJ@*h3&0SLTM=qpdB=RCCp;k1{^ zVd%h;vVTk2-B*P{ax^W3uF1vnGVS|v?_4qnu#i{*5*L$3C7qssJ*IU9JO^&2tS~7u`8zGAaZ0~c5xR~ap9yPts5HV!1yc%)OrHKVqItbGzd}xxzSIASM(_dx zB93%)ef}I#On6x7ZiM#L8oPI#2iPJ_dwb0PY$n`x*Y@GOTkw<7XQmieCvye=o$^~5 zz+DM0cgTF~_u7#I2{*kt1>pg7;5t194`FcFdUVSArX8hnfU4bghv{a_fgj?L+E;O0 zL;R=OadvqpKX2G+;FLOC!@qr^RQ}|x`>8stZ1x+XWnagBUfX-eOdIIJ2e zkThX}GUnjI(RyR+wlnBmlQv|Z{4c`ZJ09!){r^9akxe99q>PXvBYPH^*|U_rvXZS% znIS8MY}q7xr;LzUoMmU^M95aw?|7-t`}6zUe!uVM`_FZ|U0q%0dc9uH=ks_RkH`IR z97eJ;V6#EwT8I>jKK#Yzzx$mKfxf~Pjkv&{$u+|Z*yWm0I_MDfApr= zbS#I|J3E2`pIyifD^#^aXwU5Z0RCw1>A(JvIaFofR(^+|p#ZZZQ>+INL_~Q&sC&P_ ze+!i({zvD4Z`)$c4VLVv^i~Hl1AVs+VQlKUC#!o_1xVa~@>%l9TmwNj^MCZuDRvJ! zBu-@pz$G9=A!t-MTM)h*mRJEZE-a8ZZ})UqQ0W1q1e&9JweyTUIP~3`B%CWb!oFN= z%oOcrSQ*7Yep+sw-n@UNi=2-PoA9`Q2e}f7X?kz}41;@JKKJu?kg@+&lDMEuO&-3* z$BqlA$hn`;G$Eg*SG%sJ>2%}<`^Sz&adk6Pm@ig_6P5A31l;qvO}x=(Qfh9?oc_0? z#k_(C8KMKg(ZJX2lh`0dj`9!@{SKOS8+g$3!L)(Ob&LGS&yQBmQks9g7CJBzHBXOs z>w)9N4SzCkMS}5W$Kf%{<(zlpXJ$#g>vfFVZakp+SKohB0&gIc=d(x7AoC;H0Px{L za|Yki*>*iLUUGFz0>`_UKyceyKK1M+&XvkCg2vW~7yMnO1dY#!)2lTiKL9f^8g35R zQS`raK{7kNyFMTb>D_~BOt%SK;H%@JS{1$yrxUWHoyv&e>!DDyjB0NTo+$5p-WzQj z|LM=_-Z9g{An&x3D_tsWYx1So~kQ=`9$ z39*ni&0JMYF8hA}H0pNG;RbdOPOI0RL44p~l5qU=*Lv`CL=o2CFp1l}u3+!Ls(p_( zfxyz?_|YJCB<)|yH$k85C=bU$jSv2$cZbE%m2(AN)B={BXNFTuL8*Utk1uDkmn!{B zWD`}!>YbGofuM}54=)mBPh>(sX(j#YXCC|u6;NeDCM8ME?Yl)&=)s%SH-#f$HK_s zV((|$pEz~V^efc2$VQ769#{7yRS&E7#;*VsCqelu`_i+^x+Bb&6YbK01|bg|d$Zd?sp ze2w)eCP^f82oFW=zD@1|em7F> zz?BqPYr4PYI9wWH1ftPjX^-LQ*z%SnB|uZlKYQ$7z8c`)rg%f$XGnFli1vAsA8|16 z=RDmPl9_lYos)w(tJcw2ROE;$5e1f=CpEK4D4aJRR?k+yeqNO^NBYf&`K|xerpBer zXjKG`Wf_zLK;#r-HixqnH0{B3RoQnNCB*+&B9b8Vsk>Akb0tG)`1-O*78Rw_W2*$> ze!D_xj6?A23Ytp{Wur}p4aP>)n%cMq#ev_R?yhSqymZhAd;HVa*mLK_i*Wn+_^%~* zE{R587+ByrY_6brV{l1Gl4Uj8F2s76B^FNyb=~1bD6+HKHiCohfiP!kKxa&+m0w=S!;8ErI##ZeL9M8*yJQ>@OqoFFrxt zVg?s!F`Da=a;2raN9*g0=4l@Ll9?kI>l%2~q>#Z?s=+e}N0KLh_yoZ4s4ObwdGqz+{8WdJLSgCn@jVDV_2JcF;do*Llc>J<04u*U^ChE zEno6@ay_|BZ~vAi`$d5KF4w*;x1JM=*GM&4u4U(tFZz8@g#7oSrUxcl^DLrl8r8nT zMRt9{NBeGVeRmG`?fM$Gs=U}8+l{oWs)*LMM~C|EEE{=||DcdA@+a?3)c*wS?gHtZ z4-~xqboLmy&efA8FFv$K4y9cSXxdM?1TVDJ7h+h>^8;MUTbNf@)ue_t=hKGL_5zOd z*BT^zsz%)S;FAf4OiwSC`fT*{mi8_7GE0s9uGH%B3Cb~-PMhQ?QfXAq&JpX&cs{|A z^5qxH+3*P7A5(2ULA%XIg@10bpX5-`doB^ZzPD27PmbdqP1$^CBnbGq zyloTnNsiW7&Y?8MpdF$zOVzFUb;H4B1oWYkII6p0z5Z z#pkqAuocGk3pEY@&@wgjv8*E!CjI4KSm_!Oxb%J-X^@UB8lMsmxFH?#bNaGSaRU9{ z!}`Zx+(o6qEw?Gb7#2O4SS;*Ha4;q|n#-HetfG>#IbxK*EmqnTz%qo)K$~pX54%*1QAxCse_L0HH@A>!f ziSw>3>TX0Ztj&uH zLz(08wA0a9)^md1lJzB-NiE271*;AdY4GCwZ6Uo+Ee;R-qJ)B5G}r3yi(=-Oex`*! zH!hm)khgBTvbwLoU$GO!C2+AoT*=U|%`J0qBctm~RG)A}&L6S(1l@fm71hE6vCzT6 za52$+ev@ACAb!ZPs~uMSZAMFO6LMq4_&*82-5+`93~v)t}s~LHWh{#;f_; z0nzubQFMsyuCZv%{fV-B7)?1G9?s-E!J%MlyVV?h{HhWGxLYjWU15n8hMO$to5|YV z{at3>Ex2hYU&qES&Qro|b*D_{=nrWeEFT-1yOMG&GtEaHy;1mUlJ9LvJH)tlS zhkMb~?pE^=tx{z+G+2>&Mt*w|P5hG?E28djdpF=(I(Ge;)~HLlL9 z9E2kU8xi4;IWG@B7#pgi><|+zDa3i^7%3CRPfaB_T!8VAz(`Sa2yPmYX&ObnbtOrU z-hN2V$us(*><>|%#oaC;CJ785H&w6M2HFv zTif5!8fRj{JQhn`>SW543~qiq{#nnIuPjw_h`o?`P&MQSd*cqDxn)gnKy7 zApgYqbtL)TKdN$l>B`sy2a~S<%8+|W?%09jR8Q?tvFA=8c-));s_YBFWKu2lL=kZW==Cj`R<*i(!j3!N5FB|(gYqyu$c7Me@`_ef+3cVM{ zG6GSDaw}qoFdx|)iq`w_FT&~Gei@J~jB=%BbGGv-q7_M_{jU+sGSo!Acua_)l6qkS*p80nY!=Q>#40IUV{BNPIg ze99n93>IVd-Xw0TCh1*TCjgsUXu8ptEkVN}u)Kql&$@RdQUib2R)QLc#v+O6uFgD!yTmDc% zTN7cz3>D}?M}ZUw#sa0+`ntM+!?Nr_e8HOjNfpY}EMP@0HeObQD@9gBh2DL2b;&-g zK1H_lbt|-npzM0V_lTrFM{+7B_Q4Ibs8667;bp9$Vya*0)WToR#4HFa2MBT>;$`kK2xAI z=ZcJCyCkLSPx{T^1l-Nw?Wf+R2IvW{-f{xQ)PD}YUYdnze_(JRH9dqPS}hYz&$A-g zK?IxBN;%6hA2nKq@|&m*p~~0QU#^LKmr$c>KXTXC5bZ>f+5Kt4vOmXTZeR$kiVVW+ zUwGn;Apvyy+`AB(X2Q4Q2{o7uQt$ssnm}ovVjtib_rQ}oF8&Hqp+-d^mSPB&Wjy%m znhAm}0_N0~f0j7rG1jE1^P_6!fkphf+Vn*|Ev@MlRXWc|C}XBa88$!K;kv)ei1R@) zwpr5E^1DFCn=S$9hz-=oEE4S0`qhMkW>BmGm5N=x$d50fu0{;0I0{KwgIyH=uf8L; zSLZsXk`sKEV(5#DF}`ufGC*R)@pW#H)4L-$$s=^}W9lo}Uq9zkdlticccVtIvUHyB zPQRl|NFc0eHSJ2*haaRbFEPPb%fKiqDDU09UkR519&wQ=K+LLGoUOEw(BY+9;$Aw& zWpMr3f2*|nD45X_8j6b)|Bzmfg51Fjgrs*NEDZ=gB&UHeQ^2AN*W7Hqa;8dW+Np}@ z3=OeC&ept33|0T`ucsRx$(7o-dN^02stJYAPR}l5dpTEPjL0Bynr8In$z}MQ+0DLg zZQ9RYpN#n`bywyq{`|jsUC@7x-`DphdM&~;1IqVW%yD`LA4xMois%=7io1}GL@>sH z=e`dxNQ6m(Bz~YMOY~i?Va^%)X!<#)vHO5Cp<4Bum-B+(&uOPkP^UXa@oMS3AH;wH zWIk7=VM1N9luwxcK$Pm)!Ecs z%`8!FG`~ma&htJ{L*Mi;-0rr(d$csoAM{LhjMvkJkcpv<7V`=vIeMq$H>Z_BQAVTx z1fwt?1&%|v{QCt#L^RT}frOlfii(_;78NQTj&q_A06~FCfmJC>E9~q?RqYN(PcJpl zQ=P<}R4rFjgu}b9aK*{)JV>sj7Px|KM_KlhosZc6E{CouVAU3?2)G`rYv8#};b{`U zAGB_IWFJ@BEstE<(EXh2ffE4#MuHruOAtww0Bj#(uf7k%9`1nW;P}$!&Q!%O=<#4< zw{7hmN;88SQxFtyWgOSOZjCI}N^ID^?(uQONY`mfbDurTJ;&OFe5Dv2)n!r%_F zfT!S9)MRq&4RF4M&~M5Jhq+Y~)@AcAKjC-zl#VB(UUt&PL^V$9#sB*|rKXr@oiB#I zJ{Vj%`BjO}fEp{cw4u<8Vsfij z9f9OK9Pc^4;d4VKfk<$q8Xw<2m z3{ZfmKtMhr^N4iph}H)>9q>?7;lX;FH#JJiW~ye)uqyBrbP6_=fZ3#f;(1M?x4|^O zbNT5!>KzN%b3|~wnLmM;>foj}Op?3$;gR%zT`K@9G(jvJfoLO{7C@kCnK-D%0p@J= zg``gv-1gBbJ*W3y>EohoX74DLR1iq&XOPypGf&pn>ieBw`rI6bAPO zInWt{)b*)?5I`t!K_ifNR-Zd__5>vz{UcF|Q(sj?!ZxZS>PtCSw3Wtm?}DU)awat( z7%!*ZVM3p@ilB(tL>HyEK6TwYeOE2hvEzMyt0}S~J#A=sx$ie4Dp}Qc=H1k>Tn?)b z>Hsw9cSwYX$r&h%&<}=GoUi-z6k$&Y~|QF{@h^doopLs z_MdZu9%oPSC6sq4E3s+O`NJx7*j4iN{M(wM6w77g>88;H5gF#I!1hw)>I<1ao8h9D z5k8u4QsVJ8ZK78>M8dA@nom3NRA=TDG07-St@5SS*Cb1fS*h9A`#TDU-73^wcl5~k zbRZYA`3Oy3wry@}x_i5Yj(+=)EYMNf2YpZrh<11*B6uU{w6p;_3h`J#j2Ga32;L2` zwXW36kR#8)tD4&+myCo%*LJ1AAFqnhEDQ{~exx$iXiI$|=$CJDrOYa9ZD!++rIBxiA$NulJ%T1&6mi?a_iTfS3 z5?k)A)d?C~*0zVQKd6kJYiSY+;}zCFu_5eOe%jJJi{%Zex7HTDdpf&J9}npP>QYAr zI~zZE5QFaq`tx)U6{0LQ8P1Iccz9&Ie}pVAi~L|I!YsHS>vPED2grT^^h61^(}5~S zV{jiyQOk*1_D8>3|LMOLW0a>GsEhiobcLZqpLI&_0wz^bJ$%jaKn#UlrvG)he4gID z<97X3OnPDxpKDmaheg~?ah++iGRGA7;lo!=vQC~ZBq|ghxxoBKgof@kTW*olzCZFg z@>U?fkca?$5SZe6>}&{$q9qqUZ-^0o#m%sGL5fwNLOeTDEML+RB$0J8az=72tp}eQ zo%-`GS`^i9`;&9U%w06`v7>2FU3e{tG#5PY@07_h!S_}h>uUIT-)Dr49F^(*$e#K_LUnE{HlyHmq`xVT zi|40wdzHXeF1~fuPalPY3Df@a3Hxe>hmdjTqAe&BpuKtcqkYGuIvM84uOB<)|@+DLxSX0C%KE95us zGp4&F{pAsAHlsDqFXXay9FleX9PJc54&7$Ttc%G^!o;!IjdYagf;^CYzHssPVXXB75k59`+S)pHzYvL_u&&iX#aNT5&t-loXqR|yN&L21$P zF#YG|`rk9W?~4Jz0#Jopha*jX^}eH!wRmII!+;D!LuRf(izx)6jQH+S8MF5uDAL(E zchb8{muG4RmMVl@oAP>DKQQYR=2J1Ocip0j=tZNA!u&}M)v=sW)la8sM(dkG*yRmt zO>Fzw+QnoNhhK-_EmVFMI!irJN7QQnk45qbN+T&SjYEGG8B_qhxb-zaAkab||CR+& zH5_*lFmHe`;ABvU@e-n}-{JQB0MSasgAS9BP9UK>pk5^g_Hxt2C-LoG>(lG(?@AQL z3Ti|1hCg2)HQ5HwY6isZ)%5o7t8YCo- zF{&I3)L86iRfkOi-L@HAMNyqiy#tz)L2-uZcNt{S^hjhMEpi0^I&#$^e)B4-8isS_ zs(aP^u8M|VG#Jbd?120PTnCIBX$XWIz6AswE+zLMvmSh%Af46^bOrFo;XwtK)4c@P zasW58%kUth=w9?#z34f_FMM>aNA1t*+J+(}ZfNvVna5_jbK6NPtfkfX=C#3tJk?&_ zWTOX;vc?VSrZWeHjPiwAEe=$d;^V!9LNcjGYhtMEa@|Z#%{hY_R()d1NRzHtVxm8f zFVlsq;Gn{^sDyj7?i7)?Sj=|!FQm@ht__4@e#W1J&~DSIyvE(N7rC^%+a)@N_PG_zJ}t1fW`$N=aZj_ zAf5KfxS`0>1Wf-p6FZ?DIi@gtr-@nU1j#dKb@Zb=%G-Ee$%z%zwxUCTSn77JgNgWKc7To)fW{HbA9(-OZOg2r|YX8{!aM_ z{DmtQx2sMHo63(2N*JyFY3SOC9<)W_-9F9pyCygKGjoCwdY^iY?DTosAQD+ zCAQL5>eJCz;yeDQi}Wwk`~U6_q_L&Oz>v&+-~nPss|64x4G1uZrUdp)MOeC#yAK{$ zQJ3ixU^jgXQ~_jY3E*}Tou&VqQ;zSbUa2@?(Gx=8BBMyRvrm2HqSV#4t}9<3f6hL` z2lH_>Fwd~d<6kA0r};e?qPNp;q|A7!tUO7z7Lq5D$tl?N(#ySLf?a*W@0sIi<9)%o z+)C*8zR5{W>kXCLZw)dcG_!0i+PsMu1g*dA5g)e;xO-Mf>%f`_PQ^8Vi++cpnK~Bg zERbGeQ2Gn0MJ6slMj%)ztHrT;JQy%`2=d~ExCak-0;pha4Kl9^7IxQBHke3u_Wt0+ zle)@AlFI6Azy2pEV%1Ml9(VdGox!P@@mwHVedW9Wp1Vesp__z8C;!S|)!ohkaRnQ@ z!;3{3OsHW0K>p=NpdAYP1D7vs)K_R~V9k)wgMzp*EMRCO%!wJWRDyit@6Im`UF8D|=6dsfyi zob*C!&v)BrZ_0+zixHd}8E$W-aUVSVlh2ecQW4Pao+0WUAdPI@I@REIOH53>3m`%y zvxtl-eQ{=9+5yQda)Owpdk^Jj9Ke4geE2)av9qJ9LyZa6&E{_@zU_1YzJ_xpRl>Fr zvR==qJ@X&4wbzq+M`e)Cou0e=TcwLX7T0}#(pKdu`2~S9&u;x3b>ob`cW=~8dVws( zT>3x7$5l{nU^L(qTq!~n@(`(4{~l#}+Mqwc)?2+bPi^a1R!YCgq<95Ot2Qm+HTXQq z5yvSz(Y`;yfqK4xsX@F`Q2e+esg*kXgx9I#qi_gR7P=j?FOsr|V8SgdqqBfpX@h=zif|NOVH+6vYR;_Ny zA{(MkY7-y5CzXeOoi5%HC@{BQ&EE~HZy+#zgo3x6x2424NeeA&d79|jx{<^(}jXtw-i$nMFZBtCuZr%j`xoq$t#BW zV0%UxFU)Pt>q?JlkMc61o*z?av~FLLp}3Ok`t;3S<)|Ji^&bV+ekN=eJQw<(pgL$ST(2#lkhB|J+>C$^+JGh>Fh5BkZVoA)D zu?S?b$|k+Nq*UfFf-U@*?!%f+a+YR!dgbf6-cx3qb{9L zZJP^6(KYwo=XNR055Qw=Luw5zHbMA=7s?}1fqG>7yv~Hcx|v9y!yR7;n=VWRR)_gW_6uAfkY4_?v+`@de4jBKDJY}@ABd(#4 z{k4*^ErQoq+wM%kqj($#_+gQS`S!AEKc~n2=mA@aiNzxED3D_}i-fO995jquspSh} z6}S6@rr9|fy!Xjw*m1t9j?K`%47Ye2VY&({8+REk89tvLPGsGRV<}gVOmH%&SFV99 zk5wuEmMFK*$smJX4q+e-SkHiz(w1Lgl%ow_HS;NxPhf@u!FbaHiAkGa%J+qPKNu30 zrpR@8TuQ$i8e38H>lTE6@==>5t&_v?E|ZjT#wvPUo6?+S30Ir`Ik&_usLL9+c_&Ku ztM}>bhres&W%ab^Nzapj%x!f3pBJbF%8x@t06-cCfO#daOw!$`R3r)!#yVXNoOt$_ zKdy~9s}uJXUGvD8#oTZj-UMj*^qV%t?K2*`TErq@yq8DYx2z7tkoSE|Kl0N~Weik( z>dXo*E39>E8OY(>Ju7c0?)WIEjuIp&f2&HO5FK=zl+N@#5nZ!VA9aLvV?6 zWOYe#NvPk}q4}0GV;j_3`0$1a;M&r(iY}8}o?3ZWGRV2YZRSu$pmWbA5~Ng7IYqV6 z_8ZZ{xltwZiG>oSv>b zRaz+^H7}6XUBIb}m)+r!!SEPQuhx42=&E$O4HqFcV`C%+OlX;v z{dOjF6W5n|m!Q@6poi@A-A$^{0o&V`4DV;;J^kxU<5r1j<~N5SjWBfS49M_0)2_2w zAW-BK?iX_7C`@QW5FKX5L)02# zxxddA>U5>^(xqQe(*NnaOt#>ga~TWklUt8{KQFF(pXyi^^Kc>W0GIlNRZj?MosN=U zh0GHe77^}yd#ZF1F6KGRcVX;R7-0;5|cFTbbvVpzRvVl&~rCE(!E}mloreUaYj4)zqw3tgRM+M?}**!IH zAn`LFc?#r@gVZ=_9`Ty`010rl5<-B@zee}-Tc*EoKtN{1*Bn9Pj5^jAL};#wHe@sLB9I)6AcYj697H>)%keo`?kyDF z<>C$LoXG1MJPC`#0S<|xQzk^67dq+AkkNo2gJ_nA%o z{onW}emLl%fYAg4_V14nOxU)*iegh|#fi}6I^7Cufxz2L?fY<6)FSq9**PzhSYP8q zpUzuB=UoCPp{$MF53%M~Tw@G17q=hautCcojQW}SOEk?t=1DYE#&WtMK|s_i46HjX zb^TX@&UESugj$IEBmRQPW8TsjqSY&{A-}NcXM3e-#D^U9Yi5l}5p(fE+jV$w@it9- zswCm4MeZb{?dhDkKhFtvRY8mj&Se=N)0THP7Yl7X#CrU^eARz!A5=b{BytmcX0Q zu^=iq_rm^pPGi4hPrB+{Pbcwn2)#|De&4QX9Up~&@`zPWy)afq|BB5Q9%#I^d+-&3 z<5~2NhM@X4%nb~IMwLOFP#zxVii(cJo4CJ?<;UP)0V^pJ63nZdo- z*}fl7w}&zd-`gZUi1~tB+4m{wnp|_<(v?ygZpPHT(FEI88%?%qW5tVd&ZLMNfOS{wtD(YsEF$GNYgQa=;FL zfpcKuS9Yr@(b-b19q(jeFuU*UrBf__IpMjjR_Z!7X%~#-i^eYE$f1(S4`x0K?{g*; zsxEaGLPAkqOh!L*TDFtg6ZQ&gCH@E2g>SBKV6uuQkmE6z1Qe^%Fv;bZjtr@AnZn|) zMuiaMMW)oi)6W;1)H+9RN8aC~_wKgF9o|&go%GhmqA_9|)@nm&hMTTyWE7wCR+!gO zETj*1cOXT5)ilPbqod!X2|`PY_Y)~qe^UY?LB(nSynp9tNjR4d1yk-x|>jdLB zTUdP5JLX0s9;2R1HFtSXxA)2%Ky%phlYCcSR4jsU2`=k>_i9sgL|WixO}__uIwXr9 zYG$^MPyYMz`&`trIlziTWH)SPL`oFGw<$InQlGcgj)MFlfWU-q43W$gH|U+cS10U_X{1f44@Syt5k(E8fEs* zBk@mS3}W8`yVP64U}UHi9jx0H+o9zAc(;IqK*+gb6v=Q>%ZMiaMT|X{d`fS9?^a8^ z#nHQr8x1U&t5+?4=}Hd3gp+6~ofzCr-z<8|xznZ63q`htBD4<1ji#e#b=Np~k<%MZ z9WcEoA*J~cBw2*73*AK9~_345{$>MiWWu*7>=^0>GIGr zv@g1pq|-oetN&7aeYG}cmG^P={AM9Atukmy zYBj{yG?I6%{mRnM$vXy3Nq3fe{gIH!Fb54nbJa0yuc>*%B_og2&c`~$X{X*Jxyd)H?oz09`v`@!lJ6Q9JmGU~ z5L|0Jg->7((|fXony+ACiVDIK1ey~vLmCDwdMdxJQ)SJNtx(6y>SQOJS~=6@D4R0K zJeK2y8iL`qSFlYduu@mU;@-|52-p&t1~FK%*1ywNF4p@F*K_S#X>Qr!l-H(;#^xV} zrhASNKUGgl@HrC(&Yl^q6+7FYyjxbpe&*)sR;-ZCDA(x=el@|;k<;156Nove$VRhe z_)SS&@r1;jV;>ItIw|rwp~+t)yZR;nlzQssoQ6pOZ+5K5T{5-S9R8I~90>EIbtYWF zO2yYG|2dQHENWv+$C9`HAgp41q+R}Kx8li5}& z$z*9TpcGaw`bP*mZv8m9de^i1 zTMiUccwkGr5hvOV6-!usWqajz?2I8O#x1B~r6+{~w%Dx~6WAefd~nA??CH+YH{8-y z0ZYemEgTzdZhPJXsatRo$2_6-v_1Ge#~0_@6x{5Sfvmc=+ylB%%1c5lj$3+hN#5kB zs#H9W{BxK|R|}1mzF5nG8=}V_(4A}WoD*P;QGtw3H7&NU3Me7%NPIeCowJ$71UiSB zw;&^iw+WEniGc0dGhg&Yf;sXV8ugb5LZfw>+!{Ijf(Z1@2Py4$tSx4~Uv%GGKLp&K z2B~v2q4em|c1jogXmJ9ZD`1oiQXSg?K#oynALbWWSx}HI3cMwzWHZEbv1UuV=xY_7 zac_RinVdFC`~ty-1+o4@kK5iCxH^wNGAlo4cNFVoNGN+Z__2ANA2TzaeOk)OUVxm( zU}Uh?^ktg&)R_(~^8>!ddY$9a1_W*(<&EOmxOwcQk6yvX_!r3%qBIz5RYy~AjHcs{ zJd4UVsFyxv@873jdw25ap=RNf4rlu3ytN;WrUfU?YR8GLLjLEGectn$c}6wllAy4I z@1sfUSnYuT_PaC}h58^a(lSLJc}L<-Tc077sJ>>n^bvPEXTFP69~n`p`kJ zq+;<=UlU*sVcW`4ORVY`-Wxzdt+63Za+YP_a90}P`voyr&gn(tZWd);{#ogX+kEvp zj(2U_)v{0TFZ-Hc4_GPE_AN+=k5-ee)~shL6pb~UGC#_B1fi?Zc3r&p;i&OF>K#q8 z{+-lLLKLzexIP7kJ=rUYakxZgI(F?Md%ZZQ!=Z9cluRy8i9^Cu#{jFDJ&vPY=5&lz z?nBOU^(F@j?D9d{;SW?1u2eJ?&;9`$TH@4C%xQc=b7=({9w@0&feArESKxFm1;Wsq zo5)xsBlZI{r?7ckja?8&(6jmmRr}$DY>c<|^okE6CWe@en=QqzF0&fJ46V@iwMR$t z4)BxQJeb~r9nw+7eb)D^f6vD!O2zMYQ*E&?Q=cBHohWI_#zEcw-TPU0Wd^LC9p_z| zgvv>T7UUC3_)ZF(|ef*HD1IrvxJL9Xt^Wt_&w0KJ%#-`ZBBH4AK? zYQFOrXyMq}xWA(n8CzNm4!9lXsilxmxiCQVR17z~1+24z()y{{x~|cHH=w^=e7`M0 zG|S))RjFTRIv%a%%6W>B^A6$;B$))Bq`uoGVbUy8mDYWPo;FW)Labb7yem+sqOS*@ z36fKDq~0m>%^J2|Xz=53Hd*H4-7pH67>Wj=vaK(>)!|V~+=ZvFDCG_>-7|@PuD<$8 zJF8_pcm0|3W+|?0mfm*@I$f%D3Cc0`wWhK(w5|(y-pR^DgJ5uVA$U&EyFhE115z3~p0wO_4tuHzWJi%&n!BPj9{| zMuMto)KB{Cs9$LtXceXfg7)Ley(=zm)jv=UbDM)z-h*|n8aBdq=M-$UG%d($FMAg1 z-cAF@b!{4GkftXrwy3}@q+CU}gxtp+-#^L0`=9Xxg!*U_r_%S>b{8lusHzUUa6}&1 z{@B>R%JPR$nx&iI_TIaq^;LHM%eeYg>!ptpa_8ptcz^vo@-@aR{O3nuQd!De`XD|L z#I?g}6tyrR;lPr6;eCdXL_GX3=~4}Zl=!jc^qatxw1AS3Qf>-KXg5#7!5InScJtSh z!gwTIn*th#i9>XP_2dbd@38bX^S!xIq+OMsN@=IS;3w(5myFjyT|Avtj81+(-LfU^a_?2CI;Y78c#``Y58H_UL zQqnRM%k*F{(N=r#?H27)zhpp)_V)fC)nxXwb&J~1>_>!gQMIdRfw$o*f-{8&s6d|* zl@4bO^7px(4?36~`3x?9cdc+bgU%duZP*>BO6x#L98F=5p6@l8R|t&a)zt-f%zeyX z^UiL^EXU4i8q%4vZW9XdR!?=79-&ZAm%hpQJE~zVeOM3X?j3ZV4py~&nAhO{Ue@m+ z1skzYGwvoByb!?Oi%WNKoAy?&{oX_V00JJer_-z zL$|=ySW4f{T!Li*P<=9O4DOz^-P)bQRX0b|*3lz`xne2O0TM)Kf31-lPxTOo{Hz#bUn27s* zaXrJl#EW}-vcc5x!OdpG4S`)Y?Us?G2)2XR_3cXY<5Jnl( zRnyv4Fo`urGdu?w_xYP!a|2MBg|^i5HSH^<7Ne^3h2sH)bDwWJ2hc_Ni@l716G-T= z?WJ{B4CiOEnawkUoq7e$pHjc~lqD+U?*4idG1fVL#>l>Z=lWjSUhScYcG*ypHLF4q zEUB;=Rj5X~8CwK+bt}O08sjX~y)8jhS+8w9p8o}E*&m*h!fhUzG_KL1w2O#aE3^@EVV zx{2pvA6spm>4#?m-Cy!_A1;bxSQW109-KwTwu~H=dro}UqBUibs$Xb~lT&3oft&H9 z-zO$Y2cP?~J5Ig|RZdtq7ZLl_aI&1G5H4+e+6B&Y@szk3r*KbZW5y?UI)0c{ub%gb zySUcS_aUoxekJ7!;2mFGnR{BfV%xOF6(@Dg7j)9on)EPfd8xMrWR_A$<@Z8Vdd% z(2>H;fI(0E!9=eFh#oCUu% zOb@k(D-+pIS&@o+yu!TAH=jGa+_-4wL|;_B@#`QgSwZ1Tvx}vxr_jDbu!#P$+R@~1 zpZFMK8E(b$_ibW$rtd~o`sAbqR-_Y$Wdj`Awd_#?KR$bgh1$G$lt8MWP<7SSj`cP1 zY3tt0p3CHio)>hKjkg_X?g?EV8(Z=Ch#7k1B+->w8FETxQ%hKQ=^lT(_-a^mIW{p< zm(aMQI$JF(E3YJX5#RCDqJ7oOMTdZs6!&uy?YV6}W4Xk|bK}}q>y=Lo4v4*K49wyyX59^IUld5@8BwpKpH(l8+U<&wB#{s;QbCsC4qf8r4sq7h8wrr~+v`u=MXHPygD1=HG58jaXpGisP$ z5+PZ#h$W%6=2NXAl_crNG;CA5;1t#;Gj+$Cf4M%}$S$9mNj>?ra6|s7g;=|P^b{aMM}z!FYtYAP)b61>)vFRq~Zeee4>^JXnYzx~*$u71FPPp?)T z_j0eF%;Q&BXjPhEQ{9IT-_)5lf6r>lg-I1$b){EZ%?x0?qlpvJ zEt}1`m7=;*$8hnB#{v>UL#;eZ)smHz2SPRRf73QLTMBMmcv5b~w_IE&DHr0>_Q>9S zUx`?3q|?^6nWz!%aJUlnrT)?4!Nl!*r^iRu4YiY=JY-~U6}GmmsU+3eH=sdV-b|(( z5fTq)Z_ru3*~sSkptmPzXZ=VdW}3MwSXSI#j+#)Ck1w*JQ8yBHO&?pxGR*$`c@rEZ znUGStk@1*YxxzZ(YGf33Vg&!BPeO@=W{(jGPD^%*?D3T#BCq>H?P+iHHfPn4DWLoc z{+{UP##}KWH{*)-Z!^YyW1LT@zg+y9ym+F9@rI!X!-qGShMTPFW7Iq8#ucsO;Y^z( zp1M9ug?plOOD3LoiG2E5>A#{&4qLu?R@>y)-c&j|Cvi2&3GTAk?$Bx2jV3-bHSU~Q znj(2ouvbNpQZ?$NZMm!fX6!*69RqTVO>Ssh2{EhhW zy+j9ji{r!=A-)#UqS)9tJe;|w0o>l9&oJLk%4Pt6bg;zC2~ zFeKRp6TJihBCpkmsPen^Ws?qfFiGpSCl|!I`gQQWJ$+uy-nrzcR%vL+-{~p5 z1vd=?WzixLliKx+Yl_QEcbVKCyRMu0FJ)&>p68ypV^5!5e*TMUA47Sn4>`N^xorPDx9RHQ%?`RZMBQKU)3;OV zwPj_8?$jik%aOlXkz?oc?ebr)Rk@WP*gISF)I&<8GAosJx)U@mbYu52=XyV=eM%)E zeOe?J^}sb;wJUwnA{GkiYvx)%=NBBGT*1yqYzvB%EOHwrO;dYHlGkNWsH-=3 zMOvpf8;5Oan0(EXcFc?NY6VC2e6su;i$?mDT~j+>&!M+Z{%p*v%eD1zE|}G8XnA=l zK!icNqI9=WQeTMRU3f(8l@o2tTsf9>{Ue!v16NW>K8sqtRSvR~nU1cx2fxF`vgOz7 z1N)8WFMdOl@uioXmLjxtBYS@stNPeGcyyIueUv6AL%UeMWCn}S^2koI)aUH5casnktymCan=r|!=sbW)?wv)55CkC zbWwRfE8!`3v|gp%^CF&qoof(-X7N)NMziGqz#4{U+#Sw-F@E}aEu(8c-}02IAi8>M zlUb#kJN-7R_2Ox&Ji+_t+~1Kp_E0Wnzgd<^&aN;S@mH#}KB`o&>&8BL`3p~wURAvrw)>jAAVXEnE^#J_&b zzr{Sms~7$`DnU<*ghpk=+er9Dv0q*L6xYyR#quXpo=XG0mw4)wPiU9^`9o-#>P*u* zieE&kYF%2KA)rka(<+-LWJ}E~?VkeEMXy8Bk<)9yYe?Ac%akOR_KdkcA;VY&4;7WA z?JL#uLvLyBwhUyC%<#O~nZ{dty2z_BC*(UrZ}pl6o&Fx(M{%45wBYPy`b@F{ScmDLOSaL1S?-XLpK-{Esw-^_J74 z6)Ago%AWh{z)k8Bz5KOG_-St_b~LGMy)9Tlq2fpM3BkH1ar1qzSL?JYcBg-;@!9QS zKV}v9#8yX0O7`%l$0>EK!PfbTTimSFN1>C+U0Q_DyHZ|_ojs}YK(35AX!=C`MJMG2 zStEYGgFfVsKWA0-x;^W>_oa~Q#W!cc9W`sc9;@Y@Zl(@h{=|WgdM)C8d!LL=^PJMJ z2+ydie>o?VaoIqTVhp^%r;W~TD!6LXFCy1%+w z;@s+!v&q}i8k^@nLFS!wOD3m`C%@(jcc+*FeeIK3n+v%kIKdprbac*iKCzuTmWerf z9@)E7Uryf7lA%!U;?o>FDH$cB<00_sZpRlv-5tJzyu;Ibfh&?dXIbfd7`|kOPxyQp zm`ECseoMS%Pon?}E-d_!o~v3)ERIq+3>STh-SQ?j9UNz;FaB9o5})@GI8T)>-o)Sk zp)>ncFy%IrJ;vIN>4Y0|Q>}E{iy_0z^U(>5y&_1f{#X1w>F0q@|G(6+u9{Rl2*829fSYK|+yE=@K~e2KRp7?;HPr z#yNX9wi3_ttb47wW?VBaP0@}(J@=G>=7omd!|esiul}>1KJ$-UC}QOlhMXsEVt?9d z`b|H*Y9c>pC7imuqt|B>s645V+BX?PuxXwl*#(v;Tb7tU_L=(18>;;m*OXFU7Vh4= z3GF<6cPVN_Tk_I<9Mhi6_H~ddtG@DGL8%wIDTT(;Zflz1sN;Sd)y})7)f4Yx))hJ0 z>VwLy+9Y%pwFc|as_a!8Sz?!b`H&vUccULf6|?-Z=Pxc>OmB(xu^t4auZA-oosf7u zaFy5{ux%R{38Z(*5LI*&Rp;{#&Ck9-mpa$KM%d+A*Y0;>J8jK`N~2iQkUCD7nISWq z@a$W`D@aMS_VtC3k&`n~Q@=)f#Wgqlud79NsBOX7kNz^t+qCG;363fjbibo@ zSsis#aqxySM#!J*aw>sb-}NQsI1TM@t8f1y)mW$HCvE#6SX3MmcCU}Om4V{;(B`gF zd~qR8paOkzpk(p9blxJW*x{D-`5EG9FRt{}kHzkdz0%iF+_%4CQLB-!rPt0?@USir zibe>=&O4gjVH)q@ee?EndxPf*q+WZK8Ictqqc3soyl{8x ztxm}I-nie@@?NX<8{`0Mc^$((RNIL(@V;1o_bdGUJsCFhz1~Ht0Q>Lvouo0=9nxaX z)79+F*q9wph$eTJ6*^8G2}W(VQ>M)He{He)5TUG2-uy~2E4a7@3uX}~hD^q2e$V&t zdAyny0t%^SBsoxNZn$G4aGEpe*IhNlcgR#p99$9!AG-VP+lxO(Q51`ob_Nz|I-L#M z(g$UQS55Om2c)#N)>4xqT)YctJ~hFg%5fmB_}G?q^C9dOeV6z#8dqG zS7sjPI|V0H$J$Yw#(9PJ40KB=tp*8-v5l1al#@45e>Z)V^t%xCZ`+QCHIzfJ zPYeA=_O>Nq9|dZAh*kp~x7L41(b6Q5&#n5#rU(*hDm__Jq4ZQ@z*SxPP&++qA|J%L zv2`=dBRoVp-71T3MUd6Hm(Af#3fcb2-otAB`$A(*Ll4u{=)-(n#R4Sl?#>-?q8aY5 zsC|vEB)pX8`XPCQ2c6HGD_hQ;RCCz$*~$CwzQ=bfur#-AlRB%#)>AH@tKXlvW;baf zBqFhNti-AnH^{Mjbi{IuYc#iHrOd=?7N2I1nYzAWzBq#Yn=JQvAr<)Iul&8`cb0gr zx<01pJ?@C?+4`82a=7j(5Zid2{G(!Lk}J=GFq4Eyi|*jy_*7C*=(OEt=J$(NOLJ%B zhurnHCe+7Uyhh&~;E7D>J4gw)5m(sH`!NqU$#-$>ZsM5h$1Yn=+aK?!``yGC)s3^B zwq7vKXUA{avnd&HV6mLx%vzW;`&|anUFl$PfMP63ZS%crni60Qprgx97Y2;g0I|## z(0>oW_-bWn3=(qR9=f*$EWr>a6^iAUg6~A^Xcsd##gpcZdbypHDb8!KN1Z2bMbFQ^ zqgif|k&b|OK7fwzBxZgx$Td-`HuUxe~kr|;bK6t zXo_yY=6d~J(qZ|EDC8aPiU@S<8!0?Y_U~uYNm<4vs*o7#(BL2L`Ww zb1Q~TJG+DlEX@@a=bj{C^N=T;%jj~NSTPU?fXN;7WUmnWT(7iGz|UcWx?=jYd7F#&Av z%&g(h-B}E|wZA(@(K*EBnkFQs$gH!bxW&1$3nf%Z&N;1B-7hjSJRtcQ$|FZyacQf7 z(WFG<_WW!ovvZYpE!$Mj-V+7*7g|{J>=1U0B%lE}y^fu}1^N^9 z1D*Aws3dZ)@q5Iw=9oHJ&Cx`dyNfu)DQU$6z3#kDPEmRNDXv2L1~EL*eSz;R50&N) zZH#Lrzf-@l9gJhc7aF@j%_9FPUjKXjuKlNU2X^U@kDhF?729tj|G3C5i&!XYEG$#t ziVV5Mu=TS@GGw|(Q}T|C^a2E8zph{TT#$|>UI{-|rnljXCFAV!*InzPMb}j0^om-Z+=amz?%GebXOddy_Fk)K}wWv|4yDDQbsCZESy;rSO;8g4vrQ|LH@$ z@t2%B?^AK??%nn`zpuXLkXc(FiK#TwYQ$BZ*{(W3$g1SN^C#6<6ARUbtCYNjj6sa@ zzMpZAfq&NHBDT`9h=Bz9tm{~5=O-iX&XndKGzQ>TMuaNnVSfS?>DY-jsR)f5YbQyJ z&Sb#%eyUjzM-J2J@r`!;KIg;0Hh+b032aAhK;x^5h)}xj7s?A6u4HC(PSP&b^`Vso$c(+7r1JWRZPwON6&Oy zK0t<^X4HP_jwHdQExAq=_d81TX}WrmYWATq%a$32&~#nz+F#Kj?z z>s?1Z*#}V-cdx7yl%>s!6XnG8GnF(3W~XN3b{^G~y{qYag;mk{yI6xVoGm{>XSSBK zzP5X7|F_I~tMobKG_fDzSm{PsOmp%%+>V%{G?RKP{NZ=B(xjW%&L`UsgQ_Q{Sm(Vb zu==oR3YiCSYx&=e$~yqOMt>pq=j1OhvwneBbi^X29## zk%{3S?)ms#Nhi-YKGo;qqz07c#Bl9Y!*CR7I}bm$A)`GA%m>;UHNcM;I3`|cyyO0> zRR&|nCe43LOxKc@XMRpPFAPtD-0V>Gh?&A=Z9zvk7?mqeLGEhJ){yM_A9Be!>Qt0Mw7<{Usz7yo>qj!{v0M7+^`+^{ZtFkbit21bgJ8yaaBoqX5LK)-+`(JydCzWyn6f zeeOf5Cx>C;m$?>N`j=9|cUs2#XA0H&G6RLTnLb>W9l)56`0)OjjgFjV;6Y@?T1^TD z*HhUoM+eMO+*cHVgZUxMkGJ80U83_m_8o$JM2bp7KHBeL)_AD%4HZ34RgSJ>@zSzQ zg+s?)^qoCsr0Mx_th-X*9?F*&$>%nE{K9k+9jj_+hLf7)>z&4gnAQzZ9r;b27^h@c zi5n}i!&=olU9B>0we??qgxB5~i7CSPZJp9BnXa1ABXA)h2qyzo`7L+8)bVQCX7<|n z^9n|pna-?yKPtMOidbFZ|Yv{tz2@Y?-BhSE#sZ$thog<55ep9FR_ zh1jIL0|tNKZ~q0Gp8Q%|=FCWnE<`eP{#5xwqoGG6Id}fBIUdU_d## z*8II@34!?A+wb-6t#$W@E&q9(+u6>pL14b5sTaB$Vl!OS_^JH9cgk4$aos!`k|2SD z@VuRQ{?nb4xZ}cg6YALVkjK5={omvb!2JpDnsfN{(=;qjUBshFIJ6Pf-Bg<-Ts z=w%R2BVu>6elCd_zC&dlGNqiAhDqFEVwZKdI_P4F*bR=IV=?d(0C&ugb@=s4R2ZE0 z1U;#=L)_th24;E8e9=eICpW&d2+y<^^Y^O6X%~^@@WfX?G4(Ql*2hDRDxOeP2P?!Ryt;0-k$x!HsnQ_5P$9}%5ZJSk5u-=UUe zYj0PQ{HfG!K}C;qr3y58e5*|2MK82Ub)Wp>WcT? zIT;Mkf4lUYr~iwPLzgYH>s|B|W$XvZbyJk;E`3?(kWum=T=){3KD}TeeZRRZrCndi zWs;q#fQxeWxE3yy;Jv$_9||e7b=;0`a=#0B#`F`0bci;MrU}&OehH}++7#XE;&IAZ zk=KmCd8ethVz#e(ot>fbkoN5`S*;Rp(37p6QkZ&AGLgim$!WMVcGdBYtu8-nXq#;>Sg^OqAMns55BhDiu88TeO){o z7M)c_rZ}FgtWU;Zyw-$fw!JY~#92n(*D5UI@BNICC+3d$2d&iWhxuwyz!k7}kfTr9 zSy)(ZwBSzT^}_E3a^lns{G=a7D+t`3{-n(wF09H30Y^N3(E};aBzfvTtaEYH~RKmElk~ zg57az5TcmZ0_~k)$6GPklDAtdAp~OJ&eS%di|PQGW=D>$_TZ2ncjT(-9o&#^RXw_T zfb;aNt}ArB2pYJY#gx;@>CKBRW)tIYOf`W@PG=XRq`pfO3PSKy%b8qWCeiZg>b%?i zHxVdbve50&F7Hf4sD4RiwJnHHos<$a9J!FJM$gf{wAHSR%zw zbbaKv%%XM`Ucj?^;&VqD=eaD7WciRwP?ODb2c6|^$>#bEwy0Xcn~K5J^1B1`rj9~v z`$N_B{Lv-)PNJ8QDL>l9<1 zimYOm>wAF)J-@Z&(kcMhdF z-ahiZufhL0cd#roe0#n&Rmo@tZt6Omu-Q~LEqpZnbeSXkm%3yXQy zyt6&A=$;1m)qJ3n{N_nAyC%ofG&WlSXf_C^NB;U)EXVZEC+2NSc7RilVpb2 zuPchLRU=QJe+>pg%)+E&LW#7;-lTn{EI5gz7zXhe?-qy zQ&%V`wct^FBv%*?#*zToV7M!}G5}nY)RN`bcoB5CA$StblHb|3YUAaGa33~Xa2Yj> zCI%?xjotG0_YsI$Vazq5tV}!(F9^~jHN0?HLI)6#JEaQw^B=y|(z|<15dhfNSFSks z?nS=eqy8lCvNn_eHMf7Sg$GRJbjfGeE%D*J?XbHP&JD~9slY1NPiWvK3LHu4z#*nu zW;H$!bX^*mYN;D{f*vvBHygWqbLGlWlKP@&Dan%lETS-FV`E6h3wtRk#kO=AGOobV^P#T&?=4i$9~iNW8WD zN31e7%T`N_r9#c`g@*`xa}38hyC`o`v8A z+vbmob$hxT)m=Tp*Jd?h{UsF`;h9Gl>ni9ntNePbm}Jrc|F($=?4*l{>S=R zYsuV*V7CS8477l^Uf8WazQysUE3vc_W zxI9I5W)j&)X^rDoSK_^jSbJKV&i9D%;=W&F)l5k?JC-l!!{?pH>q#(h&G=xl?%;6C z1v6gAkF-38R=d)nG3H@-+Up(ShB2Qp*#&3%STXf{<61G<+x{0-$tUx?i3vzQ;XZK* z7Rh>P5c&I7!*iVvSx#!-O!Dl6Djf>?jsp{4hy)$H()d0(ZZi7ip_FWV6#gV8Q(e%^ zI2c&DAyMHMe|UKLBGkg~KLce4+eN;y#)SB5t*NAP2|0Cu*krGL(BcF?; z%FiB!fmYj9C(`S}L+oLFC5d5mEro?2TGI(nWduB5l$toZt|ZYk`-$r`K4t744hiK$ zpLMIsxkTlYRlAms|J_2N%j%<psyk7q~;`Y3>e|V^_rx(+G z1oK(KqjuMLKP@a|rHVjCQbXn8^R41)T#MUJl2bSQk{U=X7_X2IKlDs=<@>sm$}LXP z-!Etrp5kb1|MKmHt~J%S@a^ksK{-=WOtlHE%vLEH_@Qc#YO!L?57pl4S}rthOK-KT z7Y}9{T{BZ12!bdl;1D_0XQb^}tn#5fXv)Qy6WQIK={g!JKlHPVm^68H9(!_B3>q1& zY=6qJ*Y*U(a8oj5c%W!=d*YrNxsBx9o3C3AOpYW%-Lnq2-D51d4|JNCI+``d7(b7{ zqDY$~))8A0*{uAUw)>*aY@;e!87*Y}*}byLj6gq0PO3v%4@WE<>gmh4HVJtDW8WLGD0(Qi63CMpWcu&4_f zewq5IEy2Cu!R6;br_6O6*)fAeII(;VNkAZ``=MHLtj;5z`Cgs^ummQ<^d-NqFbq}^ zhP5!n3OK9%I)*7yeN#>E9QyayTPWK`Mk)qZjG|94hKm@ptMpr@%tRd8 z{ndH-UoMr-Yr}Q?o(}o0-!dgkrP>!KYuf49<<*Vonm(YYTlz4O@?BzH2txCo>HZ`! z;^l3@ozJQm5y3>NIP$|(c~Dqe*5IQmySyLoS`=^3K=0<%GpV+=?(Q@o$yC$TC8?+) zo%BnO3D*IW9}(-d9h%MJ*@cY+ozwdNiW7XxyeyQRpvk~ zm{BfB@D1vNJrM!-ov(@{c-JM?wgQ3`q(9DhfIbr#y^}{Qd9f0oKfpbTqTl@f&8s2D zBHHHOTq#zP($u?)SM;z9%0=H_rf+WNMuEBj#1*-{cS3& z5A-1rH0WtuXW4G;tJhy!>*`b0x6O12*V56sFVrC~?fm`6&m0#koqf4Bdx5U*^tZ&! zE!5RT3?n1>!T}QjS;4uviiJt+Q7NphceBItl!vtxP4HEZ#vx?f`9$GB)B@sh!NJ(itO%p^L|7$JMyc}@sA&! zwT`CVnB33k(!C_~RY;7rcJ<{o9x}hPi>smwA1(yvbG6DSi%cORLc_>3Bd4=X`j?r0 zXbDwXTogwI@5~KJ9UU`I-u)7Mbw};~+0DDjZhOi+^Uy|<2I>7i;Im_7V)7;7Hj{wX z+@Z^4Ew?Zm1U`mGTu{ONQIr*p-jZV^^StxJ)q26sx;@;nQYPiOikw?>h-ZH9@MvugGZZwI!rplRdK8Zp;K|%sLHv6hlVjmHCXA)`4OE2iW?8ut>xyX3L zJHIX~iS6?8;}cUYd*=2k%?Zzo{w3N6)qBoSY^g5Td=0ROTbSwx=yM736^#!BE{w;M z+j~EXE)okRw)YYfopjs8BImRBfiXd{nS%lo5T73hi(#F;EE&zlw@Lz=55S?=gzD(7g7b&Y( zk_(Ix3FcpL&CikD2!yq>LLCS)A|O@fY%$(UR8SZi*_ANq`ayhTAET%&MBRas@G`3* zvOkicf^gVgUS9Sv4f+7OgPCZ=xfg*j+P%HAGhFV{*|Qs>NRyhrZoGVM%51M9I5yzP z14(%EW=z`mqIC{S1P*Hxu~w6{ieRTtmEXsYr0&1#(ZZvmq``CY!Z$lz@FSuNe@JP& zi|AJGHO;J4pTxjob3&eI+e7mca*2SyjEaGQVI5(sUI1MJrABA3^Z%j2wer|Bn1|yv zKbj9Lo5>D7_yne8Eqp69eDdsBzKtLcPxR_|6@wSX*+Vy@tF4Fz&7rTtQO|hO-kz6B z4aLXs>fWw$S_}P1dKdXV{7DVKckPApl*%~0>4Z%@Cpb|~X*@J!40?cB#oz`WnT ze_vw#Q|wfFnEyTq4Z8f;?G3qFv?DDu>=~ADq@V|Gx5CLwIG7N8*~s#I?ZVeEGD*r| zX*d;n@ksdW8DVT%04PmUn1lGAN4wF4=k(~rna$&FXorznbQ7!!{{qBW%$ixfURMZB zKz8x3T@!~zaKUhA5}0Hs)ys4CjA{14UqtKZS)c7XMSP)!@1;e9m|Vjh86E8hUp7?^ zqyhO&CR8|oI)ka37kz%6ZHOnWD-@E{o*cWH0UH?jQ+>Jj%Y1z1;U=cRDrHk&pS_af zWtgREFwd1hovP+@Q}AZ(*I{Wr!Y2p{E-UD=mB64J=Yu<5Q(evVy5;Z9O7%>YAG;DR zaaX;_*C$9DIWBepSieF<2m{ZOfjTWLccm_SHaRJY@y;DBjO%Ad;g5R}O_1L}6obz1 z=b;p-U}9W4V*{lgWjKYob7nCAc5MbKDu{8x@dKQWuR zM%R(HJt3oeEhRnV}l8x6k&;_{VI<;;7N=`?|&li5JOh z4}8=%HLzV2g`?C81K`*=0^o3glUW9aBE#_W<>k(9-cwmu;Qg_fVB6ajD>?~*U+Ml2 z9Fn?)>gTz;ACgOUr##gPgOFDT(qbRL#Zpd8Ow`ELP-fQ+Z9WR;zHJBu|*fHsM|&F_(!vEFIj$Sf32rnRa9^4uG28bbE1# z>v1Ex%ieD)%aI~U=6_{ptdZFMmuoK|z>A$R*%zo?f+OYA@zhhfP9N$Ot?1Ow+N82{ zAXy?zALs=cWD*dF0a`9);2%tITp5ML+~0?*uM?f}?@3^IO61rrZ%YYVM}rm0GY?dq z48p>~KsHXWGE)3jKu|DMCi3hhOsKP~qWMs}pye_*C*b?Jja^X>fJh&;=6S!^u)F4Uj2lfXr zb7>wphD)5*^v#B{uCI(&MM3pXhFk>mf9<5%EQLK(i4g2$X5XXdS-EmJNJm;hMHmN* zWWu7of`|4J1`kQ2VUs1eAMW&l4U)~&2#t@Ahsv=teL@pmh3q%rneIXYp>BH1+<9n# ziOx09WV%W`%>330k47W~_5vw2fe_&>(41vLQgbj-91WPv$$(WYa5wqv(ZX??c+p~I zW>UVlKH*wDES_FLIe4P2Zbq!@`?Q-F6v<^!Bzz8wy>BjG%YcEV(?5SwNrs+DxB>^q zZZx+;+>`9pZKv~4oNhdam`~ zO70Y(rnW6+;VwoV>^7J~4+wr3+1M24T%@E>Yc|?h{wFurBnk_U`Y5)V z14zRZ=xM-Y#PU1Q-~a9rrp^eh@X<0LJ7wSgTH|Ie+X{cZ6-y?X{9sPoE3G|U_0!Lu zqrwL?yA-sFu6@m?#Ko1AmR1Kmr*&vZGkoOxcXey)TUcZ~z0?Av%tIjN%sYBL; zELb;qnrtgNnrIP7yq%vv?*%Bz6e!E5S5_2-kG8Ij*SdcU(nY)skU*L-GOyxZ#hwIV zDET$&Yplqotr3HtG~RVKnBAk-HGnhvR zNK{;0D!aG$_MUHSZvNK;p4_y#TZ8t1=W$m{1mdp}nIkDAX#Pm2laEvpeYGflBdl#6 z%B#4Zc9RJiBf1tu0@H>?cgm_8(?zZivl6E#0mNVX66gySt(=52)r~hZJ*{%Mv%PTvzJ`ZCH(Q@$Begc zhf&keAkd8(ZO@tcif*fG$$8J=8JGGAO)y=f>oF{+Q>6a_H+WOxmZK#hoU+Kq!xD+m zRmX03ee=B8nQ&Nuc+`g1WgHWlAx6t^TAR=)Hdf5iDW>0E9sh_;A;74)adr#+iOUIp zk!`h9qajC~1%~tlrq^VE5uKi$l^RG>Og0@z3#qE&-(DUGgHcp0|GHk7es-O@7^nVs zAv3Mc)G^Et?Q5a*P=JsEH(xQ9F9J%I6xV8YDHP)bbTGL8e%@uhcO0HKrEHu^)8D3= zT?fT$h#lIQAPkK+KnR&7k&*QO`J6X)y|*_pWHaB?AKGqQ50A*dL9IW9JRh5k zBlZEfDLHoTFdccY%IVpE$;Cxq8tV4Wy8`cSE(@2HMVS9VwuwntZj8iZqm5zeos}RL*K#=e3;?fV=Vj;I|g1N%$?D-W6 ztsP2I2Xoxoxr%U(CXeQ@jf@D8O?ZvRj}RQFjnXA)axMrdjQ&URU8rTO<04 z1e}I59pzn!{YJ!wSSnE0RfEfOwd3|YyuH>1e&jFsa~+dv{$pYC@R`Orc=-2KX|I23 z;S+VwQ$UkAu|46bCsIgostaLrG9Q-v-kv`dgjt=}r*{MN35It$+ITDGf#JldOgTVV zDtJhfTyA^TW+O#(p!8rm6XIj?xopAs4n!2;&uwcq+uqv&7kynj&zANU91hSnnSg0e zPfttC^~9%F3k>;K01g8*_OAbG>Q0Goo^e(WeXG=v3U3xiGw}lU>K3XYXIHazLMV!MclpwQ9Ms#seWG;c$Ys0R8lMdi`eyLazmpriM)971x15x^*< zvVUi1MK$i2p z|LSC&vhbhZ7ix|VmbMnN^W_r1+<+K^hLV!fY^9>1lYl1Qit(N!|MH zE}@aWzCNGnEHDs?uKH+nO#Au(yq1yh`L|BeOu)mBRHSSX_wWJo71x_Kk-g+Tp}w|lrMI1>Q) zDT)a7ePrvw2SyYzk`Kts%WG0HgooXNSwloMbHL=Hk*-7@y9C54DVML&s~8*8^Ma)T z?ZZS%`=<8KhWvUQOjk!d!TF7u4txrVys+jZ$#*6&U6=1GBzUB49UX5vzW6ID9|i@I zn&vFpv`}^X#GE|#pOwv&oW#Y99WghgDa-a@jnpDDnj9NGM`~yc}QqzlARzh zJDZxCHp#K@@)Cn5%5lKX&aS-n460nvsm1j4$WR_O`ryJy>ilLw_;55IbePTUGSJ%9 zC8?|X0qO^0`EO7Qy!b-|l)qYs?7;nfayWSs91)?({69d=>m8`wPn(K<*2VO+nCfH* z&E3<8-(=w|vU8X&E{m7m=B<0&RLi0jhGSmvYE!4s;uH(*tVypv5rj9F(6A8J7J*5L z;@+5v;OO?I$cAy{J^TJC09XnLM`3c)h$$=}BtG82ciAT}kiJ4s2_gt+O#`I5A8K+k z6B0xOj#mJ4)u?i`tm*jf>qACH)><#>BpeCAN;9tQupblu|1UvNscRXSoxG_Z_quhw zUP(OeL$2S*ueF~kA!*#x|702dx5%N|tue8)mdc0Tuz`3u1!giX>a77mA_AdfT;~JU zix?QxFG+Y)F9GDE7f1My$Zg}!1aQIMb?*Yu(Kay=*X&O$9(D6U5`+x>0CJhmcD_%2 zeCu40}Or3x+}wX*C4W+kVjJCg7&x zlaR=9aBv{~y8jybrq4s7GYL=4c;~+y+qvGac#eY@Q*xPM=DTKtJ_v_>X6Tu3`iS-O zxaxIT9&vMDS2?Y|V>_hV<%y9MA@TwuXgf+(lLd~n@R%3{xl}cA@OAhz2hR-0E#n*A z33I0137f}u@PJE_;4wD(UgNT#R{?uOaIP16kvP>D@zpX;jURYujlC51k9_&pgb}kX z1Yrh)Qj83YQQHEZch!dvZ?H%GRj*IS-q5W&k78Gv`SPE+m6YICfwG0FHB z$|RUFdx$D1Y2WL78b*u)fZ+-l6B8Acs9(yNLLs`m=j2=E7|b(-=Olb)-TA=p_E;(X z3VcaAh~fqJp8-I6EN4$ttQ3_~!NY8b_WkH<_>Z#yE+E3)hl?9PA*fqTAJ&GBg68|z zy+>;locE3_uljxJ!j=LA0$>fJB`WDB`Cbz!bksfY1=|1Og(s`GB(bL70%D_SYMN6^;Vq9yPT~ zsJe*U&`D_2m9yOW8x?!|lJ0F76r%S0c{#LhAcpo)^keE(arO_Qgxw-fPn~hTkpHg`m7j06CpqrS zd}qQYt~or=urGL9fSIX;=#I==)F z&v!V07Q6B)y4B)f<`g#s=qNJuVIg9P|Mjbbo{cl#agAoO51yPwJbY*87f$`x-&sYd|(-52k^ii%IU{e1=?IBkm;kX!EQ5g|PQfxRBGQ3yN3e-a2OYdM> z88X~Hz{8XgP$(hc2BIHuadUM`{Q!QVi};IMrxBHBuE2+A@Xpj)o%vO|2%ZnU9f(O7 zEPkr&ahopytgiM7Cf4`&1p7gF14D?JThx=lcNM9V6eq z`F#Cfu&V+GZdCc)b+t6+VE%pUi-3R=Wy8y0s&5EjIyrXZ_4Ticii-YoVXkrbx$09H z;p4N}oJpe@tndGdu{KFq_u5?v57&Z@`lwSdxKNkYcS;CY{XPgdbI#1p;-LTxgl{=f z{eA*Qck0%?sQHiFPbE3Vj3$!}Ve-YlLT*V7+>#&|1s)RZbSH7m_gkrD{`jtH@Nm>-hLS9yp|T{6U)_7(b!| zAskNSFl?52OnavP)H(IuMOMr)IpZLKd8ztiv>NEV+}c`Dr=~6{EKGztKR}us9n%1b zlYI=}FPt={A@LU>`*UYOQBC+a(cR6>WSDym<5*F^tb`IH5I_8p@w6WN@RBh8RGv%2 zpW_^W;mCx^jkIBHAf2irA}{M*uVYBc4xRn}ErK6u1dQDSZGp=cw7iXPk;`^TZaD!d z3xazq1{UhH0|$uJx#RGi#*@QX|LFhB&*fQc zHfQOU|MA^y-ua2MD?4Nz%yXvBF#O+n2JD?IR9u1{2aDK%PI zk$k8cSB8;Zc?_vD{n;P8`zGGuw6}4>FEn4JixUm<_fHXjiyaabMaXS6_RS=?9AcFS zjlbDPbp?F6-l_4Z%PvoDP!r<<82vsjoAh(XIAXPYAP@)Wlnx>qYU;(W`SBWm!^c|$ zw$Rr?kupOP?&$-6^=CF}nCT3pFN6C4D6ZOLH20rhyj)J=|LRDC(A${&b95Dm&SWB` z9XSi&;HYpS#>nVu&b}=t;JG?8V`M*B!3VxMo#vTvHQFH-x}! zji^#n*ff7!kcfQUQn^1Tz@i4TN|?ZS2IzjWfXVNO&x9bq;AmJD{H8`kYYi%9;&$%H> z)G&d?eg9-BKk2?3yH^JIH+ahs>83*zB=?Uy|978RZ47GNcoDB37{|mRvg2~yv4F8~ zcrd)SA6gk{{xN3AZO-fkWiKruq2lHy;0_rO1a(BRpbtNzAeQ42Dym#!(%98NKY3+k z_NVgx>QIvk)Lh|laY~Mkj-eeaeo$ZXpP-W`9*I@wic=wo`&*F%-+;jF*~PlT6zRZ@ z&u=40X8`QiC^Z|}xN|06$U2;*Ktlv7U3IVv?iB3-oE!jeIVC0fRJBYh*W>*;C|bM8 z7$H~baUxVvQ4yj*&+^O;GZa<6S@Ukx5L`3+|YqBiUzU9~&PJ(9)8h zxi0zt4uG7N$DIYP%*f9C&&r#Ba1RL01=fH6W?X+p=R0*gYM$Q*tb8Ik6aqKkao5*$ z9Fg43sj>xJIR^p)56HwJ9`>IjC`|a9Z$^IM*bYt)hlI-qCfrd=swrHy0S_4R*`c1E z;+d_dXY+qv!T$zwH2&`xPqb@KaUf*&Ai=ueMW_$-%EB-it5&J?5JnK{X8ld*A*(sP zi62J>Z@W1`NJrfE3sJ18eznZb+HUGV7h_r+6bK}NK1f~KN#iq*W{O<#M@8{F_ z-i?iqR|drDRMq_RBRL;hifyP2Glc}V8tq>LkG$)NtObyZB&zfR=3_cp>pqwudLj0P z4a>c}a4{@(ZE&CAQH6LU|!E-HzYZ75NLIUo=7&bF(% zr5z-@KqMn%b%+{bw%9UZkl--MhN+?qrzZs|sXS!T5kQ5IT|Wif?RO_h$;qG}WIjXm zfk0HKGmu11fN|=vJ~GefYTfoZ5y-HqKa;)jm0BjN7D>|(7}2L1%C@$gbaZsYipABI zTnqt41wR2ivS0qj;kg0&styHAXb zNseMuS2$GHzfV6c6+C7y6;~UUci$+=h?-Ri+0cn`%z*hs@^$hOX?2R=86o94o@>7# z7mH+Jlw$de3KaVL`x)uzyjCY_vcD=N=DgYYtl~=br;K(jGT1|$4}>bSpddI-$UW=c zi`~@+?X9ghD)g)h#{J&CONRWO8n6oJJA-b5q*oB=+1z_C7W(Nhu(8v?#uAgeX_hH3 z9tURfNj`D*XwitJE(&zhrF(dM4VhvM?%B6e^C~h5%g8Ar>bG2QLNs z20*vA(vTU+kWrl~?h$GLwd63(#Kbgp!h(-Mz7Np)Iy8D4LXZ!{ac}g=;iNvpkrh6y zKko*0w0s*tbNI%~>nAXpp`aj&N*D@&-Q3&|j`f;_k41fC{A{JTw;n*@R|Bl!DhY|- z-HGQHcGo7qhO{&`e(vhR;(U(@Q-AtHTAG?3bw+c{kCw6^oC?sIOin6%xO_Y3K@|be zA${GixdSPU=5m`~y%3vp#_+0_Joo`gGM*QI%J<3~PAzOF$jNRe-hkCQpvj%W@8OR^9<2=R$Qp+`&cwF#*`% z-&*>LQ+Irjtt14BpXE3=e-aO9KOxoT+w*Iz!jA9G*2;H6h#JLU9I*A???+hsAb?b1 zZ7Ovy+*49h7rN3_A|dzKYc8*#fLRU80?OFN#>V*+s_@i+04%@)Jt1m}tqylY#PYn{ z#3b%5&Ga0)_+bqG`IB>?1b!|q`ay;3Qp9Ar&4qL4&OHb89_x6buMhVcy@CkTX05lg zT&jGO z|ENh|Y~-kk5|pN6!EOG%x!C|Rv+X$H#kUS6YspZh{Cp|54CT*#24qo7OYfk{<{>0P zfB*jdIfmDctG%zM2L~#fB*9bpxw;y7?gHu!dU~lf>0J;-YbU1`mi+41QTi^I!MAz? zb$GY+Y?zp!08i{|`BR8KkiCV?aGG>arz$QH)M7Um zw=7C^P-1-7Z}C)Nh&NSDXK^K1EffDcs{CSXq2oMMeM>FTCLHW&tFd=whKVc;cbv!x zz4EAINn5<|aKEgre=StS>Y!HfJg5z6kjPtb0Roo5MSJ|7myho;;JiR8doxQb*Dof9 zEVk(P`g%Pa1;S6E5X*NR@;uKsrZ1yt9{t|f_yWNHEf}KjPsDNl&Ye5j#l~2ioSdL5 zAPtUFeXy7v&1**ww3FxFD|kcg&M&ye<&cg7jrL<^CY8e{?Klu)Wde4I2)x98hSR51u1%pdL5eWFRS-5Xzk%E$v z6r^bE7o%?7AR#Bmf^tMwz4EJod%p?_0ypS+f_h}?$RtO)(mA@NHT38#_2F=3^VCLc zq-L?HFBNv3^r$7A5|I4YA3uKFD`aA2Z49B2E`ZpDOyK!dl;4p3e*}{ZQ8bbb!8|sB z-n<1BJ_yMUa)CfcT?S1CSgiQXsCUV)UoLu?LxoQh1-##TgnVjktdM6NJvW?g7QXmEhNtpfDdkaQ4>0ZE`e*~ z1tJNi9?{xv;Kq{dA3^YQ>&2hv)nMkWZEf-3wT~bFfc-;E!^^B!zJYyKP*CwY>$gBZT0~D?6J7 z2!#|;KD(~fpb-)hj#WBbLHP}MN{LCI7^^vocF_~xJtv@TfkH>0k>aNpP@sy=`p4&U z-$qB1?&a(AIB(FFyax_a5OJF0qrG**>ciD4@P)Mj%HVTc_JRFKgx{O*PkpCdc5VpW z0#5Um)2iP3=)v}qYK@D-She%Dmu8mgiohMYB`L&OtRZU_pJ%cbHW%sp`b z3ZUc>C9X z)!O_*eeLPV0YMQoY5amchV8hF7)iiuL^CyjqL`w-zJAKCyREGrK-~3i{xy?tz-x1a zlV7t#B6KiMgRBx-`d8M$(Y0P2WGb(y@O6-^Qv6gRh$>f?dpo`R+-JY*EONQzp;;5e z=5KeFM?CdwTpmp|`l>KTw03k1WP}~=uC;)N!Il*T8_Aum6lq)o=%a8SaJ^#0_kf=B zS@TiLgOED*k)jGpMnY`lfI-&uxt1jmq7Ku z0Y4@gXwnf~{m|T;<56<%NP0K~~)obnwH5p9g}EDhS_f4x$VKEH4T2LqyzW_yF~Kf_3rR zWddHnIuA;uaMYT}eQ$DpO9 zy#ci3NFNMT{CWHMphNh19>sBO0;@tV@TMyet5h%3qfPZ#46QVpk zsA|;;Q8srRgw~265^lN99~r92{>O&xXkKEk;sjm4G&NlUlgh}-D$x@s*arh*_V)HZ zx3ygc1mg=3efQP4IzcoF4>A+G~kQ8A|xk{}4{Fo(^Q#PrO}Ih2i! zjjPwMd%?sYeen}`!Brw69}u_%xT^@YGn|Vbn6Sc-&W?_TrTn@;pfMD+xOh&pVPRpx z7s{>h(bvK(CFaQ+&M1-$pzz{ILqE{h@rKg7+P4cB1JiW zpbAu~gOir_A~3M9YLY?%&>J$7*P&v<8;n=fYk+sKC@3fjii;aS{F=6YO--qkSv|0+ z_=zaHf=A-eOG!B;XxQv8s-c0894^Q|6)P*Ijg1Y824yDrw8=2$(%QkH3Fv1ShS^?0 zlO@b?@xOXPu=oqAm@uiuAVc;Wko;fp0ZIS^0 z>(25yls{Vo%0#@jw4tG)66E=H$9w=)zin-m0hMKYz~v&8{pib)gA4Sg84_b z0LsrXB;LTmP+)kShdK&zsJOz#!#fWaY46~`Ec`A0nv_jkS>jWx#c@Q1AbV9H^xWAw z5rh!&qH=VK+jEqNvT(S~hcDtjf}NdGs|E~^hM5@yihJiLYWR`q^T;Ov+>jKeqN4H= zbbAtr2no#}xYuvqzJ06h1P(I7h-@Md1e=fmCJW)QhUnPuf=bp(Z!ncOY??4! zwEiiVr#a+iy$R=#Ge)`EA)gTjN$f^xO7}P5s{Md!cAy|uFI+Sd6MH@4fG3hU)B$EC z8MJ-UK-$r&W{TSju%J_RceN;?^8(R?0zd{ucYH_Z;DO8jOjI9~fVDp1w3w`Y@awxq zvJ@7VNiPcMQY3zWW7A|gX{GLR+*wIOs^E<0|1^F#4w<)VSB4Gq>0c+3JuXvK>yG+@*3akPC8YJ@I8>@;j$2|lJj2<}gKPUI>&?VaWf%^(n3N?Wf+f*H8?9npDcPRt4-fsZ$ zcaY#8e8}kAPXmXh2XtfY-$j-~H3<>&-?j2&wXF_bzj&0z-F;(eeGvdw^7S?gdw^0;-i9da&qJya-GDIW*E4-`8d7w zii%>J(;VZ?3e^S8cLB;<;lq`ZlJo8z{r3qy6KsSOMA5!Y zMG*aq0&M`2Hs>Eki|W5K$Faw$?f}z4n2bPXR8*8np&eiO@0nw*S$jELivN9~n6tEvcpu~hzhYc5yu|ID)>}LV^s@i{%5L3+HTPpM| zZEb^584l<0K!=3sjLJv}NxSU{7Kv=wz_ac^p)%G8-;yOki0>gU_5$<${Q0xW^F~}; z`ny{kn;9$4{Vd2(1L}d42~?_vqht1uh&jRfWx}3NEqnz8sO;%kLF)|Y07*>zei}Me z=grp#hlg_jKANO_m*2XTA1ho92fn+Pmkc?%>gnl)c3G?F+dpvsP*{t-p_h4I4PaXf zoATZJ_qUpxHykfx;e4P*WneHSzPb;uzAYlnb@t~E88DnOupShonq2bCv{=)Y80Zg3ul543-ktQuVV<@6`ScpMYP z<5s@g*Wu1{)FTEE-^$C&)A1Gp@Iya*FUSC&&w?@sUn=ZW!nTvFsD}j2ED+wgkUzaA znzcMI+7A~S0M)#RoZJ!^7#MuX_>0vUoW8fPyStlCL!iL-g8Ye%D}UY$;#yWb}rty=eQ|!wjuwahESI#G?xat~$8P_%%8N zghBO{rsw!NBsIQz#Sd+OihT0qiPhxk=Q&1Ck{VD8Ws4@ZhiPy>0$$Sc z5g1kzIA415BR7RdaAIMRp%n;&VQ8LX(Ix{*Q})&54MDuEY;RwJw$hSA0fmLKb68o! z8iWGf(9{quf99KIlwlx|kEO1zp%L1kzCy`6L*}HI{5zz2e#J{T&r}s^njd}4yoYXq zH^cFAnm2#VG1l#bpnz9cnD~wG$jT%Y|K7enW-TqP&u@wsg2A(EN;LZXa zwE%WZ%C(xxi#OUs?%j9S%lg!kSDO3x@5dAFMRS+6VFBYqW8#L`G=uMZI(r8PLnz(= zv{596k}8N>cs{DKf}d>&-01jU@K^`zi%n)y=DCGo3F_j+sZ*MH7G<~)KYU=g+^W^9 z{Xz^NeWNPq2V5e(;9~&&nHkv1=aI1OK5xTPmWK5v7^=ix6eo<|!hwGf zP|?*T1QtyhR8@gh^?VBawl8irdu*l398G1`Y{|&K+?~Pa(_%Y!uAm@~RQNoLhoO_B zm$4zSHJ9hfrbmc#i=k;nJmeo%gN$vEL7@tyrth9iby#X^{z>Tl=>r-HD}@&uKWvTEW8O-Q36|64&u6x+2N&v)qXUjd1+<@%*BqYMgtw8mL1#efN^s(+66X zv!r#kUo-o7eXDa6()pDGib%p@ynG67gT8pqaT(oAL0uw9huD6i07?kLQ0g&~9D)Jn z*%%#nZNfF<=NM#ro=ilmq+5~tUOa@EOo_WVvrAI2%ygv)>8qMAz{(_$uBY< zpPL!-_f$;&b&%P(XZ4792^f>1*=&5d5MteX#F^B3(!hE;c*im9yl=F=E;_~!a}fcS zfPer3kxQ2@1>9fMa|ck2cnsceao4Ve0v1^!nE*xypxnS}7=z{08qHd}?$Y8HE4`4n zdO^5h+gKr@oN#gB>$wLkzH;Nnzqy&Pt-?Ol*R{2^sjw9Nz-brNGbi6YncJ+*&)NaL z!4L7*Fm<%4=-B?q^NEld_aS7^>6%rKm@{V1A3l88Dq1a>YpI;00OB?;;y57f_A}#i zaL}3xYUV2EgbJ{TL=ZyRN%$TuT&sgi>hB_XSedQt*oFbMD2?~HX@;BS-O4or{I3k+ z5@J-?l}R0s-{buFhMZFvsGC?XCEP6bW7VQ;2UlM%@IOAlzCjH=2O$631*`ZBM))E^ zLMqlIdNV`fiXCn*J@3rdUM66m+s&VzH8$3QTWSKadh7OWW`nsGNiPD#m$OjD18E`S zV99+=7xp$qYk9MCAOF;i{}_(3i5zNln#VjqPTdp6KYUc zSDEtn9$G_oiouuZJitnHc&zf4J1?{LuKnCmzydSy)veCU%?}=|PRmslME!xV^t|>w z3)|PaHHntsmIQDUnVFeSpv&{Q=kbc)zkgFz0AyMfl?hr2pVI`zID)kO9G*Sr684k{ z%_Qjf)XOs%TA|wND#oV?cgDob2~;&qIc;6(H`lH;gYUzO_+zJhqVMY6x^>GEMde^e zL8_*$X$B8O&HTep5r{UTY(ueuz*b+O zAZL?DwB^B%QOqc38i%oXG9yE2s;kdguyA4X1Ls4IUH7?+()BbTyTrABZ8vi!7!62q zsjybH*x^Clp2FI+*X`F{F2@QKz&=dtC#-o&#rl4yoleD<`>5?(-TelX=)RN)Zq zx7Y<^=3vEL&uK)K$U^QFN)e!*#6(1x5c4cFH8ttjY#{pPt999S)2(O!OcbdxWQSOi ziX--!+`Ti}HAnfU98;D}$NKf_1t-l&D=74Vz!jWsfTA18SA#7Nu^dmbamUm$D$>EAT7T`W?Bm>$ zl(hl~sCH|Qw?ATBDg;OmT?fJ>8d0BP^?gOEIM%_taG^hrGe+oUCdx%pi-9wTTomwLaxbOi6?dC$HB%IFWMyL4nvz; z?dv2Yc4e=@cJx5qV{m8RI@+S1(_^;}4_TBCJ3C*9j^-us4l3j7 z4lg;nI*@t8>gnA;gr%jWs9Pmj6Bm3L1LKbHneX^|6QD^*Rtr0s$!A6DMGm0%00v}aP{V;b`k0s#S ztxjy1oXL0lw1)@|c*J>!pW=6_c3fED{gnw)!sysoBJqg`6s!$r%DPtS{P@?t2)Xq! zMXJfli0p_g(b3VqF#qttXCd!1Q&@QlS?!EnPx%hIS!i{1bakadb0;Vqg4R!{?v^4+ zZLjQZ$vw`O1LY9!SFawvshYg;z{h}I?VzFfQ*%5p zB+Moy{v-C9(a-hsY)tS-WgbHZqxo3Z*Wu7{)X&k^uZMw$qelU-R|68D0H)vPi91(- zqf#?)6d~mZjRyUT=QblSbrsIF+kfa27?LGm2LhDe#ekX9nmoHydisBsXl^{CNk7y6A+6mL?KPd8nYx_7OW_I9X!SV&& zyLazlkB(v_#dGv_sh5U=PNNvzDpfVLE#F6m6kkq38gLao6YS^$`GB6J)_ednRFn4|7k)GjW7o2h1 z5ii;;y_T(5u_5;dZ@1~B+%zcFKF$oVIvdy86*re-i5=$&fqrCpdbWtnvi0QI z6WDonJC=V{hh)%DJwhST`yl@!htU?%NY{(Ew6^w#ohKRmrDsnOXmcyb=uvsSil!6q zsHKeqMKDb8U~7)q{->;yW%Wo?eyORcn%lC5J(Br$FPs`7>C3>y<;c9u zjr0`6Qmw(3+|q(((nILmyU%3Yg{Q_+1s+!$R`}116miqXNLr@Yv z)Qb9oB5l0F+@EH7|I9Tiar<Nm81P=o}R^x5jd$p8JordXEAGF;fB2eJ$&**Y}-n$oqW<>u8vOXo(cw z2fJ!5P{>6f{;4VG!+gP1|5%XKBldaC$rC4d54nxV!uxxkpbs`8tf{Y}hlSjAb#$Hp zMt?;!pckdF{Hf0Z)W9>&H8*Wd_Gv^=1fZAf%vg8f!UZw=lsmQ=9QNB9D7jPIfVqM zmA<1KGF3+>Cy>aQhTI5*TB@qd>n%zp>PLGX=NWyRNK3Z(I8j$L9Dm=uq&u^rO>E7b z)U%DKncRkM-sc|iw9Qx+ppc$G)dvyqsUy+J)bpSd);h7h0l&hUE87$kfD={FKBp*1 z5{iy{wmjv(zME0!;!R^Bz5#U!(S}(Z?}su(J3Fp(9OX@jS9zdk=GjJwZZ|^pj1Fg* zP3C(3*c(}0nK}K?$O~X_kjaL?(HSU_#!#4`vD%MrgW%+zUkRwM{@x<|a+SA3Iuir5 z#=WchPQ~TkSv}uCWDmVJI+!c$t&_;rIc>Z~Murc_p(aMsC?D1+m%uqH-%of!0*KCmeG|NuL%(oR%jrg{z?S}L0Gs=U=XPpUAS=J*w=SzE<*k2fv5|k ztV8!t{nV-Z0?YnUj11@B&pd)L6a^vS<5I8}9gp1CqR<_KNFq{U687;h*AZ{zAQs5Ocn3PC zTVsbC(q}f8dW@y$DdjBf_WvER5K=R0_RTSDj)mIAL@nXcB|qGSe&A5gflg{)p)IG5 zb|hMneiZ$!c|7p>2MX;(>XBR=Vt)dN^s&h*C>&6$1>-@B(dDT6AwkrxRam*Ar%H>DO{mo7DxY)v1imkMy@y3@`^?iPK#P3B$XqNHHkOgyB61!8yx1z+^9PQ z$qj1yPtp&zu098^SI0i~k0&{%AVBCtw^SViQ7dKl7#WRWzC|ydi}+m?y9PkwB3_^Z+qp#1YNo}&*><9?4e6J%Z>rqS z?_JJ-+9e%_w_M@DtFK7UjAtHPa{I3g3=L~PbV5)ES1CtB*3@Fh@*;8P1t6Lvq^%62 z^eB%D%GjkSHnYTVxsuR$r0+kA3n{ReuTVJpy3qcz{6?!?!7@Ss4=V~1Pk>|unom~o zXT@)GgBuWMeY8*>6C0YnIMYPl8zp+9SP`6VZ8t=71O>^S=joD)lXaL4F7m;sObNU+ z_Jk1dTmTMeAcP4>8oE#rWpYSpsEnsRER-r|G&O@%rYQwPM_U@K=e#O#HyM1_YA1Pk z&CrPFtPlLv7UY((Ld8xxQPq@K8EEAC97}rTZH^r2#b);$7#jTmG&s>MCjSyM@lino z@!R9QmJ75bANNm|#dAK7e!5W1omvH2tFT%(fkC6v6!}MRwiS!q?LGPCtHw92;;(Os zHh;O*DR4N)kW2fm^x>B*H(qvuR zw@hc>0bsqx=k1PBeZM(R{+e+ok{pc)s16cej5|0@gTIvhzW(|p7AdwK$Q?J^zNkWy zltJMTDG`di!Z$!eOz=rY(#3l+TboF+N{s_z5gx|vQH(@w6mHL++Favi{>W|K*|TR! zz(>44O7+lL`vBIDxPrbNXtPy$@d#jXM35J#DAMsmxHpdB z*qknYg~O}9F>&XHZom;i$T(ji!|C3#Mwc_id@w0^ugwkbXi6)dBJmQ$fN&!lt^a1fOUOUU4=A zUCdr=YzjU9>O9?3EF%=)g^j`kk()Hyt*_8AQJbM}2LjpV>p?Qpz~edxgQIz=wV0Pkg8a6$ALhL`SUWL*^p z(Q>o_;v%>AXwapYE88^!8HXTX^qKnGHYFND6Y~{1Y0IW06^ivJEcqwCyft%cDH_17 z34{rS+UAgiU3OJ2V!Lzb@mZ?e@Vx$tKJXHfY9yTdeTHjWlB=t*urTD)wz1}B!7E2! z-&+I8fn+GDR#Sl0`<}ck*&2v<20%B-z|Pwaf*?AtfXD2g4$Vy&fJO zz9A$JKrM^q039~$V&F z<}>pHpIFAD(zJW~XbbhLF{Y~m@;JmT6zNQShwLSPBIY+qGdD|96;kZaFiQ;o6Nkqj>0sDlgMgQua3z{8#+`UKwGNXR}Z zzw}MrLq%>S2&}3J)H{Z$*3imX?w8E0>+9Lp@_-tcBux)hm%gHOP&E za&p#zU#b3WprXP=shqGiw2s&qXlXOaId=F`O$BKc#6%(}n}YFzkUytBcbrE_M^+W| z{^VWXhpZaEn_sy{nB)^+eyHIC+{#KqJmh7}Ii*?^E6f|EX^J=cIaXd0%j))M!0oetP!>Si7&=ALVqA3@xfVJzopCd3w7S%DTl0fjCq#;7g61Z|><`<}xuU|?=!(J3yTH`ID znzC|TQMTpqMgJEu8$i%3yiiWD-~FbW`!p^E%3lt*q1HObX#}l}nA|$XIYEpA*oGfS zAt7Q(NzIa zNOKqLT5iolqnSc05}O!=IM5kZLP=EZ6_Dx@koIq<{nblb?OWzxTTxBT*jrUkh6l)p zu@BUtt>Rm>C;;G_A~%upWbAy>fO*4kAPy!fZ2l{6^efl)^b;$YGBsN2|w!{qpHGQXg94nt@4G}X5 zG~Wcm52ob0IoYSbrfA5mit*Md4& zHT?W{1`SuWYw0OYLz_@{W zLbKq#O|pLo32<2RU?r&rCmDi$W(6r4`7%IJaKXQb*5^u;!c=flqt**t9Pw?MF0b^S z#*}8eWsDYa@$l3_W#>Nh6u(Z=R+8IwOmbk#yux<3Bj>Qr=lPsc_ zZ$>j2dp!Zk6$0EYvSWuZ3cL!yk5%=D&I~L@zTFkWQUNJb^=J$KGb{HOI)DZh1j=4@?;XGi#0ypE z<5zibBgH&LauPwG0F%e8kQyOwW~G|@dmc(y@oPV+ZHTU8Q@Z{NLky6~n2Lc&U3g-C z6}FW7%?Thbm(}^J#_?$(u7}l!P_co-6=o=JSNn=)jQAx8aj`ZG+&XpCf}0o|4Xubn zV1OPJ zeM5t4@HV-@uHf7#aLTKEj9e$Z{;AW=vIdR@S4Zs^^i!ql@d2S|FhaJg6LUvvd7RE~ ziWZxHH)cg)Sw`|XtC5d|sxk2&7IP*aq0UL-06A;Q9FO=7A{GWG=$6&WA| zBE4VVwE?%Qh0ou(dT$yrg)KkOi>gz_zFCXUE11w z1FARNP#u$pkqCv}W>8XMnWacdeW$lV5J>8%AKp4@T6nVz@Sj2?fkvxfUF--RF&~^) zxMm$Get_9jiF2`s*~*xcmRDJUX-K*3(^oZ*o<)Xn<^rHJP%;0;P7Sr`#>~#n9{cR_ z8)%KpbYlbNz$~ns0=^K9LQ;Q^X3Ox7SkMn433f5RVXV+P02TV8xTBey?ORsC&bIfb zBDkhC*YC{ih^^NLvkUP&qXLZ*US3{b`g$amf`Cisphbcl`Ec;}CbQE_ZwJRvz6v&{ z?XH_lD>(bhGj;sZpn)y&3_xM&i_hK=Pj2*_u!HGxUqpJ+mjE4cen*cb?v!xRD$<-{ z+MrNcF1Hf-mV6;7`zV5YczTk9f?>?k&Bw<_ zBGl0{sO}A+GyJlm2QmQ6$O{J=xng3mL;+h6!dEpIBA+%i=!$hv9Y$RB^BY@vpbnSu zz-)gf=}U39qY#J*^oN1zMTOX*x@~$Lf-MM{OfPP6zEMHM@HE{ zjID2*1}#S=3?pmlJmii@z3{a0mX_qv2v_9+WxX46yVum`mwUCc@#%>2zZeikg^FZ* zp6b3QV<@Y_VN5|lO*bA;6+6%_hq{Y2vFZWfRzhu#NX>XbUH}SkcRkZv_DNqU(MKEa ztPbQJx%LNj2Uqcl+aAbu1+YeAs)WN&O^0I3r}u7?%d~IXfFCH%9<9U9r!d{Aiv1g7 zBWMI_Ucw5eg6smLh>7T#efySBSsLCV!9jGJZ09w6ax!j?XG7C6Z0hYCatvjVMrfpm zEf!vGu+D|Q+hxSF7}hF+4x7LDN}VtSc&fJMLXi;xde3FG;p}qV0Vv{<4MN6&!`>lL zRsaMtWt2NnHy5ESAEHu5R;B)k7u@5`XmCT3c~5=3rJdwclzzbqEOuva+zRz1b)LXJ zH^Dt{Q^9>c4k$oqWu?`Hkv3J;)%2)HE9Ad#06+&n2MAn;-D8XR=qRyH80tS|x;3+lpkI8rs>bhN*z@bKC%$+G*`YX~;_aXr}q z8aEhs0qiK*)cM!?l_>?t5w0Qfc(l8WmfSyAH>&hYTb%q-U~F+fA>iA?B7(wzL6KP9 zkt(Zvrbxx>FC>03E;b58J*gDY(+WT*@}asJ`t|;y$oy#CZUz*_y}|6rg)ZV6sA+N! zJ&wYAP^k)~etCI0aZ$LVE;AGM;R878#D0jtD7NtyJ+2|>*1$*jLo-r|=wu$2?Q<8n z#GkW%GHpzHh|)Wf9>v~*Jcms4gTcHk9{}@Ttwk1ui0vub2Y)pcXpXI3U1L=&hczlE zb*|l#?QOlJghZ3PzCe@PqQU`m*9ewU*^BPOW!Di|7&14)=?8W6&=r=f9dhb(Ko#BG z;njZ2Trm>nb>#BO*RM_UN>?d_9eeujX|N3HZ{sXuZMT(0FXg>|Y^;eA<~Vom+?W_n z?uq&vJJ(B}gxW3^;}!z#{8z>u0B~W?=wkfU@RIu-oN0{Cgokn``y?9f0-KJ61c7e~ zGfeb?{>pF-v@HQZoljo9+V31MnY*kh+lcgyz-Ybw{nq*22kvm6$5bKQSdu>C#=_{x ziK_?)qDldN6TJAAgM*{`E`nl7Mn3>K^%Lp;W60|}v^LRfN;LoVmiIjpHsQeP%FRah zCQ@-vSbcf|@W$kn_Ux*9I8w0;yO;r;XxjRb*jx2i3PO_e*aI(|5 zHw7!6ohn!)CBB6Vt@q?6Xxe|0h~n}c61W8qTcxFt z=$p+Dg`m&>$w{mbn@VjZ>L?agPGtl)p!6^>>&L2k3}K3V_N;>3;pl@ccP^h^4Gc!A z1s8^dqM{I4OR!qLLNSqyZ%KqU>iYmt&8E^DIA|(uxlu682<)N@62rgmK7nJy~JzQ*!=p%IP zgSc>K$@{8(`{^p=j;!P;3))hpdpot*|%?vhaU3GOJq!1G8 z*GEC*in|$()w3JY{8R+}P#YY*vm1+;Ce44!iL1UieCGkEy!ZY6YNQ^hgwVhpz!hWO zL_|fMot=je3h2}#a;RP3Y|EXNo_-lr3fg-wk)CMc@dOZ_5jZRy8Z@+S7!v>-3a_BU z-I}j*P*2^nOJPK|@SEu}VH+F&Q>N%~5@{QriH2t}q>Q zKug<^JdHFXt`LGgB*2%))bM-aY{d4NIp0O!I{WD#@yx()=D zNf2?jpgjBp`2Y=ZpU=frv}^t4I-R!|@(co82ik)qB-j=pY>ABtKsYX9;gjrfifx*GUZHDH>_qkB?rUS=g_(9C`pi6_$-QB*R zG!ugKs-0{wI4F^8egmDP7J$k@h!AdpGZ?uam8@IP6!rV;X!i~-A)I>@%*St!$G121bsZU6b<@|E5m^y2 z^92LRwIGtKeCaAp6z|Q(yKN#jlWrME=xBTy9lZc7Io5TcTOsV^C1aQOki(~xidO2r z$>C&RQmig2soTh_3-}CyPAJ;Zxig@<6vm;~6@=mn*1)=3KS5w9D8MKmxoq2|1g|gK zF#lRVbBKJpaJ4jA3CDJj8Dj=jeBwOe_OILjEl|0UpTAKMObsR(n)G|Z&x}QF1iAMo z&@OHe7a~G)19>!~LA499ZAsne+Y;N0QIs4Yr-$7?9N&BwD4jyv#^sour9>yofVdfi zG{oF_UB*K2k5*=|-B{EAqzePs0#Lq)AtTT=Ud+pL4)oYsf3NIU-oQP1r;Ey9s54Rb zPhc_up(vUoB`Am39feG%L6H|afN1me8>YN}?@zEb^|^tGy6gZ~-_eH2PrR|IO1d;A9>Yv<2Zcr$`poUila)X!pbwW~ z?(v5dP-r#o5BX@iPoc1xe?oUhB#0+zlY9o^+f|UJo8i#MXt~e@MH(|HkME>!xLGob zEK>R61^0&1uYPUs|E{3%u3Jhhwu7sLjHY7lm!{B^`oELcDi4gCUhG}!w)Q>5V=oaU9HAoh0!uO%fdeG7GJ zGa?_2rw=jST!4s=;}=$iMnRze5=9M7A~nXmjOMdcmri{%J)2;YoQjE9SfNgD9$thX z0HzH?9KPn9pQ8v0frcndpcvSL4UNn@aP3+8mX3<)RriMDSMs-ri)O(o3Pf@NXeh&Q zO=t*GG9BcHOGg4X-L3RzZR0)ZPLW9kun4=5`O|SDF4LSqRN;cInAuBT7OJQgv_&)! z^lwvG$1tVPfldXTr~gg;|2r(szv#VD*}5f;O>6S(^8Jt7ptx-TQ7nOpwjjFoT#L;k zwh!U>0T3sJFs)I>{d)*4+C^4%ILRynUlQ?Nv!I}$@JQVy+dUYp_w`U+`ZhV#i_P%% zN~~TTgr0~xT7awdm*wAQpH$BpSv54e!gv1E_6Aig?DE}LH=d`&jL|shkiA?A*_E12 zquT2gaDV``nu90+Q?LzpE}Sl;34kA7DH=8RGc}=~@d?PYZwf}=IJ}MyXj!yifz{&a zpLyFG@7e|HxL(@rqSqiJzTuO-Li=qDGX#Rmu4Fw{mp)U+p{|a}3OGtnyngMb@o_od z<|+(<1fWubD=!%(V{FK-?3>sKM~)rS#n*S6{q96_fe|(Mb&*%msIqZ`8`;&(?G}77 zJ1+lkpX{!KZBtT8Dhyq?T{J2a>xz!!`hiRAL z`lU;IGH)S;zXZrYGk5Q$p_QVvy3yroB2rlFr&Q-RX(wScb8ew86b9NwAMHY#1KSB= z<3~2<75B$ye+^=eRw{UMTlhn*SU$cig`SRU*ROM4Q_C0GOx7^{ENQ6!m9o-LHrY^B z%JTZrqdFqzug9L5*J`gmwzBAZ1eRR?QoD4B(FAH z@8C$883V#^(NfuEn4Yst-zY+D_rd*`Ms@*uWvPWRw_jYt5?%-#J@)ZJlM#ntu7b%_{6mDFaB%sdEiHS})?rQ+ zj!(fTC~26v?2NrkO|LBwqaU_8zy`buyoI>#6TcY<~f4YxGW-Z-(bR}%xo@L85G&H_WOsInuBKsKlIf1sbm}jtk z_VYc=jFZ>V)g?*?XC^E|^R))KQ+oCPzTF3dg9jr!I}eay8cePSPU~6sC5mP7;>D2` z=aAlLgv$vO`FG?KZimq%C*8Kl7?Z zfIL3N`}Yf(pF_#x0)iOcHI=kI*UI$Fwk6ya2!5!eG#n#?>v*=uR&Cwe(5DX9M)tF; z3gGPnS7Zg{fGU_j^kc%X6{MWd_348dcL{dfeFHeyMMYJyX!7@tG;aSEA+dI?krjN3 zrbjrJy5?U|h^%{u9k0qR0;vfmrCe$`Zhv~22c{C;@cxApw7MLk(lf2zl%6q)xpE~G zaFZim@718U-Dr92K+$2Y|MMkIKbEnC`_l?l)NYG&>AP>N-W`A6b^C4^ZkH?G?UKjv zVbN(Xg07c*^V`yYy6NBN;HE&U)Iv9n>fWE4$jH09bamChsbVIpA7~2F`vGECAWxaK zb>pev2P&a_yu6kdWsW?n+&3hl1nqi!Ebbqf? zmhg|$R}SUu3-9dgoXs8Y>J-?rWsA-s=t zqz_d8U6^xxQR=ANX=8r);ArH(GE>g%gNNW%S%5-$A?jj&Ae_GB;N=UXuIQkVc4v2I zj`)AeZR%KFZtfB!0Z}y1>e6rD)?^n^2Y5Cq_bv{Jj9g48515i{b~z4*iX5(F;N>u6 z(n>({;l3`XNB}*?K+RNYG41o&-nCg%RrQHaBb(9pqT)k;zgGP_l^2TEwZ0&uI3hL0 zsD88g-(xG9a@UAGCNx}lQ()8kmAdh&Z)Ue8=f2(N;8BzMADCR+ zHrpa-Rp_R4H8pQHpIXo|$Kn@k!oh+Gad+G8BexZ5aaz|Te=pB{=IUe}AG;7QIFfnq zUE{p_Aq(B=WX;>k-c7AvUikI^g*C*s7`3-O?jy0DwdZF>9EuK@4!nx-d2L=IUY+r{ z5hzwDp6A1tV@4GI=wHE)d=4m#Egoqlq)8eOBT|(}>zo++_-cZ`T-P!ra zNxyadQeQ4*&gL2mLmDFI^xu~a6WBD6H1jcvrMkKrpzN+jk4w_++pItYH2ns9u?f)c z@^_n)Be6?TkMI2sTfCgYisx@%-44Mg{r%VERB_LlsU&OPf86iy#|E)$5U7bzGZ#;E zuU|ypH0$Nnv5pT{XSdE#Ke9A?Ad1C(Z4=JdQ!yQgJCK+5?Yz(Kk#{P!A_;Nr)&I}S zcHMqlaKFnM(NvQLVYZ=tNuxNm7_PSGZ|=n2`G5JnpyG3C%IdMTm-bKRtnlw-oxT42 zyfve3%~N*`#N~9G|5o*_b1r^*>O55o_D`pMe_Fo!WUqkoWZj8_7e(0G?M<;cRbmyK z;&s?Xp8r~}#Amu(B%o4M2_st0WBl%oq8n1IMO@#vTw|$aWa$SDhjDJp*J}vFUAfz; zJ#_+a?3D7ZqN{!6c9@Ejzt8Ru6*9g>!COw=;`}fbPig^ln z;kADZ4f&8uQ0zXBpU=m4(e3Yt&D6rW9*hLJwKKQPp&8FvE_|VoP`HeBP2uZr*K{D_ z#xLQY&!0bk1tcX`6b{1KdfLHB^G=)87P+bPjErY*>=*D|ywY-2kqKAgaKPPt3nl!@?!)^a?gFx%h^ri^l*AL)xR$6_+nv!YBqVs3J&n0)2Px-A2d?;7p|fPUy0NQ)1q`cQ0CJRTxna1Y%M1 zjMjJbvyGHykoS(G^GU`L8t%b>0CF+9UZB3kmY@6S;*AMbtkYDEAm`CU2*^hCS7RldINwA=)V{vg?aOd=3IGE$1++&!rg(yk}?d^e@0Ikp)MS#wi}Z=vb9u&5+~ z=>b7c$F$_*=;XArloT?e))&l2&l>{G%f-m4mEe}At(~2DAQv4NLs7i(M6WW2)Zyp+ zplF@|+uM9y2D_m$8san|gIL!@pYKcYK&7Ol4tzd@gBP54U3HW>8}&ZlI7wUEKk*ViZcJtH5j$ZWF* z+z`_3UHyq>G9n6-JN$^Ptr#RTC^D~ZvYF4Ip|}TfmVn-Xd2c(^IqyDvARp`6=^-}- z5~R@WaZ?bcF?4trqR445-KNc(WiZ(ii`){aS#weas~SZ694{{~n;SCI?fVT4&!bC> z(&8}s31pfgT@N{ip)F=(81LPC7=1@}E-nol8*!S)2DR;6NQ8jJV5zGH=bMk(9RjG- zTes$54zo@K6iZ}9|8Ig98%-Jn<(rIQjL-__D12#aYXj}43B4Oy@*AGVEAk`9?b6q0 zW0+%lEg0rn*rEMFDdYQFgVV|hQ&Cr!`v=EYT;x>^0pT!);$F5h0VgqT-@ZMjmW~9# zJEvr2>Ab!Vdm$vcQWKtKBK^ZsV(y1{K7EzYiGx zRg4grNlL0c)YXr4{oqEtYCcDz6?sL)wHMgnORulj0RT<{FoE+%0BTe6;Xw!zv0~?P zOvi8-JA-z5-p`V(toaJ@+yEk4-rl8m%aFh@yso|<=SZ4_QPc)2trsIFZQO~M+lmxZ3vl|$M$^RfY~98%7TN9Y5)FL znof8(L=3W#6@bho?Lb;uT1HOJT*e}Pelf%|ECj;P@UaGqmAB9}Ve{P*u!XMb}TdIDi3;1t+c(feonWUEn5lp1Q$Pzv-Z=N^`n z^h1>qd4IpLv8-aHV_1B=FpZuAYqm_uTL9c|1=wMN;M>QaiB0`_j4fCHc1oIw=~!J{WY93-Y+tcb zRCFfqzqF-=4To6}Z|r74W(HJLDEm915U2eP0LNf}&F^d?%JOFoOYq36zgy5TlK(tGC!JlpA_AieEPQZZN zsFp^`?%er!$u}nqiaq-S`>+`^BJE@&&q+(JU8@GN;=bc+KeVzL3=DJ%)|@RaDG`IF z9$E`hBnR=Vh#DVvrLoj>P$1AZ`qsadi#~k(n3|o<3Any5>Ld!tN+r-C^;6BmXkmUo z--q-%(kt}^_w0`cx^v)kLck0D9S?|4Bo{vlQZgT~&cb!Tj}1_Z+U8$9S^#Y5=IAbp7ic5a^ z>BL}@2u&$Qy^7uH7Z=A*?syUxQjJQJO1>_0uf?H|E5J&TH-tnk1=i5OtCQlJ1m`sP zBPB%?9!M)RKO$GZS_cw27>kn>wnz}~AZi8GD zUIu47qw=-FTA-N*G(wpXa^V6kMp9aXyu&nP*&9YU5t5|Dn4JY(1`QoLkh5<(3t_+C`xchj|6_ zm-X)qO~CTL?@l$A3@K<)+X#}2wNmNA_HlLu@L-Y_DK zT7t>SAM_x&k!Jh{Z=D7~`BsDAHngxHtVN5N%ooq&ajcgq<80OcLB8gzqW(j+|KC9{ opxMPa|2L5R{|mDI`=-BnspWZ;jshMsz^s-@rm1?ZiPg#Z8m literal 0 HcmV?d00001 diff --git a/scripts/release-analysis/time_difference_plot_argo-events.png b/scripts/release-analysis/time_difference_plot_argo-events.png new file mode 100644 index 0000000000000000000000000000000000000000..7e6c6431583a8994cc1188abb110857bebde0334 GIT binary patch literal 68592 zcmcG$cRZGF|37{y+3O-BSy@SDk-aaJsLZVFR46lhMY2heWK$AFlD#vt6;U=>C40}` z>!|y4f4+Zw{{4A8?(z1%oY#3Cv2199%{)3k-_xcV74}-acQ_yiwnjdy^*S@(+ zxMcst+T}GrvkQiwEw|;km3`~+gbW@fWo0Tn>^QCFwXtLHU+&8I%GdB65Aj>+-~(Af z?89DJ8i}jB9GoH_gQC82zuxxE%Z=aQl<4w#ap7mDv)m>J4ZZ>f`|rmfZs-Rd)qnnh z#)bXgPhu^8a>(DG76KuK)Bk??0Z+X<^xtpoF#rAN$^ZX8+M*K4D#x<^tFO?N;mJq) zQP~!&bMu2GT|d$XIF0tVT^2`})6>(xQDo{gN3*InM=_7j&yyvnKRSP_Q(uacoju3= zc^VB?mm@)4FH6wqauQ~2qA}ckv1-#{by`EStHO8RGu+nA!9iYL9@7-f8ZG6v5F+`k z7rsS3;oPf+L3Ozjn$uTwoOPz+V`3g`ug+vDhtoMYIzGtE zp<%3QbL6b^lXv~Ug`Iw0eEIU_*wd@Bb&tqTUMsmboJ0NuS9H6FeQ%{r@Eb*7$m|2A z2JuTeI>!$VcI}7C?~_VMNGxq^sO0Ls>rPi9ye+~g{D_S`2YbP8z-)QHWYjl&X=%x# zIZ@j-Y684Xg(y@t)Ge{;=s75i>?X3THTpCj_ zE_HZt`0S#-l@+Jw=0fD`?Cl6932MQrHEJDR+RkLD;3C`piJ4TtroPzHfJUl6OZ|vJUBmF{aaue_6#vIDWxDt4d2nOLJS7o= zY~t%xxyDeM(__DXlluAjiAzedb8#ILyEo*ol3Dj$*m4O*YgyZxogLF9yZg3r6Yf&M z-QB%lawFUC@Zk1fF+XOkk=_*d&amjc)o1FxjX`?`QJdJf%*-$z9-i9w=JiyptkFKZ z8|lt7opdFF#-&u3pYgrfc+R_0cU@8O2u41)FO2T8tLufNQf74l5S~{-$yu>8!PDL+hf>Ti;@ZDd(&Ok=+@$Mj< zQL!EN{5|#z#>E5CSuy*Ohw9w*s;oW_yW|d;PMtdC;N+w@TJ7VwyK$E&z<+bpkM+TW z2M#VS4UbPLJ$~{;YrfKNf1SSEW$wtWTenKf%Pq!gAHdFWH{<)=pWoaP!-0p9@m%96 zIDQx|SS?>@-I1o3JHEIW{rTx>4u1Z3pZZ5%U8cu0CA4J-m{vz%IaF%Dex+fIB)B_R z+-P63ub1V_BI9{{e`h_gqCzSuDXIINkrb@yaCzP5&&1@6BDFB> zc$nSIMb+JnKjX8rA#g$S{=6HMGBa1@_8%7B>YDgdGAi&a>8O8V;z>FIWBvK9#&G(c zOjSy835io|Y?#aO0!5`Va&oMz(;Z5Q7w(QNEKtB`xXgVy=C!#{RBGB&lQ7j5pXs~5 zb1k=TYa(25X}~fX55ukg-0Z-|q{i1Lv|reF&)wzsH*$;+Y%187u;quncT;4%+WoW* z-_a>OBCC6KIi9a`dBkf`f&1w=+TYU&x5mcDH7B|nIAH-oEx^GIj89A)5fc+zTO4J* z)s<3In))WSmQrrdzsz}t9q#qYl`AbREf|d5_YcQ35-$X)WGdXg&EtEpJwv@~WOeJ- zWTe=L{IzRTy*8qZqBaksWp{`I*kTzc_gOZ6tn{d|qVI+QYh;nS)yb5t!}~HT>qT_j z)MDS7bCvJDBor6QcY365Zf@$&h45grPw#%VI)|>CXkRTXH#*rIO^C6wwzl~3@lN*j zd=~f`Z*TAJ*H>ASB=6_6_g}$rJ|pQ$JKU@}RMywme^Zj%XM?IAZ2jg>L8Qv2g%@#F z`4{dDh3xHlS8n{Uy?E(T-IrIFg>8Cy*5<#{z!cUS*;fU@;uFZXY^(@cr&ktJd*H;>ErTRQN+?$cR{pBSw z=K0|+47d5g-uCQpg&4QSi-%{g=b828=!*O9iBm93;=j@|SokfnUok#DZZ1oQ#Xh)_ zEQwYGESg7!h39?umQ|&uCA~@}ySJo-id~8Q=%d_R+cz`keT0^VoV#S!B*UA!^G)T* zPF^6(REhiqlaJa#y2tAD>}ZV~X7a^Ge)SFsY!wmiD@h^k?dorDRM455n~S^7>lZv( zhsRTR{dN3Ryh(uJyCx|5F$oEw@W<#k=lmFY3oM(dEj_oV;;~dz{?K*IfAzj`pD$=e z)fF>PWJ|xZxfuQUF;(T}h*wKT2TbbO?l;<}(Q+9W?S%r<^WI#E&+y~ygU|L*{C&5l z=uzdbtE&r%j&43Y*px%t3hLg&nwpx%{ZYR|A6T~SNfI<39v;`;=xnWa$u0M4Uquh3 zU+FHarLDdEiByn{jjeW~Ab@Qw^mIz?NR=1*UE0mIX9ES6gd^Uo8bf8ygsI*upOsQe zK2#P*Fp82uZTl20cMu{r>iu z%^#bbw9M-scyAuKZNCm=ZYaWU zSv~*Ya2eDgAuTrCS5x?6H?*Yh4T+~iF`Hh@%*epU1eBDNJbw1fT2>aeC!T+IhBB!_ zet%-L-2U3v0JT@tE|SS?L;;Tz63*N%GBlrP2&J2BXlx{2SXgL`8nuU3cm!jIx`_6W+~U>j2G-~%NDyWnuP0<69jg{yuo%< z7h)ir-ktjSlL)3vF;&)wFKT#kX}tajW_-}TMwHdICnHG6VXT(W#K>ThpWHv#ms!rY z@{1g+0@Xu!ZnzI9V+qkWs=W;`Y%NnxvDjfzXg8%56^S+Wqt!B)$sJchLc;LL?d|R9E3;75E?&M|4{#^)drbgfSnq~0TBU#*$eQ0QC3E@%-ArNpBJH_2|=lb4)9{~>Xj=h`uYrTDLtG1O=w?ZKZIvm*LbUmxx> zEO+!wle>U`02IBC+q=-v6>|GBEEK6B}PFcz!%pc%_vN z%bCvd%yAN^4jBJBGkG;N68PyZzB@?W_9U2+mBQYB(Wz0BuArbm+rvsQPwKYB>()qXa=QY*_D+Scl*wz>H!SSHYs1K<|o+#@HOA`7>MBSS;$0H6p% zeJm|4eID%w^$FHRiTgadghKi?Gbn*{&7G$4`scF3Lg#mqgZ5YikOdugoIJQ3g2xLtcmzu zcq)SBLlE!-uh@BOf_a{SG8pJbq$dzJ5IktE=h3Q9^)s9VMnU zzRXZMlifz@q!uf+CnTt;sl(zHk8I}o43#>*ib_pMp`fIs{5d^s0j*5GWXaH>V01&hR)9!Sl{nBzX>*UH*Tleqv=}D+GjhzNx zgoR@_DkvG^{b2iM>T{HSXtEGuSb|;+2(4NkNDB!mX-5gP3EGOo{Tb25Z)pmF7Mpjw z(;g^4@%#Oae`|M_epjgRLkUn9prSy$qXcGfLqx>H9%GXs zAvpm+J*I(}Cb+kFp!-D2@IOGDgcmI@F;2awl`IFg_Y<7N%wtUFD2>K~CWt*)MR zt;r}{{MHTlz?pvYbgDOXvXooX`7Y@|z%R9pjg3r)?Fr{E|9POLb?(Se#RlNR_r3f@ z>V*;cRU3@Z;e%mgrz-_hIJmh510R4D!*Bhk-1ScwqDlRxevJT}miw-ojw9;#t1ovM zMof=)B#g?kGVI`9ToxcLai1L#XazU;J`38DDL3ydR4fVs#zk<*eYHbud~)(=km3Vq zi1fC+MEZKl`bGwp1|M%@M?7Yjr2zoBAMS6C&&?47LV}x#8wjeF%v**v@M&**wPUpZ zoe@2d6~2Dk@R}MqpdSIOetX!%?JhrupDkFNs;ZI8s$kb>?j>bERlLcab%7h@V~G8s z`yLNwwfOvmYoPdUV%Z`dR`Wh~YWO)D(KP*6C;{dGl`s*75?rFir`R)o-LeV!IXS64 z5iwssB$s=~;)lv=Yus77^H-okhJ=OXbn9nX<*G)r=$AQhS$Cz}l`YYF!?!7+(Z4V~ zz0uta4T=_~w!WFw&rUY$>zvyB#l^X~P+}Txvri9+TUuKcfoLE|KMsWOtqu^B;mNqh zvAV$J{ms!y0EqQT63#fOMVJySHFW@xB7;4X>fMEko3g5RYPzO0*W3<$;{{DspvUo6 zM*e`$AzlIq?AwI9p&_FUVAbgX=p`oe#kjzxx8n7qtwH{S2S2@8Q{UAk6yKi>^Bhqm-VNe@ct_lw)WfZyX zUs)-Q$^M@K4#9GCS9&bio zH@sQ_BV<;KIZj7sG1VGJ*DSaFlLpF^^AkpxNC1?HHBfKy)AsWD0f+=Erq@C_i-xP2 z!2+aXwThitERqI(A1*T*6cj{v`8sBD^a&u?ZTp0fY{}4bfz{sIP7x>06V&Xjkixy+ zbtWE$*}pve;UUzFcwnlC-^`?VQ2;b+f(<7)PG0%;8VpdjGs11axGhM1RzWYlJG*`!9#ZOmdg$ngUw5I+elUGeZ>zvr#NdBh6gr__0dVq;;L z6o~5H!R{i)Um=hH_&Pb%8&#-oj$2FS^FNAm2g*l*qhtVyzWp_eTv|rPaiW2ERZoMP zHnJom$Ez|}lQ#~w@kylkpu*UjtqIRY6RXArI^O#`U%5eci7lny2_$0_AsQ^cTMzU@ z*kMc_r>txa($8%ux1q#0F8%7y2hti2MYg`LkG8Y3^EN0RW&OE+TjRlq<4C&9`qP`Z z*Hw1B01*OqYn4-SZZ^8*x`1QPh0Kpgy3U8dfLX#;pE9Jc0^Nx0#5sIGUa-k&9=~`I z1{;c9M5K3OM#O!|4A|FEkTx#d8>tMX<2N*e@!MMOHx<77Lu56=^$u*r30UbMdzgLy zaI>Yoy+Qk`%uUDYmA$HGs<7hU+x83a85NTq92^i)P^dsprea`#6|Iu?PqV9ok#N}C zat!BXWY4hC{(fQU*s)`u4)%A0Vq;@1N~Wf#NuYSeF$aWXH|4Zkux0h#N^jg(8$9^@ z(Z`_YZmIevB`GNl0On(nDjdK`Oc?-gI{;M(ZmO{EU_8aiiMz&gys>!B5GX-+siURB z8y%AB>grD~FFk#TI$BEMNAY6{RM0$wV40Av|L&&;AcYTj9l8gRWpfnm-rgQi=QH^D z_(XvOyx!oV{XalksPdCbo+i>G13P3ZJ z4x&OpW@hHt^fWgai?n{J`*KF3kNV&PE^h8;k}8^#$yeM#b9o3LmNY6VO7ZoT1tsf3bwu^Oeftw+4kO7&egRNXp8}xKi@@{PJJz8*BKnYHDguTSD`ogT~Ga zDkcf$A$$ih;GIt()|~lxyGPOC{(V{~LP7A@M5f-$$_e?2As5xpDex$5Mg)VpR_ZdR z6?gv<+HUNQAEBH8`XQpEEOF(*;apguB?Lcu^vvrdE&BI4lAcv8uoUT$U@m>Zx$Em)@N(T-w}hhDk5* zT(<$*G6|Xx*TU;7INUcbwE%(m(ZmqJ@}M9#qQ{@D8YM@m;jcCO)UIA_zARYv5b(?? zVPP!n@7caw`h(rkL)nkZC$U(AU_e-~KUm$pKvU$E0$PNAG$Xmy0^rJjf8sb=WoHQ~ znB2$y07#&gbHAbS86 zbG*MkR&CN}qprC+6^S?iK?Jy!(1_u3w z=Flf;Kb3;ivULpKRTB?*==Y*F671ha;;h@OW-2VRI z6@$`$yqLb*8Jx4w_>l0tzdz05x98}+zus>_rtoj*bu!`kRh5+uyanUipo@`1S!$a5 zk3C}}4L1z?B+QZV-;DHttc}R6lR%XTC2-kU7s*TaIQZe721^NEX%PcLxH&`r?$QuU z_%i63;~*Yl{9(aObcl`OKxS!R4EQ_#+3G8+t5{mvV}W&St=sqt{;8>~2+xian0@0! zmn$Oxp;Jz-hBs6p7JnaMH7NE%b^}7{$&$1fhuQ8^YrpzPkqQpLo1;nS-_uauv@v{l zjfd*^ar`o4lR0NbG6JicH|rW3m19?R#b9dm4;k?lfd(X&s82C?Ec57%KmZu_;I$=rwO4efMicSm6YY=0R#0J|2j;4u_HOu z7L5PHhxl7tTOlS30HL?i!=ymK$gq8C(7>dR?xsJ63UOH>WOUbD#5>&FufJ zELXxq>Oil=YO5*%lkinfD?TIyA4{!*vw2Y$Yl&jD8r-yHy^0lAjIq>lwBTkTXugLCh(f+s=+ByzO6ZFC+V8;NHE&e#<#Aer+Lze>u zho`vT3_5WG)1!aWs&==ADtx=f6lYi7>D}J18{|ePR`0L6|BfMn3zp0)tvi2&E^=mw zgaT4#M81Zqswz}`dZ_HE-Bx+7gOJDfKR4NDu^XhXzOxXk>_mYfPS}24IVVzV8uG5Z zpu`>lqx3$T@u{gGzzX9{ktZ<`=RcoIAWIapSAj~C)^q#4F~ z%Mv+g09u-m5d~{_9LgrfA0Q5%kT09V_R38=Ab`;G+*dxI?g8ftT>}_L6SO1F?auv- z*wR!9X96hZICz{!apu2m$IO5|x3;AJN?LIR!6L=IFyHi|cg!p?!!3RE8FQ7)8A+Eh zRPpIbtDCOR<__rTAJ$#c-S}v`wKPsQ3SL}4*sD!ItC0_cd4Az8Bj73P>MoGYg+LN^ zzWN@p=)~c{;$eFUcvO}EgSYlpyLv#G03j2w0s*Lg`W3GHAaZw5TYiU4Nk(wAdgs?! z=ZT7Y!;-M>z?i0lCDI6_q5v><<ef3NWTn5WV%tw zJ^dmZS`kKa3@|4=_w~N(cnostTR)#(eGhuDh)pjMAO{RaP*4z>&!>(K@;i6#T!g+2 ziVI?RV2Vs>oo*%b1ac4)8_U`B25n}WhhNmJCcoT&zBc@Zmp_J!eGZTeV~X$29T2E$ z;Ue&GM=>AgIJrlh2F&$�*cG;HG6S9v5*mt!u^TGIf>8NT zFIP0x63j}v846O;KoAjibYdk^Kq2hiJA{qz>+6du()!F#5CLF2bATHaNJ!ZP>n?0S zf37A^&z(SqgQI@$5I9*KOvZbl5+e2^mHJP?(<=#6y$D5+Qy6yFs$Y%1P3T*)+PzW1 zjH}vmJU_n(G;=;VqWbCxtcbX|>gEhBA>ZNpe(U_yC59izyq?{eUty4T7y9+>T{v>q zM@Lx+0`UOiwsdugjW&P(US>SQ7mlR2>GlM=<_{k}bZ2Rtgy$+4*w-lh5iPU905mBY z$O7I|ZjDbMlScrsH%gkEiZ^Y7ogbc@dHekGuJc8RAiUk)+D9VN8|~K?AQ+>Ym5Gt=IQ|WgaCp{84RgX;R87avaBbqh#GmQ1YMk#-E<`np1fT- z1w2f5diC}7V=7j!twAo@OuJZ$UVE96L|M*eF8=O4%iO|zy;PJyeAaR~S%GEBR^G+^rQW{9z8tvkL z_bwUh^~mf^j*MS@f*&vF$qbec$j-{TZ7SsFa7R0pG0E*M9nHFujAjK@hg6@96XkA; z2er*r&?Q5{!|TC_OTWgm^yRW3@^ncWt5$ZP>M6bcY7P=Jux1?aeef13kObgq0+fzP z+yP@>wT}4ZBS7RpKGUw}o6w#A1sMQ&X!Z{C1Hyc!)k70ZV0!axERIHlnsX9#^#^Q3 zXqlvV{(5un(3pvd>2J0IsK5K>uv-tr7myqeJgN!AkwEb4(0qXf(*&}+@$~AC43g8c zFnx5k1T3%%q=<-!vS%I8I(X6}Fi@z@_2H&LjT-J-4-CVO$a;N2_HjMeEz2Ea!~6%&m- zh_6bMPhOC?Ir@PQy9Aw8&cS(iZOsLB2dEfyUXutc_E}|7e}AHLKa>v}3d=ZM$w!dv z&I$i!rAoUE`wiItC`*%PQWb`jkuNVVfn53tkg(;S?(8I9=|ErDH%Nd3>*N815KwGl zagj1oB@mdnaiu%@hTFsCqR#|wgn=R+azYG#5uz^OG92>_<#AvT{S5;QN2b_$)#_wSJGzE)v2y~)TVq)|~HhrIQ5Oaj!3rH=<*b<&N z1$8P%_}=TE`fnBJ@r5K#vu9}Ox|2(yTbI$dvM6rcbo=7`?l>_PdkODviY$YdI?hVH zJFqGVgAu+nw3!qVqSpL3f0i9Kq<(>WHkr{K5A)>1O8QrN!}E~q`e6PK-{*w9X{frH zCZ*#vX|p!q(wRYn)%=ViU%-yB+M!-mhMh~-PDT%3nv#TI8*jpG;vHD#$R`KlISF%t z@dwg83CcaKEfK1(pIbW5$}3v4VA4|JX{2?UPOLo_;hx1=B?8KigrGy(`}a2S6A=(f zgY=VCT$H9}rfPH(lCg`Hl`nN)2W=5b3hLzmInT?bgD}w+FGz3s_u`j?J5szPbH^64 zAI=P)So2FrqtQG=O+zDm=L;va3PP~1pc4|2k`@k3Rzmr|*;-J2c;LlzoJ2iEx~zS& z>xC#O7&k$R=@>Khmp9KD6y#fXyhvazbYHfRhBXYTL{M}zCBn(Zph3;k-?c>j1t<~{ zj(I16apvn6907@^4lLxmzUT1LpwNl?9aR1!otMJO0=@WeVf=%ChzE93yRq|jfZ^=8 zvvvnCk65YaIxlF!Vkma<`Sa%~*?y>D!nWV|yg{1io?{u=odAKp)NzvF5hd$A*$wcE z*e_i8ws#*QQV5d&Y>AoPogb}XMKvIXLzRk!g#sc;K+M^tq$*yTzvY#aJ51jsCMQ>h zg}XfLHma+HYy8J?(;=PF7zO5GqPGRAk~u#*EQrgO#V-$qW^)20LLrd?$c!Ng5yUHH zC|d~CNdtwOlDv*$cH1+o?I|)Rqor4fz_|nqVh^OC*{`oDMHnNupM!h}+FQHn=_^U{ zHa5H{fK=TDatulzfh0!8Z}_nmG&?Lab0plotV=t}{{RPl1g!`H2V_+y_SO8NqO^c; zgMxzzQ639`qj806hxabXqQT&C87A3puS`Lc|3fIwY<8u2y|C_vm1J<$ z)pgEvv+JDPY;{@L%?f)7&;r5JI);RBu=08DCjeWihu%ECun+}t9y)L>d}b|C01?po z#)C}*K(|OS2HD`5C#&|I($}wNj&>CR4u#Hf6hx^;RLB9{pu#de2!J3O!jWUp4eCMI zK1Fl{3}~yEhWJLHD2`LDv=4)WCxOY2@lk8_aI0ap-O)Dn0-meA5sDx`q{sSg*m*e@q2L~C>f)v?J7 z#2cIyVc(sa(Av3slmG*@deMuOmF;x%-a97$Z)+MQ_iC$sHW!TYSsusg>?H+Uo9>1l z^&TRhNRiLIp05JqfyhS$iwq;o=k0_pOCbjI@87~E@h_PBe$u}30oXJky2kC4LV>Is z9j)mdw6w5Tf`VZVkeiap3#4)+t%Lf=%J3SdUN6rWw3G)xYLU$|P~|0t(mycN<7k|~ zJNzpE)WW~V9zXsNdI}A!8K1GTa3@#SCh(As#i<>`AnhLHMd91sNT19AMADd3x4*w1 z1C$JAmC%<#lNOht;0IYJwCdZFrRV|ApojqKao&)$KnDMRHg#)DjI*};h0!p@;P-$qHp!V(39lZ-(KgSnQg#}7d;LX;R8 zn{;w^=5HNb+yqGok_NKxcXxp5I*xw|Iu{o#X8Wx@!_NR{Ld@gG7z`+&)G*xL)jnRU ze;|W+yEhvPO>d{$nZ6H95oeGEpu;HuAw>or@?(H+;I70_T3~7+wTKC0&Zo#|Pdi$R zIFofd!_S{T+0LFNm6esXNPh8mDQFe0#yqp+tA9H)MOKRmB3rtz%fWpk*iYMe{I}lD zNptobb_0V~qk5bM_?RILIt`#}=gyr2y_uk_-setlN8&^Sp?qdf+SOE9R0oj1S_v6M z1YTg|tN|2_gu))XQ)*abb4paSs9_KmDJ+9Xxb;r<@BB8cv1hhm zxkDlc51)WQR^$pOCd*ao+`x9+XD8KvI!Qd-*wa`TD&y^h6)G>pP>4^cb>V@ zo+w5MIFkjSI0dL@82DN|jJuatyaY=@$hp9j#6;Tz7nI8csTzU_5};_F`KR@9HtLL+ z4Bj}Z+E*pEe_&{-)v4l$)0>z#-s#^jY^E%?kNLUzV3Sq>R%_dkyOe~)36SK^BHkaDDL1NSahYxypk=3DhoQiMQF(%DAWDdev2ZM~ld}EM)X|Fp2em=j~pbZwT0oqj6_zmy#`BANF1D<1NCwn;kNzX?#l8*oSO+rRe+w- z(%1m@f83)-%C%0wu2gB_R>jHD-a<_#?64pV3$Ta=w^5&9Xt1Yvc}XDt`!_!ccNe}p zQs&&ujwc7{7D&MrnAa0PNiYXfjfk9F)DL3aN5Iwf8~X;vi@7)$S)nEGAnFH|TF~*v zHtZ18%TT$1{;X_l%rr4E@z~3cqsr;_!2466>;*u9M6FZYYlAPvXTtyx`18w~6>f`B z4GlQNRX}X11(QAsMPAZp4q%lbq&*IHBuX(??{64^xa&MY$#8Od9lrI`^7Tg`NCC_2 zMj2w1;~k%wxm7)YV%Nqqt(~1J;dJ~N1h3qMnSsxg`DyZMA^rG{|-l2LU<9j#CxAzS0*{%p-PQfBtd~Aj@)|W z;y`Oabw0o5fRQ(j1o(PA$i@h+hvU!~XS1sld$#PKpEaB$lLY)T>kF_EiA%tQSlw$9 zDfJf*<_o)?c@9Fh5(QKtTM*}7@%r`YEcJu{NNSElP9Sv~OrqVRiLZuhC@T5XY&=WA zH4k5uk(O@P{lT3ji{VBpkBP?=ZTK#Peh)py#F5fkox!}dSO{ttYTeM<-RJ191wkXS z2hxqgdPCJdCn1d|6n~VHlQVXQ^cohtG$5r)5KQW52J5s3+5wZSHv`52oNSQH!e#cL zM39#m-!rL4zjFEWqc5XQ0j1xJ%d~7P@d1)&d?@#$bfNjm=<=+TCWhY=YK11K#7?5N zxp!jKUU`H|+EU#l@Bxz&H9#Ss9T(&;FiW~%%#t)}{H~U@!W|sNfPQAkw7I@6I!Z@R zfBkJ>C6p&{&iNOd{Z@~Bm6)8E7=z5X-8=*$!Xtlaqz=ul?@(79`$3{@SIjgS_U7wyK#l&VQbg&Z6k-x+hTp1`HF!4|iUi zxsZI_rj@z|q6mZXB=u0u{Qt1IOl7{T_#0Op z{Ym98KI>~Npq1}F_frnT^f>Oif2!}UoOoFA_}%r#tR)MLhsf`6dIz#V!t}AId*(0_fTbBClUI0xqt;}!tBMCJ= z9y}xzYyJY_#CK1@DEwm_2xmz^(g7XSaDFp)mT^0bieEv_aRT2LqU@lg((lIFfUuGg zfn{PMlarI1AE_EldVC8)=+GaZi`=2cq=8$5QlsF-fRB3;QwvUnnGnNYfaHUMDzHda z!H`j)jMmncWWv4Tdvc=Z$;f9uupU^y>ef(hTj$%M$@r$>EKVK*WxXhx9VZ zOq^f8&0@9NuN|wC5=a>H*Mdy*%u5FeALLdLGn~qJ?v}K3b!DxpMS@{zH^T@31ti4K znzp$8VY;atgb-Zj2e9D$AyE?;PIO2J(fs#9LWmOrr_$4V<{>CoJHW62Z73uv>JhZ( zk9WSJuJK*$@6IgJ0U6b}L@c7l~lM_|XJ zj1>a0bmxCUv&PYy8~XYB1&Y&rHJKHjvpcS;)5rV8JZaWE$H}J}jALkKpCHQ@03(ZX zDyhCZX8@xtgFa&vn-PyrBy~gfYjrd0r3Vlh{Tg2xV9h~*a8Xx-DNzEC2r|d6;a>va z6q5x2Ipl-Gcpx5IzzP<#6sq-b`AoYoJ<|wQ%^rXe*T;YV3KBQIyu2na8e<^ z#VK(V`LMrD1KEgRkEvQ%u>W)_Ys@pVz;Y?n0G}qHU?RdmB)_Gz6Ad%q@g9f?P$%Zb zWdSRr+ZVPM6Bv@z zAiLyn|Hl>JlOV+4`Ty4#cveA!9X`#iLFki?i3=R6{I=)I=Xg3t7BZs)vVCz9*P%3l zG{8w?4Bm5ZgsnRRuyC-56kmVE!=UZT6Q>4%SPtSQ;vlk|1>;jkBTD(z5WlTp0*39v zjbKa7Gqcx5b9at#us`v?sO?b^PxJGYcgUR=3Rhd&l}r>)^-@f5Qi5;c13o{vC)0=V zZBrm-7c;!(Vn2Jag-=EzzhyrpWd4$l)&>7BZG(8VUk#2$YEdMQ_?Nmc|MHCUH3cP1 zFyoyKS|mv60l$Qin3x!Y!qKFlfmx6%;QDHtbyt_9;wF7@xQ(A#5(;i-)@7jx92h<; z1GUT%z8szLg86b>o7J=%EG9QFXj;ib$GZTw(*7O7KLIkDuw1_A#kXO4UHj8+yuWp3 zla2j@Y0NbK@Z5vV^KoUP=9%K4uqi^n+L-^oH5Nz-`p&%qdShS~ju1VCNi-bFRFzjLUvuV`!8 zSNJZRYuxZOSBX9cJFl{dLb}AbZ#Sb$+Qk5*RsH>LFi${pDjrw{-<5-nO+MmONcM|$ zn+Z~)rjBpFBu`>6!zVq?gCfbR?BYa$kLRE%mG&(B*Mm*byG3+QJCWqL0Go~#&IBQq zAIJ=x>w;q%V_=ISDYYqz`R`139B6bXr(?uRc zQGSFeQoX>*3WqD6vp!L*e_lAQwE5*6oE6b!qzB0qQaR;nuRgsHwRMc(bo+TLx6GS}@)6f>|@; zb)-C_6p*LWGX6UYul5{FKzVa|24#}4rAoqL1%&9sD3ow|79+eZZ6`vGNj`M1Q~u+> z6(OCpFGl|Em%F}%B0Kw_RtmLSt^PDiVqSgnN8{=&2qyWfan6EsEbw)ooLEh)fyc3nEh5iy;$Jl|mk#nQ=921(1o23C*?z=v)&8r*qiE`nM<}*&LF2V~!82w*oB}Ka+mHd{d=R)si*)xD$@+ z=A@zGv!YKh_Y#^@eD;J3_nm6$Pk`QBemNFj2B;;JqE8&r(gC2?vt9TmKDq&CrpDkr zAr;zODzB<~TwobG*BfH|ndt{Ql0#ZvN;3~>EO5=1^M*p6=cOuaDmcV;jW-T8+NV#S zZf`;KF$kz0I;*0~@s(w^uE;oSnC@FUJ?8x+JJQsjl60gcULJDJ;pB$7O(Drw5VV0l zhmL8%IUD{cIQK^dDEi;_ntm5h8D7&fKioj?^xea_^yvdoQK)9eb>?NEXmIB+8NE%| z8ckN{>ZWDWejS{fWoO$T8j?LteUm^&N@~zzdI%k~gkU0CdWC z6S<-S?CeIIL`T?ZBI8u2&N#YhN+W5X5b{m^kzzC33Bmhh=-aK~#L>lC5K*%!$ zJz8dPoXsQA)uWjC5VHg+tfoyA3+xY!yiERw)3fqD_h;b?k{+7Q5$Fu=v*aO4kK zXfrr6Kwclj#vX?=u^0bth?mwg9Q>-3wQDM0ug%MvcX%%!u+lqDSd%;{Tp64Cq;>+z zSr(<}{;;Tn&Y9Nr0Su+8aYTn1s%l5rzL0r>g@Q~QaH=dJTmr4Q2@WJXfP8|Ypntys z_iQ}UIxUz+@#v5lmH&-+{pl;Xjd$!YmF@r7a0uHcvT}%9KyczcYe@Z5s4+&}3j_!LC)g2OI_oXUXkT(WF2zK@WqVuz0#lt+(aL}=T zz`Hrj%fr`OO0hpy1m4)1E(<+2=3RM$m9d;j4E}KMXPHN+tSY>u-u#c=OFOB9v%0xS zy*A;MM&H-ne5|f0DaQ16ZS~pEJ}e{nNMUblS!TI6HxzH7h#$LXC>#X)D|12a1)a8X za4p^=w1NDs1(_1AFYT?@cB|F7hoYt_C1r_Oi%lD-%&&+k3l8`9NMFW3JR5*k-UahGsbQtXQtLP%E} z9%^YGe77$f+VVUZ7aIwy9~5=$cZqMB*cbzy49AVisMj=1txGD}0`ckg+Lnc-%veWV z#*^3>eqLM44np(OQ2)*Wc)?k37L#~7{GH1aG;2%Y%aHQXrT#lF22D*bC@1p!FlOk} z7Vu$Z+%wDlvP-*ES4*XMW0I1iX~eX1c%c|4y4Vv`O}v`JGn};i{u%ZOcv>+A%4(u< zBodyY!g(^ISga|RBh>Spi&*RK4x@LD1W-2?U~F0cak0iIdJyM8?MF^QUs{Ik8I79@ zup8Nk(3aV~cI|fUpI9c0yn_U9^g=W0pXZ?QE%sy*YH5YV7iYbG4MGJA`eR+bnz50S z9l?Jd_}1i+SEXyVI-cgI#|od&#j;>yI?A3tBLxgq6v$LGEJ7=LHSJA<41YYU6EzH< zCbf$KmDIy|hjB^+Q0jONVY6 z7ydXTC#bA)c(AO2a)^cdZ33$+uEA0j$22lKcyWFSc2lPYwpjltAU-D9Je!7FKTmP< zmkhB!p~h-Qeq7*Sy@bt-rnH<0v#he>ukA5_6POkp~ESYSsc#w-526=V*ypr z(BNbspNcfjiYqP|+IzKz4<6=q=2xoJbQ&&HmtTIRf3eA*Kcl;iFLSM}3SRGV@uk4R z;r^oEGMo;Z0J+v8DJmq#K+gn^`rIl;=N|v7{6vCxzivZqmk7Ut6V-?L1R$l0fK<+x znbn%aw892hi`B3eqnV}XfbJ;)Lxbo!5gZE)7i9l%H|t76k+F`0n~vTuWAo{An_Ftl z$~dcB-ip=6{Ug%iflztk?5J;j08L8x3V;aeGhg%+{Dl<`7fs_GInSM#lkhB+(iIp# z&Hh1IQ+Y$4Ua1!B)Q?OuA67}m-qKC+GXhMC;K@ILND9rQ2t2!H=mZz^$fTZ@e%k93 z=L>e7q#qSgyj_zB4Y7-So}Y*r%hCL#JL#`}1JB}%Q%`rlZtN;GHs)i9)`UsymDfrt zDvuiJvEPeZ7hn^-w{Eg_oQL8rs;jdyoGgf&9lK}oLisTM<^qg7>iJSqC$+QGAAlDN zdMY{tzpRWa)@Y}88yj)8-OcA_7pu7z>kK=Dy5RB<9$WWEie#gAu$lP*D}w514wxCm z!r@o(v!i{bgy zNxx}{Y78}(0(i5dU=x{|K@JXRlRPv^A-4r%I2cX@hRbn;K-e!CY`3(Z^;ak8U3P(l zERchJ#mK_hp?i@bHZP1mOJEwlZ)ap<7J{zetTuskX=`awQBxnmfZDDEr$I4ku>XLj z`Geu4Nh=(8hu}7Ix+X79D*sMJ(T(_tbU~32R}*%2+wivmE3RoRdbYr{*gqHn^FZff z!orSV;84Q9!0TjtxnAyH(!svT*bus_QmAo*(p@6=ar)WXo|fa9T^cwm4GT91G4oI< zEEbm7RX8{UZwWYtLGCU(cL`a#tgER}U{z|Pt{nEn=3u`n}UHK>iJtC4j?n=NG+CIfZ)h(~IhmKu;nMx!iy1;>&6_C;`myq?@@$ zB?1sKGopRX%^ss1TG?o*$$auJD1O*3owN<0__xELGW(MYlb!T#@dTmLfdcVu*Nk%O z-u+~1csX?r-of)hDT8Yke1Rq~SdqyVSoeYNH&9+WTLyM&&2$AJH;%k8{2PDLDb%M)jXS`KNmGhH@^Z4N?r+DTJF$&?E zLfip%0pJ4vR)u@_u5cE^ioZWA#W8V;NHH!#0ptz!NCcEJ7QD?rf!&1L(13#qa7+jp z!|n@ZGYyc~)P3q@bWB1)Q~7s&h1kl2R)whSmv+XNTRw4A=jooKfDsE(fBS;KksJ90 zP%Xga0x=N~cbFqDpyKKKvAWkr?oDL4%FhrKVK7nx?-Ql4ml7eNKwEY1#fIWxyjME3 zXfD_?^rqfe$jMLxxY3DR5DlSm3oqJDXdNnXt`KE^Qp)2zrPoMH*Y?jaKX&}gT%N7t1(wK3Mm?z7^?)e zA*G!3h8rlEH=ADVDj3&!< zX-ANXqy(ELgF5SUC0VeVxBw@@lTKmBzhjaIoLAARPtb4()jg z_8e|CEO2FbXr= zcuMFV7;crn!KTIp``zPAzhyaU!<-7nQ<$qmd|R&T45?V;QR7~Ume#ZK>V^W0Tcvt) z0Qs$?ctr#Aba)HE&qm2Icpm`TV9Pa!`;_qi;mp}7kWq=@B$nP=OoUf{&1$CGl)tFGO=2_Iu9S!r5okbs@nK3X8}b{bRWc+^oKNb=UuClM*B^jL11z zHbF_m;lm3SK#K80klTIkRXi>_zJ)Gf% zCIYJ2_+Pa4>I<>w{avtlg}`nmV-lwVH?|%f#s#;PNy?SX-*Lkm!b51OAio&BSpkl^ z@moL=1;UgV44mSA2x`FJ1Emlw?kRJ=g)%HCD+-@^>wX{C$MJ;(Q9gkInuRDe&Ra8+ z4IRgG8{~01ESi0L<#YL>dCt*)H)e%aRrpn9lu|)k5rw|cn+%dxpmLk z_2P=u!ZR0)qLvjH{Q5%FMV^)R_t>y78tL9p>QX6MT20X3yDv-dE^r7Z!xS6b z``;5=rXGNj+1`~aI>v4??iu%C{0Gl`zpz~S{gd-Gga01pVyIcaG|tF-GEtqU+}-F1 zs0#s05!8g>vK$kne3%R6gJcL7T!F zCgn?9onM4}mxr#LufC1%A^z!m!PcV7orY>S-4?nKy=CTwV{$dUq}Wz&l962TaoKK4 zBAe%b@2$on<7>p_p#WQn>*aX&4D!?O@lSrUaXjJi_%p4;wE>kuwl{|qcwheKlprju z?<=A@7X#35`6Fse^2Z_ zlm=%L*tKYUp4)6U9^@Ah(1aw}Q49*$z$*PwVlQa;7B!-i%rY1Cvjsu)H2=qATYijF zVdG|@g4EpGDa}dOX-N}2PL-N)Ys57Yj(%JKJOuBBKqfz{=h`fusp%+5oNrtoQWyX+}{5NNo^fP>dQS#K1?hfVu=P z3PHhlc*zF2pWh*GcybFJE@4yNt-y&>zDuS0|0C=@z`6e0zu~XFva|Pyi0sJ7%nBjO zR#9g59wl2wWX}+?SJ_1Nh|G|Y5ebnfZO{4E^}qkmeINhlevadJT*q}Cmmi<+=ldS# z`C6w-{E&;p1rj|C*o=8tlw*IiOs`!1;E-f?Hso;&e!~?v%EXi*RGH`iR0Fps7P6lQ zVc~R3E#OqZnT4F67J*+4K|p}K7@+tOh3mlP#cP1{;9+h74(mcCUu)b2`Hzh3&zSk%~*n#v@Qc~)cno@3p@IE+vL3ZU^a+ok+4J;cL ziZ0p=1o;4L!y^93`2PCzZwll!3A39o0AW6?<92LEp_q+Q zMd50s9ZBuH*mg!d(ny^Vtm{k;qgc7lS1d6d>2r3_IvAe^-{z%sX*nvfSnZWf zL;ql>^50ef8ClCi1Ev=2)SZR{Y^8UdB3Ey4`9qQKcbwAus8ip9 zPJNkfwVde$Y!HUj1NZ zH>F-r`WwAB`)=W8PBQnN0(S1gFHH&<(whKU=FKbe=%eNsu7m;gp@E1uC2qe?P*XpKGLm8Dh_uNN6L%$Mf>MvBslhP*>!CusrIFY%dS@1) zqf*bc>13ttupI#1s_syakzO~VF@CXY1|tQ{O`s5vzX66`#Tt$kl#lW<*2JKDO)B3GZHzZ}vz3C=CX)>381vR5&2dK$2u0F3M=DAT;9HCy5)01J;Dl2GkKesTSjmgTH2+{n1klfPh&28_D#)7h=UWM6yu3 zNCHxS&}liW)d%qpP9HpfS)*^5)MsBAG zwmP|iz&|0d#3lFz2!=&g+4K2tXAsr)eEq-!cx_6hwvrnO z76n}|4-Q7?SlZUreFo%LPQ`TT2h@&vg&?a(6LPI}2c(|w}3?gbUc65tJ20aZqTwS140Rvy#%pSPyI3d6SfgDu% zuSi$Qk5r!tK#jjKo=b~?hfnaFf1ZcC@EEP_1&ULOk0IL3;@%%mW(Xk#yhubu1O+GF z9?6P=(&*m<*x}1{&(+H`(xJ_d(t>NrV8_ZasgL3uH$ajq#xc_V-yA`^h)!;(bvEAC zodL`X{g!D9f9>OkDX1p+`NvOU@4gxSf12=M**h&wER<6M>*U~#@k~5Ee3X+IJRtWM zIg|MK_!?c7vE!J}2ZMeRdBJaHjO;USHLMRiHIlUjV8UpgoYGU}=RjTi+xs;CKpjab=S&p751NSIL8n+^wl~#+9=+N1e$;&Di2TtBx(}5}6{# zs|IMc(kMYEZM(N5e=N^E;NmPDgGTKIsQ99HfdPB~VnjCw2~H-eWLtk{@gc7AbfJ-V z8hvq*QZY`~`k>lKV5u%7+u^xyqQ;EF)B^@5kMUCPQ~7Q!4Ft{Nzm(G6Yw*yXkZSN z&`||`9{XybiJaaAiqWmyk%1>s=1I)kT`)fQM2Wyw!%I(vRJ5A+JSS2#=W&kjQuE?T z#sg@ChFAPUULvP0ioKxidkj9iL7=B-JY*yYK>eY^j~8H8IEN(%pX};x`~ARF>f8xB zr6&d`BDyrs>C^`W3e2@woYpMEH)MUU3|8*)O3;A_kLTH4Z(jgWEg{|*^hLEZHK~?& zXIK1ToppA09{&Y{=ZaZL?_SjrPIkW54rx5W^0z4=G$%F?RTopb7l-EVeDs_U56Q{4 zjEtGb2E4z58CjFUU_CIM2#>fca-O%AwWLa3GGXY}#@ws4q}@i;y%ulI+$8YE01^30 z?B`L@nh~l7O8G&BW)Py`OMdVxy}2pE67`eSZsIBiR~F`ebbhmt-1T&W!hs6?D0-d3 z`%KzV=OWLPnpg7zy{$el(zln%ht53v;!KU+Svym$(c#z?{qq308(aaPu=M3la^od; z@`L;&L^JJSVYaVJdIOY_aIRInzjcZcof}g|=yw-yw_*c*f`tigbKH%+ees~hbp3@G zCu=ZL0#IEm(s@`Qu)0-LQK3j+gwPIhAh4!%kEwRU*pJ`lzEV0%@zXRWrbI`kop6Xy zR*{G)X>Ci1W^`hl^Is58Zaf+S20foKnn+rY^w!X=44Ohc{?SjA&KN{r?V+Ckyz%)* zkMPii1!Zp$z#TiF-(3Hrctw9^G^)6nW&x*-hlu2B&$mb^gw-+yG8x0FD^+w1bkLk& zJSZra-8cvvJxy~p4pg<>S3xrXRo?m$q%ZaoumvE0JS5X%9V=BKb`A#$Q=P&P?))!h z8Z7hCo3s6NWNr+Vy*3=8A|xD(XAA9jd+=CAA| z`U%dcS4Z+-m`6q!pa(?QGNnEF5!!&_)qvkmj(!w5C|HXB>Apo$OClA^rvLJ;g9bo- z4>cCDO&zfQJZj&puM;?gLfc_0Z^j4nLYSV8Zc`h z+HWl$_(kk~-=Q)zN@2ty#nLn1@%y|AG`1zU%gKv`V z9^Wg+9-g(A)7n;_;=vK60vP_iwd8A%$7u@4GZx%_>e|{8_X-ONkb)u^Xn~I5_sp1j zxX^1mGk#!W$jmOOI9-q@wFeL@V4uD}d zv%(`)u9HKbSr|Vw`m{vog}fINl!9>P={0HG!OuR0_DCwk#eg-TM~aj(YH5*mL&6_H z)93cP4*Q&}Y*b`vWhn;(??)AzIcaW(3}cWEY03!x01wKh_wW!0v8dp2D9ud}Ru%T2 zIW6wo!j+uPF5*$Xi$_<71N5xRPcOz6MrytEkHA0ah&XBU)lnV3YQ?tRIB=Ob&GrRc zsE>%@llS+lBbx<^zpauZh}jy&av_!0lZet8L3DsU!K9m>u}qfz6EEFd5IOz6dk!DS zAM|O`|3Kq{9fFDdviNtUenevpL(Y3j-~FI5F@vPx?eVT9)_co>j4CJ;215A(7DGxL z@bMt8=}d$3V{|MrsLX@olO?jd^fEC1l^pYBB``0l8BEw(S@iA_3nDE%31XA*c7RDt>zg#9&*-cZIV! zoHs>XWKI!4#gEP=$1Hg;@V^e$Hs$LvJ_1MGR24pH5rYN+z&QBIkf zeu`^!mtWnsn8;T*z114O94W@+V5BgpAvxm{S?mFH()pLkX2-J0d`1ljD0&12UD5Nr zrK&*91A)}|b}y$9IABnWaII7@6H(4Kn-27T@dDgmHoLG+qOc^|A579;h#Rv7DfP7V zZb4gMC{&VS_n=~T!E>X}xsaXj%xhF!3!Zt)u4A7_Y%#)L%o5|g3i4mnGe>rJ;$|0z zM~YX;H|*ldDQrcqW9?AjUZ1`Q7H++d1kA4^!5);?scIVDFw|_z{M`-JW5K z`X^Nls2=Ve?@hG%A?mIZz*c16fyOJZdUQtHplk}kMd)rKk55aF*#525e@lU7=MQPR z*6o~&V;5v`Z91lf;7>Zar-d&EOXx5J6c2CDHD<} zP6cHPfojc8n*Id#dpEl~G;nqGM2Sw(LRdQ_QlFFo# zk4S*)RzZfhK8L5+(dxUe+v0TxMC18DKQ(%N%IG-{h7V-u1X~h{77C-YPyjE%Mh%rA z0nbJXQi{LVe(G`*>TA|amiR&@40P)i)by0IF&UqmKYpl$KJYyqV|-G!4SXGu>bUSF zh~0kG0WP~5a1DS)9dtl9z>%6JWVsOF}3^0Wxt#WWnonXbc1o zidQYSXk!FGHVkGHKxv;l@$uCmN(KQh0;rhdAc_mlFXj%EPGn!MGIdH+@28mJO+Il# z7=&;!$>5cf^f{2$3wZO^x*tk6UOM!=QWD=at&J0e6d@8}r%&ymI0--!L_m50PS&M# zo1FWQ&wJs|!4+UlKsNa*MZh>1Jc{L}4I=>pQc^R&kAm5+|2OA@jY0B{|Jg&v3U7uu=C=ioq*_!?xHQtHggOG2yNkic@*y&2Hpp`UkQ;Ii0u;n zAxlQYPWpMN)hAnUnAO4ogS8rS02aXb#KaJYa7O89p7tcjEDY}ljp9H?eh4f@iA5r= zD=Lr>^V!wa6~;j{{15?$2qcBdk-^Cgsk^I?AuwuRw+=rV5@lqAGOW@jZG@1Qr(Oq;)xyrk2 z#kQNH?!(gE|BBkX1oR>GfwYNd-EXtf&GW^ditsTiyf%g(J=Ons6G9r_f7yg8E)!4d z&dyi|vl}#zh(YQ_Fnh1sec~G*aL2V5FLj%Wo zIQ+OIV33p$vFmLi>H&v=TyV@7T##Ggyl-7>G$F1|SRNM#4A; zYB+y*?Sn1g*b%?;c5=lCVwpZeR6iEx_wN{gHt?UBzRLY?7aBLWQPz{(TnyZy>wWJo zS6o%DxJoAjH1?fusZUOqbQ?4FS~hPOtd2)hIH&UeVbEARuZ!)o8+9AGSo(vg5)Z&c z6QWvCy57%!ng6w--GAjrsy0lNe(-$8eN&#mvn{4g?dJG?>6*#^`FU)HU?n!H@NEtb z4BRg(JA*-ib@b;P>47*!(nIJFF2U&lT)jcL_#a3Vhv?U{7^^O+|9H#-{9$SlVpzfH zisq7Spsb-RS>N%1$KZp3IZ?S#Yv=b~GMKX0e8MI2m82rp@O6FoYHt0~(06_$* zARM~88(_IYJfKWt;(K95A>;PZw^HA)UJf`6Fb&0{1$7vi+ku^lTQbBJJS^_c*hh3V z&jtv=tv4MT?7%aSi~{)Jt`T-$*P1N5hPqG5*9N=uP1F@&D`MTO>0|9e$y|`V%nCt0 zC`+~GUrcmwz+({HE!Rz3bfGBJK34w|;B=gM5!ll7lKD8k3@l-)Fth_*@g6(#3}E3c zEJl~rm0;Et!9S82H?Q>HvSr(js>Waeuw1Z4yVRNO;Sh0A<*Jw152s)Y91BVFNeGM= zPr1@tko=;D8?=cbryWMsV(9OK?t|;xIbfKd3$yKlek#f|#Sn$*3qy*PzB9D>|0mbP zGiJqAsv{l9u~V>yy~Mgfo*$3HvgLpCLk})gD3P>^CJqrGD8DH@KX+5G5kILBr`PxZ zWF+w8xe1TU>bfAiU6bOD6(uYm6vgHCqwPvPczNMN(n0`E^Fuq@{slcEa^5+|q#H<5 ziU&-G#Mod0MS{eCpf*S&2TXVvNJ1w14Xg`T6jbltebED# z(j96Lrtx#u_DgG~YcZOJ8(&Hdx4;Bl87onLJ=T@YW=k$Us7)*ik zws`l`i4Y8PbAmOh)HFFAjC^G<-yLG*ytFQXb6UL_t~EMf^C7th7i@7dC|VsZU{pav zShNxf!vvHMPPyxxo%d3V^Z`^sDwt%+;{z~9_fvb6%x)$Nc#){foOJwtBTpzxkZ6plH+z7EL9=}Amjy@#)zHnR9M9L1#XDC2G>%xG7%;8E0 zZ?DPmFIQO*oH%fw=r9(18-7BmvLlyHq{DL05`KzB3W~J&PkV&EwGk^9bz%ZYAQP2MhkkXd$Qq4 zCHUvQWI*%Lel-N7gs3ZfBsF#p)AoNczgISv25AyA; z-~PzwdEo@=EtA4TG6Zr*c=au z-l@DfiN) z-*1vEv!`-=-pLf@mywL6y0htnK>)8m#Ah^|@iFCULN zJbRW5&ULV-Lv&v!cz)5C7W7UywVo+>%4X*pM84S?t3+=`Op&*ir0DAhC(sp20pcC| z-5$vFe^UODkp@(&7%1kqKC^_o14Z>g*$Yv>d8p_D0tjWsLuvwQ?P(|n@LiMNe4=E- zbjV9SO0c|s40lhxGQHy0qQFyTY+8;55>+w~t|5+!QX~EUZjHkOR)UI2rtzAE*gZ)k zDhAs-97YH&C^eb{33)stNTFUMfQb9G;;Y0d5KDM&PEzhCsTg3p!%@z}Vo29y7Jio0 zVL4Sy1WrcEhY>!;h(%B;VmQc{dAYz1t?a~@T_m!Ca2o^vYV#^hZ~fO<)B5uKE($#& zsgSdAPO+_fL+SMBz&8HFXo^5-rEi~K7L_FaYDcQXN9CaX{AYo)Uy&B#bQq^&qzLqO zsE%ixiE5PgwA&!XL`DuM+`P@&x?A~<8}!UYEJ=+7=x9;@0%?NC0Rw4*#W9eyDNK$)P>={8N8W(DG-|uh zIRcOcU{z;*k9+sXV?XKtxAkq|)>{DitKc_PZ25J7zc6V#z${V&EinT;PHq3(=_Rrq z%u*3(`>o0;kb^8i9Bp$b4A5|g>$z(`hk+tq0a-TMW8N2eZetby5L2AGSQ7u_3eGAm zi1opy29eJakGV17@wY3O&TD8pR_+$!%3CcmSlhRX(ecA*&2HR z-QcNxI<0+tN+C@S8nlAucHI+7901#YHNZy@R;CQ6J)we^1=fn#7tBl_)9~g^lZd;Z zviR8Khc1nqkVT*u<&~71$=KtH9AFw$g~^~^yM&JREGbuP$Z}4TaG-@o6^2d*!=Zt= z*X2cl_@~c^O?Z=&pOl;rmd)0EH^(4J^=$9;SMCF6i(@2H{Sm|`rC-COpD126Zhc!- zbgV=i=YcHQ|39Z2;Wxt~;{|ZH8Hl9=mGC_7m_#Ys{DFKQ>f`)!A(hixW8n5jT{U1C z_4Fc?dVFcQ*Rq`+`dBUGWzO6?MH$TQ^3XS*u`_3I4hz948s>#IqcB(vN+MoW0hI#^ zt`x(b=mxHZZ?LGkfx*N1Set(WZnwN=$ET1E#999j1~)aAe+D<}>6q-u z-JSbR1pYrvlpEAq_dwZ$wk=&tD3YL1-7oo4oRiJH;ns8lG~Dx=BQLWj&2arDfA@kO zRw4>cPsrXw(_km3YwrGLr+V9+r3kCr(#-kT1#ORL!Tyh(44 zdjgdavlAPDaCk!{$8a)VJp9u%qWf_gZ2IM*Pf2WP3@`qvKv&Q+ptoG&mk zG?=aeEA&yULY^GprI60Mi(g#OO8Z#*_+CXMcO1)nnc8%?_n|U40=a$lyo?sf<}ZyN ztzC71q|PqfY<14<3hJ7=|6ED1%3NhmA=X&$)Xdfv4+PXi766HtpyGnx2Cg0cvF12h zjLQwLbtQI9O5??9_$}BkhSn2Q%iKS~4?7kjYs1-|Be+A-X!mwxQ9l-FMx*%K!G? z&A|V3j_*8p09_3Dm$q)-BeD;ALm8Fs3(RN8`u!br^+XP;C)wqpR3rcnl>Pjq(fkvL zo!h@=ZCwDk@~lLqe3b<(F>}T@*d3l5D*B%L$9kPCK_0U0o;J@7=`(6dDk^J$Am#vE z1I3H-SsRAadWMl&&tF#rmzT_O&68)V4{rbQoOsT>Ne1B#oR3cGiEhH|7A!R87WpQy zM{=*VpY>+yF$ecAaHHt-S-a)8P=0M_U@*Zb;%GtD)qA|roSQNsDY6zn5OVqG#ce4- zgBJ%4w=#@Yn12C+LJ@fDKr5F$ZYX0M{=Gm!nRvgw>eNl!G6ht}ts&QV{WCCqV6pa+ z^V~$#FgG8VS|Bt?0cvneu2G^CXK7<=u+r~LKkqVjXP%8Ic>G1U?mGUSfr6=khkxva z{ER>|GI}E`{7=xs#-OYun4n6Bn5u5DHPYk4Wq@&ZO1@Ijd|@S4=-UEZc#ptAAO9@m zLIU^ubyV(1xjXI>`GM!c?F-3L0o5HFb0E%@fKIzsHU)TLB4Ve0&7T$}>3)#3In^9T z0CE`hkr6c&t#DL7iZ&qL)=Ay@x=yqI*peI9N6c9rk34WGl z^6AH>55WTy_chi(cegzQ74OC6`QKmiSc@_seLA;#lHXH=T|#pMU6lMN0Kqr4SAg*3 z0ba{%U~yW{#B^G%wPydOESZ^hXHpJn1@r{Tirn%uxX|TDG*UetIIdhkhX*kTH(`P% zIt+KLG8D;ggh-VMe~P#(Dow*6EjKUz&G_sk?o*QKxj2mtbbcpnfI{Y029r6^Q;5sb z>_}(d0}~6CTAL_jEZo`vS1hV9RSakWRtAAI9*UVpN_tQM!5C8|2&g7kgPyE5xWB<-PV&wSn23aBsE(T9KMge+NG|vr# zhVj819P~N6Rn_Xdl5*K%wZcIZhnAOkz{2zQyLY`=q>*Yz0~!NASX_Hhg&dDq4ubcE z^n zQuCu9@E$bB0m9n|F3axWqC@id_e2@{f;}Y2?Dl+gW;w*uPbzTrXV^!C(hfdQ%_Z zOgEB&>iE>HH7>C#j3|R{Uo@K|c2Ii?T4MT~no%;C-{5-m`8I1a217y-J%ItQK0eHg z)h*|U+$NsZdz+&}YOe?x<9vkL z<8R!6uCmIk3C%d9l>u-)4lussx16Qepk1`?5>d&kXnDMH4GawQX)#_dLYhwuz>iCe zIsWGF+y2UhE9`%h`E6^0FrdPkXQRH@H%LY{+YlU}9UnKu5lMe>UQ6^__|jHUAqM#b zAE7xbD5DTfnty^`>z?ml-rWJNte6lwr4dql zECiwmg3>@`FJzdiCJ}0IkI35Lw-6ljnBakf-h(no z>AAVJ1Mb9stg3;@f9bUHbaP=AEQl+@Gz*mg-$Z8(&j*#{>pG*eFBf=zG}@0ouV=z6 zElD^vs9KX~k*<7ydE50bh_+O?8S(?VnIZcSh<6bkLnmafhPQ}jLF|h_!XQen0wNd< zW`#H*m~tk_N(WKHz?yeL<|ohxXfmXpuCDIz7AeWfXvmE_?c5Nudea~k^^ z@E;e^5%5jFh7r#9e(w=LUL5$^ZtNKvqJV$&Cw(AcP%sX*JPU%q(9}#gBvA+~Frs4b zEWk()e~}aBwWB%Ph`uPdY-fd{q^#B`YLM%J|Btt_6J8GYEH8z=WJi*;W;>lxX@UfRuPYxHd0tgG#;sYDo;38@al zQ_p_Z&8@oY(u!hOlw@nR+&I6PJy7O)TzZN4JG0T_$*R1fzA7Q{rEd#@-NDc8Gh1~W zTX%I+_mmxW!#|id9h-P8%)v`LN9Z05ZY?Rs$e8BUeXimE!*&2#FAgu1ztU`cl zXky~0dnRlU=Jbhzzb9u!K2ZQCHz*>66=tejo5C~H`F6mZl&qGs*Yxx2hQ#FX3xS_M zcKbebpmaV7iNB#{xuZ*%WV4Qe_Ctl+T`gBkw$AHru3_HK>>Y|&n^k4F4pmU4>aF5_S4rOaF? zQ{#?Es-#Ipa<7HB$uIs-Ux+WOCw(ES>8QbA$|jD$eO z36!S@hkLZ~!T0YzU>8E9)o(O_A$mWfxixdgUB1qQw657lBMm;xtYut&0hNv2Hs4>< z5^0P=AltRf=G*>$WP_zIs$`Vx&vS|LG4(m!%C)o|sA9YMU!R5X=+4AeQA6~w<>R`X z5cbPfmlJ1VS~X*ZzP{u5-^P@gz6c-e1)J`I_!EJ|fzKl{yGBWVprcspp+az-K}roWssm1pg+jj-LBAyJA$+%V5iVq84h5&wy73Vt zw}A`*A%BRXve297SJy`cdw+o=b7P9p8VDnjW2!RAZQj~{(%}b33gv9A<|%}Y;a|^E zl)v{^7EKm8m#m2f@u2}N$baPh~R@RZ9KNR`U`x{xyFeBh;d1(jIyQ z6X5vwJ)enVc{i9uYoMSU>me}nW;QpVFan4lEEz8E`3oa_*kMi+=sn>)K%+RIo(%ip z1=-+8PJqq~08*D=I0+cuZa{e7)tC%I@W!ZV*1ML;^MK&&LN_&}+W>R3qI&Zj<98SG z+xeTl79%z;C^IVh<^mo_)7? zGKL0{q65=n(+W+xIr`OpRJPI|IoNl=Gx1s*$ENP|y&Qv{ECVvzYprc^+| zJtZL74l-7lSH__=dTDL7G+gPd@_j`Gr6RJr1s0@orc72i+p7UF_F-Vd#>RlXd<;0{ z7)A+V1f*Y<|AR)NdEI}eFg}UYyB)w7UyTdx{|jRsUN|+&@Gmcy`}MbdN(BX?yrk9Y zVwyPWpJw@?jmh%}E{(FgoI)>M7-? zbk3$4oPJVwtBt*iJU5PNQEU6<~qC$bislqO&F$~LOeh67;J;>LNY^O zA}J;O!r9O66M!x(85ul)9fWYui`A}sVcmt6OAeHVKR12>*h@U1t83P1osjKy$w(@Xq0mlXAzTP$Eg-BSwH$OZ4nEVoPsq}mAMdslteuCSG*(x z1=p0u5nw>9Wte)vEC*O3R&{rqz$=H*EAGR)Q(%s-k4(XXam%zox5E52_y_i659HgQ zdh@X)3sgQAKb-RaygkkP`I7`*&Yz#S(n7N#Nb17^QngzdbfoTcS+aO-Ci7$b-efQP|;O>0{KY=Y0NE!Tdx z+nqm_s%df#_6;MU7s!}DA52`%d?*J+4XUN~(99v&x{!r+3shLbpaD8v;-ZaV$3g#f zV`7q=xT!qj$rFO*6U_$_}!}~UUO=P(983i9zWv6$h!K=wV%!i2#L5N3$n`?*1<45mIB8EDp|@8{#9NV}aW$B@RD(Zi_>7Sh0m{M@h zqgIM++|x&+R#DUAWOkJafMfA`Z5$$o6o1RYbV zVP`LRIG3lXaBn^}+V^@M6w`|zFK**NW71;0desbHXYo>J|F_uCI2HA_q_pIRBmv>(_lhnl)FNO|!l5PK-uYZyHGThC4|BX(N*J@(TCGAlZ7{!t++K2k4Gsh&z)+~JhWYpe0kRiyMS{oFClV^t}Ae(Z6uRsqDt!87kOyD$-3q4 z-!`OgZsfha&ULwhMv9apG@f_Q4G#%0*1RmijUddH$zdow^P2SXujZ9kZMfU=u4FmG zrdB@|g|mn+E2(QSzV&}g%#v_Y(LHxsD7$t0`VD?H{i_$8dT(`9QEJ~(A$-SK{6Vj7 zCjCsVet-PaHymf>9xi$la;RAQGzBk0-Zz|EBi~<7Pt$>OyD{L0DCjPK%;1*bH^nGl zWApcLvreO0iv1uhj&0Qu++L}C>DpJ79;s2v*d+_0w2Xd=Q3H7+=Gb)|^-sB!^JNjM zQsT8!mKUEo?SxWrLR^ZXWt*R8$q;CyV?d{N;hdt6u(PcLbK_USJaWISQ0uXGCg53s1ZCAK;? zA`I`QNbbg#!@u$J!I2XYO9V#zp|jl7%uD7AakQfw^g0o|BrFl}erq@U&Jv4DpMIa^ zIx42`JK2*>q0}9ndUofv+@V>`V+Jc!zreJwz2ykDFEvD+)J-v6wF!59oc`EtH~+?1 zJ+{|!&nMa5!?=3T6u^i-N4=C;RA0U#SyXvL4Fj3!N+La>4t9Wv&RHe{6Y;_$SmUKYSSVBi8Zjm0WCP zcVq{ON#lKYi#+|E{|EqQ>R$>{$kL8HFHYr zmyj5oziqS;iQb8!ag$3bJRhraBx@x?G&$&`NJ~fqO{8!zBdXm0*_-3na>p2=H8)o* z0>hnl#2?9UghrCkY>=8Uc{6Ddf5yiM%(FZQAf=)3H!jsZ*)=d)%uJC#^4RWb*0gF+)bc*v)?cQpXdfuw|=}GNp ze^;e;_H1{&i!)_7ByOc;jL*HqW>yQyG^862(;?(o=^i@019>ZuuG9%db3BAjWmkTG zZVs*Rx|LW#ic#4~qt99nt!-Sm4&?88BE5D#KbNGFz8a!{=hrp*G)&CPBBp1r#US@m z!qq;Pv!ZyZkEEnjir910#fIAibBo`1?(=v$S5Yd{d1sKI#T=H3jq-zMAW#DtWS|8a zlYC1hUfU)EHAC-gvK2o&Omy@fi5Rl_cJ1&YkP*52?TeRRWKla0~nnQCz~dco8}cu>a8q0}0v zh>{*Y<-%T)A{$cud80p-*X8pYF6QR1gg7QGge+wi6CY<*n*u%(`?cM+s#Ng5Y-$## z)3sNv67y-?XhXe#Dp+|{*lOrjHE&Aa(+@X#Q-+M>^SEd}Vn-I#$oMQP;z`5bqY^sI z&CJNi2iaMGEDfcuJKdSq@d-dEeO{9?x;Cfu+` zau8y{p-9b%*iR4_y=OkiH%fm<;^|t&KvGELI81}txZt5gNJ(wc-1u15mr5;;`Q^Q% zKM_!)DCFs$^bde39|4ZxlUVT67ns+hCF?DE8~QjuJF1aysv2E7;hy_T%7i#8bTX`- zwZ2;78oQucYdm5A_WoPUeiGi;7-sS(PCGY0I2NvW%5{=k9eVv-Nu!JX_sLi+Ds!FZ8xtNr z<=}kj%A68o8`3e==epuV^_L{JPxl@pVU)9Yk4e`=OB2^Ov%pBJ8&QOellmJ{1FGompYNYJ zAkgUhTig<5IP-nlE>mMV#^odvva2Yi^!`vQa#2c31)6MBKuF=Yg7IqzUZtY`x*!Q1 zc@)gLNqwkIfz>)z#UT4>m;%C{s>l{-q;=XJRgH0;GdxmEEHZMC%BnE5U9-pQ4Wbs$ zXxTVLyJ%S%pK1}xdwXsA7BlwJi#&y=rXfCx$JN&N&-%H*FfhTW5LK9>_UaYuWxB7B zq_6_%*#VBhgy0^t+WUMC8af?S&TYM-j;PItX-Ui*^iWeoBqpO*NcPpPr2WC&m>p$0 ziP)X4cC1!Z`Qe>X-y|($h?^xvV zb+rKx0q%5cFy;i6*zHjowzakGExp8n(g0U9w~hqA-s`?92-qyeuQOZ5EX-vKbhu7l ztmhE%aF=II!DSiF6Eq=kmQynGV`Uc55-HD?Y5qC$BoXrS*!;D2r*M`3nCHC_ZLRrA zMJ4u8)6cwr3{!Ic=a1%+Xc>7%8ZTD}cUOC%dggdDVlLw~!{CUkreC^QnV3kJ@ z;<;_3kO48n$i=?%YAP8es^bd>)AJ&MyGulR_kB7R||)Ys~qVG zzlg!2B;p926to~d01fXA2z}{&d_GPY^2br45gg`FAaJr@_IH1^`HmS={rlaV`fEdy zEcKtZxQF3GlPcjm+AJ7dN$;BGU#F>`b|rGG2JJ1hYMS@y+Xe6Pcm;=*FxznHfByJa z#xtvSS)+gA@Lc}Rr{Bv`aYZIvp%e+rg$e*8zed>!FnWa(vY!AR67zDlY;rrrmdTEt z`DTbfn^_P6wNnJ0p>bTkz2`?u6rAH(z1^Q;o5$QeU)Jt-p}H=*#)nT^%;rqF-wPJZ zQi~NOAz5r$VgRY(&B_-F&Pq7ldxN9H**kC(Q@Ab_DuApKX)X599Exo3MKov@sl=CH z+7Qg`UbmuFxvoilJ|*q|2jh5wI&75SBR21&bIrkv)nCsFj0&k1az+;kpG@!}Nv*UX7;)VYb$i-{?51n3|Q&d^%vI)3xgTF6% zLwviHp38$-(wn=J7OlWunxOO-I#@Wy9*v;*JBt6A~Gk3%f`h7psFcndWSV~ zRWnp>u=7_--#I*%3Pq|JPtKb7O0#I%nV#SMna9QnB#%5nq4-Gwhn4RROg-!h_2V%kWb-0AQl zoJUHW489K4dFqLKa)bSSF@mWj>K~#a@}m9ySUseF*2YsPh4x;$&&t3M1=9Q^BXATX zWNWj@ZZSdL)~zQ8IK6k;DMHSSmB8|&wYskZ=esSfCbjIE6+w`yJ6%YG9T;oHSQXar zBhCyB$+e1CxaXwLGlBG5BwvNfu=eywd=l3OlvjfqBz?DXgc*rSA? zsUfuc?87%27!Uwyt@<~8U0j4s8k~mvcq02f_GhSTK8s zYFfI*diSwWkz7-1|K~0>rQh~lm?M&(%;h&dI|Uxoz4iJtx(=SQJa_1!T1aYivpD&m zYGLwHUJ)?XX5|JLR8EFQVhQ2-0S$rjJb?EO5(!5WZ;_`7#<#(^iXnIs!eORy#;g3) zp%?l)-nbvaw?PymqQW!IyrEKc`BLEhyXQFZeC;bb>=-KpVrkoR9^zxPDql{y<3M@w z=JE#ar9vWjitC2L3&aM7$)9``KAd@!%rs*FTcnKza zG~p3N+rju{0XT>_-&+@UA7PtfV=gRs_epuu^O@>j#S-0@Sdz*WiB*|js`ID`j;^C> zvKKt7I#$7{^kdgg_R%wvCHsobi5F*EWo^W4E(QDyFvWC`^K#Z4N-qeR(~N{&^Y~%% zFzL0Fu9-<(hXx@>=;w38Z-IGnJ=`$|@{0p<&4AnR0q6F2KR-_W)fT^(RS6QJ`{G75 zhbg13Dz8V|7P>}GXi_)9<{XuZJ2O5kr?@0eI{n%vAA?zKJ{KO9)zEP9#GZGTLt7>W z^Y?JhaQ;&N`%g_xWKqZ9*5&)?i=JzIiRFQRoCCi_a?yhfrNhl=CZ1>f2vkY-57DcmT*P)=N-22*^hLj zhhb({o0>K?ew;9$XVazgh6<7y3U3&F20|Ax6#t7x!Xa4*beDU3lPcH%JKWs95{tD# z5c32pVURXK)~3z;ONTKFx}qaRD^JXYuei`CZ}^fhtXxR#9O=`-2kWD*MB1)>qtTnb?J#a z1xF}hY%2C20B6C)&J6Uhtm?$}&w;Gvp zBS?zzWj6gxMrMBYQ$b9IQ$=OrZMvo1GIA_TVvGOOTd%D0r0=%_)YAH;(48Qk9aCO+ zN5j~!k}>gIR#$>dlrEq3_Z#{)0?do}yzjOi3SN=1(sviE*ZLHbxcl|#N|sHm<5#PE zS@lAHga_HSE;vpX>v5q;#3)V(%Ka!r(E~k?fN4uu*SBqMJUEPaj*Th5K(BfYdr09* zdBXUCo#MiL*yp)I`u7eVpFN+c_Vs$zHCO0Zd^7qSbNB5S&Cx>9$Co)^Tzy#c?r~38 zv4K&E*5{!!=3`aKf4$ECFU)3R)9UiVTZjAp%QOej6N~OoVm}3JDI8v3;L+bdX#UG+ zo4+><54#Q^Z1uBeUEsZm>sD#zoYZX{9iV1mn&W(`5dH9P9@c73!Ia4S*QH6sokG+|#S6-DAB5+*S`)#nZdymRlR$j;>Kt6icy!+m?*YQ27l^zN&;mWQHy zzZ;%XCTHOQu=o3~A0}X-A}nr-U7~iv+x?#UF=mhpXH`4Q0Y(#y0c=)+j$7DiUJA`t zhJnzls~@96pSw1^EWiMVlHcykZh7VB=~hxbpZvSH-p&N>oB0|K5{9G>>~{z;QmPB{ zTY#i|z4qF2dmHPSThabXW>X0|FA2{S5}j2kTuD4~nx3ui;o;^X6$>82G98t)Kf~q_;o>v z$y5L(eP8wog|jPUN1k^L)zhkSm+j4AdQn{1so>Qhq6K?rm&RIg*V^uJ=-?D_3>NRMp5)=%M^|!RI@4KUFo`72eUyVO zAtvm(Q8;eI&wcI;72=EdeH$SW@v+*vb<)<8e!iE6sYn)&q%dlX`_uz>s$rUeY`E{i6V;d{ z%Oxx9;d(DAeR|1;jy;ruWADoj3L)l_lWXh#^6HgVD-_AlimFeV{>khDSZHR_EWrIB zXVev!8hpmRm@~;l%o`S$^uu));SNpa5)p%5jB!M6z;kWEA_klVSnpj@r!Ze-)9HcM{Q`St!6adcg!>}w7qXAZ zfjnqZ#dPzDsFMIFG1?ysibc8p+S=nu7)630$x& zFpR@(=YE^{d<`)8rCKdPH%)hoy4iPmmMj(^zt*NtZf&RI0Ud6w`$Jrx9gW|I#U{V? zkRdRWm?b(%k!N+uLh8|70Z(`67hX;lE9{Qu;ef$|FmCnO+PFP4_Pq*%h|uUeP{QT`q6ZWWvE$h7oHpSG}*=yb$9~ES^^XgA<@o0;n9`rb=Hoo9q$W&H?i~NJcc52PRP_1Vw_Z>iIGl`EXX|q{63r*YzQ)!U)uJ)u zFUJa98MXA)><3y!d~ej(4xB25MuiqHD_(tppCaBVA#_*n|Do$GpsH-Qw$UXDCv@6^PyoWXteeo?^TmdHtt7)m5E)K>IM?)GY+%%oY(KL(sau$XsX2|r8Ty` z@0hW*r)VRxbrmj%oIL;MO^eO9ZqkLbChWzJa>++fHD3S@+)g75y@2-Td`T?{z`X|0 z?n2BX+uGWY^X{|G_p6XA@O+7kjrB)()G%>IEd2}&t|NG=($Z40fj~$tKr;ftZ)$33 z8U6X)tXW`$sid?}XZ>Qs=4QJlBs6@(7Glgk)>vrQ7Zf9FD$tkIumlxo#S{C{2JUzOsCZG+H~vVnSg- zGdd>XjsIQBju}T+hR<3W0YGzddU`a7u_apbZF1Fv5r;<@013Dq@E}Z1i{Y=Aa7o#I^Rh6lg;w65dT!+hb8J_Kg)dz; zOHoreLhWA4%yk0qgdObW8%`+0k&Z`LOeWdNJhOcQj_B(0>-giXU9+mwCWq0$*hWvU z?q)&flM(Jx>f}p|EVmphX(SrH*YgzKS(#2!J`0pk79NABxM_DPCZf58WObk;i}FOo zw;)AN_qqSOetyb?K~*C%KJe_IRF3mdS1LX@#l z`5vcW<@@p)py?&ym2(31o>jZ#GRSH1;^5#ow=2>-V*0JAI;d+`*R0?p`nJ)(<6TQP zifPCUWltcKMJ3I@n`U?k&$bP#@`cznOq6q$BD%S)oO;V%am!*ZK&O}licKlGB&`L7 z*)r;6ulXv`(1j=}o)Z2h=q$*yXqcy<-!O9#E!bn8y+%c^6Xaz8ueuZ(00ow70C;Ht z`GWmH8Q^A@4~>kRM?}Lf6l>{PSeJpc4q{Iy0RGmfNf=6j^e=n=tSAS^6>@TNsF>t( z=Uyxve6y{AdIzRaBuB)<*Mq|AYdZyz#uLv6%j5I|jCVp3bn}o5nNt}=Jnl@~Q%VR{ z^3rL%YZk!;Q>a+3alYXbaS#@3HU+-MdnbqMimX;(ArII{xQ8rzA!@{f5lNOH5kYwZS}N|{ zyW0N#lEE@SQ8uz}Zf-UN+11VXHQkE@Ox4km>r5xy3<`zdr?e_G_%09CN78C=(t0!*h zClsjq2`rXtf?U6-9M?oI{gY5sLng|><^=BQVA=^%7eTtR9$O29Alw_e zoFMK|Irvxf)z;5F&F8>W@dpIY*;3d5n^d6M8@#wPez*dvqxe(;o``=Y7$`0X$ergA z8a+7Rp?_;@{beK5!-eZ*KK;r}u zkdm&hA{ZDL`5=8D#%EYhRtFrD4FH89fWD1Qrtz^nfQN!GzJUEg#Ad4(fIqJTWdT%P zPzG($F#0nwF+m+z8Gg>q1tA*kB}bs^Mcp$FoP|gB6$3hF2HQTTlRw(I3a z`%PviOQV9>yrBA8wzc+z+*>1962ph62t9Xk0$~AdrZ*As;W-3FD1|({2idJhLezC7 ze+y7sk8;9I(LCaJuE^Pdfct0?&0L1Wi=(g7Wj{&xn0B#F*c6a}-4t ze_B|OE+=rhts&h;GRlh=FG_%vDhlO|h4(rykDWm|Apoj!qlrp4M8N?XU{A~lmCfYC zpM{b2_u~m+vF@=D3F#hFM9Af!A$JTZt<_`WF}<3F6E@RTZe3PPO^UW*3atD7lgM;= zXgR$Efnvz0^07uUIG3c!H&k7>eU=HCO3IDTj~SpH;}?GNEq{&$WFJAQUOms545&Xfz;2?gQ5KngG3v-9dv@2y{ z@QhF>+RHC|HC*^}BVR<88Iv_18&VJ>#o~o=OEO{mg)2br^#d>DR6v*_qAK__B0mRu zDLEVO9h=V$ZO zoL3Lq`8Zuc!`0ZSgPUo*VaN~ z*whtTRnTgN19!8aQxBu!z#btw%9uMtc9CUFk+$77kGZuwWu==uY1*l}+J^2e2voSZ z7~n$VAV8!TX=zKnvRu8-8=06_!}6YOx~j`LuEiK>T!p;McHgq6&w$|!q!36wr$1BsaMq`jWx4oLE3*`{`WP=JNi+ zRgI2dBh+-yUu!Y0jJ4N<&4RS?QcWtnvss{IEjfYbV#IG{SoiBHWDgo>;SXom>XXX|FwbEXm_(4C1NF8r`&8{sO?1CEJ>s+2sOl7KsZcEwF;ZS9UG3Cu)6yA2wgQqD#sYqy?~ zpNezmt+3$mJqx<$!0%9!JxtY@ZkV;QDcPiQ_kHIQwm;=WJ1)bY;rFrHmxo^t8#Vvr zi~F`LBsSrJy(;>mJMBq(@B*l5DD5p$89lO_GRm!I&$E}sjXiM6K{09H5au2Y>y)w3 zVtdzH$>c9YnHa?Omzf-wevmYdKShk&>QgscEQ?)1D>HgJx^*-+D zNL%yO80KrpglBW{WyZL8o1{309x3gi)(g@%C2V3l(A0)yEUSU;vF2sK%d{nL6qyBl zju7V#(*vE#zdd0Yie;MiFP)7$ofO6~G--pjXD=sc>fVYuvQ1g0;@g`nN=@&f^4JR3(O`nfgO5KM`^9*nE|N83CGe zylv>J9{$`zrk0awgKlg6wn1BRs)wITr-MY4|6)bLJYOfii4eylbLP{{x?g5c-+HHI zs7~@Yc+Uv1QqKCnw;?axv7DTRepUQONppU4i=<(|sNv15 zD+F=l6Uie}d4oG{Rz0Gt){O5{?uZWECyhr~M8BO|JOeuvs zJ16dQL1QQ3Z{Ij%xfvCC97;I!2(9Lx2FjH@i%?5LQLN1SZ9~BrkFDDoJ(tIz_ORdP zX?4AzlDC0sA#VQsurzAh%B(mDT#?~yy5^TF8kocRTyv-MzAH~l)xA!e-^v)zEFk?U z#!vjQve6s$(Ey$KDWhIy) zL&io{SuC2~Ho?#PCM7UU_Ki#39SE>jVaC0DbpE4GV@giA=vymJ`|Seg=09$YY*HD> zR2CqOe+|zl?s%El!lPLG2kqrtdYJ6R)YeQfU^#ouP|TU<>a&H~irACV9=)W_ z9s4}BY^l4peq_5N1^^dKboI}jwY?Qz$A>%{GlBnxD_4mZWF9lWI~}Ulp_69eUpCtH z<98_Z`S?SSxHer6B&#%qOU@_lFI`|8f6$=ezeaERP%#C4X=!8if`~$^Z|--D8^hmm zspTIQVe`mC41*5t^!A7IUwCOK8p_!{HSt}JCEJ^0Ux>j4&+4Cb)#bWn40g6#Uedm(^Bc2o*+m6*k z*&}>&_{Od^gUFLfnc87j1{@SeW|7JF^8$PqxXAq>6G%gjfJe4hzH(nM3&o$Oe`NhH zMf$`m$4>vfRbpSZ}3t2lz#)aPl8AFsK^Uy-^f4iiqo=zE=~7We;( zNBX^x5q3(bcps2Rir(A_W7)HET-PFhAh`nFPHRB=2;j$c;wG(w%XrX27z+Te%aPpwP&FAzUCq#0QV+XOIC)EM|RqPF^ z0*uilpyLERDQmEX0Fw22#JOSE_ zbO=Xd{{GiWmqQ;*J)Y{JYs|uv&x{9d;D!4aNPI*CqHO6ZyGEC;uC5K_e^*-{fD;Z# zHg3QzpvdPu)_yDe4Y;OC6E>5-wC`wLpiWQENf~@vNoSv~y?LW&)VW@niybA z991`7OJv??k7_yxUXjxbl)+iD6+nbnde^Ka*P1F0Vsw_EnOE->DTTTkMXwGUD#Z5;$mc$Oe$&9+ zRZvnw%;5H%U%{%2-s<<9TUasnZ*#?acKiy{ELV9!p<=|5je>%@?$Nm8hQl`!p)k{K z&-dvJ;EoE}0m}3y%z(2LD?;d_K(jJe9T&jGfD@vK{g|F!U0;8pzklmo5WJGtfjWM? z=n?cnEaR1{k$#=K{!_^!sqZlxqaVh06Osns!UJG4mLjXnC&jn3q zjR24j5Qr-PLl*Z!3c;8keb4c-Fi6~kDgs9L3vt*`_9yl$#`AcG?@r> zhS^r~rPI0r8={`` z=Di}L1H8)GTEj}yDWkypHrKYHm&8JeU*(M|q4>pB$%6Scnf~7FdAjr+9xgq}yyWxB zfN>y$37yko59Wl&saxPI$SvLht;qVbrS$mCJ-R07wM#vxuPexxu@E3;vQMWNa+L!T zp#h~vsb=rdn9r{gImd&;4q8=YCZEM!arx?Qw>+&O*cc+#e^{5vP$*~zTw&8G^#rmo z>}Po0eO*0$IJEeG8(vpQ6>#nGl^qCFPt^TurROy2YtW#OmvSk=FT$?|_zt;F^yM0geiL0blT38gMh zU23w~`~AJ7lp@ma({C!)BNih4kmv07pYQc9lDRWcQCX@wv0GDxN+~Po=JRoTW%OKl zvQJT;F%a&>07Lc_XO=DpA!?X-`h))ef_<4$`1ab^`@D8IPqMHm?Jz4{v(7id{IvXw zh(zaHnDdu3|E>b&+4>(hWp2$^-+TUAWt9@p{1I4?z?F_TxPY#v*o)qsazjasfLFD-%y-_C@$N?2>9y?ArXvyodIt7TC1%xG88g)4z+i zQPqDFMGaDZueun+BIYUN?Im4Ue3^e$=rWxT52|9+8+4BI(!i7%I9IYz+^Rl$6nYA> z%V$gV3QgO}z~!-bgEwIQ{-jDzu2ODP|3hQ?@5znC3#jUPOCA9#I)~ghiH6y{XCP7s zFIe^P4E8{lq#Lx128V}h&*%WK5~dMm3wP#uC~+>jMR+~%UcX44rK8<3j*XVcn+r3Y ze#(TrE2`bv?_JNcdEv29LT3tE?hVjv*>h$_POLUK79J#9VWajopWX~3(n}$EFH%e* z%+`3eif}3YBCxXGq)0qCt2>u4*!lkgmJt^)&PY28$RsHbZwHBv1EEcf4~jk?Mj)~n z+;g%5u$ZrtlU{>IkxR{x)-C(bMhIBJ ziX-Jc>2LaGSp{iyDYmHC4O%Vrnie=t%tB%@M7g-$0+1MjuRjDnz^9z68%V0pa%tY% zaTWkqdZh(T7<$F=0EY?x(Y1e-3_LJa6Bc5nr&Iv=3c*N0V(@X3qSxB2?2TpE@RMZ(9XQhd*5b#r`PQ|9nX6 zbsH378TtXlu0cYx>G<$~K;69ma}B)T{b3}KX>CY>1EJMCes0)Qu6`bZD>qF_|Llr@ zR!|&Fo|PyD8B@Q*u19|t)vv+(d;#wh@B2v!fgOpulrEU4?`+r}A5F8ZRn8k#2Twl>ZU8f`q zfP`PKDLTEsberabekM$E5t|mIl?Jfmgv7-CpN#H9L!K2;mT|U%A5@9;^H{ma4W6n0 zaImxWER@rp6Oc&xbW}DcD|Tgm4ns(HNRX8^`W+)AyVm%H~g@f-*_KaAy`eJs12-535>`-!NSI`b>N=%vjvvtsw- z!rRfFfp_}``b@Vxf(zr`QJl^tsB0gH-8R-WEk1D5An}!|a#tJZTij~WQX9BaMsS(@ zzS5QluEgoPpUq5%FLMel)%14Np6oUcTuz=3NXU*7qfUmeoHHfVn!Mso6s=7ie? zEQ+T#%hW{VqxOZ^bog2Hy~WwYJyjohGObdzTB6lD7+sTY1kuR%_a7zR2x2}cn?Iyd zNvAHh3H#Jj)+Z<*wIk$iJGPW`LzhV^y{YqlE}` zrZDiUTg2I>p669Yvs%+HEcu`LdGQVw z-%i4e#2YOKN=?1<0XPG>Yl5j?(E)jO^^s<_VV^EFp6BM~CLtznXnJ&44ur_gSNClD z8#a4@dG9Hv-QS*p^JL4tANR__!i@7qzT0g&{HSQr8yJWsCL+oQ%a36AH^kM^6Ezi6qQl*xyQ=sAs*{TVo(Pi|Va9MwE26Lu2Q z19s@2fw9szoQ;|=`VlTNklbJXqP@HKGMtLZV@xfFCeP)>b$^*nYs-18tLx8z+wNG? zvYcE@)f%Ohh#o&(%8>)(1NRC`b@lyau~QM2%nFAb>#(k!wc|a9HnP0=0HYQ`d67aV zV~X50c&7sLrY^f|E@QQJ^>e*%+LnKK492VLww{&~%g$f?aWCP<<#o&@S`Su_F|&jl zWaxvx4__|#2)^d@Y;asZflt)j?__!1N$5mH!JW5z!g*3Y(^a}MpV3Jee%jX~C0Ui+N$4v43Ge>NKw#-aW(1qN^*@kh;>&$C{El6>Ei_?yS^AoE$5zc{BE7UN8IdykW;nro1$#SZhVp zR_0Vl{q|CNu!~B$G|l7>-2oMY?AovajE$&oZqa(XOCgt6poHnsZ$c?I%^Qsp%o|uT zHw}HD$ybm1J60f}I~q(ak9^-VrBgj%VLy!8En)9rTg#{nOV-i&tvlLh#`~Ips(Ml- zjpmzVz3ynI>`nBaOx&N3L^>XR4KA+%w6o!qwf=2lhSVb}75lNPO>Zv1PRWRAEpVC; zJ9asTe!GwSK9_zg{Rx#y6z3^-r-b42EdATa3mEvJmD^uMy0!Rd$3*CjlMVYe+0`ec zyCL;5g95?`xM)kL0E4#@o7&Undg-_ESFNQXGXflq)izXLXL)s&SXqPC7yk6;wAiVu zcc1^kBl}>SI9EIB3Go*rHRG{V#Sz@JgR2NSfj1v`5$ANhZZZWf2EoGUR;Sc)z zo@nH{CsZx`K&!pf^G!V}(Qwke7TIJ~NNiyHvf;40I^WXxv9WIa=U2-lW7rw9^QA3F zM8w?F-fbo@gkZy5u=bPYjx{SEHYBRmEBbi`>nnQsym`ZdsTFP;t??r$PZMFD*TuPN zv&r9>=Of>p#iv4g{p-KBsA`(ZqF;_thNWl;$v=KRwv=##`4#o~K5_ZSK6!RNT6klT zhmQmPHb=HNk2zVQ@r9ep10Hm8kNfL=)#M+fco)LG8C&r5Ddm=#-tX`Ae*{xM{Rz8K z0KqDI!Nuz=M&-7dKe0%@5ybVIz3en&145DmOL_9kJt~!K2!hN)eh`~(KTzu=&m&Qbjqyo!l&A6OX#MJ52!*JArChLn=Q6Ha*(>D$0lXc6lk6U#TYq)H zP#_o}!!y5Kj)CTghcd`jHR#^p8|2P8Be5!bk+7VUhoK3HCd7$qk zDJhBUZ|I?Vv14;w*teU{S%TvS?}@~*s-2)$Cn{t}j-cRrnv-Ka^~RA^!L1VB6x zRyN|^Ua4jLFDUreuH&25q?Ijv1gN^6=hOtPzFO#JI9)5`*f}h6b~z-z`80+*fD|$* zBglFHI(61C0#<;3#ZL)MsLdOA55y zd_(A{Pk%q>aB)${D9_8BC7R5Oz(#rAJ;&3FO}8Dd(`YEg&rX%pi_LBiN{v7Q3U*JX zZUD|jO7AAO@eRn_Na4E>-v*#c6&TcDfCiHRl&6}YeTv8+hENN~{JS@DV6YUkJ9tL- zTmTB*bgQ%z%eG6EZisB9oPWP%KlFh#TA41<8BH2wAwb_c1ltpxL)>H67k6rMJL!0i z=u1;3E_L`7DVelk%me6L03_$d(Mw1b0j`57EF_XOy6qt3r{A$u{_O$I21Zjf72dlmsvZtIB~9W*uZ*B4tI2%dnwO9IMx|IF zriZTltFW?Z#_K*2ufD)H7IlgRL!pB5)M1kci!xO8=qME^p;Y()Z;jr)Zsa>!$>aeC zRz=Z`^idbZaNk?>U=Q2Rd@aOcUC$r6Gei1VL$e38$kV(rQtr)Z&^lzgb$WE$y_`&X zZ2S@(o>nogJtHII88!^c$Q6MlN^NE{M=2N{|_Fj`D{|FbR4avhqL8N;#ch{;+3x@j6j(GWZ_pXKO9;M>xq zA+hnQzLR+y?Jz~~Nu?LDi`5L1mCGJ)A*a~M@;(^{7KmD002t!A$g5KIjX)(FIOIXN z;m9Ni!SLdJq~Gi;_K!PNG7mAGSN_2ZPfQAK3RLMRrTs2T0{%T8Y?doFYH>OE`RBPQ zAsz(A6HWSFbBaV5*%jN%#7DeE*k2mbCv`CVt5OjFb$M@}os`1j=!^DzcPU0HT*dm- zv6KLiWL{aN8?>RrQj{-|1R7z=4d_MXP8&y*g6}Oo3rldG668lWg8;V*9G+6GoGWjl zLch?`*81R)7TnPZqbkO?#sA6jY1DNQ9!t&xT*eDkW0bJp5Fl{xR5RJ1*-Nf}CSLp| zGW7|Qzewo$KRkB?|5lQOfBUX?J<^JbPV{AJba-(Y^;69}STxhPy6wdoTtJ3LD!>OO zW);BG#>d*O@l@}4Xii=!N)qOkOe<||suS<6a#fX*;-1ZIb$}HteE-9N6n5=SvvK)T z^sl~%=&*}F=(-Lpe<|mTKF*_8Vr8QaF!#SpYYC0n>E~8q$(bU)w2TgZ{)yx?ne$UH z#^E%c!IZgWj7y!T{Ltq1XTQf(K`Pd!R8Yf(lx|fRwa)bZDIW+|BUM~&)uh9Vk4uI>A^ZE`ykIP4;X5iN?{T&;6jsqofAMn^;TOiaH3P)^@wo( zvGH*`b8IatT?nBBW~EpQ2IUf|rkvf&4O5Z&fn-5-$Y8+zlk7iMo8r;&x#Rgu_y_FA z$vd#N)x}@g513vZ2B2d1*_{U6{mEJ`kk|3b=ZcZRGv=lQ$vc}C{&JdIyLbtu?|p#C z+>oqcRPa=Wa?5I#-d;ve1-VU4DxCXieIQUmz?mfog!r2Hjo(=mg7A-Ao41 zm;j|!D9Qz;SLyn_>^*D^dd`2mb1BzXdRerrf~YTi%s}wVTQ-Gw2Y~F$+fLHSB+7eB zUAhS60^3roHn2P}4n~TZ+kd=zWF}U1l^W zFOO{o?Pd+3DFAdDujrNw>h~}Kc9hT8dpdB>crWh~0%#!JACl2qo%)oWUQ)g|51-V| zBw?$54y++PT7MZ~ek+qXrqY8d*zAh`@8g~|L4!R1Zjp>)<`E;MJ7u4lsQKe$oZAWXvYErLBfUh1UOng0=4@Jn-P z!#vjgxRkDMs`1sTPi)@k_gNljQA=xe%v2>;PO8VURtF#Hj8%OEQne!qXw`H0CVppv zUQej_h;|%3-3{6t0zb7q5wA+NMs_8D%pgM!n1Ad>+F6SWer%iIhUa3G=JUR|(!i-$ zrKVjAQ-hMbl=Ni9H084mVdpOCO{feJc??|3y1wYANcWZ(5>Q~*vHtOr=#0kVqxbpsmV`}x@WhON1^;CLK-CZ!FaS<; zvX*0<2>8*LhcLC$pAuhZ60RETTa8*ds?8Y<$Nl+x#r1cVgIb3`zeGOfSQZK7XN%n-N1kQS($ zKwQm9n5eFOtoPZOpJe|Tj^^#zy=@((__3{X20J@f_P)zs2YHvM1dR0gY?VavEodyR zu;K(;{H;wLkvivsduyeg*f*RBH+FF#%hW(JH_Y(RcL683&WgdFc_+ipOU_@O{G~6Z z3)^(B;)#cmx)`t~+`Qhu)qVzCN$;ZQ?0f?cSK`Wr&ajvkuBxps9RgTF)Y3-k?gcsH zvgPSb8S|;B_!mp&g5dj<^qnbjtcAIG3c0y=EVC4(k9v}0UAi)sg4rvpw-$Rhp0+*{-@BMK0bSTn_@P}@ z#oP!Y=Y8iWyMt(*|B;|@9=!n1xU=!d!vIp#Y!&PGKPOEMaaGEn)t(9d4P z&U$_I&V9oS9;RIqmAa^CVq*VCWrvUVE3*5SBBDP^${BVisiZr1wmrIW!;OaEPTD%`l9W!uf5@$7b)z8tL?O>x}oA4 z)9X*D`|jZ1zyH)%!@HFRH$@^%TI!iz!L%sbkG;-I@%wNv(tsYKq!yd!FV*B$nZ}w1 zEsqA6D`PrQx^1o*Wz+*TF6t1oxk7gU=ysvlS>f2vg73HUu1ypI5XX5io>cF+pLB{w z7RS~+I(2j+FUW5v!vm5vVd3(7RTp7Kl3gCJ^$1u?fNn%+0gcAsk^nr1dccETP?Eby zx9$JGkQ`T386f~(-n3&WlHmWz)-|0M;h!Ovsrqx$AcfV@L0jK`IoPVs78_O&JVHa} z`C^IB?JWL)i*xkFv~(agwQu;+vK;IxeJ+oETH2_`dP~{Jw{zQ;!0JMY4X@r%39p8P ziu`VqMtVt*^rLHTUfScHerCD&f${qpBVJoZTl5F$aZGpAG{uMc2GZO*PHFC^bAA+`*5|w z&fTFdaI_G1{kqFH%}wKh?@+8_bP}OX*43ku?^b&*U%ka3mj~109{X0OZ06%^3EHk6 z!bFi=TK2BzDgB#H$?o^@Ocw(x+g+wCoaynCzx$k=OYF+cy7rsvOaJMKG6{oqVZM~M zQ;sU_fT;uYt0i3hDhNwqfmUBGdLtRs=dy|V{M4Fw25zq1JXS?r&mZ{Km?iNVTiJvMhj|BybwD`)Mn`eCjhpbZX&9-kyIB%mrZ9Kp#p(HTCYBIho+Yt3SF^V7GRWzF|&fcjTS z8O~vTsD{dL>eUx6p~e^~joK6Cd^;@m$tv%h1jXU?8#m5}g@wU+{*wG=2QVxV5!nPm zyMM??Dk>@%VXiCPzuyfC>LBp_Q}e^Jy%7ALPcjcssE5qajn8L;RBscdiV6h1z1LCr zpEY;}{{9~bI9znp9~KmlzcOFDl#WPbd_Hj-l#1v9c@M)?Q3E6TJdN|Nca3R(4Gf^J zuem+!)q%Pg?1E~(KJP`e5A9cniBZ;Tqk_1H)gYN0}dBdbGEclb3Hkz=o1o?#~7G#$9v` zn;f{TA=qOQHk|+fog?P;H8nN2u)-h}hh@?u(~u(2^_iwNWx(_61|PvI=%W-kEUQ;0 zed(y!pL?I-_#7yH@PpguiT%@4(gr;31JJJ};Wy5HH{A;$YseoX|3!EXQ5QV>eQ3D= z|N8&@fgbJ_Q1J~RD*SA3$3$^7GVkI2_cMG@BE$>L&CO&2*4MSZntDNAN)P^EsErnu zJOj{TKI&*a!z|qmMfMp&FXld}i|MwTUfaetOO({L*1n`9t@ev|* zmHY9(x%b%@spf6=G`N8zCK-nTicPN~05(8dqA)4H<){Qq$^paLa5fk`dkzt=LStDL zfM5g+Y-u32af0vdQxlV!@AFA@!1L|;`ux$^#O&Ym`(+MlgxDxbN=g`6Cg*+p_qO2A zD2T>!wm=sg^k(ru_qc1(zJZ1k3Tk~MdH>Jt--0Cp4J4&^JeR=m?H0|90KQgkOn7?$ z4*D`G;>{a6>$iWh`pjT^BU|K*qoOAF{}*%r*LpYgP7&kz6|B}!uypc_5Rv5tEOfs0 zloZere{C(^q~qfwft@bZ1YL@=%c182OIzU7eEPEv4KAqp`Ag4D0p$uJ+C|VXvZi9R zPvA0s`n0;Y_Zs{p;Lu5gl%rMt1^oZ@<^NZNAR4YFlLq5M=y}pbs<|mSf{+*hp#KVh z>w`CQmoe9q;z~loAi&<55=^%sl$QT8gZ_sfls=A?HIJP>@tPAnk#p50&VvubQz|VKcyo z{_p!>u2%FC1MwKvCxsV4xWK*mU?_4p?J;u!v?Xpw-%Ck*jQcOxo$<2%4?FAsIs*Ir z`5ybkN=~n=uG)YrHI@Sb%t-$|Z|@ zB_JT68XB`4z-UZK+wkMW3Y+l>>;7O`to3u&HU+&Qx6~Bz>yL@CaSbS$tHvj9fz(#| z$B%Ub0~!mr`&4Nsa8ZjtNYZ1zai#Y&WX;|QCmNw|Xp_yz%)~>gKv6R&{&x=8f~l z067&6+(mgZR?b2`t( zn{YU97=TPJNhk&HRUy@AA79_8^7Tq&g@G17;;;bxCxG8Hubj`Kl@AOIw6?WB8xntgpX68q_}F*pmWb;Z4wIyT^PA2j*rQcc%d;gp-N8 zS9IBA&q9-QVWLVL;j-Q(Sy1(0N2Q;-L*J4>Lqo%w3Oi95J6`EkBF}T$i!5Nmj`%S^ za@m!B_ZrgFe7iqFiCick>7_s!9h?JvflI8gWQV|F5IT0n!BUR%Oep`&C+Pq^`T*YP z;E0g;6xTkVLbLGcrB={YYJPOZ3$S=x5O4acJUmFQT&ZqrZyy5Rg+Z{Bh*!@s4<~ zUA&(sH!42Hx}#cc)05TsROxsHiky>M#Tb3~^ey&q4x) z#nCiHTVO zwlLeaO~HKZ0Sw`KJj6?1{$+rl#-kGGDs9`Kxla6*z{g>An0Ib%tpnry`6m(*C>T?t z;q3tXI~sy&sGzWL5s18dfls$L@+AnxZ^lT>{W54XGzo;Ek#7NnsuA#g8=LHf5*J25 z5UG}xm32^fz2b&_6h)Sb7dUzi0+(U0MQTaG(vr;uR@NYJgF492tm5LyvNAFp`uh6F zL*7}RU_T(ejt+S-UJ(xo;5*JnUl#1f5Xd7_t%7hYzcPCfo$3 zL1sEJQBm~(k!dM&Ty3d5Todjl4N?^kqY-hghQzTk>D3a`+~Q(0AWomUDy?|9cn1Vr zoLgOOM}(4qL#zqwL>t`dmtoN9m4Tfh>@>_C15J%hObej%>T+9$ae};hDjj605sOrvc zpmeZ~4Na5J0Lc67aeC5LSLcn1g+)OddCyDXP(l+3r6%yXXh7q@0*i@{ZwBSZdRV~? za4{F)Gr-{E^W8{>#$E14GUS3?mUF+|`^?gBM~Dv5Ew%OnACglvT*OnVrUGce7LJbU zG?H<rt3i=Mb1e}B~W@bDDLTO$EH}7Vs(!q{}^9qHE zSHhyDrKJ*gr-FUl2$Hm26))|aU0j08w7bE|9dYJuBstmvGDQn5xQUIgXAzgO1=-!5d;(XJkwpTU*T!+1+`;i)K)*X zNx)Zy6L2{Q1rE+FZZPWRp}fvH=y$f zEF?f{nBQvJs#J6Y>5%i*;=fXJbCphEU;P!w`?3Ej%!=28L7Jz%qo_fQG9D zWzO)0u;f(0qHn;PqzAJZ*o8o!d>tK4EF~p1xwI4ne#|oexsB;yb^|lBAiW>2B-6SL z;5HN#6eLttuU@@&Z4(>}&|pwzI{X!GgGD`ZDQQL^CL-ct-TFlZ-PX=d6R2cYz^a_B zB!sgOv{2%MgK>e%|L)-?^9%TU7I5V&)n4aWIXEJ2F*3sHY;A2t!j>H-k^GT_uv=`Tb zExi)?K#cR`bDvo}#I5`9cno3XUE_E%3ukg6fI`SU5bp}ICYu#-!ZAQp51{f#17_10 zKqnZPtjTb+fRe*!@Ht+A(GWarK8rzvl|Sxa0Pb}yhFwf7DHLXf+Y8;^FwPEvn~WQ) zbbEj6=FNP7pTIzee+OPO4t0^Lna&3oICDYo1qSY$90?yz!SW|lHER&cQ7hNBE?;A~ zvd@4~W2L8;`o*{f0`AW&EjwJ@+(5ysF391>T_vTb3=9kwkeg#Luuecu9v2vRNgEpD zHcvpp0v%ESjSUXqt2zP?!mB6x!BUgT^OwN&M2@<9M2komg6zW~?#rJujI5REBX@T( z^Pcoe<<6U_o1C2P)h`Q2jKTKJWy+US)7m=UW(a6v`stFV{M{J-y#v}y#hE6ioo2l`$rgF`iWk3oc#nr zix2~_L7t>a906=s_V`@#j+b?iJGtIhQ8+D4AhsuO&YzwfK8PCooIHwcV`F0h^Uv$k8D`AbV)*?~k#eYJwA3ZN<(%jw~z%AfE;ENiN92 znqR+4hwm!mYsC=o&6?`T9{A$}^FuxN>JFf*0nF{1B5 z5y;Q)ubM@)9VO|<7J|S=UDkhK+u7OOWMr&sXu$NWbkTy_pITaCw(fzbB!rZ%NE!=4 zgdjsT5ZHkdS&uQgoJgIVocJBTU897QEMu0FpTFsoN*bzqaBK`pe)wF;r%#_!Gk&Im z(qrb7Qf{^V=T8Yo$C3h<6TmHQ0FPw`1emOCYzW&coeRs2!Au1a^#idnve*ou4|H}C zfH~QhW#{N;Wcw5S{Ujjcfkbwo{{}#nJ`KyO35ee3P>{N$R^L_RYSWpVn(~4THU&(0 zFb-lVNGdMog|tY9svPCN@~nfvl|lf!o?0QLNG;btzU!pi3})Q zU0rEkxEh~J*ARak#9Q#>lZ4zedm>F5@>)5h3RQ|{shOP>*HE5yIu-=@O?H)h8 zdnloE`B4sMqXAqcoIDp0^}PMR^RgNVu}BKDcWV2c3M9`cqwZyVnh3_zkJ?)5!v%9u z|MGHScqiu}ej%)yh~}rTR{TFr5WtIokLR!$%)c704>o1vBq+q6%H3pCjI{kUdVs!NK)+W5eK% z)>i{qVk@wK;0G)Kn{EX4%j}m(pfN*y?*PT?c(AoGAFmLEAHUKr22+@@0!5uCy07b9 zsni%wBO&i>VZC!_2zG-Rw^oK)1|AZ)VVzq5O{neHuP8{!QrPHYaISoaEwrrq;8IqJ7*QCNLB@3 z!2WUd2d<_FI39XGJ}`kyE>$p=M6G{ePIU-7nmkdr?eGKFJ{$pULiP*S-|ZGMs%7Fq z^f7_d!35fosV*M3SvARWT5wr&eU1Hc9Pv3EY^AfKQKy}2Re@!Q(k zGV6%LDYZILl}s(-9MMo;|4Xtq$QO#Kuo>uvYG+{i5RKS8?mG%u{Mh#D4~-?AS}`8% zQ^=#aA3b`cLiA0o-2*BT$b5PFA>~vVU4IgN6dxb&5S49~T}JRl??($F6$u6C&2I!` z*CwE_IbauoSllq~JcH*5O~gjcecD$IJMIsWFTp-p8Z1aN#mRvbuMm=jBKTh{nRyD2 z(FnF$duLqfj-=WjXmrBfX+&PS4jbux6}3LMD};nKdf>R(pLw5Bg=k)_*^2Cef(2Ya zZC%|E==NyBu9qz!V9o)lIKq!0t@Z5LGxfF6V54NxM@uhC9hOOoii*%M&AavG1LYr5 zY9iT?G+)qX_RV_C%m-EI-28kK;=9J{YQIVOhT9l>_rb0n4=f)~yZRL09Z z=FhVu#c$p6O%!qnl9iVqc;4RwQXJKq+rtqF32k9ig0+x|F2Rp2)rpllu2R5>fj*CQ z*#PA83~_v4CyKl*927Eg7yo4D?hRWB$0edK8aP3m5DAe3bZ&XM6h@ERRdpaQe%#m2&d~Rw4&J=XW_&91Cy6{0 z=xH<}buS!8on*bF-caVS^6|xFWMptQ26@Eo!wt#WOy9n@^a6sT1ss1XeH!}4A&W&= z*w{s|hYCTlDr%vy3cTALkM?ZnQeze&5o_z|c?(-L05Hg~Md3g=Zqd=VIFwl0C(n68 z38mW-z0vpdN`myHWX{EJlJMKTyQa^F3U6swICDPA=~GJU&abYPC~-eNP#qv0Ih1tx z8@#9(3HYbEnVC8gR?TYY9B5itu;Sw27%@i&-O;Ov6LsCoA3T8N0e2bW_As)lO0!H| z;~So8dli^4tNg$si#%B_&4!zn2Vh^EREhz-8!k2^Pg(BCIEyaG!-p+_4p|KT3CfuH zFsdkkygP7CyXc?`tC0*TG_}heb2m?qkB^af1zG8e$LV2mfwr=;GCsT?YV(njT+^~^ zva+(AVKX865gd(!0Oo2J5fu%-?__kn#0?r_A!=24puTfOmNNT&6{L)BJM?M8=!UV6 zguuOR8Hx#90s?+EN|@T8RnO4n8iM!yw4yK)DvYw-^I7vIAqAjbRRFE9LI7={YraC; z?wPT1gOZZcAUu93eA#;&_L4@g{5?E83}z5V#XIv30|FO3Kcr2tYGsNeazDdG=L17AsEyqsp1Mvc= z2lGKiy#Nj=?ohcpXvsCgLLFpGb~QRmgsW1qzr`y6Hv~{>?E+(1fiMAh#(Mkqr(Y9< zy<(uw(+J&4=u>7P?;j8F8}-nZ0LX$N$gEgEFG(ruabeb@kA*N5;Na#iGSZg{SUpBo z5ZVGnXplbzgT|RcD7p&<^jt!bKn;GRM3i~b7H6tINQ*SN;Go+t`vb<0q}#*M&*4J> zf(*OZ(`eTil-MG+7kmBhCkhqUzUlUTNIPtRAgrFfc+n2;-S|ko(*T4#+Pb^nKxq`5 zdHCq%<-=Jp3N{8NPby_|3B77(XWTylDrj*Eo<=b}f&u|4r9ksMADUJav?I_yVqPXr9HcFI24d#WoO)FofDQ9ST-C&+$Kj)FRJPi{kNM6^$Xu) zUwekz46|Hq$Bf{S3Z*s_(THF24v6mw`i+f_A{hsGFoWV34)u2*Sgq0>;4DTA6>T*% zGmzO3%2PcDAaU~0B$`@X#mi8AVqs}tz}4n71b(ydafl-UDA}bIh#E2ekF?g=oxy1b z_3~vzq8TLX;m+isB7iO!!c&CoDYy)@gw|(f&X_ZRgGYLRkU}ApG1ouM@V$^5$;ir{ z^SnI~$yBxRuT#AwPnj(<$$s%-XONz+dQM;C>A<4B5-hP;y;p${I)3gIkwK#vwh!2! zYR0nZ#^vVTfg|jb&Eyv_8b!8c0n~I}*VM;Aoh{zq-~Z|Q;+y~XqRQSUpc1GC!K>iJ z!}<32O$Y}RN?=SSbwSlO{Vi@O7$-qVV^ok81Mtd0XoL)b8|ZbJ3Y`CT?K?G(O{LXT zy!66}ML!h5&(!+jLItguF;7f-o~b0obPnK#`7r3=@|CJ7b6W3!`nC!7z)fD#8|d&V zp1_chr!cu&ftKb~0hKH0ueY${yq*sAUN z{iOSl*Q`LU{1hS!Qd2r4Wd8vju(PLU^4a}s3WV?2{1)XD8;}*;=}~0o1Su*K^?xf%~4rm5^I?wwlh^eb%g5A9UYqOwid^TQc6!QL78%0v9b?wz2T@m|o)>u9#~8ehDr8o!-kT zbaZw;NM0~H_OFdg+u08)I>TC5Q?8YPK2>%1aoT=8vg%IfEmax$=bdKgEZRHjmrq4G zp|QTJon5)QQ@4@)>H$jg<&bSp{u2WerR{l9Kfz2xh>u>h?R@=WQTurb(y#H?+3RIE@KfGHYd`s%}8@ z?NvI{Uod17c%cFhQ7_x7}C6S-nm7O&8smm*Umd zG#eQ1HTB=!miM~~G=_f3i}JjG9~+%b8z}Roio{AGKWp)W6F_Kc@WF_fDLpl5L>BYw zn&RE<%jdFo`I5K1nI4 z_S$~+8E?v#ruQM6($*!kkHfgnOnnUUAJew@36=&aTwGFHTdM{WOxUrb$1(cy#Cw); zfAL9APZ@vJDY{~yvE5P~JT*fZqB3UZjj=f^>P`SzFL-iqtU}?V!;o1@II)9fN^ZDv zx>EBk7$yDzAt#!Y(!Z(VY*h(a4bH3F1l`ZU;hJRm6y__P;zRXZuHGF+#NE$t=c-l~ zJ>M>L)DFK`6r@Bcaai?l#Sk_V?XS2@s%)L5jfI^zIh8WJ<+N$j9#ci6fd8m77npOg zH!CZnsmBGhdu!hJKMTL#;XBD9Rm$@>+I>-b_ujpOg@uk!p~5s(iM+-&73!%0IXxC< zjQXo+=?P^~g(2u|&uojhVhGz^#1Ut0~K0meScRx3Lut&bCqP-%Z3bAwd3)|+-$ zz1z31N!vf(z2C5?hL1Bj@7i7S(0?r_`Ym>u2os#rRJvd!bMaoYp?@H7_+910pZvfq z8vKrt81nwM$@gp>CI++ZTw^FvZws519!zKhr@!lO$A-=a+X@WI%{oZ_g&AB^!C2s1 z4<7tmN*3a-!>1Kzv8Yq}TmCS^&29a8YxEeyo6 z+d#+;SQ-CpvmhE+pYI=`NKR&$yi2N^I%|oA;wIBU9l={tTvN~QnP3r&KW9;G_Ot6j zVz~?EaRKr(n5ir-6hI|1uMx0PsMc9mGpzwBYKprA41>Esn<3{J4jr<=Ud+R*eC(Jp zf|#+!#grlt9CkkcdjH_I{@F-|%Nq2Zsm)*Cx_vv067VceILvEBw@O+$rOu_}TE;2GQS~uqM!i-Eb{t4kK zip?l2qm@N<9KF}!+_>e8Tx0NrK$z9EIhXz}Bg{^oIaA0DB1yLF9Z*P(2sih`ppx@ zL>|a}*_ugl17wgakI)<{2=PdD-dO5x1Dh61|N#y9g+s5{RH9{(Uaa;eABg+>;{K0Uj~=RN1T@k!F^9_uov6nFTVjVC;7MSisp1o4%w<3JI?NlD1;K5kQ3tZ6JTLEa zpKxlbifpvtj>aB+L!jm0!N#&aDT{?u{nBokE($3`REkxVm9r$i;c^}L^1-eP2YpBD zm<%=`q!e(~%F?9xcnGp6@6tpty?tAPeSth$#diKjF(1En^X4g*v3MAw%3Qtcs}+0H zj}{XrPn8qMznkw8irY{4`V&{K7{Ph<*g%YkclX@jj1MXdqIj620*C`z@}`*?xUAY3 z^!`-+boO6GBT|@V3XChF^sk+}yKs=kP#e+6;0>1UVZc0$MG#YXA%tVUZoK2U$hagv z>x|3%4Mi$d2gtz|3h5(7*n)wxJ|^P(T$d-UkB^Ta1o+U@_b>rHYoX9F9ct|1;UPn= zZdO<8A~&(Ox33t|NKAHQSKyazZ#+1#9R!D&gm4M!bV5)Y1=LTY2Zv1f^j_(?bIzRN zX03{PaNwXp-H_)&E*2G=O1jw-#yn#3LTJlh>Cjy%6oE$H2*IM&Y3m5j4 z*Cu9TRD{hHUjiT&uDE>pvJ6QPse_Jk%d!HU)hp~y8FUX(yuC@UyPk5qZ``zb+xqA5!xT{Fp_O~Q#AMojyJ?W zW_6f)1jC5~*|n{Or2#AOW)essd9T~LZ$%&~Ca9T#HD+74ZNpr)4@AmVBDUhEYiHY* zCaquZHn*^@mlX;#!b2X_Ktx*FM+_3Jo zrKOe3Y;f`9v50>*5}MPIoAp@npvSb#`OVN^sE-7g3O0;TOI=omezX~DU$PjQYWy~5uf~RYiT?~zw+?A|rC+qf$!Nel z9RP5d>#nD#_Z%FR$b8WI2O&gc3Ifp15Ohs~D~g&-QNPiam2`65Yh~RisQ^T+fzZQt zjbAPkS6^|Ar08C8OH@lOlgXr&*NzR47pQ0MEJT#zr%8+AOzqc@DkEY>gs_@sydJmTDCRP3JD3xraj=%M2zXV z8U~K4MW(C}cy2LYFds%?%ELj#H%a7+tFIc48&cPS93lw{D`n~d*2Pw^k3dF_$)Fg{ z(RM;a69u*sf91iQJK<#NTeOX<2}VO-+-V<7#w@x_Uz0Brlc3#Gc+a59IqAz*yQc2@ z?kSO}pN(3VZA0qoHl80JttGVu@6$g$^@fzdEi}{l*vA{BAPWTO zxOwyDDro*&q^=@_>%A9Svdzt$G&QWl2&m`dj(!2j@T7dsa1^wpF|IdFB+SuZPB4yEt-F1vhQz%9{edf5|!87c?C5gz{ literal 0 HcmV?d00001 diff --git a/scripts/release-analysis/time_difference_plot_argo-rollouts.png b/scripts/release-analysis/time_difference_plot_argo-rollouts.png new file mode 100644 index 0000000000000000000000000000000000000000..4a24f4912b2a6fc5a56ba66c03ba6219cacad7ac GIT binary patch literal 75003 zcmbTe2RPRM-#2_JA!L=2tjuhZY$BB?N(fnz2$dPxC6yFWY1z_JgoHA)8&+kMO(C*U zl=Zwm`d`=aT=#uH$MHOmmFXl$Api z$_jHj8hmGx@0|$#Q1#wn?tS3oQE%VFo{p5ghrQk1PI|i?vllq!=;?Lre$1 zb=6mB?^`F{d~b$AwPN+K#@*4t5VxbTB2=;Oh1FgahO}0tt0}0B=MFcNjL)e{XtPkW zur7ba?0s~cm-6rLtn%7og3DjV)S^SW|GwzUs1q(Of9X-(N?!Z#mEx4O-v3@HxXSLV z;lEejqwHyn`1jIvp{rH@^ZqO3{`*ZS|KHy9o}AFm%iHo?KDqIpxBmMhzdPCZ(ZrXN zrR}Qgb{K!Jd2rx?AssVwz7H4kubJ+Uw7qw?y8HNq>!-i2yC!y=H@2c6ctO=ff_%SF_3EqnG1QdymB+MBL`=+~K3>JSqd>l+qoZeZ z^zy`nd(p3!Lj_)gQG4xQdJQt+eXU1@zc_EPZ%o#{7#&@+i$Ca`Y{~43l#~?54Z=4H zbN&|Y)HSg*^z0DcyqPUzevR-jE#^^v%Cd!f*4P*6&W@%HW8%HBgP zxCo(IOY>`;>f?LIS=3Jb_^jwX+`LNZWLIUfc9`6$QS%{h)p%7Ode_#>DrT+uP=lK? zHv+7D$2!X6RlN2+wN%`4ta%{2)wbB5UFk$e*&Rh!IsfUQ9OkQUc33P~2?^$yJz|^2 zEjT>foUZIYy-C9K@wuKJJ7qOBAx%xbgIPA=<#uJy4p&UH96CAKc~tOmqm5ths>qrP zOuRZ+J}Ld|`x_E9nu<<)QOa<6dj|(Egfnp3&;9A2_5w-mg5`R0_?{-Z}ly;XTXx_pto zx{jI(m&5(ksTUTEy1KvLeNXDa5m)6nzLm4Dr0Xc~SlQInq|_o9;mx-jabSTnoxYycdvyn%@pXjBj5W>ogfUOx$7%k*zPo#PXy>2kWMOAtrOh%i z_G&y;|AquUX=isy5Gy~w?NCYS{1n6I{FBTF4<0Od^{W52Q(}30t`qS+Gx%1Ye~+Ynp|s#{Jn3@_b#SI{u=(DC#0 zb1~9vIoZYYCI6&siv}~l=4Cz&|FRDs*2>7p47FtoG4UwddAz@}L1`jnX(r_1fd@?S z2?@O;Bazx+H0+iuT(@w`JJs`id~C`<6Gl~1QsUg2$%|cmB(jyeB}!~;Nz>>1I@MF7 zbex==AD>vPJ@mqjiZZ`AH}2e?BZ7C@|G*h#!DoFWHL-M&M(amYSq4ZlT%=r zZhZLnX#0+86)a0i^itue>7o7J<6XSL!NFurnVWOj1pjf&=o1x`5YKRGT$<}%N)4D9 zW7f!O9cg-WK+OC5$JIZ-z3=Da7fdz&{QTJ3oZQ^W&#qY;aSb9lq+j=xhfU(Z`t!Sk zD-NA34wpQbY4>O9>#fa>^es;hiD}G4%9fN(^j0(#2lz@^6|f8s51SWyihRy^lj)<2VoR27^n;{eZc-^NpF2~PS<#K+-o3uMar?e>eRiwTU|yV! z?gPUFchtjzf&#s))8%JZacTH(!OPF!zVc}Jud9jX-_@FFZNQtgNkL)l%y_q~x4NQY zUSoE1)Xl3`L-DZ=wO2QCZEbPZ8^qf6ZFfJkymxycw^qYfT6DZCHuw+~;8HRL+IMcxEs$fGLcYxjIhz5Gi>nhbztxwdaaaekT5I(41q$ zW>K%cyguyu^>t6IUvYH4@~w#x+C?vIVOtuku~|Vuo>b&t{?p^#{Nm!`w-jADs-t)% zi`Rd=zxS@7ga6kX2lo|vI=)NN;>QiCyk?{sfqFwl!Kw*M)CfpLMY@HKw|VpCXMuk_ zpCA9ifisq!)=)&DA^ZL3U_;1}sQ`2Vw=XZ&gwd?g!I~QDe09M{YhfL>S0(l>3lEQ* z#{!loLxSN2@dNh-BqbSC6PVCN6c&GFg^)8ce`ZI;#>OV+@^KToWqV)YS%IE*r=+Tq zpgHnAv<&K3r+&P?d$J?~HL5=?TGM}Ya1BMqrsyJ?7++S=6g{~Jsy^R)aLJuN++WlD z;e$NZ)$HHD_WjjY{C>APWjnr&vkzikx5am1py)oO2V-}v;95_+ctmOWa*>t7?S**+sJY*(~(k0_qGc=1i=>|}rVg#|i3 z&A+G)7>~42Ff{&fZuf4+1WZKCfA=izU3(I?zU|l`9=QeeSEM!Asih+KWjG&b@`Fa ztB-$v&g$~%u?R0NVA75!qStmmG|h->#Ky!=cekcLc))P@@L?S+X6Y!6A#CgwlwMSq zn^B4Z_R4-_x5hAtgJM*S^_BJ98tVj8QqS{e)6E9W*}h$;cToh?ajmPkWfc@Y^v&%K)bKC1xuxcNBBkIl(8G{xKGvHK zK8W0d;kJ{d3!;=~v+X&@zig!no#+Y}w@?r1DLZpkKb6+Vjxt>78lrss_{Yh6}UuYZKH@8&d?(K0n)E#!{!FoCC_x zuc6SP>KMj&F!5_z`OiN~awR<=Wn5M;bxQcHXnKE5bpQ15hvt6%ka^aHzrQL%7Ju>| zadLVqPtCeNTnT&4&);7^8hvwhSy5>x&_tgfz=z3d4MD*b5fKr7i+=_^mKKAClXj+Q zzm1b-kY<+2#NrT8Q`>M&bZ<`EPt~LExcvP5)&+>W-juQK86S_ndXV$%`}_LH@~|oi{F7qZZIq}U@%E;y!%$<&#mLBOiFf1T z&f}suEG;fHmkgW@IC^ELP+wo)zTBgG{Z60m#pY;Mk(HH=M|Hj_Yb)dVuDSBiJ_2G` zS@#chV<(Hx`JFg%f@|}Ui_-;$398s*I>r9K?qw+mEV+)MLqr$ZdU{R?IkoX~Y%jmV zh>9U?`TQA|L0Z$c2Op>?dqmgv_4mhIyA}q3a40ZJcO?yDXlZFkMBk>Up&{pZ_0wzs z-J#LZ(cVS-({>Jh&XZi6DP3asug}OTv3wFR^2>jCPFzWe)5F8V-OFn``v0ZCD<}r} zv!9CrxDAsuuiUipUyWmIp2RXw#j@dOSm<6_q`k5;EMl#gB~M8I6(s?>6~TYL-n6gc z;ovZHHvPJ^IHUF4x#_jNO6lFZ8&GQ_!3O#}3cadc=KIM~ZmFO4Oi`vXFLo>0WdHOG zDrA}SmN%zt1ylQC(=W|QW)+&k4)6}lDf4F(oJtK?jC9;aF%gm7OIp5TR?|PeaOSzT?)38mSRXpWX&cCT zgeoPlGtiMhFXN&tt?9wz3w&$RE}-t+zO+4Lccm4}1;?LFprU(G)Q zYjt<-6jV|=s5&?@a%ku;?YLyMS?7K+GcKdd;HaYL1eO5(&tXOTv^FWuU zoqt?Qjb#;B%0sQ4V?O>!q<(YB@6WF0=<1?-@0`OWtpGj;Zry&KG5g_SXUcY3D^Mz} z#aW?K<6Tz>G$03T_S7=GDQ(wH2^-g1`NTZiL(B*APgut*d#u>Me}8!Fd~EeT_b0NY z^JK4VBarFa-IIa>0u=5mGz=V4n@mhtLQ^FoIF;i5{2X-n_U^VH*7_t^$?KXLT9-U- z6c>pc`k>QA)y$f+6s({az6wP0$Fz*}3#vjTdhTL|z#3tuVM@O_3h zf4@rx;*@V`2EBBf>CACtKo5y}dMMvA(7NPjy;@btu4A$4`^&QyXsrv}sQ|0Z^7nti z%M$&+ivy3f^!eG_3(n8aU*i1&+CrZYFk$ZOyosD7`bVV2Gy|uMdB;flO`9C^$2Rfj z)VFMzPT@~FJ0la-*tqZ39#Irui#um%LjlS+%F8$P*>rVvg_k(x=H{~U@*ejX^{}OV zYMG}4Dj;{VOWm!jXgz32MXPPd72I`BwG)DZuC+O|#ixIM^BXUonW*Bl?LjxKQD{(K zNx69W^7Y3FY^*WI2_@j;TPJuafVPjldyoX;&93Qv2?m?zU|d@*RM_=Z*aB(UGMVxkn%FPovSC?FkdiNa764 z+?gi6MWHD0&yRj7+$TMGN_NKRQAN@S9vqRYoJ zRB7qVL&g3+DdYVYf_R06h1dO^jm$X7=Qa#ghU3U>ZClV$;IZ?dD!pL0adFMZ+jG9A zJTRjXT|#ee6J)A{NUF1j4G?-uLNlW z&s|%YAWl`@l6TmLBkp+R%S_A6SBX_k|LY>hqfah@K+A+y~LLpsA!_0U2#qlpX8K3%~0<;yKRwybijvNhN+yv}YjY`*4 z8WN)Z^PK_~Y~^FqjD4t6g59Cw`X~%NU%!T%W|)Utn8_d|lN`Tg{)sDS z{kxC109{9pR#;n+H$*R%_Z-lBe(VFy1EZvB@E|F(N9y(Se||RQpR^?uM`%}+u8z(M ztdBF$;Uc3CBxwc_@qyg8Y9Q~X0uP7LuHp@(*rFHN+|8fx)6-{-hiBk3)pxb()<03jrFN#-eCNIe4 zGBMFU)=&s#y=8=iw%69z%lu%`)n%%=v(*)3v!u$0*>y?yg>1mHy^Ww(=RnpN z5)%{8mfNvFE!lXPOJ0X`a)*BF+@n{>`p`~mTIaI&xqTIV%8AaGXU#I$A;}3}-k@X% z^x-$E!O!tPfDZd9b6?udH7PhS9Yez?0lKs9zrLIHqOuXFzv`)(B#52GQ0J?BFqJqR z{%f>{#1fP}bo|B&2dQmsZMCyn86ag6MIqcaWWn^M=*ErODA4zM1_#9o3JX_**>Zwn z?0cy3Az-{%3>ZrXkdY1YQ8*|OJyZ(G>A6hhNliw|;rZD~k-r5NbCbhu*=f*A!*u%3 zoj=dfZaB6-TVoU67(6(x@!8?+kdt=EaWU%n`4z|o{q^3cs`@uuUVXOMZu9MP=y>Fa z&e~*g-r0IwVia%H)~%2Vh`#@!ZD~o*z`%4{oGbI3=2~j)wp^#^#uvvAmAAKBOiWC$ zfcptS_p9&Y&UQ3+a~s`WvkCgZ0Y3o7bIHj9Wf zmR}rzxGrAQ{{~Vy)SS*hbYE&(+J3-A^E?;Apgn+41m_;DWsTWf8=K52HNF4Y@o)jU zeUD74#x!=5Pffpe{rb6VhnhY>w2N1+glA+(s``#y25K)&mzdwFtLtbKM-AC1BxK+Z zK!4mRI&w1jx*%%sU-pDI(ms{t;c6!KMjxUK|>mB*Rlp{N4d&Lf+9 z!H?X1ee?aEl8@HaHIZKpK1I?pwc=uFHilThn@n9q8~TelQC`6*w`559lxJQ zehe-x>4(@CG*8W3N8F|4wvOO`;wqZeM|rD{YKYX-v^}Y4d-7mlmg}w$*WF*&d6Hrs z*20Dm5*F5d!)c(8i*T4I@91%HUs<*a$+*r;OzaChJJ#2?0zIHAh*jbL&07Xs&HIw< zxVzCPLDg~6oP}C<*RKB3r3G2EZowKZmVXl=Mne$TqBfMuSY=u}lX|DSXB zbj}eTiiwHgi2mfFIKQxPSdMF;K;u8AP{lP7ZRRy=ZuG;sB40Tm2LL3`eYiL-?-YuU zkH32R_M_TUAN8Y*R%ai}vjiI7{HoM#M_=&Lf^XnNIW3WWD9Nb6e(01-?}G;gB0qZw_0Cgk@cuT>5rFIy=v8NQ79z#?mFYjwW3AK%MDO-(~1C?WCYyN^mH=8cMq?BFYxE*ab#n04d5D?q1b zWVCC~9!845rcHXk<&W%cB(BPiNRHlLt+qF#_Qor-Vm(!Z%^pgnE=H$BlO7bxDg?H$ z3HYHn`ZO6*0dC z=l{dzC{lgDl572cHXy%4E|WuUVr;*ITgzd$mII!Fm*1INN9OZxW~`Ns8#m74YVQZMj_eQkJxa<5&vrcy87n$i zk;lXr!p6FaBSS+ekq(B2h7*&M%>Jws#-Rx$Hw;O`na{X zw_~-J0fE>IjYw)}6r0S%iD(lAg~a>K5cGUWR<-J<_rUtmP}W!EUZADBZfrxP$16FPLgp{GTr7<@f&jQPJ5J zVpzA3Im0qCGM)=th*N8C)7Pi(={4dSHA z0T@}ixHcXC%=vX-Kmf)G-h~p1D+S=)(8oQQ?e{)x+CM1eD?@1EyOQQ$0rnkr9-IH4 ztLvdUWtH0>cy8#Y*9LtI-R!V(AYvRHk&c0(0;*Kwz1?f)(Ng`sKYDQW>QxHr$lYpD z+C0lOH}p*hT7!?3avpKbZ2_W&C19KRg?$*DP#2n@RFn@`Agl*Ll$zBPVi&WmT}x^p zF-<7Xe8+9TN1wa38^8R9^FI$!TQd|D1#X~W%-b)^e*MF~I>pt>Z0nK9-Ph%a427PS4&Jk8Ps*CPRZd0x? z9>r!EJM8QPzJGkQvP|8p8`S3VdIcIZ2gvD_=T@(kJ5tN?NaPFd5%C@`b1TxHEdIp- z7d;GmOdnWX&hPZ)kU`AK_S2%=UcssthVJbdHoy9SYJB=pG+*yjert|d`R-l2c(PJs z9IeZ~zP*Y1A3%)eEnC(BB;kr~M`(ba-60?zG$xgp=%1g9Q|zV&>d0S?zQ1ES8sPT% z`DzrR9jI5NL=ke8aWE^c9x|8x%vdKli!P`Tar*3_O1Wi|g{rIDhC}KvQ9ltAzp||J z-k!^IQ_80jBV=A>`;O^C4g#%N1yBr-wE?trm0hBu*&~x#Xfuu34!dC1k`Gl;Q32CP zosI``V}NeC3q9%{sWgZCDkJFV=t9fww&ATN0A{o{$6dJMwE4Ci1UnPRa_}4X-q}(P zcw#WEiUt+1#krA!Z{pflpxZfn*uXga^5Qs04dF4Te;%b=oqC6&tCMb=g4<0A?GBz> z12r}j@Cjg(AYZ6wX}a0%vA{G$cD;6O?WxhWGs(%x#>d;nKR&uv>f>lgLW7LRawMfx1i++C*j zr6Kj+y)PmIDe1|NWh@&#qkY9su@I`1*!@c6L^M z^L^TyLqv0gY#;b{_yM{7Af^|bl7cwU$94dT^UZNb^QxUk7jS^QGuv9a7+$*gmjQnH z5-n~ecvY%7{{v9VWHdzZ1!lAp3IJSuJkRt@V(`!WX%s?%!ey-tPCHQ58jNH@Kh0JZBJr!kon&5S>$aoHO2RuLX-RNF?;Kf z6DNENhAt(YTEit*);9?lNCbbc!TR#|@7GY|jx`Ib&vbY-D?-k%0me?hV<&0$q>L!n z!-1BT+{CGbK9GzPql6+B0vxu2q&cA3|Eayj$1@(rtXW3fUf7uwx%}5%`6u}yO`nYh zAI{G5nCz<>>L^q=S|7if^3eL#R;;oMxU!{ft6!FuYEjBsTMtT1^YZgY-@7MF7C7V+ zie1-=<3>j;`fN&rgE~q>Y@-gLvg}`VU;*EVkL#JYp}`kii(w{ zk4>^KKI-vuMUU9GIG4ZIurU}wqP-*bBfzzMX=NH0hEuKtH6k97_uUD?_1kdz<1;J*i8 zi*P8V?!d713P;I3#3Gf**yrfzb9U_OSI6u)TNY|WecJoDwOJ5|(*Gqxhl{TALMUc3 z{AfJ`8%0;lu}|-ax@GG`(2$R=E_0gkqf5o_ih`s=s84gdD~adUDlwT-R%onowtZ{+ zTWJmaqGhArB9{gx0WD?z&tOt?U=$Q0!XyX|hCoiC41D|62Y1MLE}L7?1>#~as2JUv zHLL6lPeHdix#!N7)f9lTP+$}^oXEO1+S7i10?Nu zTf5-&Pf?VV-))1%M3RSh?b7lj0^7_U*#}_0tD+{>*4FYTI+Tn4e7kEr_Z>TaqlN}A zR2vD8cmgH6P7m^ae7Julslw>p9#aFmQPLloHxNKHF>uYOuhX}?s&w&}ER;|dvO6LC z2wMMy^yW}?iJdfOPcN@Y#W+fB4DVjrP9IXnBpPKcLWR+G| zMyw_JDYRWXNNdIn*%wZaJk58X8M7vSE3`<^1gV$4<1+7et}F{#nzO|nE1K<#gf^uO zMJ5~h6~BOho67Y-CW7MPt4|h9(g1Tq!3%QhE-5x=@1W|55KAmWek2kszZYk{1Iq5V z`UKbg0%H}-T9vgiLZmB$GCPn!*s0N5-d%Ndt05^?5FyXCMe6yPg=4> zKV}?chW;6sDbK}d{=#iN%nq|ra|o4Y1Ag#GNZthZJHcKf>!I0axRjervP+V2Uq(MW zTAbF>)ag9=U`_R}w+EP%5Bi=fggOd(MVv!yBQyU*NYLCgp&cxdyfLa=b#Tepg|M;6nN=4 zFZYeBpA?3GSSpH6|7^^2JxKCjKzZfmx4R=Q@|>}Jy39l!->joM8w$k~DsIh~f9L^mHg9YiDVriLtc41Q z@RuQIu7x+bZRbuJm?Cm+ZF0nVfGXr!ZGd-YdW>bry|_N2G)s&^srF^87#RDtPR(J5 z?!9#&HsOy`uLb3(YIB0SIl!amQg%<~nMD3{|0<4~aovNhZ%u0k;xAs5SeG%g95Ahu z-YR17cd6jx=q@YBKLdWtxziZIBivpwvA2aZqV~S`ul$4$j=HcMGZohlHueaj;hhJ03ZQc#L)Zc7KsL~~UhRnfiSP%zWX<328Cl6q&T_%?v-Z(iXj{mNEuGn!MrCJs&s4%R zB?O7VtBJXGdKdC<461EP&`3 zF`jqohvl9GRd(B;U+jp<@CPhF6^uY3vxfrOoW0z3RW1K=A{vRvB7$&wFTY_k)S#Jo zz+A+wfR~fq|sQJ4b1?xyih}uPZ9x0jwb|-dC3WhyQ6wz;DM=`VkC?N#a@- zW8~M*_BTB~~kvQjKsCh%G~+ zvrr`Y)V?AA7YcQlWR}2q<+y(y+$$n1+yf2$Y<|8Hu2CZ*Y{U^%)j~cFp{UBfU@%N= zkd%8hea3&`@QG-VsRC^85kqv zLk8aNLN76}S+QkBZlI@fy|=D58>vrHBjtJ#8#ozDuBs%u?g;rg zNzPHer8<%3CnzMu%E9rwaj+9<1C(24jgY~5-ubDwvXJ9`3e_Yc8u z0Qq2ILub8dAk6{s==u$G0oFK=SVd6yi`r@;+Jx)OW* zYGPs(GOzX!{7BdWNtAzr?LZl|_SIMqTP0qn#)yYH+;Vo5v5vwp06yF`zF8;(6EHB% z-$`j9%ukJsYa>b*B{V6CAAt|2YgYM1?eR{{AIf7}~wPH1o;E z{q3B{?Z7i4Tv0fAs?9ti2eLtKkf;aCWK#{%gSG2*@Kfme{P4*5;KUk2Yfiu7b$Bg{A$(STXIxtr$&iuygyz4Mol$L zS82Ws6Ny`U?$>A<-80Kz$m^4G`SS`ARh5IUuP={QFi+{i?+ql{0h~lay+j;^5V?v1 ztB;m~pdzOlUt#U$u*8^{jm58e5IrWL9g7@lXn1k`zp-twv)jE6CeUR1KUkqKB*nH% zceAHY&}=EKQ#8NN@iPN6F|BWi5?&=!#LLNffn?F(#3>pks*5kEdGt{upviYTN%8pS zbwCc1QytLqqDbHuKsLM{&c^DsqCH^SWw3_%3on-x5P=Nr7W!ygU!HZ5-+qbdZ{VRg z9!ufj9iMhcUV=(MDg#l7KR!A@#w>o1bxI~^d3|Fffix|xQsdIN*jPuJVxTtS6i%Rf z3Chc}679k8K?P*jY`;l+;zdRsCXH4*0wnVlAEhTVSKUx|U!{5YGF=uU}QLA5)AUN!8E5{U>n;?1)P|rPv}UQVubL zsBMvecN~RTfvC_#K@WzCQGgge2q@(pdrty?pitT^wAyf331p{|+;;ESSQJTh!AEay zUO?7uh)qokyS?ZdVlUqU_! z`0QQ0%37i~AS@%5xq#t=#^=WlM23*!K|~F#N>2THs-KIvI{E#<`>RInx^e=620`gCyT!9J^bkj5F zCvzsq;ZtL2$#W~6xC}MK?#*@a=;ExKH#t$GE|EYsq81eZ&&zH)q0yLWp?xEMz) zZaUwB)t~_`Ma-^HNZ0+CZnT49{IYeeab`W~|#BW&>%SoDTw6$U@zG&Lbcy`Yqdl5$pG2W$`!r zvtuzglbr_dT#b)$$an@cdmZd(1Dt3PiI#89&n=&ROs(gDx8ek)3lY;~%RCn{M*(iT zrcC|rqMeZn5KSuW?tsRhaRq9RsF=e}r`Wo=+<)H(P^$;I4m$eu1vCFFx}DK{$Fup1 zi|TSJg8-+=)COE4l5QCGBXTB0;{U#$E*8Q}l=%*Cz4~|BZu(nYasniQVktSlw3!(h zb?xkutFqB~YkdL;?6YI$h*(LnRno}pG;&H&#^=f%F=!-v32|Ev03O{_FB}`1kpX$5 z$Vg~d^4yMh$#buUrRvGQR4ul01}^++B{^<1fM~?FsCK5YLXWCKZRs5z7XOD-lJ|(F z)KYgUo!pvGjAnGNvYxrcgiFjnK1V854BG@c&Lp{!*s1`sHRv1Yz2^_woL&Wj=*g&! zn#d#}UP0%O`6t>L9ZlfY(!`|KS4LG8YzVG^@mMT>t&{2&<;m0IOIVcoRC92b9j zx9E)DJJWRQX0m}nM=t+gE5X!M=PlgmA{Ef4jvYG&7vrn|9Xu0o``pwnWfr)%>6PD5 z*ReU`>h4kl$#!*hfoW4w$b=aNvb2$&in(=bw)Q?L_qxWBc`M$2p(>Ldmq)Lzcu`Jv?-AfU~8v%rfP7j1W1(z^sN+h^q#n$v&4 z)6FwRMB6soeicAH6$L9`D-=0g6fkZ>ez1IH%CuKsVE~P#5{;qaIz2Zg{A=*TlD3wD96bQ#2KRAa-pu9shBhd;k zMnqu72!&NS;P(?N485_&tYlm3T}m5QFp|ezu;HE8>g!VXlS0E*Kz}0GiXi3})Jv};{^nU0v z@RO-v#U17+bD92|vbV)YXYg_R^lA<^^Lf{UR_|XWV8HK<^$ls*4nRj4-5S5!gdT#4 z5QC^Ma9wa-CTEldw6q7=e6joKP_A}B57_~O;cJly+2hY@M2DK$e8~jm!0Z#lMlqvA zt5H`@SsS+>NH`O1BYnhPzJT`YjCKR+_r6E;vSFAh^;`$_3IuXfi_iQHeY}uah$AGR zjqznxhKk33FNx2dk>mu6EE1B(zvLU$E8`|TTyZG~caS3Itmv+!yir7fHv5qUnKP|T zsWYy!_J-0=3}|3e3S8BJB4T~3+-keNhr*nsO*?hXm)uIhU1A1j`2da}YNuiLap+S9 zxm{EgNPDj_OtL>U;0HDq3amCp?l3b70a`QxaST7mW+ZTg=_EnmZrS2#Ho#^FkLcN1 zKgJDP8R27+AroXKuOg-F@&3_)2S{fHK$kgp?wlPuNK3IF?nllY6XCIq3Pan@=y)t2 zdpYhQl!Ou3ouQ}g_sG^U&%Tr^E0q8 zTKZlhaNY~q2G^+!v6p8dOTm|U)y!0r;Ix8z5cUhsRRPEujafqnv}lpQuVgoJM`!dg zt-Gb|B!c_w>7Mi4;tPT&xH92jo#s4QV4xU7#bx=0897WONKM5<55}2DMLjjoUO^}| z1lj$0E~fEXA$&xzMtbcE68$SFak92iHpTwEa2vMaVs1VDnN;8>hw_;)3ILU&4BVBV zzewFg9QGSSGeenJ1uu#^^dZTj8c!OsLE@!W`&(Mxsd`sPruO_7DnfeSY=jPp+%z%{ zlu*cauQ7%Lw3Cbo1PZxw;H=!=nQ@Y5Oa%yQ9G-&h1BnW(h(rPrOk}un?Z%DpCr{?J z7-O$pqq=pobHkPD&Hg^=V*dv>pRMoJUFS@Tv`-Iv`b?BXCri6dhxgjYDjZ*&GicX*9uBmCH7yUTmCVTy)cXCSIB^7!3&jp^%W;hKDTg75uzX{d zZK+^`)6t`;FfSe+%9p`)qNX6pt4WfD5N#~2Hb6{A?#m7e;84rc4Y2wrh94y950bG) z)b<|es1M;Xreu@ZWxQ~mY6+AC!R~k>kMDXFvqDOpTbvsF!u_JHlx1cE%=? z5<2&&{n8(Ei9bKz{Ld^_vxDRnW3eG%9u5ELG6II-=->Q(s*3yML{B*(|0IhGZ8h>I zFw{XM#@p4E3sD(W7yZdXB!!Q zyu0-{$x)L)2}qqF&=7^pZ%z+2tt9jUVvBoE85M@zsW7BK3L?c0nF?SfE=8Ah^@$ph zBtC(CmuLPO?N8S+V|Mk+KY^z*cR&7%e-B(dG8{(mx!sS?d7d5gkQa6U29Q2ODI=OF z{_^gQB18Vk?rK~PkC7H>GA9UV*IbH{Xz;QI9?d>XJHX^xPa@wi!=?P=1OA_Vd6TG0 zYU@2^{ME^y$~x_ArhSv1wh;BUE{9e_OpJD<j6#@iP8d1Q}&!kDc3 z<7a^$m+I%>6GG{ZF1io-XSP3D>k=;~x!wk&u8Rfhy(tsEAB0HX5x02QJ8ssJf}gdY zLkmYmCZY+20(4`-awlWw`RUx2CBXrPdml;7JpISiwR!$8%k!6*?4QP*Ln4e!F@L1X=- zeo;C2#J3Uq1Gz{L->!nTcf6V_HlLiIEZxr2T+E@jK ztk3Aip492z!xph)0f8mhcV6bAD%K3SZHYArk{ympcwI&Zy~a~nq%-V9qf1Ywua3SM z)7XQfzfRX0AWs=`gC( zSrd|^rsfQ?oP}Rb<9ah>sk+d)<1K z+ImH*TG>T2oRaPj9#|zZ`;+tbdly7=(JyoXC8X_rLc!5wJHOIY?ipgb+{w^HU+MyV?(AbLa9*RxZvqIoNbk8l~_F_|E z#QsYki44coex|lA(p0NChl}3cj~C}CV%?#O*h5qxGvuK1nscKHWHJjn>MY{PU;nAO zx^6ZxN=s~G+Dbrrt#>(>Jow476~wP&L~eCb;M8gwMlK3b72zC$f0ThIW*_??`X8Xb zkv&4Pm(jm`u)~SiJxqFW)EWQ};1;xYT_{!ba!@#SXs2 zEGh?riW3m(``;^dU;oFBD3iz9hy^hIiplMqC?`InW}0}WeU@up>19S1Ry2I;m3v9s&_r?BV;lJ&L167y*_ z6dBG6xEqIJ6axS+2RmYCpx9USH6fh8giy7U*mX*Tjn z|9RDu=R5isE!T8Re_Iu5^^I(k>hB_B*TjtC7Q2sZCPO^S!5c*vYQ&;Fe!w?)8hw>) zo1MpQ7DP7eegCF>;iH?$%uUJ7xFBD0RkcCG&Qh7OVErbz+<;R_`t6E;FHTF z{+{bc%xkJ=PkJ)V4wbGl{2u;~5AMOEQ!tEa4^0i;e0V*8%3%cP%%P1RTaHuHZrpW7 zIeD9`_ZWGW4()-*)C;%>&YvEC+TNfAzYl5X!2f!s?b#DHg`9WqSbx8TQ@(!Bgg|L- zU|xQIO%ah*c$7o>`epk>cad%8^`U+pIc=`SIu(gPtlynX>{CV5r?K&9oKWvf$LPovSG z$$m|3cUa;L2OSqP!$+hl7}ICWLEnch5`~oXDk3@}%SiSfr3{aAdFIr>M<#mkV277d zX8=`Wg5GwAo!Im#DBg#=U^wCGof~0o*QE+JJUQ782y{;v2ZCX8BD0f>H<`GB8VZo) z(wcb%p!jg}z1@v2e+;hSiVS=Slj#ytl%xfW+TU6FF&_=d_?$5^jw-v8@aUZTh6xh8 z)R!0d*r2Jk><>QgvZ8kj{#L5XD`va+Cq6>4Q~UH9>SKOKzKuzaoLPPZQq;L+Gx|p1 zocOnPuQ0PUNlo; zF*pXX*(J!ZvF?!vQvu0u6~pS63%nmj*^!=A>Sff~Hd=09g)s>N8~g3!H;=txL~-?%9Hv6jRgg z+mtP{^Hci~FPbn+`a8tRcVuJ&lOwx-YYd&9se2>85m$SR=Bd<-2>OAD#nDD6!NmAc zIS~#-k_LN|U2xDU zbG^4y!cLdgQ(8B|NgegjkT@Vff}24$w^@zk1UZta_iS%?;T z9_dMBXQJM{o3C_idv+K~l@u1lGlv=`qRyd^->65IN`tiw$F2$<@dO@^L(+w0LqF;l zi#>#7WPDP6%EMLhec38n3H_eFg2r14Zx*Z!O}cAdmoP_4y?ia?UC@SEcqb%R1#?0> zBhTvSDX<*-?u>sie5YlLDptfm4*D6H>84CT;Z8G7*C!E4GKc>EHZ4@`w#j-QvlYCJ(p5Qwnxqm)~>1$|KS@6Q4RUU3;M7Lqv%srXcP%p7DamEnLR_ z?Z*$uprN;Fg7;peI_T|f~#x@HJ3p^`lX{7*ICj}!?;5TpkzP{19yf;FA z^NYR+!#$F}eRihpTEFY3v;N-#gtI5*m&4gNoC53C?>sViORdOn{l{qD+=A>s1$V@# z$3)U^eyOpjOFHB~+#W*vTTpXu~>Q``Eh2E2Er|L0uO zgMl{P{{;3!AdlQa9VR32So3urZv|J;(5#?9D0Pw#3m)&%0A195DJm*j-FNyQrN5cT z4>t{NpM{l>CP&ukt2S8|Y;66y%(C>qlM7))1wkt^|0m0{3>w2e|-8F zCCujFP|?#(z5Ty8El(I+$hOE*?=z^CYq&EPz@@*XrQbedV3?6|(Lfc zJvS1c{)mbKC9Mkc$>dQ!N%z!H{U`}B7vOU(N#g+ zxD+)cfB_gqhO{x%q_<}e$tfhi2JgJ(GaZ`Ok_rHDj*=M~L-nd_tbDldIS%#(yKE)bDJK92hxp7j1tvlN%dhHg z%YCD7bTOgxQtCZYM4!*re4LkqwaMXz=~=?`{qI$!_XoRhyq>pmEY-q3KaGIhIA&de zWSbm1E-8uiYbVmoayP%L;WM8y)V;Sw^jc`ab2rK#gXXUT6nGy?QUkKmxc2nr zM=}J%Y2!y6gmSpYR2195$yMYjc!lQ$9yg{=#ZF3e)lW3t9ogazf%dx0MvV=HqCXp? zY?Ts5XE?7dnwxnNU@BmMDQ7&q3tJJ-DXWIx9dpBRQRFs;H!+rr$Kvb{=e(g5#@F|Q zvAbyZCfE`&%@Gl~(HTsiH#;*751ugm`;R7Xi|f9Q2Osc}A^^W)TgH3Y#%7EwAW&fi z(LzF9etp*HS4RFY0p0+U)|KF-*M2A6ET1}++{5U9>UKvGIIcR_4YVFs*kzl%JCJh1 z6L&!8OnP^Gm3GR)A&eK9rarPz(R(BJSxy3y>Dsm49`_HOSX|`~YQWmA23Ck5m{p-? zdgCNXK$0g{IMAii8%ePptopKEbxqIB{F~R_c0}majosW2Vzni#ewl<(z?W*UrHK1R zlxc_@By2;TjtGd)rF0@56wlPTT}4z^%xMMXv7gG_rIF){vM{M)VsAJ`DiQ}~85gd| z`0|8(3oI+d35XsB^iDb=NHnpET5SUMlB@B2=pG~83cJR~>9>Erv8h*He*;-CQYH)= z7Z`{xgJ)gds8dE+|Ee8FZH>N#yiYZGDi?Af0!Y?i*6G6CyLWl=#U4+j_EmAX$~5yQ z_3a^IlJVy3O98iG$^SUsu;tFxxC92JVyTeNpiAxNo|INWbis23WCx`q=;BuO>E0+_ zvm9TzzE^_n;LdJiy#JW{(9umT_zF;vZCo?>aRR54|fz#x`oM zI@*X+9St|s)j#r1aigZRthQ|0dhg_IDay-hQ|;j6_0u@dL+V|4&Idg2$`%*h&2Me{ z61BqkMjdVX62U1dy@iUb-`=m0V~xq{n>yN{=)zuP{btPRy1Dwb8;FwDcGWc>y>jtQ zT*2ky9yZ@FGa>2qUpE8133@CQW@RwB__UiIRLcBaWm~YwPjQRbyrOKc_yZLEdupFtnN?Y|J<{XY7p3lw>0Va8+$0 zbfCXbOQrel?hz&29<}&#)g(-y7h5W@l=iQ-XZCh_MEmlh!jSI0BgV|ro26K2m!G^^ zv;Q%5F`guKi}`~`*>V`T#v3R z&hvO5@8fvAp6m5cJJWTGQX0An4X-YHa?1vV{o}|3da4V&@fL8NsHigQbLbv=1DiYN z>J&}gl_UKbJJ`=baIj{6g8oZ&JrK}|L(54Yt$S++Y6G=Lhv8EvJR4olsDCn2WCv$u z_gn#lUX@>gllhQ{fV>lVV;Il!YpXd@Ibj)W__ubKsK_t^ZaMi<;BuC0V5F{%7%w`T ztOIp(ob@TE*w@~iCXg4C6QKu8Wn^`lK-MuKk50`S=qC#Cd^p+rz=YqLu5L>bVAI%N z`%>XVl8mK|3@mHVK4O!O7Wx#DWLuxvaLw8mUST0a#_=*LclNnAJD3e5|C`E3#S!tyx#ZC#PFJK0eqTtmECg z4VCCoSVvZ73DiU)YFNuKeWyQQmoyC?imGit(51-`1@*_@!h#h7%j6J21q~HB2AKum z_Im?`p*9=0z8cT6plAU+OITEm@Gcpp9~6x3KNvn720nhqX8iI zg<2LW0QJmiL|MR303lMoGUJW5V3J(#CFVJ0_;C6Ug%H57)~JG0+_6;0Qn=H6ii1yA!p7SRNDI=Fzn8U-Lc=m zBtL9Og1%4V)~_1_ZnNU)h2xYW(ot=n(M~>JRh21LHPs_6big2;FzjCx4dfT{22g*7Sk3wV+Jw(yQzqQ4cKn>+` zP{r_?YTJCJsgEj|2Lr$ev2i)qXE{FH+%tbwntFYJ=vDs(J|2W8tpjTL2deeMaAyGl zOQb|E)c4#_0K7L{V(`K;8a-eqaEajfxOfHA z{9su-z+*lI$Kv?(BiI3(FC8|ME`72Et;=Ztlh^C6g3Ytv=T?51730F8gc#<(Tu@UD zS~cVeoiO>y zP*V1tyZuoE1c3q%0Nb&hP027OQnG3*yl3$O>pe|hT7EDljKI)U50u8!{TFH;u2~9z zgfS@HD%VCJQR@qJHy2Kohbi$KH9HjU#m_vcEekwlrawoKqUCu~0oYC1ytmN)0e9&i zO}WeH{jgtQn(jEN*6`2h*ir_}vdfFy@=H+q8v(#nZJ)yLfi%I{nu83p4AiYg{OxsiD{vxmQ(X3U1saw1AJNpT%n&4d6{WV&OUXW0 zOx4r8KCo(D3@aB`oK#c4kTy~DiK8VYa_3*lhULy*PZmLo2Er2s@b(LTm!shLZ9T`1 z&x#B0dO{|uOXi{fnr9iEg;mz#lm@X?zjO!M#GKmmP)VrlYuW947jDbWYeN>=3ghI6@TE4N1dHC3x(Q?98- zzui6GSZcq;N3j0!+qB9I-hUZx&`Uu83OaruI19*k_y=jwkU|gqLS3lJ0~pDfPv2t7 zYWE1fF`hhev{!hzrU&+&TB_WJ%RA+H?(U~Yc(|5T9$uI|mI!O?Z@bm|=*bgmAanLr z$51bkyt0s82AC7Qy4OZ8^Z|Kt&p2C|=i$_EMQmA|48!o_mwy{lVIS{~wrMRR(L2}9 ziEeg84g;;AfPBEvHIxA+1m=F^0sD6Wr&2V*4%K5+o$XF%A#9J6=#@M;T%ee$ao1)- zejn#!12*NUm<>5dp)nW)kRwqfNIO8~KLwRjELu60f(ffYVjLGLFw8650!8{Vkf4fT z_ym-W(64I$y#k^^3rHASSy=&L=yjf3S&WP~2DIN>U*HzO?cXZH8V=(Vq8)>($lVaGM|U60AYW1K%_V zoMey#6aYz^CJT+Um_QC>TLv~f5dH%a>w@dae3TCe5qQ~xLPIH#pb+{xV2hJBx;X_@ zbxP2uO1Q!;GB)KC2qGM)B&q}$`I^LDA#Au@-90%&6rzBUvjqgG&JePUl7W#N7EX>_ zd#I>_AtC4*NQF?z3ywz=9t^@etsx|oL2g?>6_B|YAU_*u`KmlMRaqQ0wMVt(gGAPq zp}3^)0L0yv=`VoA1CaEDbb2V$3#IRZ#$^&r1DKwQ zd1ToK{X6V)Z@ zZH~3Q5Gx70HGqBp&9Ye}9W(kt3ZyIM#ycp~_7dPGD}N8<2HHyiWGMr|y`Opw2W=~C zR3Z$ROF)+|0_)8s*8v@euz6K0h$Y0p^N#L#;FG{xQH#F-e>uar5V!gB8o2qJ2WtKW zW~qU0hXw=GKm23&+eQ1rKVa4y$M!tXfdQhd*I3ZGavW=JCrW|cxvwfH0b%fCt`qN|gGH;8qYn z!tI0ta3E|?8na5{1AZzTm?KEZ$Ta(pK`1G7KTTV6$B@q!1kbH)kyznnw*S$#gtS8v z^jX-&mk68tc$dMiN4i;A7CMHL@vBD-U08lT<*kK}9NB%FwGqsbMy~H_#WymU^tUv- z$gi`x22v5TRCk4ZIUi*qFJ1ilw;{7tNm^uk)2@^T^gDc@Ifg43^6wa-8UO|k&}X=& z!jT#uNP(1dPV6qOz2PCC-$OB-_JMm)m{@~e0g1$s&kI;6Yxo}lphhWRcE{$GP-+|K z7;-^t`t|@NC5nA7+J2Rc1z}8B*a2iVFe@G$oHV`a5R%KGBC_r?!yk`CI}{TCjN_v6biJIFBVO>J*MI0aL* zm9TPAbhePSp!UB5F#xX8gU}hNv#~YrznH;ohK%8Wi-5LBVHYw}6QkkwVTDvmIIP~H zZV$xl*FcJdxra29$Y%%^*!y(HqoK>iyh4hY>jRLa9=cDPLHZYjirV15f>Z!`B>MgT zg{mo}{THe>TOV&beqR4m$M3Rfd7-L{3MSvIs8c#r;V^$5kNd zFb3CGw7-JH$TLKnCMNtt=uX1?3t$2@j1~brEW>{@xK&zX0V23E+qaBhXqm|z0$KI{ z3AR-fl`$lqhYtDicm7^RkF@xs0qk?e_WCQ|ps&jxJ;|el^YmUwQ`N1Cw zSZ1L^>Z*oTtw+`{$NDqs7tS~j-o{`yF4fRMXTKB*i}(NVh1{5w$g+-LG%rfbf^8ZM zMSx+ScvP)M-{D$rrES{XJ-208i$NHRbdnBNfIJ>qs$LN?V-5NA`ltBm`njsj8q|28~e!N)?5 zL6U;d&`^M{q-1eb^=E_!RmqS_=HkK*C}?zF6XSA=vpFgDdl4Tf6y?F_t@B8n461_t zn-^Rqn7QFKP79D*ah?CrDcr(vK+80{q%v{@}u_=zE9Q`zPpQ-=o8t^*uD4WA7M7J=*3sevg|s99#}FE0-* z@fj)eqHxoul!HEzz^>>bwR!g!>cNPbLbo=Zys>gr&U%ec3 zkiNh;Z4$B{{`{b)07+XYF{K6#4S~Q;IKj}$t1#UdXv;C9ow8cbr;-n90xGxN*NgR? zW>RC!4_-TK;7%XqFumnIE6QN}g+?0LvSa1o3~KiNEs*XtcLW1AE)|d!z}=3L4WS@1 zLtE?dN9zl7Jj-)FCZk8zEaLA0x2d8ZHP>o`Vtg!^%-=C2CcR(Jh&;XZZMYWr^D^8S zXnNaD0HOe%Nr>3PD1tQ!EQLq*U#s^Y1RY%z4K1u0*$l`}6RHKBMc4k1n2WnxWNI__ zNR=*H1TGhRc$FdX_t6QFX6OVAq@f0X&Q&A#fHWc*GR?NI0 zRXPdQg{C8G9HqNfgfeD4-F2O=mUvhDk`q~3xpwnhEh*F-{~%bveFO~q`&a( z-&<)$wK^3cyP?WwByy^0E@HEcGw#EmhGADM*!#pQBNBqZ1qXb?z5s3MzEHE8@7=pO ze@zNMrJTLwv8TkKXys~gj0Q{Zd6O53zR)r^CaQ&j69zC zo}wO!S@6~&TvAwswg7!z%@Ha`Dj$f7U*r_-XWd6rFq?=yREyFh%3t z21>tIA1+g44y>Q~Au*I65H=(uF2xrYo`Mm~MQvTnJtG9RS^?1yi6Td#2Z4zn5Wx$h zKLFF`3gr>O(XC7}Zj`&Mq}Lv_eR^K$=SRv;38Fklo-b!la#3V`Jc2g{+=a^rZB|IH zB@hV89eNP|2dYu|L2~anOLdYTD^%e9CL{aC*o1jhS7I0dZ?fh`W zEXu)>PS~(yVrQUjc=eQm2_g04&vTf>(chqpoZRdsJ*KX1`!b=G606Q93oB|`wp-M zBUkIdzJER`z`C#x^otfj=}@_UF<$WmhLFT!3h)3D#qLv1m{;K^SLN|R#$K9av5glO z_FQ8XkhnLN?SJHFMjF+OtJep*GXm@LwE~RonJ<7yWH!YRqnHM+-%ocf=_g9mb+lM? z&+}v%xm__2(XicUrCQc99~X)9&a419gkhNIa-o4`tqU1o$;#*NOEKhk`X+}*sH7^1 zcJnO1r}4HX*LfE4Th2>Pjk3S#vs$oan=!M<#`@L0g$f-@0uQM%$>KY1YeGL*3 z!Ij>0x(KQ0z5v{O1v3joCx-pEnPvY}Rxg^c8ty&<(gl`FMfo99BC|XMHxg<-!lyqL zlk?BijiV|5s`4bc+NwrR`xSUyH+xR`Pji4SKRs>jiWDhqTStdVsmYwE1D81y)0%*t zDeTJJz$&wP=Z(qJ1dw&T65rSaKBF@hAQWWRRyFj7<_u`n4gjM?S__FWjF3!q7B>y%8mU zpqxCYa@FAOhrCj$RG3HrL0~cH2z3=~S^_Xm0JPqbWJ%S9hH5`nN+*AiE1a_&mtV{I zMf0$evo+W5H8*k^(mT&w#%?a}*q}kXV@4@aBZe0qaHa<0h7mu=PR* zAqxW_59j?KZUsLa^nsu*=TR3@Wj^m7P5JKaBh0-R7t<+`-^%?GMkzf*({P!z~9#!eeR7~x(I4RPkd?=zmwfe8@Knq3>`~5_z#D>a7TYp|QZqp3Z%2|x`Ojfyk z1iyW}S#=#4WM4@C0N6bLO<06zGchhJ;^Xb_%HzM*Lw_syU+i9x-`v8Vp|yiq{6jTM5bR~Nza7yY1dV1EATOD-cX!8)@h``lD)nvFn3O&DubqY!Riz`Y&_ z4BSDmCUj*6)}QnzA6sFYYgAo!mabnW9Mym>m%pS&zQCfENeYg!hTh( zdD?{#(i{h9ARRaa##6aRti$U+Q;+FW23}mETINdB3Q6+%G)iX~DO&Lve&L^D^GCr<|Cx_`2TW#1ZOe-5m-4FcbRt$4P%x+NcHB`O%5ktdTm9pj+Iu& ze{&STWIQevq%pft_LT3tN^?5KMg%Y|IbDl!7hLgqqY{PgA_z3dImf`dbx;d-pMSX_ zj^ZAu%O(J91UnOr4sW-DBXU#@olEb$*R~QROH;&PJg6=4{gdu zCNw#*F^;XUKW?%tSh7qqNYUWD>YqMgzg_vuykNU_5ho)?vav5xJ){Fq7aD9&7%-Oc z;oAfxddA|RZ3lTOS(w~Fx2sn@;3aj_eW0v(LW9X?BIsw$KmR1~l4iB7ufhXI*xxZ7 zFOvVvbNQd!FF9x9?ZS6}*%X6T5YmSx!C8+cSnNSRhr|o4_f6FrW#QaV7Emm#jNIta z9$h?C5$K~-To4&D1wAsb!XuhMm^atgUbNUJE;U|5`Sbw>g#oOZ|7rBSE-;&WKj@E} z_hiVp7fQs#z3F33w-zT1D`qSKjPAoR;EJ<4_-k6n*kA1TgCv*57r^W@37N+6z*y0W z`iJ{$^=HiU5u$5b|G?|^zQQ&0L%x3RP-Sa>Dcc0CC{`H$2)FHSa70yOMly$;;9lPP zPXSB<1u!HNpaC7~pc4NHbM~%5)F{i}8TXy_J4glz2^Ap#!yi5C5C&;0TJvN|uYm4^ z=mk=kgM!9zLd;uLjr#we!ZlIO7%~C0NAHLQr4M=hanG`WQjog!(*ft8_-8W;{newc9$)^-vs_maNbXCR@R^N)VmSq(k3iGfbyV(pYg)_RlFyAmv=oMW<(rb+I{TdmF58&Tj^Cj$yKK$nVz{1^p?znN_2&(6 zib&By4~3+D=m-P{5NF4C_FEA234kg}*2}elAlLVQK?=;HopcqN6#~F57!;PF4#6uZ z!-(dHIO%-<(++U-uE5G?gUTCo4??X_i2~D0=wN!C#awBS0B;#6913Ymyoc*pS)M=< z!2#I$)M+4<*#f+L-?6o|)lcoM#u+(_=G&!wrjuiDw_ti{+|$ZrL^`GO^3RgeIc&HM zGq_|8#4n4J!ca=kD0krsJHEj5Eu;blIB*g@dFWeL{2?_I0e$p}Bo|>)QZ1ZAzs)OUK?LV5Ki;YVx>c zQ@C_XccApEp4xO5Pbq%yWYu1(RoGeoD}z5>Ma1tMiK-E_K9xl~#vB=2rTzWU@2l0s?r2P+lo>o~alC(8PNkpm$7 zcT%+k)ELauWe&sT@5dL)XvkL|d<8rljVsv&@z*9G&rz_AuEE$Bl(e;Ydd+HuKU>@m zKHhwMs=Vq>L9kO(R{Nx>L^|bLwQ7Or3OczC(grV8lK6}_GI}$w@(#s&KefC#jSoEP zTQHZUZP&4NnBgstAU4Ijb(j6`8y2Zkrpb#*f=ZZi*`fgbi`R@lux?5Z5+iFu7!2P< zBOYPo*3X|Ow+eKj`T?g;AOPgnAlke+kU<1#9&K9yH3KP+f$6)Mu=$X67n1=9J5uH( zWF#k|84ZUTv~_jQgGnESzkxU-Dq{v4ne|n&iR}xrmrJF+-AeDoe=b?B zk7)5JeIt<}024>98qwG>o8Pi%N~ZcS**sA&bk(%E1o8rmJ3RUq$#ws_FudK?0&XF^ zoTk3DY#8#hqvLEyw6I^JHt`dkPn`z~-Zgvlb2Wc;U>?bC@V^FE#&xdUw`XtOo?ST1 z<8O5Y%@Fu+BQqB+x3UtB*T#m1pJ32?3p<^Pib@%JN#SUqPwAl3m&0%X^p0@`C2r)A zHGr!!VF&+#H`0U_r4EBC@Vn zYWaMPvd*knIkLfz5IPJs3%!qh884`FV5>_HZ_C0sBQn6SgdN8l!j~MnJ)S*0t{^gW z$`gXOzaeu_U0@zzaT0Iklfg~xIpl|qg(oFBpeik_lw$sK`ZCVnG_ zahjLSPka-Vu}u3x8?go;JoSg=1G|R=q#@8k<^~ub;bj`xkx7`O(ra>V4kHe=4E}~8p zJ%R^Oe*X__$3V@O76J_ogeVC;^_r-U#X!x%_%F)O}r zmZoq-0g6kgF;t_?nWRXS=$&Omj~KTzdaNRr!7|%;SdwdzC&%stuhZGmq@L3RKuU!R zwkC$C#U$~<(EyD8N)D|*mg?{&_RUd1pY{NK((QTm#}N6va%7>Eq__vM+axG>5v3c$ za90uxj1Q(p;ma-um29i6FO|n6+60=Bk$Md`3G3%lcxR5B#{KnTcDhmX&CaX;o${VM z9tv#YCGdD_Sj_E%Q8}srG@v6IDid0$Em3=Z`SRSAak$Ii$U)&X!xF%8#pIoSd31Oj zTk-hBZ)MR!Sbi}j1sCKy!t4}Ji2Uj=ocZ_9v!(i9I_ytc9dL?9!V^HCrzKPTRURN& z!pl_KMm#cWsO?_Q1q#vO zv?!VclDJU72H>r>L#=+(5oS}%Hh+Bvvg5@eX_f?hof5laT@I;9*SvNHPE5mlBOvRe zHvrD3eJ3VQT<**Y0IV=~3Rx8(r!X7d92f$HCTXMDD1g6|+rOu&3xr57Wl=nCUACtm z?4ad>O+y@?NuXoop8u{wSK8xlZ-^WA4|Eh^>_C#U9M#;t$g|)&^@l0fi1UTG88Bjy zgV|Eq!9i%;cf(T3n!DT{ta~1eZKRe;rwMdx%GK&n$$mkPU?xX@`t9v;%)ORa@Y6Dn z_{x+{iBw+RR~PYLe9nZ2AvP!*gDA|t7@8!r;%pm0JR_t={1u?tjh$wjvSaAlF&lq z?fHTNd>e4h=Z-I`GDp??9qmw~D1NrIAfLbk=4s*n{YV{yqnG{a*CC7$*~8O)*Ds^- z4G{YUBCz`)HGw=D;4WDe|Lp^8TiW*ly4K7t>wBFhXcbHVsc6?6GUeEs%PG?VsQ{KD zPJWWNKEfNtoZg5HV*(>NfDDO3+M^raNBBDKbiQT_e;|6s)hY(#I#L8A*-guq>Rn<% zo2ex{GZ_fxhT-IT+0Yp0Q+tQ)=8?I`uOjVJ1C^2uqtWKx`BMxxQvWQy1U%>=QdZ_% zgkuCv(x9Xa(6ZZ7FXuQA77+otDlQl?{x(5XI~8QGA)A#djCeagp0b zW3oYhGtwKGm)d4do+eoDA{mvc7En$bpdD&$Z)cHaKYqOb4UU`Nk<69HNIF?1;Y?5o z7}vcjw)Nd5gZ%hGwEytWeAdsdbYvSyaZDKJ;3&{w<@v`B0pFLhj^jYc^?oAcS|AUy z;W4*ugedR>zwT}h1yL!&kPzWt>s!)+5H_(qS9ywBA5`~Z&j_tLGc%7JSTDQ{3;D8; zpaN)uarXI&+W@OFn-ryiT6Ok^(mv?aWl*qhJSV?e5+)5Yj+&YoK91VjS|n+M;a3I) zn76o_9|amdhSZ+vd9QiID_iB<&^M9}m`IoG1x3&JGkadDWO8 zWLOn%Z2zd;!lL;pdB$BPA84@I2Dw5PVaQ%d3o*0S1J#s`p-Jo$P>tttFe_`t%DzL zGYj}gO@m|Eu`O@pLZF|-S!Q0MpZGzpj8rDFb(Opb9g8W)A8J#d!OIYqP+&+|XWHmH z(;15rV?iZlOBumBR2+;~1?@Q5)wb2BmGz`}jWY$O79VZXCa02YwGAcIz&YPG(w3UR zXPc2*9K`<&LB7cw$BrKq^m(I}r=(oRkZf&m@m!3;M*fs@irhayI28}bGm!~{dmhA7 z$fAm-k9T~38?YqhL5KNiD{&lOc!e_RZm(QFom%^dc#$|0vs1c~i8Ux*{R$;^p3nHb zBZnj3Eb3^law8EYv;@#&BUWHDxO0vXNh$`Wp9@O=uVbeR#Om^%Kd%-6TZ@5_O94>% z*?_6`CgkHm8m14N&lF`cqDnsoGZ--$Re4e%GhFa}(q@>{n!BqdM9)_an#AN*(ET_3 zwcr+URanY!5@KNH5$Tm3S;{ef-F?}9`leO~1b3vh@AAbYY$|mWxlA){e3he-xOw?QnFNN5=TCD~G~2qivvQo30Ot zj%kx&J{lvoD z&LctB^y)`!?ij#B7V(>fUEba&v$bZQ}QTMRks*lF7XHqb$x!6H-Wzl>mB`el-lx} z$hbtm>B#NBwNNzq5gyz4jxowT$ToDwYEss*?T$k3UxZ3h(d1u{QK2qFRZT4ul0z;Q z_Imk4rv_CnCgn!QhYD8)!ZpQ~u5_09$06RYHH+VX-bl4APtaS+QxibzyB3FrNi1!h z8V5wjFOXlYheIvNOHcv&n^2Ae5qqpmZ?6;hXsOGrqym)-~HlAUGRL2 zkP8n|-8O8aCNF-xGw}Qk{f&V?tk=VR#{czeIAE9)3dn`YBw(3`e;{Xl1?k7!e9CR0 zobc&`JxP&V9SP$@NG43XN88v5Mu%YYADXf`UOWhS$ZhpiivdbjhLU-$5nO0oW&$>r0>C=97-<_1>?4 zO$ps!WW%!y2Uk~`OWHLBPc5a@v|8%;CH7bW(DLj$C+FCKM5=tFx4j^%6msQr!B6R& zMw&f_M7GQ88KoArjP`>?uK^ttW%GgT?05P4CmLYH2ef}BtSvEV(Ago-(6tu?x(1UWn{E~^yB?d2rgVIq)+3a@|etj8)u1s+KX$Ieo zqllEaDtemW)i@BJFh>0+t_JZt?XfA}($3suxxF0f7t=lZHXywF)oCBjJ8)?~=CcdTt^4C=993xNtXz2a!nH^-_~MOC(lO2K^B@w~_2wj}C~Y4GAHedg zv31tYDI+Rwf)*ag6;L}307LlO4MJPv+Bwq)WS-*`B&bbnK3qJlDCNXX|8}-1$Ow+R zeIB3xfddk39Ev^XGybvwODs#%<{kZ#?$5#>@yJ412vqr=0g{$)iKC)3-xW$3CdiA= zODWW?=^mBU{{%-U{Z3|l5V#E3knp8oWpe=*TM>Q|{IdE_ zj)F)P>cvxYj}Ik=CAJF7An3$fbWQvHp6hJy#p;6P$e^JqH0Mhc$W$o~^+m8Hx(*Rd zAcHDDx_rQ0F2sHe)N3#e5Iq^_u%NnK($RXR|CsEDvBHbb{e{N}v`$!I#`jT@Zi1Qx zF?XDPLHI1Wr3e-@5B3xSd5Wp|MsBW=ul8v**7%lXrR1cV8zYj80GphKD+WC0`JK}+ z>izs}0Ur_*)n>~FAz~(qZvI1z-`^S)8bP^>{VU^(r6?V*?k0sW+FRj1VGrecGoAoz z=wJUnjMCeZjF%9l(vab5Z~~+-L(6%Y_nUuR-wM}KfsnGRly#fl*8ApTD*b1Rp;ur? zEnq_>LZKWX<=4@rGA_Q+T=He!Z+suia{b%fxI^nyusnkCdzz#9q0vM8)^O$0<@NCz zX4OOVtYHxoe)>cV`WIEza2Xj~f!mw12e>Y+k6)xBlO|;Nl%84K*o#ennHzLgPE$AT z$9$c)(uWVJ^?YwNo91BvI%oRehrm9Mj(#DQuVw^+C|XLX?MUD6YA;)l>T$+rsSE01 z&d{cP=50BQH(#9UtIqgv7_WSQlk3`h;y(})dhz7rvr>o4*x)bjl-iNpwAyfIZ)V?q zWKMRmpfd3KX^N)bU}9sSdi3$lt;c;spBP*yC|^q7f54TSJN+>()r34M`t_%GN-wc; zw?(SYhY4SMaD)o)f6QL#oDQS9Fd>*;SyeekWSLHW^J?*rBQ|J4BnrdpllgI=jM`dF zmwPTV$AILDi8`Kc)nWaI`gR@1t1+0Ml_;5Pa5Y7;&+O-PfAMo4nT+FB^b6mDTMKdr zTN9o>eckALukdDv$0GIGG4%CP3N%EeN=otX!c3X2)=5SW(*6S zj_#q^6=lpp9j1OWe0ggHw?p8X-j_+>Vm5%0_nPkp<^C%XN1R5l95$;T zpi5dQBf_NEU01!jX^gi&8d?I&uz1=Hhi#84GB`!PS=Tjr;ulK;dvOCtvQ~_dMYy@w zRBfk{hW2N_01*mBGHLikxEI^Re*jn}?Z6@5-oa}AL@lHWhwuep9otmsTg2phT{vS=OQ+?-0!i_ zBr34&7%Z+sP=O6VT$?~;;lSoL+T>e5Xy9yC%mTnRMBu$ac|H&eWQ|zzjWLhjKYX7L zHTn2_)o}8Z>^8gWe>cEy)?JLMyV%Cv68=0Ul*!g$(Z?$sC%onCE$y0?AsF% z6x6?b`OloCg#``fAD7{?O(wF}H%_~?H@w$Mtu?}64iAp!Y3|r-RrxVk)x=sxWS=V+ z%L-blcylhftmC_}BR__t_0qL+8^?u?GoLR7w2q2%&nIP=2yR^eQ^H@qB20*F(iLvH z;@ZHT6=cB~@6st`%*9!Mcyj#0lgL*VrA9Uv&rXL)9UEA?E7i8WAuk#dG`z>+$}S_y z_b2#SEsxgg@p_?<@*{dZTPL63PCi*_P1Wle_7v`I7bAM?dDqu>1q9eAl~%a1karji zMTlVs`;bcJMU<$DQhkj}t)fsa1o)pSBW_^`U^Ic2<~~X>Lk%2&bRj_IAMpe07%diy z1>YPADBue#`l0x;fvE;=j$eUtNlhzu5L{FnRB{6T!w>6M=o}*EgWA=1@Kf&_#X{{CA%C9Gz3s<=WMwOr3rRh!VJ)F=hY28PDM)-=~ zBdR(k3Jm7qsLY^)t9{DqXJ(`PmDeGE@&{ZFi`}MS{ZX!(pK{!!>$Ep|sW;qCZ>_#De0WRn ziU~&1TR->RhNxjxtLz`iP1=Cvz`f#Ueq*#Z=R-?rd8hC$M69f=kKL>etxCZbSMM3V z*S^Xu@O%D@=#3+(%yUli=Q_$(anAQF1Ol`QRbnGJbHd|OBern4`zz3Ooppann0%^| z=yMbmfU-ow5&yj{3YcN4mv#~UEswsQ2m=FFi9!BS;x+;rp?5GQw_&CI7&5f#@U}pv z($4`EIwB0H84+IxW12CFpnXEG5oC&Q?kpygjKD}%Fc~p0GxL}l```%PA_5Z9!Co?t zY`IGJ?%ZW~V)bB}((AhDz!Q~1n;Oe}(UUC=#jbIZ8Qy{Qcm^HD8+T6Eta`uv6{yoS z=^o4Ye2e+!tV+w(Ft_sG5(7l{rX@FPx?=TnR2?;Wlx2%Ib}zs|y-jJ50eQqz0Tk@? zQzgq?5T*wwV5Org4i^BE4<^@xz!HwA zF<-QIW3d$JGo!}y)gH1`k;Bay6G7btmvj+iEH;siB~jxQ|8CeF;y-BL!~_LX5|>6m z6HFN8Tt0sa0#*6B87bMl37m$;#@1-w4W!J`C?sp;eg<6&97aK~)-^RXi2X%`v{1?y z>02+QcYTD9VNOX4Oo*5t%k!{zf;%{8Ci#R!GwZbrsmvpzn>>TcvS}Q#DSkX8msVWe zg0q826OXcqM<%eyj6V=-H4!cw9M?)REqs0@=V6ngURO(YV~Y@5D1G)!5+RxWw`=8h z;;|PW%_x~sjVYuZL(GObbMzo0yMu#Ck%tYq+8UTU4^Mn@VL{-d~B$y{LuhftG1_LQ;6lO^u zJ5^u(kZ=e?!Q>vY{Plb@`8JNh!&R^NXa(DX-58W{f6nDxc4pm{XxW|@amK%h`~B%Q zfnk}Ff--dN4OJw&y0Y0D_Vx^tPgo8YZ6g+4c&@GElm_~sBcMZB*-A=8si_5gCSDT( z6fa;_DyO@WYM9vlF_X25uTKhmWJI48C@LhyP`9_%mf+2rn#j_Qx7_L7Y4a^q4%Wx1K`Ds0wK$>rg=%)+}vCw!v=y)v{fYRz@tJRnNn|7?~=>wL#&BM zg~cO(cQXvXIlOj?x-_KZlh|md2-(#!VS-#sBhB={rB&gfV*&Iw`IXW$$%`GfBir0K zKS!hZR()zz=2A1|DE@_su+E^%1`JW@xuG?vChjkPKkmC0OJC2y6>oeoy5@nkhU6bo z+#LOfcI-XBEXg!oi|K*WREbwk2smL zQ~t(aQgyN%ms{&*lApgi%#rB))1_)})y!s-n!XM7O>RDzgdpP{-yc z$6pZ2n_UzLg?C!|S@Y&q$07S7f04>5iCLnBIo%?x0{cjZn&a=%miiUvI3?asf1}RC z%fL!#L!v02f`UTl$=M6}^(VM)EH8h@aKvj3@Vz;@SjsPmWwVTV5?XFaY!u(d9 zG*`Ap_-LF~u;-Wd+Emy+zZo1R7a#=S2#nf;th-ZCNReUCP%q?9%7pKm^}-_L(%bFj zy6kM?-nt)q5_PqalnNuY5*{5*@jQGH^^PRyVhHh35}1rJzIg53CDyYGQOkZG7o}-ddz_s%pqN1f{@f{2!KYvs@+;pR1BN^)%FYhW1^@INJ zDD{IVM-74I*2f2R=sPNA4D45oo5;N{h(t@YXMS+8Z;kle&1f&{w?{9q|F*@!+lI{e zKbm%EVU$I1kcwOB78QM_aLEjfHsSY-&$pywxH!kq8`lZ#g7CoxaS zw-Zh$LX?^{oG|dr%S7&r5!?scImQ0wesXx+Ap)~Nai%u68_ucr@pS*4Yv=DOHh&2)e8b7p%=#@P z>9Tox%v@Jx1q)s!K-Y2lNtB90TIxfsD3)kigUFeQ6|$lyZ;06Y#3QdWFn&G8QDI7%c%Gs*=&GyM*$99n zf}-%yESacNsD^q@Sl{N<<(->+&7PSQt=eh15>hax!`K1+_JXE1Y z^tqkUUSb6sr^|hLPfELU?Bpl2gp(4OrF=z?5B*b)cWeec+OJ>jYj-tj^Q!FO;+b=h z4TX=#qIDjQ;=`~f6n1}-#KpxyM0a1`&y5Z2lw)}3QuK%F^oIlj-J_4PV`<0UUDwU}0e-5YC9hlm>RfkOKl4A!;y(4$X47 z3Y!H6@;syWxS$${?oDwb(<-eW^2z+A!AuYnY zU{1`*R>v^1u^tgM7b~e51IqjOpA~pksC`es*?EhMSu)My9_M%AWd7oqA5)G#@WNVA z%gJB*+Bi1Y{&aO)ZF|Dni~+XubiguNKkSu^oiCaj?urUU9RLZ!N1I79=K6eT7i(Fe zeN?2+UOLg@-lex>m5$Uac;#dMCNF=xs+s%$F*&Ay-TeGE=N`0v#(}@hsX@XG07*0j zyC(*68QRf%h(f-><@JnsjQl6u;4gm%6lP1-$*em~2Yv0!nKV@{QKQDg;mT59^TdZn zy1CU%{g}u=vs6MDQ#f4Xt-a%eit{UEb(IfPHasq!xmADbkC{@TjYg+POK++HT!1lF zrU6hPvDT$uvNspKaXBh*?9;{8P)}(k>zSgTXIf-AgU_UKBo0C<5AsE!H3juJ((9iB zp%DOl?O1{}VZ3kgYdf|%O|ydFO=#1Sh!FUQaj1-}_c9+SwPPW{d>Q$? z>1tIvXcgnE2#XH|?t!(NUqbDbdwR#OJHv&vz!y=G^k{TP)$>HB%Db!QJZKd&LW#AP zqe_hE=i%eVT#9%y{OJm%RIY|#zM@j?(Y$zS=j~_~j}V~_}WX4 zucgx~KUR++_JykU=jv(;N_BwAj4-+PQdm6?SM24S*0ztz&a9`zwPcwv?S>Z)VV_t9 zXSr0WwF~7LRi^vYcTRG}rIRU7iAtx~2;2(PQ85FBnoEMuCk65(5Is5&=SwE4=x}NG4kG8TWwJ8FgYX1;)Dl5b77YxZc?~jIF+AZSOnb0`%9;9$tI=2Q zak-v~w`1RWIA2)?z>n4F2De}@`vhz@bCStvA3!837EaTxODon)2yy zstQ)dTSO4(>EPu5SZA62iL){zOE=O-*_~fYKtiKSSjE8c$huW;$!{M<+Jk+k`jr$~ zcJuQU7nY&elz{rR8Eh5^<0QgBhuaQ8Kq%;L-w?8~p$_w{=<7LI%GHAbuKhEz$;FvR z)4?cYm;p@^%k3bhR-#=qLSN0J;vd^LyNJ`AqJj24Z_=vJ*ID@C?qC05g61DaH_u2oH}fSk_k}n1#anSh*^RO zKtES2b{~9g^=#9syjHyOZi95x&VChM6$*u?HFjk2QawCH=rjn^A+d2Arf$ux+z zzkB!YK%U-lWNkr-@P07i6_SajU`hzwu%?{>o2>bjIto=idUr!EHEaAa+Sn{&jKpi| z2)-CY^~~woC+=A_i)ZEcQs*bRTjXAEFK3^5BExW^{jiJn+F0%%i|>oXag`SslZ}d6 zo9wq8XCMBitZ;t(&Pc*1Lelwf-?J#p3&YkvHy>(w~mT> z{o;iO5b2PX5J3R}>F!3PrKLk!N@9={>9#;YQbf8$x};HBS{g*Ur2Fpqo%g-}+_jGD ztmQ)HJ2Ox0{i$sO9aKAf7Jm)!OmeKME$$7pk7>)<`QO>^pLqKabquz>d4Se3hn#N~gW%RpqH=I6b=yC+3pFyS#n+IazV1 zDrq7rk6!>+bezxg%V{+#IsrEltO!T} z?CeMHk?fT$oTLcuuiA*ajEybRbrk`;U`BuTnKHSO#!KxSe+z9ZPP6MNa&$M@G4o@- zLL?N4u}$nxw1$c*I4MruR!)o0S>D(QA{jXkjWgV7vFIrqKh{-uX70Uhl^DMxKfEmi z<(TWA*!l5e9WL<+_2_ilL-`U{4FGx4H|s1`z2PDiG)!#DBX{|5U$!?157%B3|%SZH8eJ^Rr5Fti0_jMge*y9 zF=#hKzu0ds*}86D}xH=f1*JL3)Jidu$yGp$v^G}fl7;5q_>WdAl?xB*lz@8H4ca}TBYc5wNfaYD>3rn%!VGU3 zM<{<()@763j}oeY2LBAF{y9_Fr1XA)cX3$qq*)kSt1`}Nf7=E*f4EmHUvDxMDD@FY z%1qm8%HKxwKPelGe60+yq&DLFoAV{cc2BIPIp`vRrOZ;mJca2E2vjaq2bh#HH3zhA zR$3x;j}9~G&gWNd&lJ1Y15CKPba{oJJR`oL3}?Dei7lUxYumhg;PUdTJB*>pM{Wr^Z?A+4~=PIoe6Mbg^fNnFsn2 zUe(k~Gvp)9ed}nvfw<)vGT(Hy`i?FCtQ4(2#?Y%pg?VJit2K(B6(kT zWRmW7m7Q^J>0TmBo(b~s8 zx`v?T8+y8BAI7G6g0iYpXvNV>bLfc6Y~DBYqq3dIqttLQTR* z;U#r_TCE<_NBv=TX85F)e^C{{U%&dv<8^vz$}RQ9sjMi}MH-9*p3X#& z=VoK`1?oVXCr)rLpFif}6BYdgNNe9FaLeK8>FKD~eq&@9Sq|Uu{(8F6Th7ch*F=@q`d?ZOHb~xXMQ^Xs z{h5D4x$d=x>7y69}2j%K1E#Eb~W_Pz*s`~}i@P*D80 zp5%lHqySzFTB@8l@l)%?pd~_*ednTWUcZem_H{KmfA^**i`J=bcE5AXoLt1;64;%d z(qIN0`hI-+?Y^PMHstKyAJAtjnsQ|c5)^Ic`A6bd{?6-}icHbc;lC}Ih*}P>2#q$5 z8sE1(CsmQ)!eKa6dxd`SRzp(8-k$aR;sUOWAQ%&p0d1PAyL&4PO9z00hg9z9@ZP$E z#4@~`8j#;+mK?)`%n=ySCS!$c{xvQBbvt{_;P(*ffk@jo;b53BCItRHGn?YBB}0u@ zV;eOBg<@pf&z$DG^)a70yspU?J7tN(kV)U8-sH~*iF+i7ogZo5cHb6ixKUUd zbJxuonDgv=xbeR+i4chJE-~>FD&I}y*=J&;M$hL$t>9LngT*GrSyH=s{*HN;D6ymu zSh0FoSfrj(LaM~JESRDh>G&Ee6$36$5?=CLe9)j5k5dcfJ%!eI_|ew$rrp!>esjC&ogM;9!B)0ubxh z+FFsfiMo&8{p2WW+hRXWv^H9sF&)~FxpBPe%}e6`b7#56L;SZ`&#%|egEL-hxF!ZO zA@OO2HM{EW+ISo*5(0g0_*^UtbQsx-R7`B+bX&MsWb6Xf&+4d5TE*4Art1Vm3W%*P z5bD5jNM0&kwY)T9HPzC~&&@tyAgRuck%!;q{i4iSt)H}pVOPJMA2{ zGTt*<8yV~}mzM%uTQKJcWub!U5CagyshT2u1MG+7Yg>^whc{-Ni@Hr7GNoj8m$KH? z=u@s74!v}a;@lc5fZMQhYtxXf6?*^N55Ay;7Ky=Lgfw zQO;=8?kUs$adIzTvvpD-4sM#nxFN=i$+gbRboD-=ANcj~?LaN^Ebkhcb7j+Y(UMwB zlkae?aI9=@mSRfOeYP*37xEPIm7x?=jdqc#TIN}iKETA~@o>93&|yQ&H99xDx_vA9 zF~7Fw+OH{pTzk7jHIzQ??qg9xhL8`bw=sPzEEqcC=!}*Rfep*b%~gW_j&u>ljM!bg zyAm(CGDm*t3z?yxTrfbaFWw?TA&Gtl}9OF><`gBty zB{I1-wIKtK=8J;K)B!%n3R5D-z@9RD8T)7@3#=+tw&wFkn`nqxI%Rp8q^0ni0RD*J zR1%(|1~iCPxlGrR!?GfS+b)F4YMfMG;Bx9`T@}VDQ?q5hjk}P75V8?-BCWOxiA?{ah; z*7s0nm_0@>^}{<&U;dT(Yi)pO7-Nv(7Dcb6I;j{I16vmzQv$W0KX)^TkQmwuV=i@2 zMlhO7dUEnm@Q%-a55oB0WOS6F3r?GMKmdOId)M|EdhFMx250~p1nEw<7MWZLN{)N& z3Zm3V)FCmMz}Nh*_!Kv--QjYt3f$wGS2!omW6)pHz1dv&r|jmAk8&VA*Gy_CX!f4KNCvF!g1FG6rHr z4`P>E@+)@To2h741{wMDLRvRuz_cJy-0T#UKz;6d7e|9Aj^B!R{k^^(4jsl_+PO`} zDi7Ldl2)qyw+~O0dN_jNqIqcIB9!N3mS>Osh^!0UI8zsk@=a?b^ZWGwy2W<8B4cWEseFWa0;D2 zZBtV0bhySR{rD~K3#l>`JTd#8?`gm&B;>}-&pMvEC!!cp0p^$Z|1>j>?1JY+orc~GdV~mSLQi#yjpbr-KwG!&YNS3@1Ie-)P_pPZY=^~cHSEGL}i51J_IiH01RX#x)Q^d{m zz!SVQ;Uenj$nlx~;br*LFP}25o`)7r`L^@dr#N5qHexz$eO(NM%MLPd7V@9NwW{g) znz5wkya=^X&)pwOiA?E;t+kap0lYAbE1NaqhD8IG8pP_Wk_Z|xL+qO?)zyPx1 z=xP+{6lkM)*YK>Ciu37y?2h2K(>|IB!jjlk1mf6Z+Y<${#thc3AmuQ91R_I%iKHGG zN1k+MUM(9_>lo5~lA9V784h3$FX%7GIw)Cc;+*LiiLu1X0Sap<3w^q8!V*-Jvo8Zg zihy6MxPA1zP7|jC0sWPvpqES*t1JO5*V<~RhVJ;A%&nNy?A^lt@sP6}nkRHb<5VE& zMEkcVR0vc@10n-#S7cjCrW5tF*H&qzfp8-!VlFz+Wg#n7=kqLq6hm@D|6E`Bu&{@3 z8f~#8oD?4hn6P8eP?fs}Eu8Zr1?&TWDaAp^M=PigE-x>uL2Y$|-s~)-NQaFFxn&Hq zd%us2kP}Jl6My~s)xinI`2Ig~I=h~e90OySB;1@gduRwC!tSRiddu8WkJ$GNibKmG z*~6^qPgW^(OSy<0{8LwLORis;yDp$cj6@!J5hy}odr#lK>=~v1z25s;3vdmgAzWhD zuf1oE`Qh*5dKc;!bOfAfXxmr*2~qosI~*&3VIX(QBohtsE|U_;LoObGj`d^mE4_JkeYBoWMrt8rgmXp1C8%>aeraG;%u{rZ)+RS?xKfTU;# z`cTxQIFu~lmfwy{Yd<7Cfd?G{ITJ98ZysRtHjq^9fOgJsLF4O(z!Gavf~-)j*pyFK zgx(5IOE!b^UNL@b+FP`H&e8yH`q+7E7wSVpZCBcGB+FWKw^U#D{4>MXp`?#TABdG? z0%g_j$~84sw5rhEgLcEfCy*cEk9WQR$qcV&UeFq1G*Eyz^e=@+>mOH>;Q24Fl00WE z$yb-7!hJ)~2l_c=N-Sg}I7kbnrNC7NQK(^{wE*iV1_CwIhF0X6e69&d_<$!v&DDgI zEg6vEmx0pm^XJcVz$77FeEP(Q5(yeqIFO^_n_+5)B?L4Gdu>ob+6x+D9MaF=$SrkS zRPPe~{zKm?vlf*t;&WM*;YGa9S~7BuRK7szy9^ zciQOre9#tyIli|`-33J=N-fc}Jk;!VS~34|(swB`VE%Zgxo=K*u5+=fbSJQEV0B~9 zK#(~{Uh3V;j*Rt_+T^BaUyB;tK(juC^z`I5zsnP`F1ovbGRLu+?2A#Zpuj4z#Xy8r9hG&>4rmH896VhjL{uj}e%aIVl{ucq<(`pp zT4Ro4X?RxqEu=ebRmU}7QAWvvYgNxwGUIj%56Zth8Cs)qev*KW_SMK9~)vF%((N|HJ2=QTwYpLkQ4oh|pmEpBmLBWJB zmq)mQsj5NBMeS!t3P~O!JUmjfFKSQly9*&HOuU>bF14!s@{X2Q*{|H?6rKR7x9ACq z;p#!oD`az18~zdV)dHWhC(ey&cf8ZN3#Gj9*u6~UnnrKEBoruLva(hFPtz75mJSfS zVREb$I{y!p4gj@{pxMF^5)v|oX;~1xje>oF9t`j4=}FxBWC{*pXbZV;@$d*Z4p4*H zK&a(NK7>Glt*B^!5H#FC8I`7LJ@FuUkoO!$3(&%>2~=1R{2F~*Gmsv1z>LbZsYWP6 zg~g1_kjvwKgtP4`^Q^W8Q*wAlx705N6MW|6R_Q?@% zyW8;M_1)%qRUE~z74E!*t*s{4@C{t^2~4c6yZG#&@@T!jJe=R`+6kQg z_UiHU+}*|hPZ1fX6;@SeKR?qlKWO_*_-Q>W8b#UxjD4x9Cy}_>bybW|>im3b z{sVVrR_<4vP4Qxj)?G3kpAf6_<6H`B-|b&$2(~FPOT-pVWzV8>@#5&Kn5-Yd^?RaZ zGtE>|jVk5ko3(E+jjJOFgKm8g&P*3!6k<=$=1+9`pd5{tPA6mI#>6`%x=_RL`qK{^ zWhP~U!~m~rFL1fyH(sz}7*z>RdLtS*Z7rMW-@A$GqhDp1`<-j@(|&F-J0RZMBgjqF z=zRDnzz;&2ns>A2R-aDPTMB!bMm|4Y?Rd=nKq!V@>ieIGz8N;@zmY?rZP^(ewor_f zqHJ|@jL@9mHFmM=4U(trL3XZdTV3~sVOrvGb_GAVi_3)MGItvx%%qqQ9zbG!DNc4Xa4BL zZh8IQ9~lxN%%6I^YTx^KN=5i|Ii8?X+m$yj zW8y3?sYo_k!89o#?j^Pq@}rb90nU*dCIXcEg4I_YU#ELU;up86p43>~`#a|3KkZUYd)GG_)3KTT&7-RVr%`z^#?Wh zT$etCa9)PQp`}ZW((#g#t@ifX;P58lPgtMosy@*oY}{ISoZa%KlXGAQ6Y)y_OTJL> zz(jx;5+r$fj@8_@wn<=TwNYD9Ye|$ zs5l<2FM}vIo~F(bc0i5ggd3K>u;DUJl<5V^9R>G+FJi& z=2fJc-QMX{O5tj$&N@o3hK{J`80Bsi6HD0kyVF;eGhr@$Tvhz4TSUhp#!PhJ z_wHilNaGfs`mcD(J$14d%9i94Zvy&eeGQiMWm%G@6`1x<`Oq8`Nk7Nl8gvJw5UY zp^XMRJ3FXAw^H+Fbkqc3P~*458420S!2uWh)AlIIS#ItPdFpE#OR4Y+=`L9#e1n#H{!PDL8r#+pH}>exWFl<0Qjr zmH|-M^)z)}VI4KiSNaaW$xSbPB?&;CDSEvY$dH_eN7i_0G4`?2NX%b&?4_$uqOupE zPtLfO*C!m;+7gQQIz2speB1!lf})};Yd!Lak!IbH!1G8)CnQrYoblehuAK@PN8Kuj zf*+XGQzC!~z=pgtMRW7ps9}<={n=Wql`gY{c{)+BSU?a)pdop37v+j>-isoz!mle{ zVcDc1CwF~c~E5Uku%>yZ`H?qS4=;zyky7{`i6bJ=wC ztf;#B2Mnu*#4s^UxEDYP z>IX6dS6AXEN{zYGU7YPj_0OOrqMDlN|K-*b#x)Sn^5>?>@aMn!6&b#hNIcO_w=k=L zDd#QF2n?)I0gbhjlPH>1FIjnqj2B0p39j@)d%dpGyHEsVPc9-5d|2NUK|1ty+udBu ztT25LOP!aMaJH*mn?^m$*xHQ#*gY4s!4$Z?3u9%5g>vPLR}Wpys)&IT9~J+_PFCcf z0vIzdemL|yMxbnygedB#Fs-I) z>|MTWU5(b>LA%|D)GAQvG+-wiWsK1Vsu#(3;2e6ilm{Oya=qWIc5p9hkfPI21lG>a zWXZcMKeUI|^7rvvXU^$&1~B5P|0-J^Z@m!e@I)Z| zPPWyayuZhhqC`c%9rfU0_H}^hca$_N-m5$01FU!a+{>(*o!0eG4=wHZk}QhtX_Hck zNVHfU@Vr8URQpAgzcO{!2N=E+fKoU434Nt15U?o%gW;ELn^#)LKic4!+l`P(xySqYRdrlcwCYqoB@T))$y@V;gC?;VEe8J0*4 z5c>8y$~2{AyU64)jT&w>7Bj3+!=b+U)?|!>E~lL{hkU-O{50|_#VieGWZN^j+qI$3 zEr*6K=2q{wh7QZB8X|j?ALiH}orDj_ej_zP}a2(~AEG$oDJ@DMjj;L3+^R zX6UT%v^NR;512Jn1z;B3Tb)3$aYOdQ{l{Ogp{7GYkBAC10|Zo(805-`!`}_5V?_xp zu$w?j4fdhmg|ka65qn;*TifG0wuIU~R1B!RbNH;^dkSYx_rtriGeybs=T+r-dJP-Y zR`@EFCTLct2Q$85zDA-XpX9_#?Y*SD>$==T8nEO2kt8S9l}4Yn@q8}uO{UZaUIs8! z5RdVy%&pvR#+a4^T+_GNjn=fpL1EU9jlAmL&-*D6#IlBppz?v#G?X<8s=*xq%Phc* zW;a>M!D&((0%4QDhy9XeQWj9ZyH@8FUpa(6Jtz}3Q*=Oo9zWgVG`dY)Tcy1&@?wo* zKgFgnv`>SWa;5l1IGm-q+j}cQM=<+EUKa(tFqteI%pREYKpVR_i+kfPH9g~r*)Qne_NELQWKQ8_|DrX zEa$+~L4hU2Ku8AH1A%fi1)MBVqPj1X8yM!IyztuW5yIfIpK4yO0lfeBX&vJ){BDZK zgtEnf6N-IJ>Oexoj_aG7dT2^63x+Erq-~GZYhKOd!aWCyN-vYLM(eSky43e)-3Soe zNCTQ{&m-0u4bBikPXoTtpHI`?NY{PII-4e485`@~TeNl)Pz5cbOtBr4%h0s;27|ng z%4nEak;gBRa{E|s|H?$EvqIJ4{V`Jru{%kj^w_FLb-;ya98{BVZj78VCRQCe5F*Yt z{}X|swCO~KCPPLvClnskfyJF}#^o$g1*Vq00bImMvZXnsX?bNEhS?ppi6%zAx6uGR z5AhMPILuH|>CDpy(b3cAg4bnk;ZF5%w!d@HxLw}m73I-*R>|e*QW7l19J&NFooMqG zay@hsbRL6!v*fUzuhp6PQh+iGCpGvx)lL~fPd88?W}u;f#9wJx5QBNzEcmy?so;SH z{6?zIsd>0!358wd%rYh&LDJz-DhBMDX5sMdEw7=H(!IBtp@Srj*L%VFO5Ho>%-c^8 zDgUAl=4`T;UfO-lUgUr55FpYh@(vr}?JLUy7a<;tg8_(zD#b~Ii8WZDPP6z|)%kJC zSAOGJKC?8Co}SM|f7~ugF6Gw9hy>gI$HUB#W z9hofr{@JrKh`IhF+(DWZBAI3(& zYTIT_CbxCFIe1#`T8+l1vC&y_qN8Dr>Z)h9^&@?#kKP47dLiej?^yJHFF?KA471%p z+EdXOVQtbkW|m5SliYkTJGzbWOa4b+?aoZTj#q{w%Bm()1p+zIzRr2Lpk;AQxx^s5 zF>^63J0LKOkqvPFSFxF2Zd+>xvYY?|hlF6vq>@<+6h#2?eY`nA_3hA2(NG4HInaG- z%{I0#n_^#aw^Jb(&+Pn<>tYthysqv!>3k2(#4X@yI!X6jKPQp4kbtNabY~C=MG2$7 z$QFttzI%w;+#A?z@D+5rurf`Ey5lO5q>v zld%)YsG~0RvzeDucan~A4abc27{4K1;yF1M;=?ExEnU&maXGNHR*KUED@jp86SOes z5_g9o=ededRAeS*D(=3|?&3fwC^f!m1s72|V<2v2{g_u}Y#YLfKN_N+OsLBxPbIeW z2R8vBcx078reL649VWKy5(Kl%M-B6SO-Jf|mP=GR6Fyw~z_2I`P5D5MR*CZThc9v9oE z*RKccb5Xd|;UYBiJ*jqo$ZW*)mb&tG1834EFX&%Wp#!Qo)AL=spN1=A_UAPd^*ogr zv~?A1wV9T%+693oEvE5>i@O&2i zz`vgH{+r($;YQyxon+d+&weI!Jig}F5Oa&uV;?IV@PHIZh8k8&ODnactxdkQsjc4Y zKUsEHwbjjx|8&_86hs}0!vl_X?Z34dUQDIZ&goUy{F^o$Tr4o8fUoLh`UpkN%c;I`KM{+hw7RMbQtOiuGjMF{0W&=4hj&Y62wg0Pz2h5La4L!)l z%_SvWnq%etP?RfNkg#Zp4zbA@sqNcH#mCCm*UQP;GK&)I*Ias_7#-HTo2En*R;)SIU$0R23 zjkvh}6H1M{*^z<#j6Quojpo;N(DN!N2Z#vLs&$mh{RXWo;zG-pMq>&+Bb};GhOJA$ zGJ5aXYpbD+0Pla{Z>vA(g*<4KBxI@i=J1%4HK5iFb&TInCJO~NDlyIo&uaK(fRL;j z$0xD@iqqkJa4W)}l%zhnYekwDSjgjFh7&dp*WiRH~r!AuxI;&EI zI|6z^e8+xL*@$r{1WQcnDDWume+SU@5qMRL^k%bv!BJSCUqWF?`8o0{N+upV(WmD| zYip;_WF&ONZ)jO0qn30p&g@G3S3f2%jXh7rbs`TUnfLkDV|tr4&a1-Xo=l{0e%(gC zn!D;ieg$yA^|ct4o?kWTY=QlcO5sPINUq}AxVd82jECGbx8;KxHy4~h6dAGO35F9` z^2TJmtfsV3Z>fYQx!qgm(ED3RxI4`16u|T^za=7lTh!IvGM<)sZ}XQ+;aVi1hG~fBZNJ^-ROyh=L`?zkk?|hW$@- z;2&o$=KxnWd8T|`G4f-|FXdc*Q6(nYm*Oj*I#QE=wWmT|jkC~G0z-@H%LEhbzD(-9s~%X2LYy}<$?fYuZaB%z5NNNyOR=|DMO8Q^o= zc%l_)A<|hw#GFxDzf`^p-#IIM=MbDY2i-py%^}-M)bnd^af~HXf~x`l!&wI}+t+=8 zO?F!EOf-l);fzqMj^_iyc<9GLmECTrZAM*-4f8h=Ep4F1NZX(SN!J>>l4{;(`lItT9+!D}Vq)?+`b+8USQ zWLoDQiJ+a#ioYC|TJO!_{E>^)3U(nJT$2S&BIzG()HFnHAip4*95aRo5IW zw>_`PJ^@nV1`P){e%t_3vZn5Xnmm0o5`&!3Qc=wbiE?6S%Fg_g2m)d={pg*$?yHW zH=yCzT`YT2zImkjOtR9nnjj8?Lany*Z|96)HkLMgjXy_3?_VubcN9y8T13eh?T9P>^?^-di;A3ua^e5-SNWg$Nv$#1P*RN#e;Sz z&9MbgHV{H_U0Fp1MhZlJ`^MjsET9q*)25__6W(}ZW@WW|K&a(oZN=D~FKZauz+L11 zT#Hj#jPBE98(435qm^wqaa-|(vRmYGYBZXUXNarri;KjmM#F}b`YL+-IL_~H1q>h5 zKI*8*{6Gg+>mPO6)H@LSNiQP2+cM*DuuTboJoK=WfrJZW{_J2Kr#rZ`Ox>Ro>&o zP$;h!iY+l3q1u1*MT46HSw{uR7>KLzu4YjqWVz1c?hGqRydEx=C;3B|I932DJOmx<~81Ia;m)tsdRQ09(! ze|PvSIXnWMRS!N2^6*pmbC3^xmZ_4^{y#=w`fhxd2D|_AE@UB?!{{(na|_+9&U!R4 zPk||sMAhh~;TN-Vs$5RlhbDeUSHnKF)!KNq)%(tyu{gTj#SK@;lpj&wxelkLp_G0d z!0FBVrQ+eC1v@m73!O;~Wm`W?Q9hHx1?BqsCG=aDr^1#)(W#O`>(Ywxd@qUDTW-f^>}6s#7q(uW=*hnA{i-r+#)xiwHT8p3ukv8 z8tiSWr8MZic<2~suDs1%FIpS?Fmajfo_A;1H}JPne_DEPqQ9sI)<7ga#ZO^ zrTw0KOo(-(sFzc**GcATgj>Xzsv$5!(ADh z@Nn-hIHgsbo}{6403SjquC8YprP)YBgM_CGWhxwBEwJByJYPCq9p`A?I+}HSEKHn^ zk@T*0l2jDOtLc!rs}(0*Z8dH-Jz7TRl^6hT_a`XAank8K20zvyn}V4aZ0{ar2@GsU znXxox82gXmF^%y?yK!a{6Ots;s`vaw$#ivITH!nwCQA z!HtbKCoqI3268rU3ky?KIj>6X6hSJVQI#{f17*ku)dS&ufM3p){R^-l??9M{<>nOG z=^*cU;Ss`B;w`R6*)va%?~bsr{TsKh|GQ@3rItNtv3gj5c#(v`2yp|y7tX#RQHu7- zXpFLrAUki7ZdZu{viK6QND-QTMuDa!75QDhHy=Np)feqPOQc~w?Jlu>*q1Dru8fI@ ziNbv$MG#L?q{(Hgx>=A;Z$7G#!?PLAcf1-#HWVNn97KN+jj~~?D`A)ELt6`uf_Buk z8F20moEddT3M5-tLRAW;8REBV)4ypz@(jg97*XTN>B+oZWCimam*wz%6mS#Ae`);g z*4B+E-Wq0o`C87`{ErNhZPCpSru12VGv{ZjKTE>t0LYbV~NW=?6qq=tSawXLJe)L)$ zy9`?f>@SdoxHFBMoxeQW?gT}dU3CN0btuv*bUf5MApuRxetI%nOFA>R!9?yZ$@d>W zs-3#KgTibq{|ZYpJDyhd2^dDPvms3GOdlH?$4u(wT|0h=G2)<E!C z-5o>PnkmEn$;DjV({=QWlBPR=W-N@yJ{2FobM1Ko?Gr-*L-v6ktA#(G165ID2#43g z`0kO7^e6m%TA;UHwLJYCAQ&{P@YAXW?OrDV>WebF2xHTW>M83Bl#nv!Ap+%$9wCe7L#D@^*EbWqYPuuGM52^eLc&NOjn(Oxq8u&l zerFNuq~NlrS%0OcDUmp7%ALCiig>%&2LX*CW*XUZksn+=Jdn9pw3&KxKFf<{i=OEw zpW2XDZ7mP8n~mgtx2P4M-!4E-`Uot01};~^OLeM!cbDf-^PeslskqvrNVy}9cK_zh zpuAN7o#t76H{l90Fs1}a^?jM&9CYHTY!DJI4l3&-NVyaB3~&Ck7NgRaq5$=z71~FR zlV9q$PGDAx(|HQ>zQ{}c{&h+DFLIH}k>?vPfA`l=Pi|Fv(5x+JeLK)HH-Du)J?4Pd ze}f=@o7Qc4Ju}nk>hn0epUc=4)W*G5PvEzdR~BvaahuP$ z%Uex~4&S@c>ls(AEw>zzI7;+4U%>Dsj&!DGDa`-qpt341F22ve5X93l4k5)!vYCJr zf6~^`X+xAUUJR9PjUDe+1U669Ty7#d!tnDNib`BsClA+jeJ6Kz!m47UEZGvGAY%T? z3jSY~n;TX|Kvd%21XCdD;U_np!tw3Bjck{HPsY*D?o=WrA%dZL*GWaCpej|eVb`g= zyr9be@ez=H!1sgY8iN*p5g(^4c zma$Vq`);@krdiCpJhjzs66^DbO}X>){Ct1;MjBoE9Rn?`gUXV|-z$}8l2`So)i~a9 z!j~8Hg;)Rl@1MtRZfrj47YJx#6n;=D;Fw=E-PE+}q+iHgkIajwbM!MJO}#U|*RSs~ z8ROnItZ^jR=!6H~?g?!(y-@0l^~8_h-$$6ua-nmvdT%Cq<760!kO%L(0l`RK-idSR>4q9|mUG!K4! zey`x^pPw+OI^ebBc%3=+-&i{=tYju*vSQnWIb-F_Y%5~0yFH_|imBLFA1yKphoG)S z(APAh2x8}H(Ytr=n!})W7<-j!k?LWj1?gtM5|T|f5`e0%mL}qJbe$n{E0Bh$1G#H> zO|ePa@ug6N8^g!Dp;o!WS-3hCUGt7wg zO9uOREs7G^a$imVM+#;~mR?*h59C zK#BCUu$Ugh=zrI0o|0N-xhw!l8)$UX*~gAsFGL;R7l0_`cLR;pE$<9bBL&P4deM2a zsoz6~8K))%sOTl8vQOXl4EyUA=?MBw-JfbV0j*Z&)FT9X+m(oDBtZ@UY!3ep#xEb+Zkxu`ZA}cpKVq>`cE3f2n7T5aY{m6Z?&dsAx^5kYs5&CzD z&0thz86X9{-0X9rS)9}Kjd_GuNw7PXKJ^Rl zo%9DXw{}sTE^<4%t=Z$f$81igdnSzbCza=A1t-Vu#zWgxB9rL7GnIp5!DUC2A!8SN z;KZonv#-`Oj!frVGC$1d`c0ENGB9(J?Dni>bZ=ESO&7;jpR%W^No?-dcgN9jcX{o~ z1m%xjQ`dwa3>TD*eKj<>Xg+g>yDDItm|`xd--f6SiZFw(o4BxB7J5@7k5?@@6Q__w zK2^oLetB+jO4=%q81%n)&K6uQze8>O;@Qnd3cj`xg3zq@(cX@-B9t-|SNQ48R*>$43`^oz6GXy|^o9C3ZWw)3V;nh=C% zT*JtC_9}C9>gE8jl>>yq7XRs3-e z(VP?&=D%oASwX!)-GXKZ8{S=!Pmd>OHu<>w;rDk?8A*M}8YTW3z-?VLh^~lqyMnPd z8O6JE5|G;X|1`b@3iH@JRp2^ALtquJk5PXS82HHic};jJAur<>y3kh@Gz6Vpq(H&k z+RBTuf<%+E!pQF81YL*HbNY*~4({O<3K>`&EY|iIzfTvo-(N@h^Q&2DiQhkp0k|^m z`N#e{<+)yX+E7fj;9mG17oGDO9@XIZ6(nYL7uY6MKnps?L?B-$^`t zO9i=DliqK+9_m5HPP6I-mVPyJ4@#tzloUz<1DVI@R)zCCwIK$tV_I-s5yx-*`bTK- z&sWU;e}p)O*$1eci0*remN?-g+1CN;P-?RAsA8l5_{`hZlI)A0FZxIIFLRLrMKtx_ z-@MU}+a_c|Lr}!Uzm(PM*LvIb$=G2u7%*$ktV{^-VKrz<-Ty8migDF7Kssxh9G7mR#d=TIPQJAA?Zhwg>|5yYIG$^ zX-NB-1kCi&XiolRe`b7LB`XkMh1%74%KQtLt#nVB*~|1th%sC9i%Lnr%Ob#kx8r4R zDFg|_d6ph{r|$g{;b&WQL|S=dw4Dqv3r;KV+YFa%VRPR&etqex_|{XdWvObdb*;tY zd4xXhKD`5k4$Q4cmjpUO*caB~CyY$1@4q(P?Cb~!t;H5Heywn46rpH4^S|#ti-?B% z%*8KTmijysI!q zA}h{4#B2JvAtBE`Vvu76B~^XLs_nY>S8d97y8)G|DlQ>`8KW3+0%1<@7$dBGXct)e zgr`KsS)b7J&MYxx8}>`lG{N)ydEAq{J9zhPxR2&*OeHV1J8ZD}c^8PN}57+rbf2d<9@VZ2+ zs6DVR8x8U0(B8V)qfJXVPR=6&3&aLHYaa-!lT2QwmYt67gLjfvqo;MZO}xJD02k5> z+klOTX<)%F@=NAPqF`t%220KrWbea(MOu_{8iJDNUq84Nbw^$v)I@i(UKdR6 zHy><4W^qMvzBB;Kg<9|)K6e>jpk1-L$t+hEh+u9i?EeDI?3(%IXhn#PoBhA{7BY1~s` zmf&)u2t7rGwXNoztY7IOH6&T_2#ONJ0)b$IistB4@a+Bg?3dEJH23zMnah!{Y>0fn zNH^bqr_QUSBpld{^&n3Ez-LQHzS8C(aDc(;@9H$3$~RM$gFfv5#NGA46g4?Z=bHiI zX))?(oTz4gqtDy8pDh%;Tp%N=@=*Pydg-jT9xy$;x$(NBAgfVYe^si`Su_b9@nNct z-2VlWCuHha0ioY>i!8FxlF3UyR$J=zhj>VD1LD{Uj4ToR?#IAS#x{{+DZ#QMKo?aJnn+0eVF6QAx}k_gnkz z9F62>(re9y1r%<6076N0sO`b%7mW}h$Z-nuOy6#kk@EEf4~_eSa_Ru*xawpyvVx$t z6y6lopWz`Gw>Ie@RNQuQfOvd8q#q5 zLn1;;_v0`PFEbZcQ`+Q#*Vs{MuOq_Wwc%q}akUNk5V^i%_6X1Y3$fxsC%a$r>un`x#?zsX zxL(zA3r1QnA1M<)=$pNc5LbNL`kDg55l|>Ss!aW#;D6bCao0%LkFTnEc7D12%-M`(=+IZOWdL`36s|G}a3!!hhX$YqJ@^8vC0yvF${vmTWhfT)V}W7i~6l`a}>* zK>NO8Rik*0uF2+&3PQYe+U4qf2*Mm-?V^KdI|%*glxT+0E6={3W#;e? zKE8lBAqbjOkX3&?(v+=Kcp9i(f3nQ9|8yyIw2{+pbNwYYJtc(ygng8?S@?69t$-=& zGWbbBc8Y+3;sL$!$8cPcN%^RtQc{X%5NK=ze7lQOUUzutKh2*1) zGvxGWMl2`lRjxF;EF~=JnLbaQ^fy_u+tk+mrte=-%r=v{^zz+D#Kv+<^x%U+5Vww3 zxzK~=e*gxgDwYhViXr>Pr-?1S_M0nKb6=IK@!K;pR0#0D%lW1yC-*#JE?G2lah8jq zCAN?Rw$Gx&Na4;HpUNYxyym<=esF;aoyP@-$boQ1u6c%4$*kVDhDvHahbo$>Ov8iu zPkS&)Hg%*xl*{Gp=X%~;{@Uw-T#zmAbZ&fOby@46gx&B=*y^7U%PZZf9rwOY-8co( zZ5d@55r{E(m0}bI83lh5@?II`Ux~UGWXxPt9Okk8F2FqkqBZ19SdPK*RN+pUnfHx1 zgP5oO&#kFalK^9MC=S>kl`Mc;u$MxFsW$Sd46C%SNo;Q>GSI@u-=MX2~& zV5GsuOtaNGGKdC0;y}K+i7|y=l=_z~5wszo-no~jlLeHJR`zu!-K)_H(^#YD)@nXQ z>Zc3X=u>nc#)bbNZ)5O^{jK!;?V?%}tqYeCr?_(`!qZ7QYpr{X>`>lpW8MWnZOS_aw>s?72++DSrOlueNlo}rQkc?P8LE# zCXHPtrqeaSnauy1Sc3Ye+3W-)bm;vydh z+|@9Ut<$U82mHFcaXZ-YM^I0)_8j4Gc(GBb>1A2Z8xnQcVPXhr=f3|KrqJ2Mi!#h@1qr>nwSW)j~Aa9T;Y zy;2^K{7wL?-8Jxt7;*ZNweB;CTUGRKy1V^&K%RYXf8Vpb%!pzW^X{#CrH*7%VVl;j zy29VvAN~F_v0Nb<2E@$vDNGd24>sSnHl(Y|sxIN&Ibm$n%4!GY8C=Kn#Yab%7pYEP z$j1$6JDX=s&;pT|r;4XQ@2CJDrR-a$BFAzt zQHZjQim@ci97|amWQk;p@_XGnb)E0``Tg-+&tK2EzUMk$W6XR$pZmVw>+Ah`J@QV} zPoHy0^}DP|S;TD02*ieoHhL==yAHR?J>P75U6+4-8^klbu;fm~*20JsW?j%xTNy}; zSDP@lKZC5m+|#yNs$c)!K6&{Pkq^$nulqERLX_Kd+TJgpHRNzx>*DaiUQ3K53Mkn# zBI|)~_sMbc=xPyPje$!{=oyjmyn3)p6a4}({h!#p9EkEAh1bR2Ea^Cs?IBU2ZfL`t zx#X=tuCCeR!jCc0%X7~>G}d=7`lkO;T9oqGrn_Uunbz+9y4hRyMg#;b%&=^{sdL)# zQB4mzEFJ*?^4aIX>$M}HT71Qdn3^6Q9-e0)VU6tBFew<26R{nWR1~!&Z3qyD(-?F6 zIE5j%)0W@(Pnv#T&TiYjq6+(K7sOZ2oDfy@X{K(g{L4@5A+M&aLXks*1L)r|Dp!}b zQMi^z+A_D!V8dX(wMa~rS&R%@*y_@nn%YlZ3vx${_USx-(JBaG9`l=O3pJ#KYZtFl z9J$G*^3~gvh53tAd}(D-S%N42X6~gi>fAU?Q+mTQ>z``&;3Fb>X}M#)N+|3-c$B@U z0h)1(d3mp5Zgn|}J@q9K&&B*i3*MQYapt)LHAqVDX!{iimrjGaYhXJNtY9VCId2o! zdPGL=>W<@f36J6;n)7NDZ3oX=pEsidt-S|Om|tsrJBv%pv; zDrDf-3(>mF^LB|%+GeSXx~wtbMMjdqnZJymzo53Zwqwev6uXMCp&lR5M(%o?Eu#SO z05atIKG(%_%Bi?2L;Rm~iR@MdMaBHe%G9!+EujaV9P$qGq*ru(3wel+4nfRB*=37zWv0D>imud?j7K%n=hVXd{6X+?ltGl6f1;Ds|3pnSmJ)&YMm?wDtTUlfCpsAOF#Ag zdVNv0xUPG$)_QC3@tid^RgbHx{>A~F(S~=HzuywR8f49&UsN7#3w*_9Ck@E>x5iYP zdDQtm-prz4G`NUQ^Q}DU>|efIT*}X{E)l4wsJRg{vv=9B1sWV*b&jtj*ZKc=!KjSY z+NGX*nz6}$`B?bYC+4*a9%uxxpn2!x=H?dE6nPv<>FT<=A(M@P$>m)f`tF?;mVh=k z475*UV`Goy4lsY;fCw}h<`*u;H($HyI3vc>zYFJ0pA2@LslFn%eQ{5~naUclHT<@>ZxEZ&D| zXW(T-9orTQt2hf_TP4eges~mon%79~_ugRRU8KN}>NIS*cIg~^V~lpNm4EAFwci`Q z7lb)3=(p&mot@p}JaF*AH_nnOYg^kw5VU=O9&hJbJ6MbV-C+E-Al?e$ho^ zf+fmGm?W{DTx73X)6VxsskkU+FgW6cr=ZyM^DNo#1r`SKJsY$WUqWW1;?e$K#lXTO z{q%iajlZ_xO4@$B35q`E4l{*sz|K8=^dE;}Qn={n2kLvqo|N24v5oWro3cyC_q?GB z`o3AzH4jcyh=F~8QJ2Dl*A_;n1MN$w#^-%QF5XOkKUKuapf zn)YkN6Ygetry(hT!HhcBYQNSm%QJHQ-t@X-Zwu60=ea(w}axF28hjr!q-zjX*bA{31f6Yxs*#o;kfhELYMAB=S}xpO_UYwS@(x$ zwnAFDRdr%?Apri1moN8*9ENvG2+z0TuNaHd*tc&EDM5jn+vk(QB^27o$R!cGiE{nn zcw|{8|E7~KF{_hm!WOJt))BnvR6d#KH+#31;AWvp9OQp?1$RJtMXyatooe~k+2-zR z_6Mbaa%DG)iB{LR4)=|acE=Hf*otDM20M|3LdD+g3(oK*qJ`B2{|z&h3;N}Z?r^j)i7 zRoGT@e0yni^}QUhd?co%RP@P2YMQ3{;!zo3(w^~Se3XylN(abW7y3C)fIgty{OQ8FQ$9~uD z-Dz^~ovSX?qi9=v`f}$Z#d`fOIW6$w-RZTb>0PydnF<%DB6JQouBEk^71Er4D--_D zFZ0$Z^E!RCcP@4`Wms#iEquCHMtQlR!}IbPwd^fU5l?LRy^?aVKj*| zPg=g}YHhuS>Erv5;~Z(eA$DP;&yd1(b%{`M5yYM*QWmg%S23gOE26|lS#f($OjT!T zSe%5%4tFSssSi`VcS18@78#RAtOm*Ve9&T2LWZAte;=LUHC)Hj@~_>hKG12aNQkk$ ze0>WizQ3Q~p`1K*suG-}h`#^$o3Be`8bAryX;6s4uQwoic)C*NPi1X znuiOtW7925N=oQ3Gu_Zw82sU%nFcdJgWf3({rG~O@#8g!erxa)3YO{FY}mBPgiu~M zyJ9K$czKT|JSse@vk;kx9*%dof{jU1y#QTGS~_6*v}q{_{=>HgheTT`r-~|JpZ{Yq z*&3f0vXnr6JqE4l`R~os^<%XY^v<4Lt>n-bvujH~{6HOe(&oQ+#iIMR$`83t47+xt zCS?lIp+w}ciH{$@GFlGSn`7}>3_Sa8FeKohTp4MesUAFxlY3&d4o+qG7UMZWn++)D z7$y`_vX{bz3zn3Xne_MfORZh&we4HS1HRWVco;9E!xhp2*_0I8c3HNhwDhcRXFxl+ z?%qHSsNhauAUkURzf24FoV9yzXXk6w00qB`w;XvNn3|aA3k#ZBHkScn8mV>bUi)@_ z#eK}1Xdlql)=qo%YL7j)bU7TzAj{>)xFh$&hnEm_GI@3|UTX_WKnVa*Xek+jpCtfhQDz9z{>6t=@+tHLbPZL66Kw+l0T>g;Rp@`h#;Q#OO+{_h_B> z=*b<$YzNzJea|Mbu)nxBM#J>#)6I(kL=`I-o){kp(91S|@7RE_x(-ryW~Vw{y?J8< zBY`s!woykNsxaj=tEN);h)~lg!>FhzJo^lzqMQ1kZMZL0W1-R2jWG4>Dh>ZcnUjXN zq|%}yk5jqM9C44MyLZnR7#N^8H#d_7@vL1(|29`22Z1~e6ZUHEfEC+$t9Pfc6t~=l zZTwZL_c?r6g;cNh!`xmGMDT>oiH8E_e8t#9(F?@H#1a88+`D(LiRLVa%a;Xzl$Xn% z0Co*LNb>R>(P;!Jt}^mrD#QwfkPn*xhYY>=q!V&P_ncTSVG$96zI_Sa3%A@2MK8?_bh-^20{ynLYKAr|I3K=I(7ZeH7hLuXP>Gk8fM+KeT^(l@~P0CLut!)qxW z(bxR_{VyQRcH&vz ze}}p{`%YI`E1!UX7itq?fLu|&mh3k^do~70M8qbW_s4$glR1YNW)(^~5X3G3$J`b>AtT2c{r4&HRPddJoOGYY15g&IX1@Tv_>f4b54uHzsBU^TlV#2ThwX z!>B6uAhAY7N)M(H)5}%2UOrh_w0C{h%!hQWY34-rGe)>e@MOult8%SRk2?(645gre(2iC_M zImGk9niJskErzDy2e3neyp+eSd49uNa4ER)Ozp!~Ho(wZ-P);RmmQ2(BuU`v6 z`f^`ueLrCaR#Fm@e%?0)?t-v7LHw^^_Pe)*Uz`yTq%Nt-yzU>~-%-~nl1*<&4QUeV zE!7s=pQGBaQRu}J3@0Nh7=bzI?~IFXf!C6dF8dtBMv~L#3ho6+M~YwtO`NPAON+U> z6SM08OTSoH*caEia_!n#;NX`+31`MU0fR3s&vR?9;W-Bf^Mlht*K`a#-Z7AUy7l_3 z1iSh$jUoW945DLb8s#{HY}wNo>a*>r;2~T=@X(d_)n^8pCIoDagjvpUtzMl`Zga5a z4);=6QR8JPCpLQ(G6SPpN z(7BR1bLI>mA0G?E6UEp}99Y$jB1wEn+9gp}zMbc`v>4SCr{7Q3@%Hv+Kry?N!wKEB zb7u-NbQwq;F-4zd+s$Qu9Z0%gdku_Ay5(#9KBj%OHZPOnaFs3bggjII=BK_(g{Y)b zXjdJQ;nawTh}}<9-;JpsORGLxHhhC?(p8kIU@)TXwNRMp?CjPTeG^L-uhXB(al&CC!8OWhvw^i~fFcz5o&N zD_o-KTL#RrXY*>K@#pXEI$zpStME*LBlX>}On0N`HO=W+@{PGJ;Rs>_L=vAU zbzTBD%S83^IK%a9cJS@nc@K}S3oQBQDJOQUxp-9eI1GP1_`vEBla6jrmj;gF=xMm#P!^5Mrwl;Y0 zqoaZR*6eMTWHAvJcVqs7y5G7f!kOi~`0pg^(gSd-Sd&#?pe`1y-B zoqm4q%j^_7oxZ%-8V>I9-mxw1qqQNvRC-M^l~X$COg}Jj`CM(X2=v~0W8cMLO18@TBQ?qETbaN$f6Lo7k+C{Fvn-FS7!0dl z@<&E|dqgUy)Ve$Qbj}+%V3IX_ia6HgAAVNiFj@d6!H8lClKeQA~6edD(XxO^2|NBzZmT?>|;>oj1NV@h`X80a{5G za%Cnu&1uKtG^?||BS9vK3KZ&OSYIU*A^(H0GJnQ=!Lu0&H&|_m-`rjg97hNRS+LvN zKJ98Mr>F$R74+ zgbeN?%F36jee`JlZa={yWZzokq0%K|8~u<`4T8AP0}^zwL&-J_K}#tGJ&Tlzio-SFiL(ba3!b!kGI_K@RwI4Q z-9FN}o5x?^s-?umukKyVJM_2tU#Y0@Q&|EVq@_)foNX;psN-YW^)~1|Ay2e0Dj;p^ zp^F!{w91!V;JHI(As>{6C(t%m*dCQxZf#U%%Anb}M9EBFUtv)SLrZ)ISmaH8t8>ks zVE-V>G#I({psKSDep_$Hjwv7MzC8_@RVmyy?9kdPvKL+UPn>@98Z{piotoUVPB62fnICg!eX>od-^K+cK>UG!e?OWsH z=a+tAi?wlr!pd0_^1Xkj``C59^?=bVu*l5JyxX&2tCLDMUPWx_k08VEUQiGs{cr$x z%pumYVg33)7=!5J2zEi{;{IAu;FRFS5;54pS5mm-L`E3@1C?(bt60{;LR6!jN$o%2 z139-=s@EMmw9UB2CMASf{p4JwI62k5FD9-GRceT#1{@cC*Bjf{-?-tL!fhC|9jEa!_|{{eqe3`Ok2N008{{E0YoiCT}{ZkXC5 z`ucO?wdVM@_CYn1j?DFOVxp{a%}~^QwIn+|x{* zK7)e7<;6^4LBARI?%g9OCj=O7*g|}8kR8hkr7gOig` z)G%biK$ow6q#60#}I;RZs`0paE4?Q5_pZ$>`uDJfHIjZpUL zzDHY}s74z{SMz!szK4G-Mq;%{M8prqxdm&HkN0lWzU!rMf-R>Ab~qG@(X{vwd8sMy z&*KRx=;Hb0th}ip6!W651u^pi5yf{|+fayv*41_Wq>Q?*?TH+OH{!tUmv0-6f$hNP z{05TH9f(#D5u!2NP@FU~`;%kijjz}-l3FZUfc-HY!+h4lA-NhN4Gj&r9E*{twBymL zaP@@c?rU$OP_*-x*$YIK&%JVnTBp2%Lg@GWxxbFeb=Xr6Xg9Uuj6=BNy4L!1+lTs- zO5ggWQaxV_8D{p Y;fnZfAPFpynufyf7#ck~DwvLAVQ4{f3Y}l#j-kjmn+|JH* zH+y@0y_JOMz9K5lA@hahZy}@&c>VDrGqI~d3#Melx^;%1pARe;=Ik3PbQ>IJ_OaJjK-fQCtw({8UXH!y@+Y;(a zYMF36zKHEYjSn*3n22$R9i4q`;y}dRyM@?m9MnTBn|G#rlVd;IonE?wz2#w%tzzW; zkD2%D;pbCP;yIaZKOd!N2X3fo1*m7T%WDs3C_%rP6kgzGicp`ZM7sH=<~jqHSu}N_ zG6fAvQfS(C`D;oSL#=8+MB(DJu9~C*H1Y^nBdA9s)2ajgss%D`MMe4Fy0s|KG&3-S z$#c;4qsO75q^-)+OENfCC4(t0uqpi!J^%|b&G;*h_oX~3}yU)K?}wmg(s;X z3~=bpY)?7+ns?{!-C^>fXgR`@b96iMDO40kc~1b&c`TtC4)3#KY|zQ0YNeyT>)KRkiMpR#HG-gKDUQ>9|W}TGTw#Il#dFwt7LmH)Iw4kH{+3#fD z_>gtd!%5Tz*Icxpm}(TMTX)0Y8H0t9)JPb8d&l7o(BP^=O_V;21MSFkK~dN~GHK0d zP4cPz97gxxiXm7{6w6GR!|lSxOg64&D9w8t`EXu#i{+Xp`WwYpt?Eaaw;3Bu9X6j3 z3Oi$#0VTS0li?X|2;&X7LGa{nA2Z!t2mIt}h|>+b``1t?QKro(o>Y`aU}1Zn=geR4U)U9%Jba20lR`N09fP zy(>uULt;QU&{*=9m0j*>oV~PETrYmo)A-jFA*|gHqn*G(s$YkrJpXBbAa^NpPI$>w z%zBb=X0s%MwZFQguyp@?)W!exqx|qu)`OppBOA>}+uz`s-{+y*k&)~jJ9ZF%oDCMp zkK_VQFTBh4$3qvxCcev7{PNEo8kL#s)r#?{h%A}jCnJyxPR{Q8H$;tahCQRMLlVzyIP~F)L%Tc6XOK$4xqi+~v3Rtij>p0(kb1c`tE2=;gKfhUC#L_&QDE94p3MgoW3 zEq9Sz5OH$B-x(GqB$@A&xAXcB{DPOl&%;Ri!K=7GKTF0xgh`d?b;i1_!{C=**0N|> zf9eeX)_L!Bw6y_Is6-bE9u$POZ%mY_*n2FPZ?y&-OzYp2tp8%Wl_LAcwta~{qcGy% zZP}mPt&^YflNlGk)cA>Du%X#JnDQHGu$U*T=wClfiV6ShbuNzi_q+aIe_^!v_3PK@ z4PtpxY?q=jx^wBzM(-!0*!Ub97IYz?bRy9C`f?no3y6&8+PiYo9Qute2+#CyU2$(8 zX>XH~5r76k{t_YZQUX6%p1CM5Zxjgx^XPo*6k7^ux;8}WCwU%_VA}fX!@7%-HYUO% zgoZ_M?j9gRNBOeoZRIp7s`Ti5)bxGFhV()%NT5=l_2c8?Qj7iYfqsARVT57j!|5Y@ zeJHn*-Y99+;xl88#?PxKy^fBCOc|7WKA_P;kQa%G^T{N>duP~aa* zvgi#O)=W)JC0KrBn2Q%Ja+8d5n1U$VGnz~?Lh<@~T%06oE}N}ec4FR8;0lrc0~lom zDtowQRHb!uoim%;5k!V;bINE=6-17Kov&-f2Lp##S1`BjqC!MuUT505H9CnMa%Y65;iN1dEPv9huv6>Ul%H{7a) z2tp0_HqPJmjbJObn%Bgjh(M^yNlyCg*)s$5CMXoJn3EPfp;vMq-7@*B%*3lyO`OW z5!;p&4`np;Qi@?ENmUgcuqjs0`)81VdmM&~;)Y^8n7k>drx4+)CYRw;%6%`VLiKtI zDyb?H<2K{Cj1jcFD*ima;bCm7_|~n}DFGUyj?+ko3{lvJ=4N*k>t~?)@)C8^=ANF$ z#9}f;i9T3I#r>&iOlB%5hJh8Es$}1d7U7yT&1eI%5M*z58e&AKx{6}!nK6d|m?6dKk7xzWH#3=9pKAX@UQM>J4^O%$q~U<}$BV~Q?-O*vzs zcnhBLm|0^Gf<#IR$`Q3$IcPmHP)tv^JdtI)&d1yPeBWo?%!_MKriyDG!$b)cA)ofi zlZf7+n$fVcSH}U zpd88$r_9HIc$wh_TIt&GRg#i7cnlzOVd6_2!q9&jdhO_Y>zLMK9b}L{#A>ZKZ)`&8 zZ-_1TUUuZ^7s1P#eVWlKY)ZpK3$@>Y4Eeo34+F>8 z+}+I>QIU|CfmmVB!GpW-5)~CE(w{~1IuC%QepJ#6N=mwthwFh1E0`#G^9Dhv8w#Gy z*a@@-u-stn3`ee@$1yTKP<|V~M8ox*tRS#EwOQ{;g2iUD`&>|2MExqEETEcEs`&eak;1@|Klc7ud@0Z^GzgnAhfxlr$mCr_5DsHmj(W@Ec*%Z>EdWValF`mb&Bv4^!&~K(o9aidGFKwgMQLC<#Tkvxkj;iu$RD7N zLtFPb5_t~w{M*&eUn@22uJA2gI*k$n$yc<0`|(6pVyYG}75G_C>I4!FHH7*kD@rb$W$!wtT}V?-KWm{)Zl7k%9Y-*p@3jZOiBd^?>VHENrwt>;A7@Lc!;M^ z_{Xb}7DhMf{bfDvWs&MgOUxTdVP8v23+xiJDHmD_XJe(rrKIM$<<^Oy$BM>@8=e3^ zOzj8=0enzgQQH)(o>1Mi^$<1zQqS8VAzqLsdER7!;-4qD?xapWtGG~4nvdghPv4&^8IC$vD-d=Yz85&ta2H6TI16XLS%ei zYo#N$fo0_tAQ9_mKck3v(!{#({hJ+86MF_QO-pNQs#*2=ao~#`KHk$Yvq(4^PXIxM zMMZ|NqXdX>+M#*+p4Ge&%8rwbdECY|Adtp^F@5#=^>ze#l#cB1f#K-z@Dt{&L8Xo0 z=tU2qm_Sg0)o4WxjEvsFK1`>OBoE133er$Gvkyqai=o?frb^_YQek0X4AM`cY8G~P zSQ7<-U01HC5bO`ZM9iK&n;39{g$4jiT3Q;KI3Ms}i;!~n1K(i;Ab5K3HCJE2!aT{h zB5Bfq!$s6Wg~P>%e;^biz)aqbi108qs0^o!F!_=?{+%p zavnk&4CGjBu7a0J1=~R4nHQq)cPv!O;HGD&>x=>)!%rkX2(3R_qRmk0aA=Rbbil?< za5F%ps4^^wkB`5^c8Wu_RCwFvr3kgqTHTF}-;Xm=0J=Y3?`ilSIl}1gEJk?;T?0B= zZRx!Pz6hM18hBm_CnieUcxocI_N+#%2$w}*T~rAFLeg6lZPq+&#YKx2RV2Qs!gZs3 z^Ad~V4~s<3{|FRe%q^Cn8%<6w!6IbYc3wsGQ1G%G>T@)6S6~mjrvge8w15CabrS$6 zfxyNhNV-i(iFoL`6WufbsFTyb3c;l1KlleKDDkCQ=gfT=yuSYaJe&)H(;=GNLH@fC z$3Fad;%8BB6Ke|=X$@>B#AzNtpilpa)q?+6ybe6{_|nOk+KWPl)PDc4tm8K*a@Jw@ gf4%Gfn_rBps%28^Vy?^}L)_T_V=yu=NeO~8z9Q$-!p?meT80pv2Qz#Th?Op1I z6w1BlKcC=_jV zRU`Mrfp!lwBil}z;S)4R51!wnqGGn{s?oW(TjSbfokaJ%t~YxyFe1}zwtLT>&Dn2t zA4nA#KG@n?&p5$2u~|lYPX(*`coOH)SJSlhP0<<_uOyec_$c#q2)#-y8uYRl9h039 zWLc(4VP5!?5ZBhWo|kXo4|~7*!XNekYWan~kEXT=&|CPS&60yDEDJw1q5S8i{{KI| z^pLRHsm{{KG_5E;5fS=?goF&!M9V<AyCn?z~iMv)#4-Qc=f+Wi&L`in%o8UB0X^ckiaoFcPV;kuocBZ)!W7 z?>RN`^YO{nWKT!SvNAcBFDinuaXa-xL+XqZ7)Fo&bItPi&(CX=ytm)Hd2%y}?)*9~HH-c+YO@EWB5zgN7# zD{|3#-8S~UnXBaNp+kp^a?RJ{lB=J3O$eO4do#M$#=S4ejowFh&Si(!xP#n8)+pY3 zi`$^t*5j|2>FMb?IXS6VSny(5&QDJaUB9hAG1OU|DCeSMW^-ce+R>p-p3uLwHTz-|Ff%<=*8lO5=*_gWrZPXjh_y2GI=5F}l{oSO zH+uM`L|NAjzggi4-}W*;9;~7U?pV{q<8RVC{Jy{6tgfM9Iri%gw_jIbpu=@F_ z+nlU3OW`n1RIYvgd?`0Kx9!QWkeUG+CT@q}nc7$(W^Qitt|v0zn$l=ZAKERUkYDZo z`ZW}{qI;s#uiAgf()zX?BH?XqW~1MmnV7g0%2RhlV56MW2180Q2R>y)ubfG+lI@FN`4M@ANtstChY5{u6{)~W{$~e_K(M( zvF0N^6J;~wTvOve!Y4YsnCu^!h6#p*h(riAr*sy%&`Kq&xZyh`d?3dxRQ}Aj@}?%{ z4I4HTdQFHgQ!T&1;~TP8#=g9wVu{bxsH&BfRY2R};Usred&CO6%$x#Xm3oR-Fsi||0 z6rW{Gl0Oremd2lDoO`hg@G9dS&yW z^H0uvfA;Ft$|JtNHzxbddQi$knE5Lweoc*iXYe6sO6$VP^%Tm?^uz^SL9*AYs+rbp z=bcSB?c%cYhLX=PHU^hXf3rOKbX=oaoXCFqnS}n0f`V2*Kh@IF(+9@JvY45fHKu7X znLTl>?NXXqJFxlCV~a2K2^r>3<=3rWAARi_Jq3qdl!}VV!qG9Ryjj$l;+OdKa&!0c<>d3RMRuhaRRi)<o&wb11G(mrE`bIV992R}3EGH+|-(D}>Mo>(|4Xl>h8?NI(1Iqx;a)iA%Au{Iw@$d%`6e3!SaWjnRn{v1__Xz0I-1 z%*HPyq)sj7a9gME^hwiBCF8eY_&LWLLhtDpBn<^z?#eMKwp zn;xAoj^I{Yi)B3c$e!(0qFhjKb=1z(y_cuXd}HVl*`F2CoMZkp4A+(7Irc4H$w%Hu zgw1#AtI+6=Ru1L4KhoyDzd!T+TDfk!KewW13X0WaR}d5L)t7mv+T~pb+c>qNxHVp0 z*}UY_Nr5vxmCIMG+rCQ1{%v{E4!8UE??hY&T9~oaL1}4elh>4|`uR(Kf4Oe=A%7!^ zvGe$VNushJcl(nw(of1fQ2;}tq9mLY6&0VB%UHMW*3nTL>Uc_)k{s8&2eO})2Q1Ay z{zgzYUUJFYbmyF;T_dme&srh(&vC|16N87h@7TeSkUnQ&QFCd7zE4urM5@=sV1IKi z56y}-{#Y@~j}MPyJE}!-D^fmXADo|Io6 zJM;bhh8;V&(ljFjvG1@7wzqEIwj3Y$utvuI@}y-WgG9+*yBi(2@1*rGaEMnHI`e{QlL)@F(G0XPNT1=G-XUMD{~} zW>MxRQ2ocf+iN`VAT_A z^UnB)#@@ZFl(4h{8#h{hs)@#tdQ#y+ty;cY;_0~{S|%&}%6gM)+AO3Ui&>eNsVoN!wQS__yOl;;#|q)ejA z%AS#%-g4h^skz5zwvy?=;_YX?v63tPGc(aS`T6RR2+x1e9$%0JtP{<(_%k_D^XkwjlWw(>vokZUMVKy-*Za>%wc4&-A-r^fP6I7lQnBw1x2me! z7`%w!$Ur%lwf`=CZEbDO7^n16I?6f0J=f^gMrxMKVgoGK zxowCKWM8Jb>hVw{O3{^Z_wcR#=Iti9MR7~5_+>Ngv@%ei8=p|FXwUteor z6RtiIi!0YlXCc@r)pus9=MnDJ+R^>#Z&Nuq)-QAYv1FvVhz0cjhFF9g* z>QoLYpY?Ftty=;Wt*wXLdn08lPfRIGi;Ih^nVBV4%p7}_DBN_S@y%TQ<5TVSPEU`& zxf6Kx>eWk^F7cWdyMB#9jR?ktgf%Nob}hw4W1-_Ro(>E+1S#uJHCrD$CRBf2Hdm$W z+uO{2T~E1KSq0u^80_4&dpAq&dU@Af6pLZEmq4i^lvQ6EZa5DAF*f(m01E9X`zLHQ zZUJRg>7SpwRaY(BASY*X>E&m&x!D?m%dsPSZdBO5yt15fE|N<&Y$D^G z{f6z^4?3Mby&9#bs`>ESp^=f!-KM730B&h3-n`jY=+vziJ)x*K=hal~K5~ z;B^I$e2U6;r!Iek+#>xON@~3?BEx4qRx@j>#t07v@`ij59skjKAz9Ijieirv(%-*? zIa-DsZ*-Nap+k@Csd*iJinFt`E6zMJ-8^^>aDW`1lJSoxQ13X(92^`Pu{o*U1nsu( zEcMxY_g%cCWnjg%=7J7S2CVkvuLkAam*1d}8)ciap$}Gy=9W;!=>!9WtVgM(T$24f zfy%f>(t?8RTRAHvAi%qIE353OwoRv-C(vVhUPN-O*=o0H_3G7?eMfCgx^?R+`;Kp2DI(q;_@8zsj9lItqo{te_Nq*TI06JuS304qhEuDhli<- z?7O2IU7{!?B!o)8_fM&65Dk85C(2~y1m|$S;sp8?`}M2Wu9*(dc^UY)d+XEOHVg&K zSo_e{+IlJQAEoiD>n>eg^;4(B0i`U5cf4j`VAzRvz588MOh{;G1z^h-?@6b^;^Oe; z8$RPEuHWA??r<9v8%~^?8S>j$_xQmBmN|vvk4$mV<+ZiT8P{&zG%B-_Yg>KSQ?I#M zAA%&;$h&SzOiZl&j;*A!ckiVN7q`K-4`&Tox}aD0M!=~}R&c|O_TOl!9}gz#%! zq);yMD6hn8bQ7eg0c}^!MXXcwWW@<)i;`(AauLGeAiFr!gg%%GyI`lMr~FDDC5J{m z=d$X{ms!u9JJ$u!1e&xrbla?G#H`!49*E->-1H-B#{^(k)2+@-Gm{?>tPQ<~22;bTDi?4F9k z!pkX@ev)Sg+lm^^I5@6KjS;M=V!mZ!I~EzBI3!B>A25fJdg%tE(BI_2QA_O7;G>mQRc!I43<{nUS9iOM#YADDmZ_C(Xmg?Qxd7 zbnT3do6}1R!g_joe!k@^74XS0yiG5Dq}0LbBtCQ!zwHEUZMSvp$dfVvFHcz+4uAEm>IsH&4pI|KznPtslo8ju89i8VY}z(rjn;m zoxi@`7<9bNz`!8mNSSZIKLg1Q1sTngh09q4dC~ki#LZO5aW5G<4yKBN#_*>No1p8< zm!pm8`6XXa@+@&=37$bAzHsT%Dl{uPGK7_mex- z`Z&Ahj3w^wix)5M7&VVk-|;;+2>@^*DoQ_Knw!T*_5#jJSaIP5AQ%C9DXKxMI60T& z%;n9+3h9ggTz2VM7;{(CiMda)`eEx#-b6`VT)%_;`}^$Y=a#dqTDNY6v9U48I8JDz zMRPyOQ}6riLz6!WI`6v;nR`$FD46H9Q{O~MW7Y)uxMi1nZz%ibR)>~V_|E0Hy$r0s zZ~u7Sd-7ykAv56s_?la6>sZ}AJStwipyBZuH3-;4z2vzG^Opm!OU29zS3NlT&oeH^ zk^q3`RajtDWRx+r)Z(jGt55tHeWOpP_lOr7vU6?-qyZ~%F@lr{-gtPTc_qjl`Kq`} z-QT}6p!4NSNQC#8TLVzsw|&V@y8Yx}@lZrZ#cVB8DE+=G&21S5{OX#TR$wG8PrYP) zXMZ0fnv2WHm5`c)nsayc?!M!bljGF7xNb|!D!Q6!+WiJ|OxHs~bnc)7QYaD< zxoTQAH|}Kk-JkmXdkKY)pWh%|Z~e#<)9e>NS_@vjy;9nO_QZ1F-ob#cZ_>j*&Rl7<2$*8OZHS{1gEsX%l5}7x$q%D_&}}_31z_R)yFR1qIg}a?wrq3U7n{;OX0`6+X}ABIiq1lvs zr0mos8PuVmq&^;r_%RJTclYfC`{PS2t(oRMfoeNEHWsXNTMY-B@#9nP-%_sfNvf(d zHpLs83LKB1lvzv;cY`-?Yms@n_0OL_DQ~_y^}b+q7T~FAjZ~DA`;ek<>+ugI#V~XD z+ud9OLxWATHOqWw?pst))yHpHIzB#b`%RX)DK^49=#;f}5O9Io+!7l{$0K*v`-g_~ zM+0gT;@bTzm}Xz#7`Kx5!GT|6!7pO{^xaSip>lxH$gcTp_TVU^p`l?T0HV}b0i+Rf z+6Zk0lE7|E#ZL%SW@cg8mo+O3mJ8rsm43t5w12QKO1T+Fth{EJ@ zx6`N9P&q2o;v>E~np}4C+BgE#$-8M29Rs_V3go+h>Nl@n59736l{cPCo#`!0-SzfzU(K&DczqPCmfh1k4Qn218H-|z#mS~aU8JGvJVw(i_d)X;Fx~pix)kRpICE0fB6DdTIwGg8|%K+RGV?VJS!oA z#z%aDQJCVs6-7-fR|$v>x*}#mMWI3e`7ERSd*Zxdrn-s>Wtr-x(IH#DoB1&|<~Gp5 zW@jdj#AdVc^W`4}<{(`0{0h#%zGSbJOKDfCW4|!3UmpoR$U>^yFw*SkX^B3K))`FcOkeSJ;JmVRntC<^$t z*Kcl`hbTGN)qGfa$ERcLx-yHjNTCQ|v{19PMKyfc1OzeH?c?OM% z2`@Ys9?md3*~>&x0ZkkMm3aQ{9ov#6OF}|I%1eEw>F-T5($T39ajwL}1!$so;KPF! z9JUURzV#!?`Qrum>WZJH8*E~2DfQX$qfA`RoT(y0W87FFdC!g#k2PDYmJuF6kW0(M$OBLEpqAGTYUB;*O8IB zrIh@7wPV+wJymE+OlT%0(Bp1<`a(dFbZC+E1~A^Gr>6;B$Z2ZyI8MS6pXqT8$YCII z(By_kMpUnFJJ|(I8F+w8^uRq8sBd+no}nRO0#yfwv8`8M+jdd}HJ#@fbfsWmk01%Y zn{{`@s_*%L(9=w?o$%!Y5DYQBl-DgMvY=7>+e0``G&#=bCQ@ zd(c9k7k1KZ#`>H)&&WkjAFMV!KF+Qg#l0DvSW)IdhA({}uiYclR8;->w}5^L=Fp9< z_zdu$numu+HFYoDySv65o)d%Qyk(a+e5&Q|7B?&8h0v)FVhIuC6X#bl1HH?^^_< z9JtH)QB2z}oJwVl^ikbR-&3|Tzo8zcHul~?rKMNY%PA}c))Uqyy=)bT5mcx7Z*O6d zB5D0%#RfsaFPT2>KN|>tWEVHv1bKS-*|TTW(1Xvd-*NWxWJ5%UW7&-0vSrKY9zTAp zuXs8;L-|-BFCF$T3q%n9?c2B0;g~-|`Pc-3;h!$<8E11Q9wo8-$ZFeT#~1)vbM|JN z%2ZTTsNy(8u3~21fGbqRMeYop+DI2jdUC4e^YhR~lCUQ?5d}l-;KBID`<6R{rqPAY zg|Y|{Ko+Q$x(Ygn1kq_|s#hx!cuGxq*58!In1edMA2hE|cL;h%&kfnzhQiCJso5qK zStq>2zK!W8$?vD|-aD9gvt>G2;pm=K%T&{v=pdl7{h67e4p!Un_MXYU_$}7wD@KBC zef~M(H}j|wV%W$~3KUIx@RaT{m(X3OrBvPP^tNmqo}5anZa%*}kdmN#z`}C_@kZkG zAh{VlvfqF1!iDR_qU!24d@;Jt65lyXh>2sfE3FAiBImsTCD;B{;)kD{12wvycMN}H z9}_X}?nG||6c5TdTx>PmRe_FLh0->HUI<#vW}IUtJgRVpk1uPT0H><*=})`zq6!>4 z&BKnOK!u1rh4wZtrx6uuxO*r36R>#(9=|_Z!d>`o>gfHH>9-oTKG9S}lSFf7A4ALz8-hN59p$?76wK6(03flCe@Km72cGrIRiLUhmZpUrA zn{9GCb^v-*JSi-UFOm&@W49H3Q$kHmEoJW}G4Tf0ge%F%!gNo(l-9WO=yL+!o7cZ| zqmQ5TxKs0RRAHZu>7is{sqD@F{bf4#_9Eci!tY~mZ`2O(ogP0KH1zqjT-JeXdM__8 z;hulgl(XBbs;X`>xI&-@+SoOI=c?3yf0zH|hnbpO)!uEGGX49vHuFxhKd=uT3CJB~ ztZB`gfn=)=OtBYSgfugsBNnM=1+a!noxjt_N40ibZ2bpmTP ztQMNzTd^*%S8yl5r@H(5?Tkilz4>}6Ie8`cO3mjNx%5}$vEuKq7_$fR@=8myVCz!+ z?cZf-cbvzy0V0J%u<7op3U}`g=AckW7XphO`Q3NpuY+lj3fPpGltfOdySw|Er1Upm zQAFXPNSHVa+sib0y@BzjI$ zx;~HawFMtn#0WYBUWZ%9tWwBVln=x)@Hr# zZ>89KDzp?R`EVHeUFCzm0~N;PbN)SRS~0cL&|g&0=}`G8XdBS*p2OvXOnAPmtnBal z8*C(2=2l>;7BAnKG2^#)jhO(dz?`UH1TrZrm;L;j!l^A4s02Zz<>N;}b}|lRuT8%) zfBy`E)7~xL?z4lL$?!o+%!#JFJn8yEo`n5gpmt(rs9|_`UA78(T?EM4brHu4T{tUD#Hcc$KPAaqm>`!#W*Qz|_6*#ay<0bW{&b zf9xCDt*@^IZx8Y$c-oYJ1l*4xUBTx#I#nmYYM%pzF;Jia ztulS=uslwO8hSD;SsI88RkJ0!srA&J_V!tmkL;TGbd%)S0HRO@11qdEGcygxul_uK zhDxtpud>LU6aP7PKq$U=_k0~;2Vk+ua@jo^cO|=mw(N+8<=nORN3Q>xmbqnnLg#XN zr$Om0DJdyQNKT20UhF8*7tF+~;Sf9A9~mG0`euvoA9td+(=jqu-P8!b@A2#CJ+q?K z#J<7VC7Um(4TfkBOobPKFT|21yD>F26=I!Oz67x@fV`@P025Z|>+9#KD8c#Px|R{Z zHQ4ac7N05Cd6EvqI6`D0g|okZ+7f>gmLNf{jd%8Nfv!_g2vM)BtPJ^~IC%AlZ^h(D z?+A!}4{$-xqKuVt$Kx`LujTWLh(o`03yHaYmh#K`4QHLZl{`%$j>L+VoV+KyS$ zD@wqG%D?5U!?J%q9J)E3`wv5KTK*^713)qr6Hw1IKzy8ke3aQPC%2@At9GzC_lA1| zN-0qT$jyfzQGxGv-=$A)WF#VD1+nHJxMNWjDHJePP4I4FE5UbR{dko?c|dyi$>9wS zCr^_1t-mJ2fDQ0$ZgxVMIDo`6K_$BJ@dfIl=$BX5Wto6@MH@SSrW%Xg90}m>nE^M( z)~8S)HlSv+erzU=C;{_xGo5owD5Uj6ChB>kuS_s`BbWfJEAVUvyN(jMi|gb9aXBG8 zHsk{Vd9~2DF2%=(0ECkh2_8dD*$Vxx@$8=Ldg>>$vCBn{OnsHr_Z8>39wR$*^j%lq z!CUjumi?<*7n!sOsx@ za)tp$IQA3s5Xcvy^Ru(lj+An;2o7z92HpxXGK9y$Z?DFVOEnT{f>S}RP1HDN*(F)} zcG#z@3sNWC=f+4bBKwdmq8AhvLETMb4L_hizsN91Taoh!XAa>AIscL+pRpuefUY>d z_y-0aEAb?5rKk4}cRvTFUFu)LL`6(3Xc9zihL%|cUls`Xck_N*@y0QU^L0@Nge(Sm zn!^%(`InMv+0Wj!luOR-^?VQf{wd{t#Uqc@jZY>u-8bTj65Re0}7no+YDxuxAWK- zToFHW4;8E=SOQgQq&G_03I&sniAf8Z;l?3j=eiOaMS1xrMiZS7Gw$s%D1B4F!r)*w zvVDn)uFf{SPI1q}%SpE|uoa4}?aFw#xyiVAYQMoh@3=J>9cw8#TUz-4yDuAGJM(h+ z^5x+CmGueIO*o6#NpwK0RZ7)>#2ps=sq(iNHzLYJ@9xoE`8-CoD_6e`hkoYy9# zZ73cZKS-bpg0}P4w)kzM_;sX0^Z^lWqWJ96*OzGeMX{*6EPSxcR}m&cFyuyy+L(=y zI*Kdk{J;aTT<5_R*Rb}3s;dFM3`5(eP)MQ-4k-~~(69(bKh;)fdF4z$YOF6R7CC7s zNkLfiYqE|jA#@>X#t*Lg=eE*Bo6Erx_br~|1H!gt*)dli_=FBli}TT!C6-<2*yBB- z^J}ep&XwyXXL$uk4bGx_LVMtORz(Aw0&ROG*Or%`PZPz0I4f9llJtNB%(3Q!&ug?# z5)&i#&;3V_s&KqPw&}U9YrXjn&|nP!wt`b?+41AYNiKu<+~8KM*VnVM5-(TbSG{zP z;2C_^a|iBjZp`iZ=K0|XN{1%H}td}l*F#kt?e+a6*HE_wUUAt7UhLT6?*ObhRw{H9vei^&T%iWzU zI!ON#a(CA4IJ*LiT2ogSn4T_V?l*Jh-1+l-l9GGtW=$VmnH|jdVjtCVc|ffh1t~UZ zv)OtFX9+nj<;06Gn9|b>(zEDux8?@;{$pQW{b-nPZp6A(;gk?xVKPT^9x2Ds@A|n9 zGPYBBJ58PC)y3{Tdthi<8k~9G*x_Ec*v6mCxh3w9zAg)9LsAx`{#Gh z#~5=zG}ctB@TDsZQ{xwcFjO6Nrm0MW(e>mf#_2zdV(t!H^M$FStRU#Sr%L*p4KgzCtZ47Suet9vaf-yA z;MS3B6WQ5tD-()O*a)OCxQZOvnB>c1*1WXhjG|<&zW7=5ixrPu=DJ6d)Yr}SZCE+? zYgNul`jWSm9PirK-M5=K!`%wRp{{PETJ!m|_e8r}kH?pQfB=Z@H$J=?6#RN$CD(uS zjU(Tw7nVa!`{<50XVnOQ)jRum&9L{L74D^igO$g+`hLxI_u(^qb+(l%bMCj{Qg|Fm zAajk>yL%=qi%<-;oL+ZBdRTZ_Eq$G)_)bwjx2+Sbjdh(*)u~-i>a%q)9{0C?BX8YX zbHHw2b6U%^$HEdY8~pC3d%_m;($?-!C(Ck9x$VB9-I)_tN8M!?Xo<*KOw9qK#mOUId>)tO*ILJJebN%jyqA2}2px)o*xO54`>4&gpNTGj8{F$UM1y z;jQv@APta2&MocOMrhIkLP9(5z5|kPYr8+6b>d}d!LyCQ2hY| z9#A#^7#O$|9lb$=#YU}t>D}&@hp#3F;#4U9&os}c?c0&JeZC=QRT8R-Z5=9|vd0!y zMt^HTu6FCDy8%mSdmc0>NxR9a<0~M~Qs_Qn74RL=3{800x9kFS>#^p2=K-%G52)zn zysB56|H@fya414xPo<%nqBRFaMKPi2IRBY+9!ZA8an~=~~%SVoH5!QA*E%ikOZaJ4QSVr25b@#eRoBmc*}A22wLz ziixor%%NP$P`R=7_-aI2f*=er2l93S$&+$&v_3unXkDjiS=`dN*EIAA6w0ppz1NFm z$re?QJ9O~i8fcgPj9lADK(qp&=pwKH--hn5S{sy)qy5FppAqq$?54FjraTk>322*u zY&r%8mRz6FCaprZA#P+SNzuj1JZo=X51E!@NDjghxfY;HJ_Ut!Kygre+2veJvwc1H zu&h}V0^!XH_4{*UT6*j)6+h_2d7wGtHHezPVh4&^{534!`R3 zzW4&^g=;?uZ|fqrVi>ZdsqkGOr|ty9LM(FyQC4o(J%J0Xm$;ok@ZN-D$rYe>H>MJi zCrkm2yI_ejb+w;vY31@mo*y0eFN~ z*486Pa**VfVbwl4=T{Pqa)I+9ayD~K&88#z7o|Ad91k3*9o$R}MFnlE8^5igchNb> z8t82&npfAiZ(-1JtZ`fQeO@gX-QiY4u=*KcYtTbQ;2UbvXLNIun6>+YCf0*nz1@A7 zcbh|tKLkr_kjr%6|9xvb#tyQexG)s`{|<-9LXm1(6Gt< z!u3)X$uvYPZUhO;verSyB;Nu0E9K`lMZm!|DD;O1exU*2mK^%jOLE;%XotUCcVurJ zhdn}=C{Q1Jt2vUY_pPeviR}&hghYhz`_1`M%HcH)V;y=)I35yC<1K9#qDTOkk=(qg z!(c4%7BQx_o@!fz7i+q@ZpBaF9WX-b*?Qvr3LFAy_ltn~Z|!Aphj+ibLRMws>l@lm zpNaMUC7ElnVJqPrpI7pkvH+S#cI|Veu-`Jp0RDx!0zo!*c9Kl*g-Nc3Pj&_nRsh1H z;eV;mf(Q}V=IFo&tT5u)kR~jV{H{`x5EXrC;W-^U%CnBOV0sFB+39m#-0D3{j%|f` z713?@pq(U{-Gzd19ite5b*;fxkk#^Zbem zz|G1ETSZ!0TFNG;_I1#b8g3{{`vSm_EM`dhHq)LcR*<{ z$*rS;Y*+|72&437&KPZCrRjWWlW#RWAy8ztQgzje9JXyUhi@BldJhc@MEvS&=tYct z9>$TtG{yu-UQiKZ02F@&w5}8?-{I2^NKQytjkuz;*MtFkxR? zD7scg{@zUN>(ir!g$yOM;V5kaHC_}D%EEUXF9hfi>Sac_DaojbP-x(XjJ zFGZz;mL38qjfSVCmJi2^_wU&Wk%hAA3@L_)Y_u!at>P&={h1#0ehHQ>?MQeYZsd1l zSKywoLC~l|jtx06DoRLrcu;uw?#z69TvAt?VuG$ktoFFm>s|b1-iv^RFf4_ zgoMKpg|__+{x6IdRip=5B_6%r=Nz_!wEgJXjmVclcWfzi=Et#(KqQkCFTxfeh*&!f z;rOkfABO5p>NODp6%-UCEy^i4r(s9-T-&OOJWzPMm^gB6s6tpGi~ypYI9jrXx!U*ptJ*@)O%GWPz^c2ox9;h<0wkG-eiCYl}sc=MDJ zox>6brDg0>{du*4mb|6JNJkE>%A`X+Nw2MYeNC&R{*mX`t^ zSu&&&6Sq67wQWFI{a{$~R;R&4tWmCN-teh0LVyj)KvA*7PgsF|v_Oi;(IBxvSgMkR z6GY&F<+q}gkP9d$%y40Yp?h88LFpjrz>$%W;Ky@FNAx0|1cb4*FgYeB5P+blhNXzK zVrV{uT%#=rCiBA~yv|9|ZkW z@h+9$4?l6Oz+0MS-4p7Y@xwJ_94Zhe3Lvfxc#j4F7tOv`NlQM>@Nvo56JhHnNEsof zDC+0&jgd~}+H-wd6&V2`fh^=)G;&f?6i|WoX|Ddem^QF)hnuu`x&ggJ#!HbWWc56p z{-*o(RdbQkFMdMp!FKcKa{*r&d9`DR&^8h)srrtgiK3szB z-nn<=X35A4E~3?c`l;1hkCtSf_k$>&Q1nEkT)>ivwq;sy>aauWXN?%D_5SYhGrbUn zj~m@VzzFNJ1!667T8TT{Rsu`mu(AyuZ@Iq#=14GtzND<+@Q?wDf`S5feM|rli2#}e zyWGti2{44TpMi$alBTKX)cM zsr(}&8IjBTWoY}&Rh}-80x#;mw4%iyFH^zGpZPDT5e=G{E~pKu2e>YlqA5SsO&~u( zt2qaoXmVKBpdJ*oqIFO#ZoS9qhd)@$`M~D1{iC(S zqy!ERc=`%68Cx(sfVz9xQ+b=pP3BQDj{+r-sN*Q?%&S)i`py1E$V6e&80$oJHa4Q7 z=cs>fZZ2!P*n1#+qO*@ozkO>26Pg7m*mkPo3T>n&GO|uk5VOnks9$`N+w`gCb$?^Y z9<9kDu8Hn*nNxO|3&z@_qxqlZ-`()n_?*8>U-2?sef?^1Gln>wjmgJP;v8POa)kz+ zC+*nfYkUj0Edm)RSotY91=O!%nj0#`MPa{Uq`(UCB4i6zz%(O@263K{2iS%#cHmBZ zM#d)O^BXKi+pDW-u`K9vi14!HD!UJ>B$^MwF?*A)&t>z~&BO0B{cJA|4$?iwT~E|f zFAYfW?TdaAH7K%iaN{w487(1`oVPyzPlxt@>^foTlP7=GtxeE9dS9vN-sqd8%`yvL zWCi*$Z2A7_=9Y;E0=WZ3@PBuggQAjYgiPL2umk{tO4&~DeRt|{`YT?(++9!Yj~0nZ z77GNwdmh!)>{8d#3g1x;fYJ+)Ml$N|`jFp2rz@pLGu*keN{*{4Ff4fK8Gm+31)Ad& zLl|E|A+u7DmPrB(Yf&{wImilBiO;db&_YkTrAo)eKty*cL3Xe7- z#|yU}f_FK>u=hbEkaUrms;j%Aq@)DsF48pp-n@qz zos_is!>EJsg4=GpfsP7*6-<||$m~=MqmkkwE`#`}1`H#UewDH_Dk8c!^5bN0Z`*s1}#5UuS?LsU4=8xv)rAbYiyr z214Vu|~A_-E*zXo~V~7HY14x?#Tj<*$Ui0hV1!v{NoFh6G(2>}kw?S!1#c z>G%xt?)k(ZZy3++8V-et-gzk*B+_hzXyNwh`pkn|kmU5QStYTrN^6!|3XLY;hXfh+E)8)!`x3iOLsisEt#Pw_7v1AV#MXzyn92bfOc)2^&zT0+z zbqN>tb+Asj=cq2^9z-~>#5fM;)KXPI0I_+izUP)siGUMt#@&5Y7(Nevq07a5ihl%z zYXuMs?fQJh7#4?LL_{Y{FeCA+o3noX-kqzKof_Agr%E6M={x~JVTJGzkVD37H8pAQO)g;gEd>-5{O4#&=O*!hzxOjCv5CJQXOm0|kW?y| z?2#~~=wK(~&p&uBl_xEp5#3k)%&w>`z}&l=IPxWv^`@9z|BlShU-6>2VW=KW?c8Vb zce857?CF6eoOkwzDf$@`arAX=OSyXkx*;a>x&FB@ga(D?#WDPZM4ZGpQRCq@mxd)2 z@-2d@ZKM*QIdZx?{oR~xs1!U3?t8=53sX0>$y~$akFfW*S9U$%{S{JspZ+UkBeRi_vzS1 zy_~bHcHunKTm}J)f+q{mqx;%e z7Tb%ujiDx6KTuB)@28|Fl7+%pj&_V*^yguxx*I*O_Wb=Cb^S8^fxH$7-2whb-&D4- zSr=pqtE?dUUXN-_xn&a1LN|=W#N6$G}wfD zY61&g82=u8Nqfd89WYI!6B0sU_5wGobzrAWX_S7QY1Npks$Xxk^Dc`8zl3`t_xyHd z=F~^2gM?>Td5Jo!C*C-Pf$CCXCVSN3g~G;n92J>~Ynv{1f(kvCT-!RfU9aBqZU|a@ zenWI7c8an%W<=~Cb$i+Z5@cRaJ^d-i@C#f2SNrnTw#71>l_>B*KpYTesN~m5(t8av z_X2hVNo2Js?Ek%^=vRi!!k3SYzNK;lnk*T#1xl;HKsIKIH-CAR!~lNUKuZAL#{y!_>JroMy&Ep3xGcyA%vkMwZ8L0oCq(>6>wxxC ziO|D2%mEO3?SK9Hq0D?T9*xdp1>)5sjzF`d%NJd=U|I?(l!Pso%}$BZ ztXvlYbj<~M`vs=4h?7bwC&>;7AS5{v45&XM@iDC5?UerC{t{ga)To496{gsiQzVgi zAqg6&R`J`N`R?c@7-rogtb4QRLlt1sZdlpi>*NUxJ-tA4nhp+PSZxt=X+4`k|8GmWf(2cd>gQ{26{k|#d@__0}u9bf?9C#d@5 z$&=lHSRKD^0aAYYq;Tz75}CqpwA+e*ZhJC**65VToH8~_zW$Vv!mG47{q4y(W1h_$ z{|94SAeMx(Jbe5&tN9;hgGeWv^|TP4qH-xiB8DWW;L$?A-(Zeyw~kyYs4hg1`Ppc= z3wKiTJ9+pt-*C=|r2Au7yPY6PMoxQLWStf{2 zI+OIG$qCP;Gj*? zJ2u<`8)tXoK72kv&lExO|kUFewIJE}^1MuvP z7bC!v_%Rv)h^|Mcqu+iyyyrvK%F{&&|cBx5}-s2wnijIOj-iquh>9xWSNXw-i1vLe z>V3`OIO7zdpZ`{NSf2Av7zuXZ!=zufeNgCWhnOF&gNzI~WwVDE0}v ztzLj@CJRtGuwr70u{Fo6$jYfbp0T&)w0p+S_eny30Z)wpQVIm{)cIZtb}{}Onesqo z5#dC}@Yo%u%RUf}Z^bVvdbivfqoIY~zfT89H)UG=tiREdTrRwbF9a=(0x&?-Nyw_d zVW!w{JbD0z0V^UuiY%Y_BRm+oZV@v}El;B#g?3AxZ$YLuhU1~;1A>YqAJJpGeqnpy zE2>3Y#2O*e$j{H;1WS>R2U<+u2&x>{n`I_+On(8mlrY{5KFF;*ci4ZsBexD&C-Qip z*tvO}ep!rhtLdO98R$}17m&eAfmM4Es@72Q#RCIi(RIcP)~FTAZQ^ZE-Xam2wupUV zq_b3bU{xM{l^BZe&fz`)@{LK1Z4j<(bXjaRd^(-r{?=5XIdy@xXy?@Tr7SJS8|R&9 z7AJuNG-3^8LY7cSrN$%@F`RT0w;RMEet8j42m0q{w{-I%qJa0F;O$kKV?wvCc%2 zDIJIAFaHn_#!vv1$TetUL>vdvWN=u0H9mfmhP2I+wnc@Te1>r2)y;K(<0)Kk-@aYl`I7OI2-D2k(a}Ua_3Gh$B(;5bX4;~%Sn^#8yI@692tTmSFFwUuUsMH-M+5Aed9cUy{Us>^AuL*_5khvRS@i; z5pv)9!n+~qFJd-AsX>fQwa#}hbx%(IOVLJ;w?yBDJ!B&wN4uUvOnIm#o2 z0x+crc}s9V4xNJ0U&ge{9uO2cJ!!-*x`Auq+wlttIoim87lDZ)R*=ujt@nSu8ZVhA zph(Z*7Kb#qK0F?TpFue>Sv6yDVkEI=0o@94LOz9(_z=CN{0!#akZYNLQNy3K_kXQ~ zkX-}=D=8@zqM!$ShaI&O$P~#Du@GO_w+j+gNQeNYzh~ilSmJ3Wtr-^qRwfNhrP5gco7NAE2EdRv_#-!^+s;k-eXDRr?m@5iGNC&a`&V0|eJ3Bb&^^3)v3t!eG3NN^#@y+SSj-97;rEM$|e>kK*jNY03Zo>wCTA9li zzYH!mnc!n@1)X7#&>TU57W#DBBjCGHQH@Q$)_);3+G}J2OYt;;prHcP3TO|%>|{i{ zx^JmF*l+u{gsR6_zrVE=p)$B3LAi*Zhebi@w#FPWA{iKPWqJ1O865tlK@o5c$e0u& z8JP2UhA$0$?ofxsZNoQFDb@d$Rqb6*v=fbxwTXas724VQQR&+k6ln6q94qitJk+I% zv~E0hr5iy%3I%NrPrtyZ3$2h|q6&1M^DEb5iZB3(QA$&E zfP2q?f00&c#AMM(2bS$7Og&Hv6?{jWs{l|wcQ3E-2?)kkn4!gke#r9y51cpF(f{ex zBj~)K4j4*hsSLr94LAXh;BmzS4zFqUVYfn|Jfmr%${>eNCRD_vK&H$n2*QR6g{R$znl(5xEN^iagr^HyoLN;jv$vPcu&Sf+&;JY!`$@ z5?p|q29U_8*#tzzn`1IDGE#x_%qTTlT*C1<=ddH9Q}J7m$4vSFgcErcBk@u*7B7RK z%!B^|=+FeK8RU4p8x*uY^Xa(V$@PfVd4&(8$^C2G{ogd;|2Z;;mo*VH2+u5g^X82+ zM#xD%mI!3PWrXptv(r%E2dhK23=9fdLV=e-Qe}8f2Rb1&1ttX10Z=Ex9IF2Z7swOv zP|6XZs94=ui(n2ECH7`5moNWogYmBqX(;{Jk=-~&KUskjkH+G|U37vo;5}SH3t(7r zBKIi`3NU$k8x-Nd;^G}JawN|V9E8!425W}mkEd;br;%rUkr)9&He0~+N%pRhDzWZ` zqF-#GL*&W?`^`pY*(VMxh%8xq#d5NykaHoAae;HQ1WJnr86W!jNt--ehjQQbt04j% z=YoSbAaak{mq`RKs`^@6S}aiKQMAc&r5a|EDQK{+1~Z9FLqp+{7RN-j^m0~)a@zmJ zC7St#S@sBgRVkfvbc}-RXa$1=7{9OY0-lVf(=Ou~p(_}4K__%t_(O<(gX$i)Q@0k- zkIjmrq8%!1SAk(;0xDPhE4&74#Ld@RdiL`4)p&C1?7Ve-&E$Aqn1;wnO_$Ex%t{;j)X1Sb!5V9#eQ!R^{AE#5qbl zehtI@4rzuteE|=)vOpvn;>Jzqrvl-hAjtH^7YQvC4YnHsCmJUZwZ=dJ2bp7cLz&YL z6Re^77hAfb-6$$33?oIwRyd3Q#k2Z$l2?3fPO1KvXIvAgzV}bk4i3lC--0XG%b!C9 zTS5Uv4TfrL4ef+U$92pv--mzZ^ z>moeZwh*HTsc}cUrjQ^7GF;kO+p{Q@dwQha;wf2`)r0f+gV{hehOJ*dX(dc$b;P6a zD2xhgyy?{}&V1e}>-TSqRXiqeZlY|CJl7P3oqjb7OZ4T-0=~GJh;f>1au#yS z*||u*!UXvH$!rbaH5n-t?#ZAUaW(8QKh55tw)m15yo6L}oa);lH|aIe%P+n9%NQdz z)Y47iiK=9>if`LCc02`O@1_;ae9F*^$Q9N+7oN+I`F9ThMks>6Qifk}IfgVt6?Y$H zmkqsJQknMtuSHd}3Evnh))l_V5#8OLp{mysqD(}3!=}>*ReLs5Zoe>rLk~7Zsz0lig+{<%-g`SGG!#|f&q4RW*YTi z2t;)eA;uTSuI3Ci*|n=7pe()auRN7?32TMNsfB{eQp#}#$*323C=MPKM&?!FJ&DC% zs9WjA^1%HsWM;;%?A*DtYA(k(mpkW3*~Q9Ab!1gFfO|zGu$8zUEehvHW0Herw_{Xn zpGItO(~aQdn!lT*P8SAB&6A?LKQEew{{@K#33)0)X&zzx{eP=UT^O}I=Rb$b{<^R5 z$|A^5h`q8yHgwSl+)+zEio(iG1Yp1v1UM)Z)W7HCF$BQxsc=O95|xa4T)Q#SM~LC3 zg5Kd#66X)xrKSK+SQ14Z2VS=<+{^I%TKOc4FCFufuFU&&vHy;Ek5C`THID>F;=!0~ z&ln`%E|~qWyYeljWcrKbmt=leD?M?3zH4V#fwPq%Ele;^*Aq;8Vm^}K^!TJ~Mqt_{ zPS+LIc?P){Y%LI)7^Z4`puxkLB96 z58p&ZrZSZ&Ntww!XABV{WLD-7na9i`V`egwd8iC!NJ1n-NN7ODjNKViGJNZ#{XEb2 zf8X!@zu)h-cU!exuKT*q^IU5k>o|^u%%+e_Fi5wcaijpw()<7OzfkQw_{w$2v|JgPnei}WfX6~Z1>Flvh0H9k?ZJk$0P^KUAZ7yT>=Y0}6%d3D{4_=ffkt3D zqgC^6KTQ0yY$S6*8|^B7e0I_T{YU?$6zcSL$X<5p{tTq-K=>?7=g%Joa^dmE?(^^Q z;S8!oH&{BEA{FFVypen7y_ztDQL^0o-8bkT<|12Y+|tiM}QnS+JdNgvIe>)X#K&-09J`!hnGrpGBsqGgNpxf&e<|1uY`97Q_ev@J=T|K3VIx_p&(@ zqhC%1I?_PkwE^W3x$KsiG%*1GUT8t^{lI*T{uJDUeW3#j)k#smbPVJ9bF}cAB$LAZ zoti0oz&k+3N666!iVGh={E&VdS+~MjnkdF2DM=4oT@3C2ecRe=nwn26duTZID)Att zQUDMeS<<3T0t9Bf2hVv&VU;{_oKgUJJq3`r_C2B@6O%2soUm4&RKw0g82Uz;tmEQn zoOB?F=?r2{dkyWQWAIUMF>n{iyBeN6v|i?bwgJsJgOV3OfX#-M6>{YUV@e)lDR(R# z0MGla9ozpEd#|q4M@@~y$%%n72}Iu@G*LJdr2y_#$<%k79xY@&_0*=L#Q296f5NZi z%#SH}w@(eb96LXuTiNtkg6?+LhkJtCL>&J@-~XpNfcKdnpA1=~aj;&V0x@E|Kq}w? zXw$x)0$ET(wFvC;*tj^&$udNO10!jWViG}}i9F5GvqQ%?R5-lQ_zIGx>G%>^0j+4{ z`vh#y5JV>XRHf)60cR9A3<0lF9>mXtx80$$6XN>-$;_cOlT^DmwA5=Y`g1Hkulza5 z&f;A6D1D`=7*2}!*x|P}mafW3Xh-J`}%w5A!GGZ_hy!)YkOBx z|Nk~?UV_-b+-kOb#s>_pa;~x>{VCKMH-R#C?wu&CBPhTSKjHo`^yZOJ8>Qe-xq>Gs z3X;$$^yme&6^`ITj6Z6hBbwgyg1hJN*J~%m#l=5<`b1e<0d^`|#2BToZz{iOyEdgY_=qjL{tQ3SuJ#zErO^p8m zK@XgVPGaELj>JDk#R#A=(y{vkXA*ExMn=Z$D?7PyE8S9-Q4O{6`AE(iHcVmF58u$pT(PAt_5Ju(u}wc@0fYrUvbF2pktV(EdEviEQ7&GO1Y* zOc=m#Vr2`Ubws(XZD?q1Yr}_X;S#X7fuKu_IZ8kv1FmSu^9-`Kvyd_)Ar|N-2le>T1RveKD1+dH^hdD|@(hj{vUXU6=L8<=U_o@tonkT-OW&w?U zM!z@diOZ8WKj*2Q`#rH=s_5}uR_KGYBN{@o+51PA;UiK#214v9#0Y2q0}P16U%&h( z9dG4;ju&N|&rF%8_j9ONd{Bj*7P+%ObpZe)K>L8RL?`7-2ej^XxOvEQ*^jDg zk5&H+CQ>_her@2f)bs1pJKD)f84-3-&uR=Th?Ppvp*+Hpw1#a}SQ{GMe8O(z-7o&ctBAlY~3Rn&Rx$kQ3AMnrCOUouyf?9Ub=Pj;8x76myfF6NW$ix9{ zMCIBy+#Ogxnm>cs2>{2(qmnVlAyVvHt7uzmyo`Q0l`@o_8_2&KrB@sr$DnJ|0!2<@ zl;SS0EnJr~KsQ^QW38~(`HNgz-p<`R@J z!qdH+N;7TaYKbM*Ymim!8xT3rtR-EBNDkrhDl0`;bo4#2efQXbUT+(q1nAv{K|glx zIlWTn2ax-j5AqGxDfPa^U$&-p_diHDV`u&cu3X@g*siN>8uy{|04LYDW$#+STZ#3C znlBvFcPgtU4tPYB9{(ME4!8fubY_QaSohpbFCk2JNfkZd@#$-0NlKks&cE@|4$xzU zVib8Vfb|A>Q!-TZ^DYQk0$W{Xpz{TIOjFOTjIc&`vvLbMus0-ENn)fej&)f0Gu|OT zcyd?3Jj?{X191o;^^q;tF@wGoN~NIIM@mtkh7!s*X&5raR59_t&vG{&WOJa3F-#I} zID643Ds*0S+3BgU)h1eCVT6!VqIwc_@lnwVIx$Az5kb=&)vZ@SRj_|GzYqGjifnHq z8R(z>v`&pG^mRLuY=U-4EIywX)V2NDpu7787M;k?Ql+1zWPBX~&hes@I@t~4Yyn69 zwx~GcfvX2fX)snv%H`3z?D0+AQGJ}koiDFNv2UYF{MXpNX20t!5D1}3gS3X4@*3yH zGfnV7(!*C+E3k9kF@|zZ?QdYVU< zB{xB&20|5Hk1OZnFZbhVGa@>kWx)VJm^zPnxVLY>?t?BK^qe|y;d>4^dnL>gt1&go zZ{JJj4W`x!n@7b}33Ln+U{=*B$*M6>H*KCjfRJL(#hDX}^-qn^Q9PJcPyf3d6W0g6 zl!~xtSKnP9P7n3yra5R}cC0>;W_kN|rcx35rjO#f8M(P=G2=6K4tJm?mgJQqHrhRU zpmNHGX3qH>o<4GZz3gkhIqZT&#`}-f!;vW(Q6;{Aua$7A_~pJV;hy6zd_lQ{E+J8L z_R)lx^l$qSB`FkNEH$`+T(R%1PdIyDz#F0PDUJQ|$NVPn-{>)@g9Ksg%znFd;@v2q z81W^iN*E}B1?h*N0geED%u7s6?oGrjk1=6FNcYfAg zId2wVA2I@4pT)8SCnQx|PKSkC@bRyoPHdKV8GoN{3)Ba_!0d(f4DdBSW3uy*gyd%~ z@iRumTD;Cy9SamvfffIftR`KGvk`+#5QxX-j%rM#P#0noRA(Ol5}ey2jX9Wz6l)Rt zD3?Lhi5YC;*)LIOpMYjvTSoU;mg^A-+h;$7k1|L9JqItqe%b>wY6OQM+Qk8iMNQA6 zS1BKES%fiL!yj}`$Z>TV;~Bj8CwFE}v__;oJCimb)k6wiaiF&{bX#?6z3 zJ;N6FQQeL>CBC*DpsykMAEL+sGE4oD*&c!&0C|*=yPWF+YL10Y>(#jQ9ckY(GvgzI zT?7|&xE^Psn>$VkM8VOX9%6X=@l4_DvFy>F_*)z1$XrVPjwH{=4$+5d1(eAq+1``} z*4j*qdt5@cRlFoj`)t)7_ZYS!RBA z?w?~M24La)4A1{46Dc@I#9XNv8uzkO7D8V`<=g#%|NR19dVNNi^NME`O|@9_h*6y3 zeL|Pn?TnGX-C#X3$Z&9O04o0r)MjM#^u#s#x0gRcz5^tE&h!Hpo~yc_STGN8QvSRV zbUC&>;j-!U41OY%wZyz^pD=dIqfwp0r7~o}h1f|F2^tx{lnU-u1{B?LSAoX7wK~&< zsu}2wO(9n#P-y{2av9(&WS)Z3m)G-O?*GQWF@cAH>w&@A(`~U!lV$f<{Dc#4>&V%- zaRVfb`Fqk)#=!eTG)w?_4kLsLI;^OGhpZL}rJ-Ylt|)J)-{0n`hdnzbd0Xeu1L4vf zzANs2DSI!So<0w0Y$@pYBeAA_@^3ddNge=MF)V_@9xxHx44V2Pgo) zNdJDWF(%SVwTfm^`N=Mwhd|&zbR2UTNR99M_<*O=X3QVRP$s6|#$)^;JC!3-7G{4A zFb|>)LK`apdOXn2K(v*WmH!r4cz|4gQD+o@B}mm%z`z$6*HJ!+S|_-6Mm3QCPdRro z4l*tQ|B{(cT&0$9N6M8lbbq-)=BaQqP!vWYVkG7QJaiz!9EY;27096B@YL$G^k9a; zD6YDrXSBjZ~jrQ>4GtEGp59P|*R_-zxdp-4Lt#QzcIC_tWx5B7TiM%)0Z z4N`|&_GWUmspJb{?x zokGN7fM^5MlArU&`?~yrKC#Dqe)2L{U?j6I!X_2?ay|u5YIwio6B-?2 zU+h!**0o<+mGrF~gga&T4xC@Q9&9!g6QO4aXF*Yd(39&OvE}_|E~-Z9GsMwb?}O7? zmXP9rTh7PN7q^aJ(NG+qWq~AVs3=gkbP)LrbaZq`Lums&X{1R56h3?tiQJLe1zgiG z$lV7HQ)H6+g8&S0z>iLZP`zLn?kie#G4g4~0tU0-AvOu#8l3NX##i)+)l2NEXc!8B z-E7R=Mm@)uy7V+}NTg?IK z%#eivym?e_aT~ul3L_yv)F1Sxv9a+ua8ohBR~2M^w-K{=nnU>jCfSjbgz6mwjc)iy zd2nwv_eZkUPP`Z?MwZrdG9qY?3E-qU8e$g(ssPFfK?Bp%4Fb!rsSl;ySoq1&p=H~) zc(KCGqe)TD<<_{~Hy@R)Qx}zb(w2LK!7^uvF@V3wgQVyQcxIqUZ^(eD$|~lU2VlEkF94!RRi>ViDp#12r7yZ3c{T-x_x!jtw(6}owX#4ELMPIKSR)0>6zs`dk zi$Cv{-FUIr$l=|-YxE)WKP)N!{F2=1S<|&>aHsFA^Ik6AA@Xu7G2q_ec#Iea|KigA z`$hjBzO(-{(f=zYh&JOfIGo1E2f+vaD?mifDPMq;q5!)NgRH)hl{~Z(U%XfiZ~h10 z$X<4>#ekObh>!WP674U27v^)nzk5eC8eW49Jm0R0f~`-8-hd$ zkUL(p#!)M{-oxv#wJb&YzI%jx@u!LAc^BOA><4*CX538I%xmKxXt23C9Px(?2Jei+ zH3|1Og$`=-^9k;xf7_laXZ}s9LS7GlNmalgM_mEX!n14Zz*9$S6fBFuG<*_rI^=24 z2PT1-SO2YwGRpy`6M#F|4PeLs8goxMzXkB?3l3uvY{u+~GBqy(l;ztirG*QNg0Eow zvl`Ay#D;fJFtVR%?QV>V-X(HTXE`^0?qlRtKPoSuho2wqpge<#oekE_|HS6X@6-o` z>}kw@qBWafb5LVDmG+@5(v>BhkGa?Y5pGExc#(F?U#+tRE9G z6wH1fHy*4r=eJmYQ}&nS$r;j*Uk|>5peE%7FETXA1~s(-mV$ROKCM-s7g6L?VtPb` z{q}?6p-D*h7Ccw(-Xz)TU;WGwO;&wxnElYsQ7`SnII20%Ya^Z{`vMz1!n{zv+je%~ z3=s(Ppa2+0vOti+bH2OGoQ$*aLJLz%GMbK+xY#y&(LqN}%jZ0^$gO^+FnljIzy>Ov zW8+Kjc8;QWD__9!)^G~V_X9mCN|&{z{63^F_VvuF?ONAmg`SmI!bv4k>Uw+0RAELp zh#qC8qRC4iMXn#grx5bA9VCCx@ut@wCDQCd@Q4u(27Ef`bsqu4q6ZHj+ALpMzv3GJ z^vbn9Yu8^qY(K&TrAQT7r~TETrI2Vr?{!PD&w}rigqC6GLD3}#l`44F5nxc*XN;Hp zEU8C^2hfytP5MQf?+f0uF~Euzj@XN<%pN3wcs!9|@@lJ29Q80X2u@jJueWte3K-uy z=7L#v(P0u2Ogmsa>fyod0a~kkTrM%i7jH++=WwN?!)Cc~B+*$j!TVQvxt1 z)Xwg2OGfVdX=N`CI=SOvtahJU}3Vk~gtAy*Fcc|)p*A4Tl13D|F$%EGO zzW-%oa0X~x8(~p>h{x#Q;sWT~9Ty(~vBE(cBzu8g!-pag&6$-*Up(M3CpNIIgw?z$ ztQE&#;`juW-hOyBsBtst<>ees+SfQSARIg3HR@r2+6~Yn^x|dqAj?4JHE$pXM?(>S zIY~P#S0b>EFQ(Ynm8?+OI=X#!Xj}3$g7(-GY)Q7s`IMHsRC2%)j*F=*FhVQ8eQl@rd$IKMV;BCm1_E4TK{XP*EdP@`z zu=`fFwW*Ke6}(cCh_i|C>#IOD_!o5eeYx`RT}XWow;>eR*36 z+5X#@Zp@dh`R`cvj+uMjm*xszD7IZ+a-DOu_}EO3a{Pp1g$f-O&nC3~!<1o_AO^GU zQ&W5l!uCJ}0>3>(MnMq_*a_H*7sXkFxOYa)#An#o?udKiXNE*G7WW+rcb??;x0UtU zGzjX5$nY3>gAT~==Ei{iAtg1aN->zG?bTx-(*}keBH6%311hZc3Byq1-SxK3DXZ+o z`)B7Uec*DU-}32Yp2v2LS4;}*^T;cS;5vvZ=k9(4gDQ8xzwfxX$b-QW8X^O0PkHjx zj~97E9#mex>*BLd%kb!CFGl?A1X2EH!8wd@_(4$)r#&J~!y-n|7braxAh=){+1T#S zX2%Cu`K&5}Hn?$Qm1=KZrKlXM>p~gm$2rhZJPJ-tdFqZ(RI-LHUvIzSPgZVX!5?jC2Eq~(NiromWCqdXz2ByQ@UvW2-IDf?&FXQw{RI&pU??&bdQ^AlZ z4Xia}$UxNt^KW>HCyP(q8lQ^veybPe^WYv-T;H&2`ECYHK@Ez{XNT6eN9Y~Th}E@J z$PKGIY+hx%X?ty}mrim`adhe*eD>S9w@1Y=$X5lt3!z7b2HN5tIBbPb&Ui zGyK|?r*ZuRYBfVelLSN)GR3~rkM4J!=@3}YoAeDy52)C*#%nZHbA&f``07vGM)tp| z++%0nQn*981Edg&T9DK@Pk+-H$xG`HSnw2;;XV|{FE}~Jl6ueAsLnUx#Rbrnn`u@; zZIz_b^yrZvsVC)Ag0X=)0K?3Sas~+EHX_g#E2@U~912|_xI-YZ!5}BJjzA?{BELi_ zWUA4TF`~+H9gdaPaBij?UuTad6!|i%T5w;j%p-43Q`Heo;!%U|i<=noj?(ANuS-<)5 zxa~#mOEKIa_5Sel>cnGjwp#M6Gu$#otdU%OltNCmqU@kymGSY4_TZM-|9PI!Z$W-f znci4Y%q!^FV=yqSWO;r4H8jFs|EV2HS4U z>5M1o_uXTV4^Wh8RcCb&z=900<*xL86}qp|K!pFWGaN1O7=FAnv&xo=+RY5FjsMfC zHKhRkIsOk0xM98Hf8)@_xQrk*EgIrgMK%WsrKxtq^SM0FY^j}JKg`@sUk`s4@13L{ zQJwxGinY-&@}x{J4|b~V*8ZT5)L3A<0f&m+ZEFjN5y0AFkNup<&T41gan%+~QjZCa zMvPgcccO6ROX-4Vd$f+XIQvwkrD%-5OwCIf>_~1x+H;cmz}ji;9bs4x3n4Gboq)lW0*1`enJEV(RN~NmxV|Bms81mD$P+x;FX`wK!+ts+3%^15&afOqs{s>ahz`AQWR`|7?lC9LO-pA$V~r0(}) z^wAY)W}Tl;{xHdmaQA(_%6{&|z}fef4C+Kzw z_Oe1D`D>%$MmQVcEbdlG|Qxh z2c%fo$5#EQCl5QSwW~WE!H{b29`!nWpeBj+RH}?Z{?GtHg>0ok83hyU5UeQY z{xa~^kZ2PqZpb|emNd8xbk4au#i(`57l?t!O7TZ5i`9L_vfuS$fQ~#9a{BP$bPbim zr^UXFhFX=z!;;s^XZ}1uOST)RO*>GXz*sNxg`sjZhvhh6@%+EoqY!Hl8UBMw6Vi%< zP>_j_@BMh@e~ZN4Q3tL*0zF}n4OqtB1Z(e(o*AinuGr9cdWp5+y)lnhx3KMfStiD% zL~w-9D~@s9rS~!{@ul93%i1ue1D9C0XP$oN&i`dSrUt<7gn?yf%n5RghqwT;7(uu% z0Hu)fM#OWKxuvx=rymWD4UCLbY->Rh8bE4qfV@NmtYD!V<*+Q{uTzQ~v|%6%%upvl z!@$53`walO`5txVxar@xqr`u|$s6QuJ?!Y^i={;Q=h6D)2so+vQm>?c+kG&w?*r07 z1WpOyA_AKmg8>Vb+sp8n7SV$N>?{XlJW7`@H>1!AKm^Pk*RyK^qjz+Vz~6`hx!5GY z7f2Zk>cW0dX#0SyFGc7!4Nz-f=q#I_-({L!5Amtj<#<$c3h${0Yr395hQqWpof%(x z$*JJ5zYB;sJqJd9oU>XvQ10>_LyZVVVPR_MwX`B^v%2~P(;~z23H+btZD`~<%+$@>k}K$c#p1`}uI4BlE)r;b zkA7ss##?{)XuU6CeT%~3>qkP&>tdqyrw$S%c0WMh6fa#u!_1+lt^k-Ql8S&nic`P( zC`_v8^SbVe4zeH+*oE17R1oOhn)vnPH3J+rUdVb?@zWtPqyt-TyMs_ zovPP{CKAQO-a73wWW@dweqs4SzeS}ui|6tw7f>GoQ8D+`XDqDRDNs*Xbo#*XnI~p% zNa#eJBry!w|n+u^)95PyORL5xT5ztL0A|CQyy%79P)JC57mD*d7nTv3yTmltA^ z=ro^KXHu2m2?>ad_bMxe5Z{ZT!XtL!AKMz4Jyp)ej5kf&eX!M8|B+k0!x2?zQIPqY zH0;H_Ex{KcNaD|1Tc1={F#FNCc-2!!t~XOP@*PKU=lVr~>;Jd`{4XF?mkhNdx6e3V z+57WDN<>^dnO%hp51Fc=niEtYcz{p@y#eb-5)k2maRE}-V_*jEec-u*0O$|~wXI;# zCZlUchn?9fz_c0Zb#fPlf1So5|;b& z~pIbID6kV}DPvA7agPWTuY!jsp$fsFA$eS`7OS4oyV za6W)j2stN0SBGuP_Wuh`%`;|6O@e;464ji=iNq$E^sM6mBFy({JpYg}a{AlpAe}+I z&$x{x&b!>$f8QByBed6$x7stiPl3pb0G=K);{&9JWql z09q6{P$l!dYKZ$>UMV<88EEU1ANy zlO^R!q3IPX0N}GW02Lzzri&9~dEEjIOUkObo9fbc=U( zca(L>=B|73dUT{GxBtZZ4TAckTyukeakNq&VrIxiBIxo;iZ6~UT$A*Jz#2|6aE z*I9!9Ea(?rJ2%wRSgjnzUSl7E$a7v!SfOj-K(q1-RR9xvCS6A*%*1# zbBdv2QtGVnKwt%hq|m{mxEB_eUHIq`VrLT@yTep^&$?>;uPN1z$LcNC552zM*JyN= zKdzyA;YrQmF!E(B+x-XFts{TA&&SiY%KbgTEi9>x9L=ry3gM3bZ#yCN$;)b;{6y4>b1Dv@B3GEQOH= zUf)%ndoU513f1IOu29!(DgS3KPg($nT3Dsh9RRENNuQH3u;3{8^eQ?Ic+@w8BvT>knScGl~;@@F!NheTwo_MeF` zhsKF@2#%;%xvzeL!AQI|~M%O-S+Fa@_ zRZEvEyU<31!P9nd#)+AHhZa)1ehPdr*ssyRt~&#B+G8YEk6!#eO>S7{bSbj08^`tN zEZ!(x3#0vQT**smrmAFI&9i;ZDij$1z6He3>s`ZL+5M|Z*!D+SG2;vzrkid76tl9u z&z+8WWhZk?^Z6?!KjPoN>X4?q_u)psc~II2)AwS~Lr1rY)K#E7&@Y39*?+!|9Lw#b zRa~RQlb~kGs(ov){7b)%5)?0WvnqM`M&0}F<TEAQ^xGe3s|C*8ptO*pa5yn2?Y3)yt#ZuZH)+o@U1>aYgD2F7`NO=yD zIn!VZk}|mz(s!0gj>m*E1HJ{8e} zRlt93`;%SS?u0~T1SKZ@$;PUq{I5E*nP3sPz|Fo_av@zq>vi8{ z89HsI!B!+;icZ2&Ix0#W6#9MT$=S0>Iyth%RFW_2)~}W6&Hr`|xZowpGPnO(3L>P^ zqUye=X|c=-I)ziFG5e*Vc}oKE40^fSrsa7?AyQwX>%L zO~j6<#vA4OYnG>(a)m!$CaiT9SOmc{4iWk;B|F_7?Wueg?31{01em8 z4bs_uT`RYVnn9`bSu9o|Oh}3D_yklrXgUHKAc9=cLD>RQVbk(JQL-F-Nzuo2%7W^y zg9+6O*zd4jCzhD?T`T0~#CY!Gjdq@`Jr-=$xAu2OcQe1yB&4lQA6CG?BNR!}{OA-? zDVJ;5uby%N2j2hO*Cr|OScry%XB?J=qOb2oqJ0QbN&p-RT70t`Q07j<}bn(3~FUKrJ~P4+0MIZx1d ztc+JW9d4=NyFp)wc*T%fpPa`-!TrruwH`w(ADkur@S&CBVI!VTyH5kS^f((}AHx*E zD-_h!!XAy))f8x83Y>8`uH&&IQ77UoZLd5%A4ZV$&Twu^X0ps@R@>unW40jy7pZy6 zeuzqlH@uffK1p*|UFq|6wXmuM@JTqNal(Zu@XF9~&`X%21)q{?s(6TKz~*w6z#ILw zQ|k*K_1Y4z776GW#IWg?M0jT>V^6t6CBdYR%7yy<^U9vetX^R}=vJeK)DhBkr?!Gn z?=^|J^VUQBb4cR^!fhD$2(!q?mki0(Ku7|Iq*;69Ew?kNW+w{tRXEC|^ED4aD5OnR z(sxp(DAKf@;7mUA{;L;Pr;KsMvYWGlULwt~y;inS(e3s_tdBMG42v6NZhXfZ9n>R% zI8SlC`SB3 zt83-^;V@NQsn5G+MbVb$RgYdYEhRhi>=$1JMsG%lBj96?@DC)>+z%p`E?vU-Bk}p~ z)fp7JS@#nc+7tD)Z*(2~MFO6X7`zJ^(>(N=z@y|~ajzv@FOJocyyWzl)lZ}=z`ooE z=L0jg`vSyJkSE^+?gR48%CN^G(J@Hp&Y&IsK4$uzbB=Id9M_zNOpBK7vxc=#?+Lt~ zJh#6g@;6Vq;=G`LTtHv;QIEjFj)TNT$c+{lkxe(MJdg z`2M}#yi-wTimyx|F`AhDlfsslYn@08W7wcUkf>n0u_36CmF@lfN+1JscgVZmzvsqu z@bb2&i~nwou|~b)qZ1z4BJq$%fv6(~?9rPSLC-9!q!f0t^ae?1Z|fz$&F_5f&cmgW zZTcL3q@^(6vI760^Aa~cGK0@3t_5wOxPUQ`rPiTo{A&wdksB-e8UC5p8$L=R)q(EFKM_d1cB`+wa-` zE-WJJrQgmnS##2udW|t{8ZJZq@#CuA=RUKnK^QUv!=l=mB!fF$T+eSH^CFPf>rSK| zvZY=iPQ9|pc?XB|BR)o{XZYOPelCCvEVJTZSYaOSMP5~uvuOy5z zj#Cz?$n(s8wr8*}?z17d74pnhrb$P)*rCUs4IWPp*9Vl*57K-+X^Nhit+HbX;dLk1 zLt>lJs}9RA4Y>z;Lw(a5>S&pj19!pl16d9twCn=7ad#s=8;pfRnclFmw<^l`3;jqW zlNFtsj7$7w2c52!5io5_j88HLY35yWbL>*9DLBno5kkKHkm{dG=AjdlT(ZlX!`}0> zA`9f-6r`F7>SZ9&gEItqzy}RO$2nwj(iDYC!yYAUdiJr=F9tT@f&mb?gaV#mb>#XkG*i5RE2m)5Ukb zBYSL%(q3j*>d;smWCnH{boJl$`&<{N4x;zdf>Sh%YJH70Qt2~%;8P-NsnPYby_$t8 zX7VM-b9Z`SQVjAg^8NE&7z`81Fw1~NBQbpov>+dvD1TdChmvf&%TnKf-nCp{3;Y)vK+=kxa~wMx_`1lN{_S zk5IA90Vw=<4XQ`XyDX^~FyC4}&?PkoF0nRD@Q@^^B|Z1uh$*iR)P%GM^F zYJDILe$9Er>~I~FO61e`IXq{60c2pHNyz)eh!s+71M2cNg7V>hE)gifbhzf8{g}j# zyNB$@p@)nTeq;QdU*~E(zoua9b~*6hT=UGXEm$U6>E?c&)zeH`KoQoE_277nrG|OLF^|T21>v*?#!B9M1-CDA*#-Ng3k$Gn=|4 zN|w1RtB~KCVV{v-Evj}k?q$=t0bi3OK7u4!Cg*+2Wp24r|0Jk}`q*C`Qgb>*!Ct;w zcgOZxkpQd4oZ9%AF)UZ5TEK-K{W{Gc<@|z6!#(?l6zPfgs_K2MKBN7eUk~Zyo*0NI zGvxd8nm{aGAS&s}R_K~_S-FnKZOD9cZZ!`X8bE6Kvq9DWh@t)+Sd|g+bmgTEMAaXZ zu(FGFrB!q<8K|TZ&5k<=Th)p#UWA^`{?;z57}3P%Bjh*}k0bfzSK7MpT{D;aKDfQ1 zW2|a@sgLMY*yP=w=Dyt|kal~D3pubs#Z{q%f-KYWnTF@ba!Y1q)g5wX`)qpyxZ`V< zQeeD8*^uE}`awJzbYm(%is|F+K5`MueSSwZOMfk=>K=1)_8x!*XxIu2gaG?M7!Q&u z_JjPmvDf@LXw;#RL{`s+BJW1Zhj+_TX5s z86YL2w(trZgJ)x0p~hOSIR(|6EoG1W{kUvDkoF*dA`mj%L2gFc^V~%d5fLkJ>ZMZJ zg4on!WAM5o=&A%fV#1Ke&p5K#13h09Nb}GvCYVb4{&}@Y?HwGbtbR?$tE2Ht5MoXu zN8y*dTeg5n3VIvpbuFBx4Ld63esbX>-NbA(O5}CU8=TNDH><^OY{TEohh`{P~&0^)hrIyFSplu(f)zkOzo+?S0kgkRhpf1b|F?E)j;zT zK~ph(3ES5RUhs=cwZ~A{y!A@i@oNk4%Rv96-r0h>6*UVAnc{w?R|ELv zK1MX#895%327e}(6MeSRH2vA`GL>syG`MB|+g$#`QuH3Q;Y9p)C4kF_LL*>4IY6HW z@wWolUu9rtEh*K`w*oK`x}W+Z!v^F^2A&_#YV70Le07Kv`4xayl?PC1mZ5ox=;f}a zAz%OpUP>wA?)G_$APJ!a7lqOB4Y0g8k(v2yQLWoWjk4p3xOOy?g(@Ug>Dli)$LHmB zKdJ^jNy>69yF|$mkbENj%#n$`!`3%~WJYi>>|D!Pd1{Ou%Qhy0K38Z-Uz?t0dF%M| z9vx}*;Ek)gT~dYX-p_~{u4VM`D@CNzSGVu^qgBz3v;FW~Yo-8;3vr*R8p~QmY+Shc zN0(*-8T;U5udjyJKIv#_jpu|i$T~Xm`rN(Sv+E6|XKQP#BY3_;k@3NE2X>wHmuKZC zOP|!kZZ}(*Y}@*(qO6QeR)I9%nM?ZY9Qfa(ZRS4a$zo{uFzXyFg6@-Ph>HEMjRsKBq)#b4lv2Q~76x`>J zF*E17X0x1+JpF#jqvzAN=kdGJ0ONi49=&IO+*n7_{$h_3#y(;Er@@~a=Cgg4Z}^`_ zx|~1Ka813njRmZRHf-G_o^}mu^5!%2((uxA!KzV~{AcOxuNtflJbpT%GR!ZI$zM-5f5Hz@Q?1>-s~ze1f-4PD)$y+7^XywluM zJ`pf6ImtAC2t(EsIrPzz*R&pU^20@nwq$~!&!H_Kn9sWMBlPm=?U3~rSa1jgBmY=l7dH6k+df4OeEeN(pbopY^zeZq8MQn zm7*B~zeH30*9RzYj^X%({5|aNwcXo6#N1zXUr19^yAZ9(XsWTPStXiYx$dCRWu?-? zmByN3o&`)OiS<4?kX+yaE{aBcA~$@5l_0eX?&bP)Ct$~)~dn&Bw%{qSzpqCmA!O2rv?GT-dQ z`)|DanQn>?Uj_WC`qX2rXtPl?&nraNY{b~znrS%`Fd5eIE$DT~FD-yfA!o3pib}d8 zkWWVNn~zSFZMxXyq}kGWr|$~qR+US~Ig@j|ZKWbi=Vs;9;X7@}^YOt0^d`XQzk2<4 zgPqc)e zG7|taqZy$1Wsok(=4(!X4zC>~0mo0>`i#NrehC0&b7;(Zb6yrhD`{aRRQC7J<%vD} zxFx9HvT*vHu$VtR&I26XomS70Q`BQ+SZqtR)*-8=prUGlsq*kq5t0Ute^}1eZl||l$_*l#>`#!o0p|ny0_6$&0)Q1{*a)eF zB2b;K>ge19z`wR(xH|}}MciBfHG^TXub>P;1(pv?!Zo#Hk1zUSPtd-&>2?V7VzY~K zNx62&bnzmfdD$~Bgm51imA!hJ&|+Dxn3a9x(?yx#-VkH!Q9Q}VUN-!I4-w!A8VuKh z>*UbLB8MO#$T0-Ro{T*4?rreu@vo@a1(ycI1fU?qN2Yo3?}z)xVE`{W(ev~3S-H8} zA+_eR>9P7bv-|S)^7?lm^me&twa1p?b5)LwXbxDiU2v^yCmUpL)wGszDCWlgws`h^ zj06MpB$+W;VRtAM`CseCFi8*Rg*7zrx2N1C*KhnIa8|~Fd@g|Ov~ZC?Fn?;BDP<29 zvX9e}UKF5b@(vmXj(Ie+=)<29wqL3I^^WA^S4muU;)(k_(NoIysoKNWwQ^n$?^&i) z+ZDw$tb{zg3f(bneUY~o*7P_2{GJBHK9`U(oV`q#+QQgXmd-Q}`yDqYt>I3qKkra& z(t^foh#_w52{wiu-1vPj@L=WVs8dLV8fUQ*cxh`>!qmH>2oC^W5wUgp}!tWcZNmi%0IZnfmGyTK8US8Y1v*~63b z3z2;bI^SJ5+?q@8P@x7QDpWw#$#WF59b0sPh>)iDt ziSh9w8dfRk6Z&|pH)Z83a25X}0hO{x` z+~ZK>T`{v!&-u3gcc)++dpvgy8DERU`W}+s{zcCCo)wEyEu_?e6?7A<@X1XZo{lu$aL~8D)Cmp|KM|W==>5}c z>y@>H@H2i1!wfR=B|X~@rWtU`kBsu4FrmBLD)lxbrFP}QMXyIZlT3Ge^c`NxUdQSZ zAn=xC_4U&avX3aWvda^PVoeGfa*o?9;*Ex8$yjw$?3f)oJ~2CHF6@5F|BjS9V8qbl zg*1UYs_!$Gi@HN}MXc`~*QC5BhW8V;ovMi^99!jY$slufWR4?r`|}MLUx56(5u%fR z@h%Mvsy%K-8JSvcR3yCnN67?QZp%~ib}#NO$F)8EK*KdA>2hk*cUd@Yt@HT8)V8OSA*LHUjIQBerii6ei-MZ$H zgN(zwwOQQjR-#^7y?O6OM_lE-Q)-}yL8CK4A-F%93#ijz6Vs?WajL50l|kV0R^uoR zhSsk!FyoCXZD0Ab=@)!gc9)M1ovz2LNxE}=^C+FJ07a`E+W$sr0kJ9S|=ZV6I zKbQo&9bIc4^9VZSAVCfWs>wbit)H{eo=T=)b~_{c zSY9o4f-@{|-i($s>=^-XCC*+{Y`bxaHql+8WUp=L=)oTUoN%$f-dH<5dok=im=S~}1 z9dCG)sdA346ON3Z!9#1<^6g8swYt{#XYq^_6YzFmGc?PQN(NU~S05(b1X8uNfSbgM zkEiJP^oM0v7M53|jaVnu*e)DW(ypZPqCVBY(Uh&Tv$Xm;=MPEP*1Xiw!QHTbB%L1^ zFPp=W)zma$VY^n6D8No3{e8zsydWZC!eVi4{X-%xrliE>i-A;Tj)kqBj{%3d71g+( zRVD9cgx|{d7iX*iS7S|#YVYFG7!PT*a=eg_#~g2VwSloL?c=Ff<9GGFb-Y;Ymf58O zO+n7H7#2)d=%pOzBI=~?qM=#wPL5yieO>u_q+alMx2ka+p>jEq)2Y7CU)q*eroJ5( zxqjWYMt@W91B=f+c5T()5A}7%7xb&j6b^wuixZ0nD`nAD_H6d+!*-7&BJ6+bcL^2$ ztkf^Z>Xve!)n?6R)oeW^9d-rX9?zGPR#u}{ICBf~o}N>0RL#1CD*fc9ZQv5D#e0qY zx)K4Rvte5s(vi-=%J_v_f2u`ikIK1zigT8~=2{1T)!A9FSrzLnPtU+m-+M}Rc&0rm zM6LV#)$x|1E$J%AJgddtvFP`+M^y2{*qe$9*Tu&C*|7EnXXkgv2`>%&dEMe1JfdqP zG)p&OxVZWWzS^M6(HtC2g6rD+Ab0rjkk7y?+S=~)@Jpd5<6^mQe*{<>DxNIsg1-;m z(YZ^1^N!xNcgNW&r#Gbjpg-$(>dFj@1q_qZ(rm+?mgTHvuqokzfn7Ez=CS}i1NPxa zHW+M*?Ja3Qm4uURI(p{I^4D5N*S%K*RVy=?+?%Zn+_ZEf>y>x^3>gWD)xWi<$q*j^ z8KhFN)X8T*OOJi*uA48h$ollN24!P=kSI$Q%s8l=UPw>%+gX^er ze%w16jvtSk-p@xe)o;|ut+!;T(-{8T_Is|eUU~Y~GOZN(-Jhuwwc_qWJ|yDqG=@4G zZ&?Jpc7Nqf)Y1wMasF9+d@tFk;hE(pvo}OM4New4l~%np#^73Ko1}V~_r=mR^+8T} zI3Azo2W*qLIQVOq_QXh-67}WaN5ddxGm(l@vqyXSa$FZHm1e^xg>KuJp1AK8ot?H# zC&R`j|ERPp`MfIM3*cG^I!2|R)$-djs>&L!5Tx52HnE+wAF&p}W=aZng?mJ2_g*a3 z8+z^hTKEmWb!X7yQ-(jg-l`A3PJAUQo0@vdLy!O6aRJZD-EB~v5%bu#i!wb{Nv?O* zd*qDQ);4JL^Sq=YurQSycHCOK9y&%}HLlmHipjb=bjJ|Bv8mkPdR5jX3B|q`sUc3= zDQCRndf&xlJy#!1SoBCJ&Mj7k&4$@NAJuuzO&f0e%~hUWcwSVtSWD9_>*77B=b!Cd z=rw${1aPt;7p@Fu-8q5AxdE0<41S3Bz=IZA5)0dASCsXCdo$)eIT19rjlU=EJvv@_ zTH*t33~}`BpL0K==7&C$ewC6u*&lE(i=)X{a!|KASmBPl7GCxf*=>7lJ|X3aRSS`a znn$DVPo21M{*uXdyroMjgyZx&oe|vpn~}Wd&l9f*Dyuv=F1Q!}aw=LJnP`KwTOpF~ zvh3x{1aKEu(-ZMczA7A+ejrWlo~R#nw`u1dIJ7l`t=}i35lGiiuf0D{vGvj;Zmg?m zcwbwijKrZXA&aiJbY)w-1eoz$jpjPzQ|6e=lS5R_q0fU#W0L1bua`EY6>G6?SG)7H zN7Ly&kBs6xhUx5NFZ&c9ma%7i2ow38CR%XQB?vHS0sWRq$=N5Hh8GpwNSgg1uEc+q zK6PbovSN>j<%)mAoh!QU1&Lo(8WpbW6mv%2&TCHNSDb%#J(wE{wuX!Dbg!(aGy2ZG zr*8N*HdKZ!Et#Bbk4aNVx?N)Xd0f~}!8qjbS1yKtpJx~l3Avq^c4+;g&;*_1vLT7_ zpLyI$<%A-q{=_paz4SaWVa*vvEwnMVlcG>v-P{W}bn*bQ;kLzm#Fz0YP0H$ z0|;nITa6S%UMvei3s>-CuS%0>$d7k3rdp3#U+i6VsOmjl5*Jsn`7~tqXrku*ov(L? zJ-WTRXv7pTeRq$Dh|a$wMQ^3=<%Jb7xV1C8uW%xZjgr$G={2mf!alS$_HT`#^F7Df zOUmF*GW*5&%;hTXKkv&V3#_;X%Qv2_Y zbaP`>eMxma=yOU+T6QJ9A69f(!m;dBSHT@ae~eo0Ps?lg0r|4q%|R#mZ^hkm{S@pR zyvt7~PQ_ibMtQ9FIPuTRjb3}+rtFy`5B=vDNni8O=?L4Oojt0pop{T&uJXiJI+a!x z@7^3gJIqBtJL$Zx5-s-EKRyNVx{rNwF-nrA-aL^==!=5`HIltVjDT!{)&IlSTYz<$ zZ*8N06;VM&N=iYHMnGDWknZkOK{}-+m5>Gzq`Nz$TUw+Wr33`&5TxU*$JzVc`~A*2 z-&}JIGXws4V*OU!Ypwh4PlC!H;Sq%{D)9Jgd12*4pG7afowKfPWy4sgD+YH+IT2k` zW;N--bw;gc>j4@JiS1MMFAj;dD(K4PDF5h>7K#6f;%M!W+3%CDJL=*TOrtv4?;DPt z5Ja>>kK&$Tt}eQxfzTSTKwT1s7MJje4@w4Fxbepv-h+r_Glq2kKz!ezEoEiM8;JfX%VFMhQE+bN6Tf}47I@q8z|Gmp@!Ox|#sX}kOGUl}y522M; zsuw$R*ub_A+osy&_}gdhR6g64PXo5X>$Vj{zi>~-Zw9vxK{;JeE5kSu-M-?cblm1` z+ghGae$dxnw;7p{8nvXT=$x#Rj+F!S&TK7O6gL(LD)4 zOMH5rDeN)6!Gp&a|Q<|rhVo-0yEQ2j=s(Y~;s_ONxmZ7=s8bJp> z6snG^IKuJgbq!jAb+f-_FZxIZVt(t9vR+SsLRnH$(#r#+uK!-?q+&~Fb#<42frt6M zhB&UPy)ryIOyxfd?B8sJSQv5(d$`vK=Nw-bbffx^9QbG?wuD3k?Ov_=i*OQ=APv1S ze>3P`E#YnG?>4V@zNlO}qn?fJ=`DvIKzG`xaago2+ULjDYP6YzHfcRjpSOoeQadVX zphY?`Fo1r}LXDromuYX$V$W^%rB2~m`CDN%`c5sFJL{fszlf6037h>_n@!kkYOFGO z!s({nTRs7Tl*>9RTmgh^SFm5W*zfO&p^K6v%-6vUIEx$#<&5feJkPjj{45_IU#<^l$NV^o~ukJ(Lj_dQ!+!HEU-~-c1 zgNon=O44jXL=iLHpj|Wp{R549sh|Y}WgN z)FvS?+PqOJz@~+zm_QiU@&lkpm@U%`jgxnhWcCkEI@Iyz&Q+Br_l>l|hP4j0<_=9L zKIjrSlFbtBE>)xegnjpElfH^m!2Hd596h*B|09#nOF6(#Apk-;D)@OlT=4psF*3q9FT zvgfGTwc6!LctcT0hEN(6GN|VJa3@hBez+9B*=;IJOVejl_N8WyH<)xRL#6WD-DZq0 zFKd`KMkyyzw=~!8hQWyfZBLlPBB>*V>BQcI8Mf5luj%hjZWdb{{fXAW-^Zkd~@tqIa$IdhLzoQbb zc}Wa4?TjH07skMXHgGHzf^tsNif4ayiT5&hH0^MISZV{TFTXH+BrSLU(;Q$YW zx&D+ZxR&PH>&8qZ;Zn*ung6IYr>tuIO^}W3m0UL%-e^e!Kg|s`+3L zJpGk7P(NB`!sB!}!3)fBN2y%Q&YN31dQ2~w2 z(WuTrt`c2mVs#bz+AhxJ7qPeIrfqvjqeECqlxar}IA@7bUFg1M-SOlW0}y*T5Hn4}QQ}&+}H?Mzt@$}P1}69hEv7e#Zn!*%oQg+KsAUZ^u+tA6r8%><(FV1L(@=! zsxV5qNrOpffAoy8#&Y)E-vP|q{vjcp2asiayXt( z?xih1itFtA#X9j#b;_A9MU3)dUF+s7tK&E$>PzF>_X?6PzRn1-Z&Ce!r#b93*s-Ulr`w1I6(knpGTDyGs535)tL=8z zgp|0mwtho{aiXr)W!KI~0|@!d2!AMr0ypp22ydJWp{*TY0}fO0yY>asi`@gc=`B90gJi~ zEt!%y_3TiS9nZL$c#doLtD`u>k~eu0-|{p6YJr$k9`54z_{K*VKVz0#yNEiNOJa}j zn!7NcFVgM(7<%aFjfa?|)2?^4n4cg80TstV3SGr{ni+4>WR^_ebv*VQH3sj)8uBdR zx4ix_s?W$^F0sa(<@~jqVAtulZX8-=^ctq=m$2xCXwf5*%P=DI&!(2yXnqs$!Il7M z_0Lm;Jpb>ef~0`~isEE)fSHes>AE5>$GT1$X6dLA{RlDKO*7K?)0z5B>o+9Rcd$x@y;zC+xm)rMQMS zLN23R4~|v%dWrP&eG;-Q%Qq~%Ak$TNn|O840Y*;kvo*}&f}uqe%r)bRi*Uix)6;MD z3t_#0;=l>W2@uuaf3BIk(?Fe@{3ePR&h91yO>2`x>!`65Jm)bh5MJhKJiacOH@x(% zoh(#^hG2B7Stnt3dBxkijAY#HgBC#>rJ-QK01lLvq`?`HJ$FxvscO4D>>u0}{`|wC zsfwy~!gMufv*}D>>y@LZjV||1-KuFlWK3C1O!#QI$NbL;cQVPNGPyE-)Q_r5_O^}{ zyI76qXD-M>FN}Af-oP;43z&a{9PKI0MT2gu2m_`5+9KD#$_6NIpV4q*?Avw#&OtcD z(flqWZ$KIIXahIq;Ex`ucEV3}uIgG9D{A3`*FR#Oe4p<*psd>-x(wq5=+I)%E9fH~ zmR0xqJKmZ7?f7$qw=={CWUoRnLnKBp_%}Vr*W6*+fj;*tTm&y!(@| zY=6hw+xv58=QR+Hf=yW;*jVG?jpNs2(eK`db*i^d=9^#rlw`Vj@)|Gg-SuMHflryS zX!VQblQ@^*wcJD%KY!^`R+MvbmWL#pY**Um!dvLXAz;Fu*{+HH1ZG<# zb$c*PJ0aVce-H)gY3S&gwf*gkmhv`lqaSkVQz)Xi`910vuRKYCI|9UEui#Qkqp&sX zzv4q8Wc{J*;XTedzfhM7ox;ux#_TG7h(HDgpBJi_Ba!>5Cud4|$D(+cEcSMBJ-!pz&^9pN`?7+gr5b z4jT=2S9e6gHLmfv7j)isC$iI7+zi4bD3~_SBfYZ$N5I;_^f0gt<{u_!vN$TpWIB8s zpS5*hamBMN8jgJ6r2?;5(Yk_GuV%k*qqXw=D*;p&;Ag{B)nR3>>}nwHE=`gv4ovWI z!Llv<4GbG`+Nx=<;uZD@^|>lRw%OxRLa^7bA{hLCR~}wlX^g{G<@T`M9S$32taxSQrW|u}? z0ojt&0oJd{F5dG{CCldw{`mbz5%SIeNbPdZncMz+pnrK=g`zYYr%|_?t%@(D>!c(? zF#M~Lw4&^_Gnx7eM%CAqjw?+Zc%*pw$`~6SM~2KWEzZVyn~B@J8T}c#K?i}pJVBiK zB5Jo}7773^BN{ua1>boSuJ`X%(I%u1MnAz+HX`|!qm(uG^&cD0udy8*9|x+l zL+P4`V%EWQcBiubabjOrCN@^?Hod-XKInPctn=!CgAVIFbNX{)t27+f@}<>VwQ&}< z^Z1brugGiB_!Bxgzh7jc{ME40>vv;MP`a2P)vFGMl5)=Z`@8T#%oY~?w&EHIWwK=w zWS$b9Si_k0`wRAZqhu%jkW$yDUhL1CZj*=AfhZgMPUn+v@#qDs!JUj8jcQNzp>3?7 z(|l{utd{O(npa&v+gCE0!GNuk#GR^dTH(P{PM<{OuF=g}o(6qW^&zf`*Sh(+LMeY_ zl;$z2W61KyOHph~+c)HnvAp8i2(hotg5)IV9iFUl>#t?r_TVI8R;BrwVM?^Knnt;Lj`9%nxid zemMR8lz^n}*9L`HhxM~ok%N0o%>)VeT?goz38pQ3QynD;)b%+pu%Pp^XZUzXo^u`? zOI{enWZ2qkk~-Mh&vPpFzyt3ulHO<{w}E|OB6K-Z)#c}?ah!W2nG{`_shN!wbrhJh zHP0XPkSu%(@^$oHgOBXdjniP}B~6Ks!Zq~l60Y<<>v+2}Hc%SOzp*-nF<&dTLe^wL z2lqdrROv1zrCP1#H7`LobULGT5tbH!7vmOen?t|v^oDmF(Lawt{fWe_mg1Y_gi}=4 zA>ehS?_&w&kVm_)sN@X)khCO%#lN;9iLqe586D-6=G25N;Yo~SF*E+jQ6@sTVQhlg z!13or)XeS$161`6=5)Q(&m}P%HPhM}O1Z~(Csbg#t0~J@Y3pz%Cwe#!Kk?4!?RCK$ za+jjDb6w8*TiUMe?_qmLU$Tup;yL}0;7{lz^{__xC{^n3_)#$5%79`g6$(L+V?}Qx zGg>pzPj`cFK81Y_JB+bl{TFNP;czsZ%V7*KY9}mO!MinxqV8n=_2d8@9`Z70?+TG5 z5KDCb9E`thMIq>;=+$gP1tY1n4~hicV{m*HYCI&qQGMX=xEK+Ki9ot-OzF1kfQ&z)-gU(-0MQbKjfm+*BVQnF;3o zfHlxpj(w`sMKi=YgBiW*n2n|3cW_;V^#u2?p1k5Fi*v8_^!R{T!Z1thK&9Q1@ajeM zlaomFg8R*vH}*|xS}pbZt{wzDN_fGHOejZQa=~_jeLnQkS zEzyP8UlEw2wg~qVYm;Z zlp7$l-T^#H2r&XFuk(-k{b?akT({79&>o$@!XfbxIucOY!0^@Jl1uaD(bT(HTfHd& zPBQo^4jr`Fyvf3R{OLc~jB5-JnHybavJn?>hULCJVP*sC=`U|rffeD5J$@KfC zx{~7y%n4%#b?tT~GA zfPGT(H0D#2Gv~|4y4}Y_0R%#lxfjT4qM>BP<8x5;V)Tc4H}Rdo^mrUsM+)4Tgl=I= z6Z{HNiI&m(CdMRlK9GSGbFt(#IbWxWf(ZcFUjIU$JA9s`lK#};6%|a+1>YQ1&lrW> zVUvWh$@qn5UN*ZXtf%^e$)_(w-7inR=ugBYy)sh#`?!>Fi0Wbjg{w5FymYrk zMSCzV-5TyhBsR302rD+!Bq%@c4TlRo=#lKd3^UJo_k*$#c@$7@n}jM@3K%y6#vvPVj)_6hlTn`AAB}9Iy7<($%W~I1WZ@&@X@mecZaTd=yY~$;Evt$V7k)zdI2oa zYS+rUZ-;*-zP*TG$GTql?HYv+tFCGL8+)18uEr1A?E{Bt=3u}zIK(7*0OzbK!f5N{ z*3b2T*Oiqm{=2ZBcbftZeQ6BUqc{yuMvttED2mg`0UGLCZmB0J%4XX~auSBmhH!hLCXgN^|5BAvke4^pNLN_iL8C$(@;R4KYM>Pq&l#PEh@Y7}VHwbj-!}bG0FArET zyz}$3eSY)lIwII|(hiLBWif2bKg=&xmtNQ9hk?dStRMkM@W0%MP+PO8@a^lzhC%lB z@14BG2fZN&yVk4~=i#Hq&@%cp*YTl)@M66-3nbp?l~|*Vs=67XkP1WM`&Q@LSWsc* zGjK;DSMH5#Mft6sA68NH52++MX_yrYe*Q!v2YsJ+4p*D{Z<5ohWN)1@t8LAab)uhV zmigZ{f97Z;eB^R(aOM(#CP(L1fWUk`XCh?mTEE-UUmDyfVZiC&?qsj1hL}){mtCU~ zz6u2LcV{zzRKnuKdwY6J{&>@It*7@|b?bKU{sDn&9%HMm;@YU_UqX-mQSK&jLwCo< z-m}OzkjcccNOqDpes+E%$O@M=_-3nyLdFFFt{<6^SBV*u$vssWP705oWssX6t>-p5 z$@KW4me79&UHdHvNtm8z9heOtcf6im+;Iomy&`GknEs5Sdvzemck@|J%uPimFoODi z$Y1UX)|V`7DtmQ~=92ZM8O5QLbJ=N?vK4aWQ_3U@&a1&A4AOH*;+sOtKhAFchUc87%h^E(KR!ZLod0~V1)^^p9Gqgdno(p25O%K3)mhu4>pvWo_GUWVARC~& zZgEk@<&MOfMdXpul6dp!WXW9NBbbzJUMuK`)0U+t;Me16|FN(b#5eF(KDRR+&22k7 zgxaDs!iw*(sy5j+y-1=fWEm%9;)&0_=Dtf|XB&Q7JI23>tjJ&E?qqsb|GF~U-sDXh zhO*;&E^DxqS#W&VY#(2vYHsa@FL`4xp~vL68%?!zQeCG3Yx+;FY0Q)g&I_avU#Kw3 z-M`k^WS}od1`m+R2Gixrzu4xQyV*)~cgepH>R^ATzi*=c*2=tUR*4LZm265^47i<) z%wL)XuPT_+zOZT_{*`WkH{iWa066r?Z24JJUG74tb3H`AiuRX(pFTS3qp&Qo{QhP0 z#$?$A6czyu%=5lV6ErAx{nmytc|MDM@cNNZ0aZ3fjj&q5$mpR?#z<vaUeTwsSf|%*`;Y0mm-RC) zSaoK#W?6WrTj18M89F{;UeI^z{l=^N3rI@Td) zf9uUCp*&3rwb!aPOU3=f!z1NzE-Lsr<2^pp-oqx9o4bK~LXF1!WqXb-b5^~CIy3dW z_g_sgzTLvsR0K3)zVNu(!O=B1^5IDVe-J6#6@r_iGkywYWg`VUrV+Htw1vavC<3)} zci4vIf7Z>W*}j*edv(X&SIK^GQJL4}L%6o;uk!9x$&)zMm+aG?*p<%(_up{|jjX&2 zWsfcm)p_|;yNY10xgIqfG@YcDnNJ#2cAfv(m$q%Yc>^>%rJK&R+)WcQV-rvJU8a&S zzkWQTBfmj(mjFYK%P0bamkN)gp4yv)4koqfRWk49(+pZgm&NAIhGp56XU}Tv=-kgw9q;fumo?4g zYnEexu#@E$qL@Wj-LwgK2}>5n%W+o;r|A+0vxE)ybM-5X&S+D1S+1kkqXG@aou)gN zY~(sj`lmM+xgGLV)XLDb8N*V9FCWyPDi3hXPlw+{z8Rs3mrqAqvCMn(V-q8Pt$?LA zANkY-daR*Y?}T_q6qc=QY>#Mb}t0^OypwLuDA}>w1apwzx>Og7med-Uwb& z&VCyx!n!8SqT4WWpWSb3*nYudYLW8(BvFB#z(kOv< zK{n5=Vz;BQT1{`Q3XK?;XnTo~o?&`=T)xlHQ3L=G%BEn{ORBqXp6 z577)g=}A#RadH0#6?N$x4kQ0a`@1L?P1hCd9as%GhRc`;nr~H;;|SiHDkFDm5jM{rj1F#ZGY?nx|j92)&>0ue<%dGrjHiPD&fVFjT+qD{?>z#T1>+Wga<;$0m zEn|d@#x3vakp=H zY!S8(zqh58`{{_9nU@ZCeVKSrk8DL=-EQAE4=$O~(y;i-LT6c8u0P$qt&Pf$9dG-x zGoaB|UagjI-#Y2%`K$hGcTrL=uE1V9@O3xx$)g4(dnFuSX%|Z@ zu#Q_vzm6|CQ#zl0f)Vd4jIxNdZsGZ1!|_H702sHjyjdn0Ia;LCBhch7$D+UHi(!PZaab({RlB@(1Efwn9K zA74Y$XN2!7I?c8$kW6eroQo25{HU;vDeb-`+r6`3+?-8Z7uvM(JIg0jTn&D&fLSV- zZ>%2LerT7!S!zaRCAkxWfE+AIH^YoA3#@g=ee{7Xn{d|Ixh%P@9*^yoJHEVk#`K~F zuq!pp_lo7#Qi8f!Q_GTp)|VI&egu}UOgT^3au0xQIoFfz4y64By<4~_!rC0@Cig|N zT!KbVJ80e)yX;${p2A+vtAnisP9+sND*F1m~}WB%aV@q zgxf?KEC0HVsbS%mE2qGNJr1u62*-4O{Xy0y85t4Mkbi#`7Y8gVcXf5Gmc?UYU}DZL zE>gp!*1tZXBrX=3iSNmUih(!lbQ3^HU=;&CzBbTZVEW%brZYKKs1t~NU-Sp?e8|&( zR0scw><2YB3!VVi-T(RI9oN6(14U0W3>(bC!uY38tdlUQ70qRZ$Q`z-iv;3k`Z3Va zmAsOOh43n`pzs!!*Z*S)`M>tp|N51jj(>0A!UC?Q_sPH@U57zy_(!f4 zAUrT0$_y?D{P)x9?tS_4B|D+;6kaM7A}EWH;aFNSm1$Ze?1P#gZ96?M-QSgFB#F_ok?*=qKW?{>!KR@8#eBtWf`dEZ+P0$!lr`fYkVxg+;7G zYDt29c#{axz?Z&0tF1&}?h;MI*5_b^Q8O*Oj+Wc7VJ^Ze-WKwITQC0qU+srSgAU|s zf#<3b3X{kTF@o)W>Fs@|npd#XM;dPXZ`;VvfHU%}(fw{90kf#OdNkqezYT-M7ok9V z{rlw!R5N`t=RC);;6@Z%nL8)urn^7 zLem}D#P^7vf^BCKeh*EXed z7v{(&Xk_C*XDg&_!CRo<;i>z!5PrmW;SJcS9#F9(GLj&t1|#uTjEuS(aayPQMzdXf ze0&fNe{CjT)jW&6DmpzfUq}YV%gqR2p&nt4`Y|9zW-vcSnr)~)_+ge zj54bQBGZPW6$VNwsuy40lM{k~@b^k9E7c$Xe}2FyBj~mXDl6lGlh5$z`@otB)Sw_J zPs_j{1dpFuI{Mxr2}>}AgVJMoJZ-J5{ou~&C@H-m*%AUZ#?nW+dU_PqwY5WOp?s2+ z)6NX_FjOckoIYS2i$63m5qFzOdwl6wvtTse3Ct}mIr&~Ji#|Fis)T@_HHJ^Q9kmH2 zibqH&?uC9M72-oU$m)Sp3ua|yeGnocyt_Lj7cNbm2GVCofIa&Ai5IA9;jO}1$HT!9 zga>YE^DKIYJD@(PFP>Wn7$@0HhiQpfUtT>tIvNCYQVI?fr^`7;{ws4}J09}9j7jV^ zGif8~mUL@*PYPrQWfC5Ly!}A^sk^&-nfW)?z^^o|xVHRSX&aEkB*MDb5=h~VG#Z-J z-^V$B#ACmL2bR$fuO6&M01q2m0PL^2ZQHMvckC9ot`2r>;#HP5J{k-r?W(5@4Gru- z)9Ad_bj1W{fPb#6NS>c=dN2k=MMMZgMK=uML`Oh2@~244#{E_)-xEC@YMe^sa8Q3Z z+t;;FEa)n~Ho*_$3dEe|gnu??l0d9g2B;ONI}nwT!^6XYyN;6rpc+jnCnrY?)C_m| zT-6(kdg$gM)5?LT$nJVzz0#j@soZiZcG~^eqO?*51Hhrp>R+VvOiZKa=1XK|8bEW9 z0!zXDpA5RP%gQ2PAlC%=Zg;=j4}CA0!CEUwO-cE_vXYAzB-Mq5cYzrvEGmisw&gXn z+d*R>3>enWFjWgwhalY%1=uMAlD?R`Mes?Yphg3FOoNRT5Waz&{bbP^qe}uHFSdBoE{fH^}(nnRM&mcwZ*rG*1T6gm^^K==auEGH{BjoF`U4 z<3qSpc@KVg38x=l=Q1CE3L~LeAowP4Xqc&SthsioEieBRS^EQ;Z5(U`0|TnNJWlU{ zBYe5Ab|V#b>|^gLt?3`biuuo9zr@ZD`#k)__YY~PsRw~#Pyo7(gUm*<+H{+^6!7w4 z4{ucK&xEw_E^zLR9ZucR+cYv8uHW6YTLCX@zcwBQShy%$!C0eF=jFojj#&UwbAai4 z7u-mgXj%%KP+~62J5Y;su6-JzUaW2(SP2;a+fqKVq!|BrnwRN41n}hTRVj zLd)ZGbLll9#hQXpnJ!PeTLfu+!pZ3=9Su!KzSCIIv#jFchnk;W`k$49@?k(=U>ZCW z?6AX+T4@9Qz!UMMt1D18iBHC~JQh+gF}I`L6z~nmdj|bX2s|G9Pe*t zO;|N1K%g=Pj?JIT%MuVsQovODAu;R;;Bef~c3vy#5YHPKw5XgCMZ8xqDQ_%L3nORy zsCKPgU7!D1gKG>h63R$ONPxi&%F4-Qf!anGoQJ8`zY+}B^-Dr6$~9%c;O?oZsll_p z5B~*B8d-d9NAF==rQBpl^nAhW=3j#Xnwgb>v@54zOh;qja*>PAI6FNag0X8Eru$*` zd!^C#a&SFbR`nvtZNgC+fSGeiC=x0TnswLap^_cMmE#e>;yA@z*vEP+$L3_yQ6 z|M^Kc&|nC|C08yr>vkWleX)-bk3U-TgD*!jE`KCSn8tJ+U~PfjWRMb+g-2)ZDCQ^+ zrwCnvIFi&^0<{ZNhxr5NykQ%L!XV&m0(KSg;e(#yA&Bo5=+?(V6nSc3U~n{s1-}Q} zY(#v#xlK%Zs)o)ato_J9!lC!k$Ny=Hd_VB7N|CwkDkO|C>(mH?jxUIVl%sp-FMaO& z`ZaaN{kWiM75Y#a(0Pi+OJjkg#BQ~qau7H^a)3;X9SZ2jplqU3W9L6NKi}Ec7m9Gx zgwKDBj8ude2SuU}FgQGgRg8OBSXj}|DHPf`c*O@B&2YsjoEb; zLnl-Cng}J*^ZmjU{^VHb@8MgC$GS!D6Fik!kMpn_qlX_pgLlX1VMuSU=l9S zKC7yV2E`fV#Igg?)!q(B0Cu*tctM*b#bbSCB+m|}O9$onPlfsT_;%Y#tfKG8t?6sg z$~iezH89LUXjy_A+6C$~$XDXNw6*!@zFxqGu@bCfZ$DaQ=1|DKO@P?hZhKBdv)YCV ziN3iic}t~zd}&~s1CSl;@}>u2yC6Xf9_|3-A^zg~3n0*3#9md*Ret#^@n1i+48P`R z2K=i1ht8MmKo}bfhYUVVYqu(d@E7shv=RK0)oWn~_8AQ@Nf!Ud1Y3KJSW;bNb{yEW{% zy&+3OMWq1p-H;5p-0pzfEE!an2Oy6jvD5ip_3A#5PAY(-9FU}pR}LZNl>}d%;<8cg z3uNFcJUc3iih>&(8@o+c$OsveZdm~r?Qo5~*%A2WKbzMGkZLpovP;cL3qx=k5eW$p z&>+jE2J5hKbj*SoE?+-s{#TR`LqRp@&&E_7f@uvJvmf>CLlT4J1d#eheOtiQ=Z}hv zL>_?&d{CKT5Ak`q%h9v9pKeGGDDW@brgY4#_HU=d<@45QgJ!lT?Y zqkIjxI5@^2zqi|pD+i(1Fkv4efg=VM7MHU$v7{v&_2J~eH3;xi#)2wOBGn-)U1e3+ zf#CJ8sKrbZw!88vxrCIyJha;V^k@LNgmX9G@<0!thfo|gIW@I9Ntu_QPf3vq6_GsH z3l$Ab+%7NGBwp^_#@yV1?-dqOppXTz*RqdB%Ve}T>ZNbX=o3#6-MEnb0VlRI4>X5(T+UI+5#Z7_>@$Xd`) zfEA!no}QjiSYv=rd#R}JuxU9IQ~k#5Ro1f?q3-Z)JUhaKe5nl>4j)?ocnSn$t?ALi z-b^|*KOpB60Rd5nn?Tq1=U6;LF$GdBkXh!ecD=~5R|??=6q>x?v4L>X4R!DWi@gbf za5jKpj-K8cRMboL0$!UxdGbUkZ6MiVq5>huLxd+G$etd4F`y z4yT0-Ae0vHIkyN1d=akwHGQ)+uH!y;DDj#S-^)nKm!Sdf`g7iK`M<9y8$MZzDeidasGH492Ts8%IoSD zlI5Hu{Ey%`!@|SwpWdn9{#Fmg2_UhH-p?6-B2~$qJJNte?ylq&eem@aOL!s~c>r*& zICc2QGKKz4A;*2V06FjwoU7Ovvmro1NCaio(v?A&@=XSCKL)bSZqk=O;ZoBPFLboG zE|uiAM})mx(*{XT5Xc*vtL}@Y##-n?`UUPm5wu2@es+cnr<3p)ZA@0%%{E^y)uX1O z8VHx;lVFVrg4Zqx`%=n~79(jLWQlESh53It9QpH<>FH@{vxgK@RP#(=(71=#TB3ha zf1;l)5cZhTzs-~1lJH0xwxkOP3L18lP|6$Gg%~0axd6%fw29yNvBp}BT3qodlJ2SL zzV?B+%*$wK?5luQajVj*osN1!4n7FkUiWuHvv{*R1%>KqiMKc!3)wjXUa$9^j;KA$ zfK2Bjn1~b<7g$i)3_$fQhIn8|mBQynX2!}xI{}NrxPF}yc@|EF=n%@{l&z3L44g_DsL4C;^l%{&9FCO<@V*U~ z8p*-^KO|0LAr5|LV{1#t!xInGJc32_d&I9@T(pKs+Hc1uBp)9iD?NSsrpcrGD9HXC zAh9eYfWRZ~92prg&S1F>8Ji;18Gn|Ce1Tg0T6oQe7-U+rOs@^&_x`?BnN|=>vxGj- z2>x7KlLm@(B&k=-Q!Q8mGVj|TmzM_8*nwHu#@;@os_M}SfaCC5HSdIqkJ|zm)rzuuxj`SVJ)Z`YXsWhRe;=0)m4rc6Zo~lNV|1Ty#13P7$|D#CS?I{gQ<^?yw&DV_ z$jY};nqWc}Ptb~5r{<=?As0YY3r)Hr8DY74dtq@=QBd%rPL=grfTaDuY+W7$Lxv+9 zR$J?mMni5pe~l9gPr#2&cX@3$8xkMe2aviSynxivvMgw^m4T5l1Jt*Ml;n6tfWJ8l zpcZ!Z%k}P2SIMR6wEc9j2yTDr_9#;#(b8=*83Ea5)vuE zLl)o;Z39sk%xDt1{$Y1cE?sDf@dEv=%!WQiDvZY;0RXiGZew7EoD*+oyu`w?4ps=_ zGUbwFp`D0Bm004YXUX$6rN&6Mdw5v+`zHfTUhvXoHVa=xuPCy^i`(0YVKZ6@!ZTmG z*_dPBr{3KTvmh~01QFMdvv4Jr%=b?^A&0XkhRs(`Uq9|{UxaNil>xh|T6eHfexdrO zQ2*FMhQ(I4j6`)sQKer0i%Oy_MM?4?)aD7L{J8OI231-r5ahlEa@G~f0tnbyAb-sH zEp2e}$ozpWLW5yDPn6fS*v_UJ)e~$Y>BfoJ)2Hg~pb-P9J(jT9Otw@VR9j=t3gtI#g%j zF2~{`rMPyal!Xfk@Xnxsk*l1v!7Mi&34n}U#b{VQ^&LLTlP7UdnI|XVq{1br1VQ~8 z3p~1zg5-A^tjwTjX=xEKqI`fGkI~=g3p_ofk{&M67X#bQfMkD+h}P%J3AYNPze%=; z7<5f>`ug1~%3Pt(ClkWw45tREhvBFP`1_|o*+3XnISsU|%W+l>DbVN*!0Eds zHAj@^qDXsRVd%ITNp{N3AbATSh4SchwS3jHnwR52a7h&A)uf@; z%{`+|T$EE|F2RGaPdULU%wV~3H!iZ3O*tx~I5gO8Qz9iucuyy)&F>JY$gOIiCJi|` zIWYzf`Wu$?S3UH5`AR4g1yhpYym4qoWrT>ms$_$`4Lp2&5zx5F0F-11qC6645I+c+ zlv(i!6#swt)s&U}h>Pf;7|h7drUjRo1vI@x>o#?e2zd3K`rTy)>2gTNjlo&%f}-RA zU`Z=MJQ|G#{Sg+opFj`y{vhu!#EroS(;Yyj2H=Ne)+Z{9hT3xW2;P?HPfR+Mi}_lt z8OqrLrn?t_KQ!)FHA;IQdjNq50ig%n=kY)UozgBqag*u{nN-`vPj2=EtGOf*u4Fv# z>g!k6DN!Y|!0(F>ODiaOhPD`@XSp^vJ?SLK%=tnK{;&uXbN0^HBcRlL^{Rv~h4t6T zy$q*d#I|D;qb%xsz@iJfj3jwYdO0hViB`ik0YvXUN}FN8!*B-qpQW6v#KEFpNaY7J zS?u4nn#S#2Z0BNZ!-XWPE>HEsVwfU0oR!Ii{QUg%Ux_Xuz-(*`$rsQvse|vQa&&Y= zkS1&nU2H~w$1xp84vhvVXJcW^OD2&ghVS6VC1L=7g8~2UOn=PA77l#IB3@UpEO%vN zGqyqSX3)3}2$5phO>htgW3NjFpC%LksHEw4rg`Z&(C?Cl6?RR74g~RJ0V$j~i>aEA zdmB?yQOwV%DW*!C;2?T+IM~knt2AU*XskKyDT+3Mbny}ZoLM@x4oC@x;JSW(pi)|} zDWL!Lm3~h&_zk;|kAjE!+eDlyYHKEO7NnFD~G{OR+IvpK!@(Me{+prnhY%_7qDaBY^Y>{rbL)$Z@S zSAcR4gp~an4i`zF@`PjZ#gY|R1;^4Qi5J_ zwpf%r&WhS{F`6K8tF-T+~;0ox7ib7nY ziIL7s^3|A&w^TkHB;o(U9S{XZ$ku6Ki3#9gsuPr<@jeC9{U8+X(7De!uCl%M{wh`j~+z>Lzxgl z;pXXi5i!y!P+$;Eim@3+42@#yjWE2+th0S`p?6SdYbA_zQ#l|6$XEt{8Gu zT7X;t0tR;;aYpPZ&ZXyq;8mb!VyMIa2%a--+VH$YeNaVw*yjkR(Ex5h2v;Vn*@Evr ziR6Pb@p$v}7yo$*+`giOgn#EMj9LwMTJT~$VGGq}>HzQYJ~1)m1_@_!cJ@{1RU^uq z*8m4VxNd;=r&e{%soaE}81)%^P9U<*1Z`f(0+H#05@@CaB7FrRni!_o_8t=pB1}2g z883v!G|=@5=8XtahtGag(`^FswG_pi>ydJZ1r>3^$Dj5g+`E9jyn+;_WoCv9bZnu} z@&?t^goQ_mrysFVfPTM%nh^DQK9oNM{ILE=u1Xa|%Jxt)E7b>PZSbV`Z zp-)m082}a1x>@7fltn(4Xb-W6H#kq$O8XR(_}q*UjLl@g&kqTI&JgM)3RL6RlRian z2Nme=Z%iT3-#;~ihufICRy(daz|oeq>zou6&a*xQ0HS4lv-JzSJESl-(#XKLw!>|^ z*bluRD6C`b{~j^gG}XKe7y*c~tpB5moGc(|f%Zo#)M4>84(p~0o5Ush$XP^e#2;G; zgAIo;V2rR_Q-|iAXd1bXpa8O*R)4%vOWkJu^Pk5Vu1A#d@c!ErFeQx%kMrYarc*T> z&^{VowrPN8T(eqOn_X8onQwNbWL|;@PEYb)lj^bH>xHi$5nNLd3N0i*-vxSlqydw_ z>rx>yKN4!PR1Zh_JuuZJfbJvfwx8Y9B4kx^@M3AeLxv{~U?VY+jfy&~aCIb*xj`Iy zO-I|ez!oA(a-0CF$OO1!tlD2mK|!Fctxa@{`M-`z8|8<+rTxr!GUya6Wkl(w0-Ca% zG_v5drvw%PPGUMJZH6RJol%C z7;M;lBoGx12;?9XXRv%Hi+Hdj&_^VBFr@B?TcA3z)F}d-_WrQD)hilqLf3i>7mTzk z?9NUO(YrMN4wkVm0`reJY#i^?byOCmAy;X6@qS63`LHd9SM#|0K zuVj}nwZciGG*n{DQS?`HiLWN8oh6m=pZ3gs2qENVY62bz?FjiIA z^;dx5-?8JJ_=~cm#dtFBL%+M+@Qf8!w%0O(WWs)b`Q77hf>r&s=MAo%KWK@iLlUc5 zVIFf<4p>&8Xeg-+uwwxRTHv7raX{^vn+Pc>X&In6xBbBpm$6SH(~C!(T=<~zz(KPJ zSz6EbT6&OcLzwPA2TOw?lLc1H)1X0v8)kX09VyyR|BU5;gP^uIv9jdJi6>j*_@7H^ zuLD-*GGHKglNJCku~gDQTKbyDR{who_p#xu`KrRt7+FI@YM7t#gMhsJ40%b`ptgRU zh!qVR8yiT2c^giCOMO|eL8QzOJ~Ai+MktUV8ri-I`Qy^Wq%xS*SbQ|Z!9^zrMNz&P zapr%1e?IBtuoEC~%*^7YKZtqhMyfJ@YXnL!`amxNeZl+e-1=8Xue)NuZvEZ|~Jh${1+Q;I+T zIHb}jR*ZDMPj%`n>n2I#Y_k1SbK@oYW$vfWr<*WEnF{IPiU%_jQzktBA#fbV;s2LU z503tSn!DC`DAPXtIJ6?IB*j)nvC3|dRB9sG&CsS4n~IX?KwFf^5M>>roKxD?RyNw! zhENnujZv$EjL2epy0k)^hgI6q zx;NpkX`uCsN#sWl9yY(`&ix+ednbpM<^74cq6}FCGK)Snw8{&O$8O~|joFRGa5h78 zu6n7)L$L@_oYS!4dls#dytBKJZc532j7zz_HAMrTn%&2>(MvXooa2#R)_F1C+MV-L zQtk3#nYHafxxh2?u_Qaa%$FQ|t~PgLW*~ZE0@~(I{O{LKQ;oN*(PFI%;9HvfJxf>g z8;FN|$N9Rn)?AGgp)zWa_jrTVxqGLgG;Q^K>aGUG0$EByhNHotfQbO;1s}Oaz@Zi> z@*TAQWw5@~S!-z1jl!Vs${!l3+`QiZWcf3~%| zeeUhA8;KKk1)-!J|DYZ6l8cy*9SwdwgspiF=T0*uDVwIx~>AN zm8dX)aVzhBG;a_PcqQeMYSO@^=E+BYtM2JCjn3>Gp_0whSw^&~TG5kS+uyBMuO!Xnyuw=wYPaR$dv!kC*r6nx&|55E ztDUIsPRlBpR(e~!5_FSIDxM`6n_6x=zj)%|Pqs+!W+er7x2>{g|C{C!kH6_N+nsHH z&3cKm4{uYK=c;q8luYYs@)E1nW6M*&b%t3XoxwqtN=|@HxHz3yib0xOO!ESh9tML+ znVAzj^XeL%ES>MUM4l(Y#Dw?6tby4y@Q>xS-F>35avOOzl?j)Qn zH>zT_lK#sc8e%II;;$~;_bMF5)jZn45c z8X4?zm?E|x8js_GL1(&o^$Up}oxXE?Z%+xEK27q7DBMy#%mp zw0>vL9t#2;ho&z<{TYfXd>W{-Kd#>&0U|z>(SREk0E%dY{t`Hk3`4%yFd$b4gVSD- zssgklnEh;1?jCivS35B}*Y?(m&04@vYay2>cX#)*YSftl!c+qCQ-|C!`2I~P z9Nxf_Zts0VW|*T(!|(|PPZ6I9@HBxKO?J$fZD@EQw=IH~WH=0{o1qypb92)jdH=?G zf-=dis9^;cGl=GkVbD#&<4l?{9;iFOMOX3|qP2h%Bju~~w;?HzwiM>e$Iwp|6c>+s za>-hbA&*eN8t6gq0vw%(x|+U&>VBvP#EGiuaIXsF88j?b=Zw`+F@i>xp%(K!2AB&) z&OFanOGUML1u3PP3m2+F#}jt>^5v0*whtW~)~!>1d86f1@*YAbYJvC-;_j%N2AAQ# z?-|D=@p#inER2?Lot@p$(~f@fcx)wzUBIJ?9p*&C1J!v4X5qb4n23y29A>}diw`ewkTSl@&-UwLTxbx@Fj|?F2*g83BLIu&awf35u z3dp8-h{ZxeWTls;mWFg)mv=JNNU?Lz%}oz|^*_&%r$}6!mH``^v4JhhHw( z*I1x)-35Bnic8k4;a6Z8NCxS-SDAgPSkH#{h=h2O2Qy6vX2IWBfT7=sTngb>^kRrlt#XM zch2~PVYF2bs;W*;QZPST<&pPn^3bazqT1G6g&)~EvM9;*rIO0aZD!6yZ=miC36F3- zX>J%)5#y7)C@M;(CgEL;9UZBn0HgxaoZ{Yoz3tzly-h;JOU8U0IDtNhpQWX#S>RfS zA@4k*r>}nxV1vPTm2)6fun^_jrymuMDiC@n@K^+FKvA1yce$yn%VCx~jGZBw@8ySu zhEmk?%;O2a>$~|~RTU6>e@ut9vnNp@hB-nWM?b8uuK}DJ3WQ&^zP^5Z{Y_jBK_n2} zbqm^ILTm66mD26TF_zZW7NBzg;Vafb4Ax$qr3H~(aCgf+7gQ5NgUCmS0l%r-%+AhU zW8`c5xwf_wke9^}kwTZS?$R7sFwrh+$a^=mc>qT7==Vb`U!phaH_JdjN~dkV_Ja~C zUVf(wKvD9_rDd{sUn7HB%_MDOmNbw;^F4dg1pL09o^sJqU=_ysEzy z2hS{khVn=hg)&OUf!NdJjDeyzj9*2py8cOb$@DXPtX2|Ep!vx{6NjUoG_jim-^nl> zVK7Z9r;VoS$2p&}7Vk?EbU}5!9M|mR9qg>o#SRv*l`>)j)`HsFsYqv1NvjUZfz-#* z#7%ftUwL^gfXI6(tyol_kX~?#Re(L=aiP_B0TB_U_XZWV7MuMUCg@{+LPEmMo<&Ag z`{iv18v~J#c5$380Xhd0b@(RSd{1o>>flAov-i zS(F2akAb2YfXT?^T-_{S2q6L+NF)}ax6%^i| zH}F}2(Ly-MW-zdY80Iw;?oD9E2T>Mea=V+^1|b0_Po4~++k*KrL+(Y%VnE>^*1GXJ zs|%qDi~aG(<0$v1;tjdRZl0>5syYUlkq0#w{2hyMs~F7Di^BQjMR(%FiA*4CoAbTo zm-@WCOQMc;_Zr%4R5ZE|N(vr`a{=WlK@Z5#YUH>O{&FGM3N#Q=;l171;f-D4|eFWCU^&b9(< zR0Mc8h|p6+=R2rVGItbD4%qM(iWO(n;Q&{1FIlR$!P<^!Ojq`^VzP;)SizWl$pKTZ)8Vx!>1hz>*lHxdS^KE~1a^V8~ zuB@s`+s~X}E1#=38Bt-WK;rjI^|gGXS+k_hrvJ!_eRe7B#xoMr?$J;Ezx*IjB=`Jf WlFz;%?==kmtu$Y=BI7Hkp#K0Kw2$@x literal 0 HcmV?d00001 From 2a212836412cc5a4831c442062d03d711922f1f9 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Wed, 29 Jan 2025 23:46:59 +0100 Subject: [PATCH 751/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.13.4 (#3145) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index e29eb6fb..c932235e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.3 +appVersion: v2.13.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.21 +version: 7.7.22 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: remove required function in $cluster_key from clusterCredentials + - kind: changed + description: Bump argo-cd to v2.13.4 From c9e59be22ff60c8505b728c9d9916dd91194fc63 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 31 Jan 2025 10:51:42 +0900 Subject: [PATCH 752/768] chore(deps): update actions/create-github-app-token action to v1.11.2 (#3147) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 087e124d..450330ba 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 + uses: actions/create-github-app-token@136412a57a7081aa63c935a2cc2918f76c34f514 # v1.11.2 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 4cfcbc2e26f30c164c966bcf71d266dbcdc2ac26 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Fri, 31 Jan 2025 01:54:40 +0000 Subject: [PATCH 753/768] chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.8.0 (#3146) * chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.8.0 Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> * chore: Sync CRDs from upstream release Signed-off-by: Marco Maurer * chore: Bump minor chart version Signed-off-by: Marco Maurer --------- Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: Marco Maurer Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: Marco Maurer Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 10 ++-- .../templates/crds/analysis-run-crd.yaml | 29 +++++++++- .../templates/crds/analysis-template-crd.yaml | 26 ++++++++- .../crds/cluster-analysis-template-crd.yaml | 26 ++++++++- .../templates/crds/experiment-crd.yaml | 2 +- .../templates/crds/rollout-crd.yaml | 55 ++++++++++++++++++- 6 files changed, 137 insertions(+), 11 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index 757a6329..a9ed74ee 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: v1.7.2 +appVersion: v1.8.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.38.2 +version: 2.39.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -18,7 +18,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Add lifecycle settings for controller - - kind: added - description: Add terminationGracePeriodSeconds for controller + - kind: changed + description: Bump argo-rollouts to v1.8.0 diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index d79c3608..d723b248 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -108,6 +108,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -217,6 +222,13 @@ spec: type: object query: type: string + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object type: object graphite: properties: @@ -3025,6 +3037,9 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object @@ -3076,6 +3091,15 @@ spec: type: boolean query: type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object timeout: format: int64 type: integer @@ -3210,6 +3234,9 @@ spec: consecutiveError: format: int32 type: integer + consecutiveSuccess: + format: int32 + type: integer count: format: int32 type: integer diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 3c46bbad..b0f34229 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -104,6 +104,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -213,6 +218,13 @@ spec: type: object query: type: string + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object type: object graphite: properties: @@ -3021,6 +3033,9 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object @@ -3072,6 +3087,15 @@ spec: type: boolean query: type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object timeout: format: int64 type: integer diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index b7b07c2e..e8a9a6d4 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -104,6 +104,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -213,6 +218,13 @@ spec: type: object query: type: string + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object type: object graphite: properties: @@ -3021,6 +3033,9 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object @@ -3072,6 +3087,15 @@ spec: type: boolean query: type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object timeout: format: int64 type: integer diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 2f2ea2dc..58c0e72e 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index a22a9364..a883137d 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.keepCRDs }} "helm.sh/resource-policy": keep {{- end }} @@ -672,6 +672,16 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + plugin: + properties: + config: + type: object + x-kubernetes-preserve-unknown-fields: true + name: + type: string + required: + - name + type: object setCanaryScale: properties: matchTrafficWeight: @@ -944,6 +954,10 @@ spec: type: object annotationPrefix: type: string + canaryIngressAnnotations: + additionalProperties: + type: string + type: object stableIngress: type: string stableIngresses: @@ -3727,6 +3741,45 @@ spec: type: object stablePingPong: type: string + stepPluginStatuses: + items: + properties: + backoff: + type: string + disabled: + type: boolean + executions: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + index: + format: int32 + type: integer + message: + type: string + name: + type: string + operation: + type: string + phase: + type: string + startedAt: + format: date-time + type: string + status: + type: object + x-kubernetes-preserve-unknown-fields: true + updatedAt: + format: date-time + type: string + required: + - index + - name + - operation + type: object + type: array weights: properties: additional: From 2602b7a364eb5e24db9be041da24810681e764d5 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 14:56:35 +0900 Subject: [PATCH 754/768] chore(deps): update ghcr.io/renovatebot/renovate docker tag to v39.153.2 (#3149) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 450330ba..e9cc0a19 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -30,7 +30,7 @@ jobs: with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate - renovate-version: 39.86.4 + renovate-version: 39.153.2 token: '${{ steps.get_token.outputs.token }}' mount-docker-socket: true env: From 55d2330df6ec86995d7a259d63ddfea956fc874e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 09:35:20 -0600 Subject: [PATCH 755/768] chore(deps): bump the dependencies group with 2 updates (#3150) --- .github/workflows/lint-and-test.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index f8f9fe02..c719d45d 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: 3.9 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e9a10387..194c864e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: sarif_file: results.sarif From ffacdd45f9468a574f3215a31316f76d65f4c46a Mon Sep 17 00:00:00 2001 From: iwin1203 Date: Mon, 3 Feb 2025 18:39:13 +0900 Subject: [PATCH 756/768] chore(argo-cd): Fix typo on README (#3153) fix typo in argocd chart readme Signed-off-by: Ganzidaeyong --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/README.md.gotmpl | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index c932235e..54f47290 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.13.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.22 +version: 7.7.23 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.13.4 + - kind: fixed + description: Fixed typo in README diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 3a4a2560..bc557cd1 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -312,7 +312,7 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr Upstream steps in the [FAQ] are not enough, since we chose a different approach. (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) -Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash kubectl delete secret argocd-redis -n diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 0520c40f..4e0f1ab5 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -312,7 +312,7 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr Upstream steps in the [FAQ] are not enough, since we chose a different approach. (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) -Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash kubectl delete secret argocd-redis -n From 6b1ea92acba9d15f423cc03efc4d7a18dee6f9b5 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 13:25:53 +0100 Subject: [PATCH 757/768] chore(deps): update renovatebot/github-action action to v41.0.12 (#3151) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e9cc0a19..87c2afac 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@d385c88822a237acaead89c462fa0aef7502748f # v41.0.11 + uses: renovatebot/github-action@9ad1a8e771c002ece340d1ff028fae4503fe041b # v41.0.12 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From f30bcd682d92023c4631cbb44fe233d9d5310275 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Tue, 4 Feb 2025 00:43:31 -0600 Subject: [PATCH 758/768] chore(deps): update actions/create-github-app-token action to v1.11.3 (#3156) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 87c2afac..b27a99ac 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@136412a57a7081aa63c935a2cc2918f76c34f514 # v1.11.2 + uses: actions/create-github-app-token@67e27a7eb7db372a1c61a7f9bdab8699e9ee57f7 # v1.11.3 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From c77cb712e078abbce1e015000a6057481580e3f8 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Tue, 4 Feb 2025 12:25:53 +0100 Subject: [PATCH 759/768] feat(argo-cd): Update to Argo CD 2.14 (#3155) * feat(argo-cd): Update to Argo CD 2.14 Signed-off-by: Marco Maurer * fix: Add more customization options to commit-server Signed-off-by: Marco Maurer * fix: Bump appVersion to v2.14.1 Signed-off-by: Marco Maurer * fix: Add 'resources' to commit-server Signed-off-by: Marco Maurer * chore: Drop commitServer.service.type Signed-off-by: Marco Maurer * fix: Add ability to disable the commit-server Signed-off-by: Marco Maurer * chore: Drop commitServer.replicas since there are no upstream docs Signed-off-by: Marco Maurer * feat: Allow adding extraVolume and mounts Signed-off-by: Marco Maurer * chore: Disable commit-server by default Signed-off-by: Marco Maurer * feat: Dedicated metrics service with basic customization options Signed-off-by: Marco Maurer --------- Signed-off-by: Marco Maurer --- charts/argo-cd/Chart.yaml | 8 +- charts/argo-cd/README.md | 63 +- charts/argo-cd/README.md.gotmpl | 18 +- .../argo-cd/ci/with-commit-server-values.yaml | 3 + charts/argo-cd/templates/_helpers.tpl | 18 + .../deployment.yaml | 24 + .../statefulset.yaml | 30 + .../argocd-applicationset/deployment.yaml | 12 + .../argocd-commit-server/deployment.yaml | 238 ++++ .../argocd-commit-server/metrics.yaml | 35 + .../argocd-commit-server/networkpolicy.yaml | 25 + .../argocd-commit-server/service.yaml | 26 + .../argocd-commit-server/serviceaccount.yaml | 19 + .../argocd-repo-server/deployment.yaml | 6 + .../templates/argocd-server/deployment.yaml | 6 + .../templates/crds/crd-application.yaml | 387 ++++++ .../templates/crds/crd-applicationset.yaml | 1163 +++++++++++++++++ charts/argo-cd/values.yaml | 183 ++- 18 files changed, 2257 insertions(+), 7 deletions(-) create mode 100644 charts/argo-cd/ci/with-commit-server-values.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/deployment.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/metrics.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/service.yaml create mode 100644 charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 54f47290..869e9e41 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.13.4 +appVersion: v2.14.1 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.7.23 +version: 7.8.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Fixed typo in README + - kind: changed + description: Bump argo-cd to v2.14.1 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index bc557cd1..f1140f1f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -708,7 +708,7 @@ NAME: my-release | global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` | | global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | | global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | -| global.nodeSelector | object | `{}` | Default node selector for all components | +| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components | | global.podAnnotations | object | `{}` | Annotations for the all deployed pods | | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.priorityClassName | string | `""` | Default priority class for all components | @@ -1621,6 +1621,65 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | +| commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | +| commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | +| commitServer.dnsConfig | object | `{}` | [DNS configuration] | +| commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | +| commitServer.enabled | bool | `false` | Enable commit server | +| commitServer.extraArgs | list | `[]` | commit server command line flags | +| commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server | +| commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server | +| commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| commitServer.extraVolumes | list | `[]` | List of extra volumes to add | +| commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server | +| commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server | +| commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server | +| commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] | +| commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out | +| commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| commitServer.metrics.service.labels | object | `{}` | Metrics service labels | +| commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name | +| commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | +| commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| commitServer.name | string | `"commit-server"` | Commit server name | +| commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | +| commitServer.podLabels | object | `{}` | Labels for the commit server pods | +| commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods | +| commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. | +| commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | +| commitServer.service.annotations | object | `{}` | commit server service annotations | +| commitServer.service.labels | object | `{}` | commit server service labels | +| commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| commitServer.serviceAccount.create | bool | `true` | Create commit server service account | +| commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name | +| commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server | + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) @@ -1653,3 +1712,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl index 4e0f1ab5..d2862792 100644 --- a/charts/argo-cd/README.md.gotmpl +++ b/charts/argo-cd/README.md.gotmpl @@ -672,7 +672,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if not (or (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) ) }} + {{- if not (or (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) (hasPrefix "commitServer" .Key) ) }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} @@ -813,6 +813,20 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. {{- end }} {{- end }} +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "commitServer" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) @@ -845,3 +859,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/ci/with-commit-server-values.yaml b/charts/argo-cd/ci/with-commit-server-values.yaml new file mode 100644 index 00000000..b4ffedca --- /dev/null +++ b/charts/argo-cd/ci/with-commit-server-values.yaml @@ -0,0 +1,3 @@ +# Test Argo CD with optional component "commit-server" +commitServer: + enabled: true diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 1ef054b1..aeaf3df8 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -177,6 +177,24 @@ Create the name of the notifications service account to use {{- end -}} {{- end -}} +{{/* +Create argocd commit-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.commitServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the commit-server service account to use +*/}} +{{- define "argo-cd.commitServer.serviceAccountName" -}} +{{- if .Values.commitServer.serviceAccount.create -}} + {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.commitServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Argo Configuration Preset Values (Influenced by Values configuration) */}} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index e61a8525..0b8285b7 100644 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -175,6 +175,12 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -311,6 +317,24 @@ spec: name: argocd-cmd-params-cm key: controller.ignore.normalizer.jq.timeout optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index a907ac76..733290d1 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -174,6 +174,12 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -310,6 +316,26 @@ spec: name: argocd-cmd-params-cm key: controller.ignore.normalizer.jq.timeout optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -344,6 +370,8 @@ spec: name: argocd-home - name: argocd-cmd-params-cm mountPath: /home/argocd/params + - name: argocd-application-controller-tmp + mountPath: /tmp {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -385,6 +413,8 @@ spec: {{- else }} emptyDir: {} {{- end }} + - emptyDir: {} + name: argocd-application-controller-tmp - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 303106b5..9c085123 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -151,6 +151,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING valueFrom: configMapKeyRef: @@ -211,6 +217,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.webhook.parallelism.limit optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/templates/argocd-commit-server/deployment.yaml b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml new file mode 100644 index 00000000..96cf6575 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml @@ -0,0 +1,238 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }} + containers: + - name: {{ .Values.commitServer.name }} + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-commit-server + {{- with .Values.commitServer.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.metrics.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.format + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + {{- with .Values.commitServer.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8086 + name: server + protocol: TCP + - containerPort: 8087 + name: metrics + protocol: TCP + {{- if .Values.commitServer.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.commitServer.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }} + {{- end }} + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commitServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.commitServer.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + mountPath: /app/config/ssh + - name: tls-certs + mountPath: /app/config/tls + - name: gpg-keys + mountPath: /app/config/gpg/source + - name: gpg-keyring + mountPath: /app/config/gpg/keys + # We need a writeable temp directory for the askpass socket file. + - name: tmp + mountPath: /tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + name: copyutil + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + volumes: + {{- with .Values.commitServer.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + emptyDir: {} + - name: tmp + emptyDir: {} + - name: argocd-commit-server-tls + secret: + secretName: argocd-commit-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - emptyDir: {} + name: var-files + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.commitServer.hostNetwork }} + hostNetwork: {{ .Values.commitServer.hostNetwork }} + {{- end }} + {{- with .Values.commitServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.commitServer.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/metrics.yaml b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml new file mode 100644 index 00000000..7d198a70 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.commitServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }} + {{- with .Values.commitServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.commitServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.commitServer.metrics.service.type }} + {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.commitServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.commitServer.metrics.service.servicePort }} + targetPort: 8087 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml new file mode 100644 index 00000000..6ec0a6ac --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }} + ports: + - protocol: TCP + port: 8086 + - from: + - namespaceSelector: { } + ports: + - port: 8087 +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/service.yaml b/charts/argo-cd/templates/argocd-commit-server/service.yaml new file mode 100644 index 00000000..7b0bf878 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commitServer.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + ports: + - name: server + protocol: TCP + port: 8086 + targetPort: 8086 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml new file mode 100644 index 00000000..d0cf9e73 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.commitServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.commitServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 2617251d..f12332e9 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -239,6 +239,12 @@ spec: name: argocd-cmd-params-cm key: reposerver.plugin.tar.exclusions optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index cc5f7bfe..0b75f062 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -373,6 +373,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 7e3afda6..2c69f9ba 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -319,6 +319,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -466,6 +474,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -685,6 +697,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -834,6 +854,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1166,6 +1190,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1312,6 +1344,10 @@ spec: use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1378,6 +1414,64 @@ spec: required: - repoURL type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: description: Sources is a reference to the location of the application's manifests or chart @@ -1523,6 +1617,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1670,6 +1772,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1848,6 +1954,11 @@ spec: description: Health contains information about the application's current health status properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -2045,6 +2156,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -2194,6 +2313,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -2414,6 +2537,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -2565,6 +2696,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -2933,6 +3068,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3085,6 +3228,11 @@ spec: Kustomize to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced @@ -3320,6 +3468,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3475,6 +3631,11 @@ spec: of Kustomize to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications @@ -3824,6 +3985,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3975,6 +4144,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -4205,6 +4378,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -4357,6 +4538,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced @@ -4463,6 +4648,11 @@ spec: description: HealthStatus contains information about the currently observed health state of an application or resource properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -4480,6 +4670,8 @@ spec: type: string namespace: type: string + requiresDeletionConfirmation: + type: boolean requiresPruning: type: boolean status: @@ -4493,6 +4685,177 @@ spec: type: string type: object type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object sourceType: description: SourceType specifies the type of this application type: string @@ -4730,6 +5093,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -4881,6 +5252,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -5111,6 +5486,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -5263,6 +5646,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml index 6cf09222..eff945f8 100644 --- a/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -242,6 +242,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -340,6 +344,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -385,6 +391,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -472,6 +514,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -570,6 +616,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -676,6 +724,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -864,6 +914,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -962,6 +1016,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1007,6 +1063,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1094,6 +1186,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1192,6 +1288,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1487,6 +1585,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1585,6 +1687,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1630,6 +1734,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1717,6 +1857,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1815,6 +1959,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2090,6 +2236,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2188,6 +2338,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2233,6 +2385,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2320,6 +2508,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2418,6 +2610,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2718,6 +2912,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2816,6 +3014,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2861,6 +3061,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2948,6 +3184,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3046,6 +3286,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3152,6 +3394,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -3340,6 +3584,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3438,6 +3686,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3483,6 +3733,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -3570,6 +3856,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3668,6 +3958,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3963,6 +4255,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4061,6 +4357,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4106,6 +4404,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -4193,6 +4527,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4291,6 +4629,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4566,6 +4906,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4664,6 +5008,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4709,6 +5055,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -4796,6 +5178,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4894,6 +5280,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -5177,6 +5565,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -5275,6 +5667,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -5320,6 +5714,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -5407,6 +5837,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -5505,6 +5939,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6007,6 +6443,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6105,6 +6545,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6150,6 +6592,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -6237,6 +6715,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6335,6 +6817,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6832,6 +7316,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6930,6 +7418,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6975,6 +7465,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7062,6 +7588,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7160,6 +7690,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7452,6 +7984,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7550,6 +8086,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7595,6 +8133,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7682,6 +8256,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7780,6 +8358,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8082,6 +8662,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8180,6 +8764,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8225,6 +8811,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8312,6 +8934,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8410,6 +9036,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8516,6 +9144,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -8704,6 +9334,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8802,6 +9436,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8847,6 +9483,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8934,6 +9606,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9032,6 +9708,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9327,6 +10005,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9425,6 +10107,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9470,6 +10154,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9557,6 +10277,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9655,6 +10379,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9930,6 +10656,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10028,6 +10758,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10073,6 +10805,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10160,6 +10928,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10258,6 +11030,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10541,6 +11315,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10639,6 +11417,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10684,6 +11464,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10771,6 +11587,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10869,6 +11689,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -11371,6 +12193,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -11469,6 +12295,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -11514,6 +12342,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -11601,6 +12465,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -11699,6 +12567,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12196,6 +13066,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12294,6 +13168,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12339,6 +13215,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -12426,6 +13338,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12524,6 +13440,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12820,6 +13738,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12918,6 +13840,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12963,6 +13887,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13050,6 +14010,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13148,6 +14112,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13430,6 +14396,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13528,6 +14498,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13573,6 +14545,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13660,6 +14668,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13758,6 +14770,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -14260,6 +15274,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -14358,6 +15376,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -14403,6 +15423,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -14490,6 +15546,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -14588,6 +15648,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15085,6 +16147,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15183,6 +16249,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15228,6 +16296,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15315,6 +16419,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15413,6 +16521,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15780,6 +16890,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15878,6 +16992,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15923,6 +17039,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -16010,6 +17162,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -16108,6 +17264,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -16267,6 +17425,9 @@ spec: type: string health: properties: + lastTransitionTime: + format: date-time + type: string message: type: string status: @@ -16280,6 +17441,8 @@ spec: type: string namespace: type: string + requiresDeletionConfirmation: + type: boolean requiresPruning: type: boolean status: diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 4c069086..93e480ad 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -119,7 +119,8 @@ global: priorityClassName: "" # -- Default node selector for all components - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux # -- Default tolerations for all components tolerations: [] @@ -3749,3 +3750,183 @@ notifications: # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown + +commitServer: + # -- Enable commit server + enabled: false + + # -- Commit server name + name: commit-server + + # -- Runtime class name for the commit server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## commit server controller image + image: + # -- Repository to use for the commit server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the commit server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the commit server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- commit server command line flags + extraArgs: [] + + # -- Environment variables to pass to the commit server + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the commit server + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + metrics: + # -- Enables prometheus metrics server + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8087 + # -- Metrics service port name + portName: metrics + + ## commit server service configuration + service: + # -- commit server service annotations + annotations: {} + # -- commit server service labels + labels: {} + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: false + + serviceAccount: + # -- Create commit server service account + create: true + # -- commit server service account name + name: argocd-commit-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Annotations to be added to commit server Deployment + deploymentAnnotations: {} + + # -- Annotations for the commit server pods + podAnnotations: {} + + # -- Labels for the commit server pods + podLabels: {} + + # -- Resource limits and requests for the commit server pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for commit server pods + dnsPolicy: "ClusterFirst" + + # -- commit server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + + ## Probes for commit server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 30 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 5 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the commit server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the commit server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the commit server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" From b732ef4689aa571c7fb99fa3f3d5c2ac0bef02f6 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 10:07:42 +0000 Subject: [PATCH 760/768] chore(argo-cd): Update dependency argoproj/argo-cd to v2.14.2 (#3160) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 869e9e41..2c8122a2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.14.1 +appVersion: v2.14.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.8.0 +version: 7.8.1 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-cd to v2.14.1 + description: Bump argo-cd to v2.14.2 From f7b5090efb272e40881a78127db2ef9954c4b2c5 Mon Sep 17 00:00:00 2001 From: PatrickSpies <57619316+PatrickSpies@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:34:55 +0100 Subject: [PATCH 761/768] fix(argo-cd): only create dex-servicemonitor if dex is enabled (#3159) * fix(argo-cd): only create dex-servicemonitor of dex is enabled Signed-off-by: Patrick Spies * numbers are difficult Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> --------- Signed-off-by: Patrick Spies Signed-off-by: Tim Collins <45351296+tico24@users.noreply.github.com> Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com> --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/templates/dex/servicemonitor.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2c8122a2..ff93b69d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.14.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.8.1 +version: 7.8.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.14.2 + - kind: fixed + description: Create ServiceMonitor for dex only if dex is enabled diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 93c9fa32..2564cfa1 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: From d40470b95dd61c2232bf3e7a63f0af6a371a728a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 8 Feb 2025 14:58:48 +0900 Subject: [PATCH 762/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.6.3 (#3164) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index be8df0c6..a9fafdda 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.6.2 +appVersion: v3.6.3 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.4 +version: 0.45.5 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: added - description: Support configuring workflow events in the controller + - kind: changed + description: Bump argo-workflows to v3.6.3 From 56b2429f3b110acbc46bedb01767ba0f2242a694 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Feb 2025 20:18:18 +0100 Subject: [PATCH 763/768] chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 in the dependencies group (#3166) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 194c864e..29f267d3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: sarif_file: results.sarif From ff078480685bd22b93fafc5a3035fdbe1c4da942 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 07:16:36 -0600 Subject: [PATCH 764/768] chore(deps): update renovatebot/github-action action to v41.0.13 (#3167) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b27a99ac..15d4d3a8 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@9ad1a8e771c002ece340d1ff028fae4503fe041b # v41.0.12 + uses: renovatebot/github-action@e084b5ac6fd201023db6dd7743aec023babb02c8 # v41.0.13 with: configurationFile: .github/configs/renovate-config.js # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate From 3a329eae633ebf374d1aa2f6673b828848f9c994 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 08:30:15 -0600 Subject: [PATCH 765/768] chore(argo-workflows): Update dependency argoproj/argo-workflows to v3.6.4 (#3168) Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> --- charts/argo-workflows/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index a9fafdda..364868f6 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v3.6.3 +appVersion: v3.6.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.5 +version: 0.45.6 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -17,4 +17,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Bump argo-workflows to v3.6.3 + description: Bump argo-workflows to v3.6.4 From 689fed54cb70cb693decf5512437f4bc5138d04f Mon Sep 17 00:00:00 2001 From: Yusuke Abe Date: Sat, 15 Feb 2025 19:11:16 +0900 Subject: [PATCH 766/768] chore(argo-workflows): suggest non deprecated option (#3113) --- charts/argo-workflows/Chart.yaml | 6 +++--- charts/argo-workflows/README.md | 2 +- charts/argo-workflows/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 364868f6..c1f8df1a 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.45.6 +version: 0.45.7 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Bump argo-workflows to v3.6.4 + - kind: fixed + description: Update the SSO configuration instructions to reflect the correct field name diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 323524c2..6e400596 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -344,7 +344,7 @@ Fields to note: | server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | | server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | | server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | -| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. | +| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authModes` as `sso`. | | server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider | | server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | | server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index cf9b08d8..0c044454 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -717,7 +717,7 @@ server: # SSO configuration when SSO is specified as a server auth mode. sso: - # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. + # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authModes` as `sso`. enabled: false # -- The root URL of the OIDC identity provider issuer: https://accounts.google.com From 341406ccb2c1c3c1f72432ca22b1470bde1f579a Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Sat, 15 Feb 2025 10:12:33 +0000 Subject: [PATCH 767/768] chore(deps): update actions/create-github-app-token action to v1.11.5 (#3170) --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 15d4d3a8..9460d792 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get token - uses: actions/create-github-app-token@67e27a7eb7db372a1c61a7f9bdab8699e9ee57f7 # v1.11.3 + uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5 id: get_token with: app-id: ${{ vars.RENOVATE_APP_ID }} From 52870ab90783623973cce0987117ae854bb67b39 Mon Sep 17 00:00:00 2001 From: "argoproj-renovate[bot]" <161757507+argoproj-renovate[bot]@users.noreply.github.com> Date: Thu, 20 Feb 2025 09:41:59 +0900 Subject: [PATCH 768/768] chore(deps): update ghcr.io/dexidp/dex docker tag to v2.42.0 (#3172) * chore(deps): update ghcr.io/dexidp/dex docker tag to v2.42.0 Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> * bump the chart Signed-off-by: Tim Collins * helm docs Signed-off-by: Tim Collins --------- Signed-off-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Signed-off-by: Tim Collins Co-authored-by: argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com> Co-authored-by: Tim Collins --- charts/argo-cd/Chart.yaml | 6 +++--- charts/argo-cd/README.md | 2 +- charts/argo-cd/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index ff93b69d..5d12006a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.14.2 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.8.2 +version: 7.8.3 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: fixed - description: Create ServiceMonitor for dex only if dex is enabled + - kind: changed + description: Bump dex version to v2.42.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f1140f1f..25760a5f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1170,7 +1170,7 @@ NAME: my-release | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.41.1"` | Dex image tag | +| dex.image.tag | string | `"v2.42.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 93e480ad..f1213daf 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1025,7 +1025,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.41.1 + tag: v2.42.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: ""