diff --git a/.clomonitor.yml b/.clomonitor.yml new file mode 100644 index 00000000..c75e8a7b --- /dev/null +++ b/.clomonitor.yml @@ -0,0 +1,27 @@ +# CLOMonitor metadata file +# This file must be located at the root of the repository + +# Checks exemptions +exemptions: + - check: dependency_update_tool + reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI) + - check: sbom + reason: "Tracking Helm dependencies is not yet a stable practice." + - check: self_assessment + reason: "Refer to self assessments supplied by the codebases Argo Helm supports." + - check: signed_releases + reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only." + - check: license_scanning + reason: "Temporary exemption: pending response from CNCF Service Desk" + +# TODO: +# License scanning information +# licenseScanning: + # URL with the repository's license scanning results + # + # CLOMonitor can extract license scanning results from FOSSA and Snyk badges + # in the repository README.md file automatically. If your repository uses a + # different scanning solution, this url can be set to pass the corresponding + # check. + # url: https://license-scanning-results.url + diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..cb90a2c2 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,4 @@ +[*.{md,md.gotmpl}] +indent_style = space +indent_size = 4 +trim_trailing_whitespace = false diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..c0d0ab9d --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,6 @@ +* @mkilchhofer @jmeridth @yu-croco + +/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco @tico24 +/charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24 +/charts/argo-events/ @pdrastil @jmeridth @tico24 @yu-croco +/charts/argo-rollouts/ @jmeridth @yu-croco diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 816593c4..00000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: '' -labels: 'bug' -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Additional context** -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml new file mode 100644 index 00000000..bef979b8 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yaml @@ -0,0 +1,69 @@ +--- +name: Bug report +description: Create a report to help us improve +labels: +- bug +body: +- type: textarea + attributes: + label: Describe the bug + description: A clear and concise description of what the bug is. + validations: + required: true + +- type: dropdown + attributes: + label: Related helm chart + description: You may select more than one. + multiple: true + options: + - argo-cd + - argo-events + - argo-rollouts + - argo-workflows + - argocd-image-updater + - argocd-apps + - other + validations: + required: true + +- type: input + attributes: + label: Helm chart version + description: Version of the Helm chart this issue relates to + placeholder: e.g. 0.16.2 + validations: + required: true + +- type: textarea + attributes: + label: To Reproduce + description: Steps to reproduce the behavior + placeholder: | + 1. Go to '...' + 2. Click on '....' + 3. Scroll down to '....' + 4. See error + validations: + required: true + +- type: textarea + attributes: + label: Expected behavior + description: A clear and concise description of what you expected to happen. + validations: + required: true + +- type: textarea + attributes: + label: Screenshots + description: If applicable, add screenshots to help explain your problem. + validations: + required: false + +- type: textarea + attributes: + label: Additional context + description: Add any other context about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..bb9a2645 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,9 @@ +blank_issues_enabled: false + +contact_links: + - name: Ask a question + url: https://github.com/argoproj/argo-helm/discussions/new + about: Ask a question or start a discussion about our community Helm Charts + - name: Chat on Slack + url: https://argoproj.github.io/community/join-slack + about: Maybe chatting with the community can help diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 36014cde..00000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: '' -labels: 'enhancement' -assignees: '' - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yaml b/.github/ISSUE_TEMPLATE/feature_request.yaml new file mode 100644 index 00000000..e3f0c1a8 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yaml @@ -0,0 +1,51 @@ +--- +name: Feature request +description: Suggest an idea for this project +labels: +- enhancement +body: +- type: textarea + attributes: + label: Is your feature request related to a problem? + description: A clear and concise description of what the problem is. Please describe. + placeholder: | + Ex. I'm always frustrated when [...] + validations: + required: false + +- type: dropdown + attributes: + label: Related helm chart + description: You may select more than one. + multiple: true + options: + - argo-cd + - argo-events + - argo-rollouts + - argo-workflows + - argocd-image-updater + - argocd-apps + - other + validations: + required: true + +- type: textarea + attributes: + label: Describe the solution you'd like + description: A clear and concise description of what you want to happen. + validations: + required: true + +- type: textarea + attributes: + label: Describe alternatives you've considered + description: A clear and concise description of any alternative solutions or features you've considered. + validations: + required: false + +- type: textarea + attributes: + label: Additional context + description: Add any other context or screenshots about the feature request here. + validations: + required: false diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml index 01fdbe0c..154dbfbf 100644 --- a/.github/configs/cr.yaml +++ b/.github/configs/cr.yaml @@ -1,2 +1,12 @@ ## Reference: https://github.com/helm/chart-releaser -index-path: "./index.yaml" \ No newline at end of file +index-path: "./index.yaml" + +# PGP signing +sign: true +key: Argo Helm maintainers +# keyring: # Set via env variable CR_KEYRING +# passphrase-file: # Set via env variable CR_PASSPHRASE_FILE + +# Enable automatic generation of release notes using GitHubs release notes generator. +# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes +generate-release-notes: true diff --git a/.github/configs/ct-install.yaml b/.github/configs/ct-install.yaml index e991d382..df00bb1e 100644 --- a/.github/configs/ct-install.yaml +++ b/.github/configs/ct-install.yaml @@ -2,18 +2,14 @@ # Don't add the 'debug' attribute, otherwise the workflow won't work anymore # Only Used for the CT Install Stage remote: origin +target-branch: main chart-dirs: - charts chart-repos: - - argo=https://argoproj.github.io/argo-helm - - minio=https://helm.min.io/ - dandydeveloper=https://dandydeveloper.github.io/charts/ - - stable=https://charts.helm.sh/stable - - incubator=https://charts.helm.sh/incubator helm-extra-args: "--timeout 600s" validate-chart-schema: false validate-maintainers: true validate-yaml: true exclude-deprecated: true -excluded-charts: - - "argocd-applicationset" +excluded-charts: [] diff --git a/.github/configs/ct-lint.yaml b/.github/configs/ct-lint.yaml index e7188eb1..99cb8b3c 100644 --- a/.github/configs/ct-lint.yaml +++ b/.github/configs/ct-lint.yaml @@ -2,15 +2,11 @@ # Don't add the 'debug' attribute, otherwise the workflow won't work anymore # Only Used for the CT Lint Stage remote: origin +target-branch: main chart-dirs: - charts chart-repos: - - argo=https://argoproj.github.io/argo-helm - - minio=https://helm.min.io/ - dandydeveloper=https://dandydeveloper.github.io/charts/ - - stable=https://charts.helm.sh/stable - - incubator=https://charts.helm.sh/incubator -helm-extra-args: "--timeout 600s" validate-chart-schema: false validate-maintainers: true validate-yaml: true diff --git a/.github/configs/kind-config.yaml b/.github/configs/kind-config.yaml new file mode 100644 index 00000000..f4bf78cb --- /dev/null +++ b/.github/configs/kind-config.yaml @@ -0,0 +1,7 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: + - role: control-plane + - role: worker + - role: worker + - role: worker diff --git a/.github/configs/labeler.yaml b/.github/configs/labeler.yaml new file mode 100644 index 00000000..80b72ba8 --- /dev/null +++ b/.github/configs/labeler.yaml @@ -0,0 +1,23 @@ +argo-cd: + - changed-files: + - any-glob-to-any-file: charts/argo-cd/** + +argo-events: + - changed-files: + - any-glob-to-any-file: charts/argo-events/** + +argo-rollouts: + - changed-files: + - any-glob-to-any-file: charts/argo-rollouts/** + +argo-workflows: + - changed-files: + - any-glob-to-any-file: charts/argo-workflows/** + +argocd-image-updater: + - changed-files: + - any-glob-to-any-file: charts/argocd-image-updater/** + +argocd-apps: + - changed-files: + - any-glob-to-any-file: charts/argocd-apps/** diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js new file mode 100644 index 00000000..f453f640 --- /dev/null +++ b/.github/configs/renovate-config.js @@ -0,0 +1,8 @@ +module.exports = { + platform: 'github', + // This ensures that the gitAuthor and gitSignOff fields match + gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>', + autodiscover: false, + allowPostUpgradeCommandTemplating: true, + allowedPostUpgradeCommands: [".*"], + }; diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..4d8e45c5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +## Reference: https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: weekly + day: "saturday" + commit-message: + prefix: "chore(deps)" + groups: + dependencies: + applies-to: version-updates + update-types: + - "minor" + - "patch" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 67fe55f4..ed14509e 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,13 +1,16 @@ + Checklist: -* [ ] I have updated the chart version in `Chart.yaml` following Semantic Versioning. +* [ ] I have bumped the chart version according to [versioning](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#versioning) +* [ ] I have updated the documentation according to [documentation](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#documentation) +* [ ] I have updated the chart changelog with all the changes that come with this pull request according to [changelog](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). * [ ] Any new values are backwards compatible and/or have sensible default. -* [ ] I have followed the testing instructions in the [contributing guide](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md). -* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo). -* [ ] My build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)). +* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md). +* [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/stable/developer-guide/ci/)). -Changes are automatically published when merged to `master`. They are not published on branches. + diff --git a/.github/stale.yaml b/.github/stale.yaml deleted file mode 100644 index d9f65632..00000000 --- a/.github/stale.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Number of days of inactivity before an issue becomes stale -daysUntilStale: 60 -# Number of days of inactivity before a stale issue is closed -daysUntilClose: 7 -# Issues with these labels will never be considered stale -exemptLabels: - - pinned - - security -# Label to use when marking an issue as stale -staleLabel: wontfix -# Comment to post when marking an issue as stale. Set to `false` to disable -markComment: > - This issue has been automatically marked as stale because it has not had - recent activity. It will be closed if no further activity occurs. Thank you - for your contributions. -# Comment to post when closing a stale issue. Set to `false` to disable -closeComment: false \ No newline at end of file diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 1056a239..c719d45d 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -1,27 +1,47 @@ ## Reference: https://github.com/helm/chart-testing-action ---- name: Linting and Testing on: pull_request -jobs: + +permissions: + contents: read + +jobs: + linter-artifacthub: + runs-on: ubuntu-latest + container: + image: public.ecr.aws/artifacthub/ah:v1.14.0 + options: --user 1001 + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Run ah lint + working-directory: ./charts + run: ah lint + chart-test: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@v2 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: - python-version: 3.7 + python-version: 3.9 - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.0.1 + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 + with: + # Note: Also update in scripts/lint.sh + version: v3.11.0 - name: List changed charts id: list-changed @@ -30,15 +50,51 @@ jobs: changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed) charts=$(echo "$changed" | tr '\n' ' ' | xargs) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" - echo "::set-output name=changed_charts::$charts" + echo "changed=true" >> $GITHUB_OUTPUT + echo "changed_charts=$charts" >> $GITHUB_OUTPUT fi + - name: Run chart-testing (lint) run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml + - name: Run docs-testing (helm-docs) + id: helm-docs + run: | + ./scripts/helm-docs.sh + if [[ $(git diff --stat) != '' ]]; then + echo -e '\033[0;31mDocumentation outdated!\033[0m ❌' + git diff --color + exit 1 + else + echo -e '\033[0;32mDocumentation up to date\033[0m ✔' + fi + - name: Create kind cluster - uses: helm/kind-action@v1.1.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 if: steps.list-changed.outputs.changed == 'true' + with: + config: .github/configs/kind-config.yaml + - name: Deploy latest ArgoCD CRDs when testing ArgoCD extensions + if: | + contains(steps.list-changed.outputs.changed_charts, 'argocd-image-updater') || + contains(steps.list-changed.outputs.changed_charts, 'argocd-apps') + run: | + helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ + helm dependency build charts/argo-cd/ + helm template charts/argo-cd/ --set server.extensions.enabled=true -s templates/crds/* | kubectl apply -f - + + - name: Skip HPA tests of ArgoCD + if: contains(steps.list-changed.outputs.changed_charts, 'argo-cd') + run: | + ## Metrics API not available in kind cluster + rm charts/argo-cd/ci/ha-autoscaling-values.yaml + + - name: Create an external redis for ArgoCD externalRedis feature + if: contains(steps.list-changed.outputs.changed_charts, 'argo-cd') + run: | + kubectl create namespace redis + helm repo add bitnami https://charts.bitnami.com/bitnami + helm install redis bitnami/redis --wait --namespace redis --set auth.password=argocd --set architecture=standalone - name: Run chart-testing (install) run: ct install --config ./.github/configs/ct-install.yaml diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index d1ba98ee..9bde9db4 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -1,14 +1,30 @@ ## Reference: https://github.com/pascalgn/size-label-action ---- -name: 'PR Size' +name: 'PR Labeling' + on: pull_request_target: - types: [opened, synchronize, reopened] + types: + - opened + - synchronize + - reopened + +permissions: + contents: read + pull-requests: write + jobs: + triage: + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 + with: + configuration-path: ".github/configs/labeler.yaml" + repo-token: "${{ secrets.GITHUB_TOKEN }}" + sync-labels: true + size-label: runs-on: ubuntu-latest steps: - - name: size-label - uses: "pascalgn/size-label-action@v0.4.2" + - uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5 env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml new file mode 100644 index 00000000..170d908b --- /dev/null +++ b/.github/workflows/pr-title.yml @@ -0,0 +1,37 @@ +## Reference: https://github.com/amannn/action-semantic-pull-request +name: "Lint PR" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + contents: read + +jobs: + main: + permissions: + pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs + statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR + name: Validate PR title + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + # Configure which scopes are allowed. + scopes: | + argo-cd + argo-events + argo-rollouts + argo-workflows + argocd-image-updater + argocd-apps + deps + github + # Configure that a scope must always be provided. + requireScope: true diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f01702a6..f6dcec99 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,42 +1,83 @@ ---- +## Reference: https://github.com/helm/chart-releaser-action name: Chart Publish on: push: branches: - - master - - rewrite-build + - main + paths: + - "charts/**" + +permissions: + contents: read + jobs: publish: + if: github.repository == 'argoproj/argo-helm' + permissions: + contents: write # for helm/chart-releaser-action to push chart release and create a release + packages: write # to push OCI chart package to GitHub Registry runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: v3.10.1 # Also update in lint-and-test.yaml - name: Add dependency chart repos run: | - helm repo add argo https://argoproj.github.io/argo-helm - helm repo add minio https://helm.min.io/ helm repo add dandydeveloper https://dandydeveloper.github.io/charts/ - helm repo add stable https://charts.helm.sh/stable - helm repo add incubator https://charts.helm.sh/incubator + - name: Configure Git run: | git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases. - - name: Fetch current Chart Index + - name: Fetch current Chart Index run: | git checkout origin/gh-pages index.yaml + # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key + # in ASCII-armored format. To export a (new) key, run this command: + # `gpg --armor --export-secret-key ` + - name: Prepare PGP key + run: | + IFS="" + echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg + echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt + + # Tell chart-releaser-action where to find the key and its passphrase + echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV" + echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV" + env: + PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}" + PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" + - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.2.0 - with: + uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 + with: config: "./.github/configs/cr.yaml" env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Login to GHCR + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push chart to GHCR + run: | + shopt -s nullglob + for pkg in .cr-release-packages/*.tgz; do + if [ -z "${pkg:-}" ]; then + break + fi + helm push "${pkg}" oci://ghcr.io/${{ github.repository }} + done diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 00000000..9460d792 --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,38 @@ +name: Renovate +on: + # The "*" (#42, asterisk) character has special semantics in YAML, so this + # string has to be quoted. + schedule: + - cron: '0 * * * *' + # Manual trigger is also possible + workflow_dispatch: {} + +permissions: + contents: read + +jobs: + renovate: + if: github.repository == 'argoproj/argo-helm' + runs-on: ubuntu-latest + steps: + - name: Get token + uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5 + id: get_token + with: + app-id: ${{ vars.RENOVATE_APP_ID }} + private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@e084b5ac6fd201023db6dd7743aec023babb02c8 # v41.0.13 + with: + configurationFile: .github/configs/renovate-config.js + # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate + renovate-version: 39.153.2 + token: '${{ steps.get_token.outputs.token }}' + mount-docker-socket: true + env: + LOG_LEVEL: 'debug' + RENOVATE_REPOSITORIES: '${{ github.repository }}' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 00000000..29f267d3 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,73 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '21 6 * * 6' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + if: github.repository_owner == 'argoproj' + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + with: + sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8b16dff4..159a0e8e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,15 +1,38 @@ +## Reference: https://github.com/actions/stale name: Mark stale issues and pull requests on: schedule: - cron: "30 1 * * *" + +permissions: + contents: read + jobs: stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@v3 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-issue-message: 'Stale issue message' - stale-pr-message: 'Stale pull request message' + # Number of days of inactivity before an issue becomes stale + days-before-stale: 60 + # Number of days of inactivity before a stale issue is closed + days-before-close: 7 + # Issues with these labels will never be considered stale + exempt-issue-labels: "on-hold,pinned,security" + exempt-pr-labels: "on-hold,pinned,security" + # Comment to post when marking an issue as stale. + stale-issue-message: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. + stale-pr-message: > + This pull request has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. + # Label to use when marking an issue as stale stale-issue-label: 'no-issue-activity' stale-pr-label: 'no-pr-activity' diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index 016e7842..00000000 --- a/CODEOWNERS +++ /dev/null @@ -1,19 +0,0 @@ -# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners - -# All charts -/charts/ @mkilchhofer - -# Argo Workflows -/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler - -# Argo CD -/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler @mbevc1 - -# Argo Events -/charts/argo-events @jbehling @VaibhavPage @oliverbaehler - -# Argo Rollouts -/charts/argo-rollouts @oliverbaehler - -# Argo CD Notifications -/charts/argocd-notifications @alexmt @andyfeller @oliverbaehler @mbevc1 diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..37789a9d --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,9 @@ +# Code of Conduct + +We adhere to the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). Please reference the link for details. + +## TL;DR (too long didn't read) + +Be kind + +Your participation is at the discression of the maintainers of this project. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a4ad43dd..c20486f6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,48 +2,162 @@ Argo Helm is a collection of **community maintained** charts. Therefore we rely on you to test your changes sufficiently. -## Testing Argo Workflows Changes +## Pull Requests + +All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. See the above stated requirements for PR on this project. + +### Pull Request Title Linting + +We lint the title of your pull request to ensure it follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification. This is done using GitHub actions and the [action-semantic-pull-request](.github/workflows/pr-title.yml) workflow. We require the scope of the change to be included in the title. The scope should be the name of the chart you are changing. For example, if you are changing the `argo-cd` chart, the title of your pull request should be `fix(argo-cd): Fix typo in values.yaml`. + +## Documentation + +The documentation for each chart is generated with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. + +We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges): + +```shell +./scripts/helm-docs.sh +``` + +> **Note** +> When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file. + +### Updating a chart README.md + +When updating the `README.md.gotmpl` inside a chart directory you must to run the `helm-docs` script to generate the updated `README.md` file. To reiterate, you should not edit the `README.md` file manually. It will be generated by the following command: + +```shell +./scripts/helm-docs.sh +``` + +> **Note** +> If you see changes to unrelated chart `README.md` files you may have accidentally updated a `README.md.gotmpl` file in another chart's folder unintentionally or someone else failed to run this script. Please revert those changes if you do not intend them to be a part of your pull request. + +## Versioning + +Each chart's version follows the [semver standard](https://semver.org/). + +New charts should start at version `1.0.0`, if it's considered stable. If it isn't considered stable, it must be released as `prerelease`. + +Any breaking changes to a chart (backwards incompatible) require: + +* Bump of the current Major version of the chart +* State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` + +### New Application Versions + +Helm charts are intended to be created for all non-patched releases of Argo CD, Workflows, Rollouts, and Events. Associated dependencies, such as Redis, will use the version recommended by the associated release. + +When selecting new application versions ensure you make the following changes: + +* `values.yaml`: Bump all instances of the container image version +* `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version` + +Please ensure chart version changes adhere to semantic versioning standards: + +* Major: Large chart rewrites, major non-backwards compatible or destructive changes +* Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes +* Patch: App version patch updates, backwards compatible optional chart features + +### Immutability + +Each release for each chart must be immutable. Any change to a chart (even just documentation) requires a version bump. Trying to release the same version twice will result in an error. + +### Chart Versioning + +Currently we require a chart version bump for every change to a chart, including updating information for older versions. This may change in the future. + +### Artifact Hub Annotations + +Since we release our charts on Artifact Hub we encourage making use of the provided chart annotations for Artifact Hub. + +* [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/) + +#### Changelog + +We want to deliver transparent chart releases for our chart consumers. Therefore we require a changelog per new chart release. + +Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). + +A new `artifacthub.io/changes` needs to be written covering only the changes since the previous release. + +Each change requires a new bullet point following the pattern. See more information [Artifact Hub annotations in Helm Chart.yaml file](https://artifacthub.io/docs/topics/annotations/helm/). + +```yaml +- kind: {type} + description: {description} +``` + +You can use the following template: + +```yaml +name: argo-cd +version: 5.19.12 +... +annotations: + artifacthub.io/changes: | + - kind: added + description: Something New was added + - kind: changed + description: Changed Something within this chart + - kind: changed + description: Changed Something else within this chart + - kind: deprecated + description: Something deprecated + - kind: removed + description: Something was removed + - kind: fixed + description: Something was fixed + - kind: security + description: Some Security Patch was included +``` + +## Testing + +### Testing Argo Workflows Changes Minimally: -``` -helm install charts/argo -n argo +```shell +helm install charts/argo-workflows -n argo argo version ``` -Follow this instructions for running a hello world workflow. +Follow [these](https://argo-workflows.readthedocs.io/en/stable/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow. -## Testing Argo CD Changes +### Testing Argo CD Changes Clean-up: -``` +```shell helm delete argo-cd --purge kubectl delete crd -l app.kubernetes.io/part-of=argocd ``` Pre-requisites: -``` + +```shell helm repo add redis-ha https://dandydeveloper.github.io/charts/ helm dependency update ``` Minimally: -``` -helm install charts/argo-cd --namespace argocd -n argo-cd +```shell +helm install argocd argo/argo-cd -n argocd --create-namespace kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443 ``` In a new terminal: -``` +```shell argocd version --server localhost:8080 --insecure # reset password to 'Password1!' kubectl -n argocd patch secret argocd-secret \ -p '{"stringData": { - "admin.password": "$2a$10$hDj12Tw9xVmvybSahN1Y0.f9DZixxN8oybyA32Uy/eqWklFU4Mo8O", - "admin.passwordMtime": "'$(date +%FT%T%Z)'" + "admin.password": "$2a$10$hDj12Tw9xVmvybSahN1Y0.f9DZixxN8oybyA32Uy/eqWklFU4Mo8O", + "admin.passwordMtime": "'$(date +%FT%T%Z)'" }}' argocd login localhost:8080 --username admin --password 'Password1!' @@ -52,48 +166,25 @@ argocd login localhost:8080 --username admin --password 'Password1!' Create and sync app: -``` +```shell argocd app create guestbook --dest-namespace default --dest-server https://kubernetes.default.svc --path guestbook --project default --repo https://github.com/argoproj/argocd-example-apps.git argocd app sync guestbook ``` -## Testing Argo CD Notification Changes - -Thorough testing of argocd-notifications would require one or more notification services (Slack, OpsGenie, etc), however -minimal testing mostly consists of successful Helm chart installation and the argocd-notifications controller having -access to the `Application` resources in the same namespace that Argo CD is installed. - -``` -helm install argocd-notifications charts/argocd-notifications --namespace argocd -``` - -## New Application Versions - -When raising application versions ensure you make the following changes: - -- `values.yaml`: Bump all instances of the container image version -- `Chart.yaml`: Ensure `appVersion` matches the above container image and bump `version` - -Please ensure chart version changes adhere to semantic versioning standards: - -- Patch: App version patch updates, backwards compatible optional chart features -- Minor: New chart functionality (sidecars), major application updates or minor non-backwards compatible changes -- Major: Large chart rewrites, major non-backwards compatible or destructive changes - -## Testing Charts +### Testing Charts As part of the Continuous Integration system we run Helm's [Chart Testing](https://github.com/helm/chart-testing) tool. -The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. +The checks for Chart Testing are stricter than the standard Helm requirements. For example, fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames. Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml) The linting can be invoked manually with the following command: -``` +```shell ./scripts/lint.sh ``` ## Publishing Changes -Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`). \ No newline at end of file +Changes are automatically publish whenever a commit is merged to the `main` branch by the CI job (see `./.github/workflows/publish.yml`). diff --git a/EMERITUS.md b/EMERITUS.md new file mode 100644 index 00000000..c0ff9674 --- /dev/null +++ b/EMERITUS.md @@ -0,0 +1,14 @@ +# Emeritus Approvers + +These are the people who have been approvers in the past, and have since retired from the role. + +We thank them for their service to the project. + +| Emeritus | GitHub ID | +| -------- | --------- | +| Oliver Bähler | [oliverbaehler](https://github.com/oliverbaehler) | +| Stefan Sedich | [stefansedich](https://github.com/stefansedich) | +| Pablo Osinaga | [paguos](https://github.com/paguos) | +| Yann Soubeyrand | [yann-soubeyrand](https://github.com/yann-soubeyrand) | +| David J. M. Karlsen | [davidkarlsen](https://github.com/davidkarlsen) | +| John Behling | [jbehling](https://github.com/jbehling) | diff --git a/OWNERS b/OWNERS deleted file mode 100644 index e393c5ba..00000000 --- a/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -owners: -- alexec -- alexmt -- jessesuen - -approvers: -- alexec -- alexmt -- jessesuen diff --git a/README.md b/README.md index 2db0e70a..c4092e07 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,104 @@ # Argo Helm Charts -[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) +[![Slack](https://img.shields.io/badge/slack-%23argo--helm--charts-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml) +[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo) +[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm) +[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7942/badge)](https://www.bestpractices.dev/projects/7942) -Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command: +Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command: -``` +```bash helm repo add argo https://argoproj.github.io/argo-helm ``` + +## Contributing + +We'd love to have you contribute! Please refer to our [contribution guidelines](CONTRIBUTING.md) for details. + +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of the main four charts (argo-cd, argo-workflows, argo-events, argo-rollouts) by using `--set crds.install=false` when installing the chart. + +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Our CRDs have been moved to `/templates` to address this design decision. + +If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +Example: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=" + +# Eg. version v2.4.9 +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" +``` + +### Security Policy + +Please refer to [SECURITY.md](SECURITY.md) for details on how to report security issues. + +### Changelog + +Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog). + +## Charts use Helm "Capabilities" + +Our charts make use of the Helm built-in object "Capabilities": +> This provides information about what capabilities the Kubernetes cluster supports. +> *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/* + +Today we use: + +- `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster +- `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1") + +If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster. + +For this you need to pass the `--api-versions` parameter to the `helm template` command: + +```bash +helm template argocd \ + oci://ghcr.io/argoproj/argo-helm/argo-cd \ + --api-versions monitoring.coreos.com/v1 \ + --values my-argocd-values.yaml +``` + +If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options. + +Example with Kustomize: + +```yaml +# kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: +- name: argo-cd + repo: oci://ghcr.io/argoproj/argo-helm + version: x.y.z + releaseName: argocd + apiVersions: + - monitoring.coreos.com/v1 + valuesFile: my-argocd-values.yaml +``` + +Example with helmfile: + +```yaml +# helmfile.yaml +repositories: + - name: argo + url: https://argoproj.github.io/argo-helm + +apiVersions: + - monitoring.coreos.com/v1 + +releases: + - name: argocd + namespace: argocd + chart: argo/argo-cd + values: + - my-argocd-values.yaml +``` diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml new file mode 100644 index 00000000..e3a6aeed --- /dev/null +++ b/SECURITY-INSIGHTS.yml @@ -0,0 +1,38 @@ +header: + schema-version: '1.0.0' + expiration-date: '2024-11-04T10:00:00.000Z' + project-url: https://github.com/argoproj/argo-helm +project-lifecycle: + status: active + bug-fixes-only: false + core-maintainers: + - https://github.com/mkilchhofer + - https://github.com/jmeridth +contribution-policy: + accepts-pull-requests: true + accepts-automated-pull-requests: true + automated-tools-list: + - automated-tool: dependabot + action: allowed + path: + - / + contributing-policy: https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md + code-of-conduct: https://github.com/cncf/foundation/blob/master/code-of-conduct.md +distribution-points: + - https://argoproj.github.io/argo-helm + - https://artifacthub.io/packages/search?org=argoproj&repo=argo +security-contacts: + - type: website + value: https://github.com/argoproj/argo-helm/security/advisories/new + primary: true +vulnerability-reporting: + accepts-vulnerability-reports: true + email-contact: cncf-argo-maintainers@lists.cncf.io + security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md + comment: | + Our preferred contact method related to vulnerabilities is the Security tab on GitHub. + Click the button "Report a vulnerability" to open the advisory form. + Please refer to the security policy for reporting information prior to using the email contact. +dependencies: + env-dependencies-policy: + policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..a066f67f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions and Upstream Reporting + +Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy document to find out how to report the security issue. + +* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md) +* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md) +* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md) +* [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md) +* [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md) + +## Reporting a Vulnerability for Argo Helm Charts + +We have enabled the ability to privately report security issues through the Security tab above. + +[Here are the details on how to file](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) on how to do that + +A repository owner/maintainer will respond as fast as possible to coordinate confirmation of issue and remediation. + +Thank you for helping to ensure this code stays secure. diff --git a/charts/argo-cd/.helmignore b/charts/argo-cd/.helmignore index 94c89570..3a063296 100644 --- a/charts/argo-cd/.helmignore +++ b/charts/argo-cd/.helmignore @@ -1,2 +1,4 @@ /*.tgz output +ci/ +*.gotmpl diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock index 52941728..36656a14 100644 --- a/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.12.14 -digest: sha256:34275a4f4df92c570d07b0553da5d1fa200b6f057f7091746c853fd7399ee30a -generated: "2021-05-03T16:02:41.4356045-04:00" + version: 4.29.4 +digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7 +generated: "2024-11-13T09:07:36.494128+09:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 465ad6e0..5d12006a 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,21 +1,30 @@ apiVersion: v2 -appVersion: 2.0.3 -description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. +appVersion: v2.14.2 +kubeVersion: ">=1.25.0-0" +description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.6.6 +version: 7.8.3 home: https://github.com/argoproj/argo-helm -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png +icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png +sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd keywords: - argoproj - argocd - gitops maintainers: - - name: alexec - - name: alexmt - - name: jessesuen - - name: seanson + - name: argoproj + url: https://argoproj.github.io/ dependencies: - name: redis-ha - version: 4.12.14 + version: 4.29.4 repository: https://dandydeveloper.github.io/charts/ condition: redis-ha.enabled +annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + artifacthub.io/changes: | + - kind: changed + description: Bump dex version to v2.42.0 diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 1c5f8c17..25760a5f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1,22 +1,247 @@ # Argo CD Chart -A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. +A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. -Source code can be found [here](https://argoproj.github.io/argo-cd/) +Source code can be found here: -## Additional Information +* +* -This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes. +This is a **community maintained** chart. This chart installs [argo-cd](https://argo-cd.readthedocs.io/en/stable/), a declarative, GitOps continuous delivery tool for Kubernetes. -The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases). +The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases). -This chart currently installs the non-HA version of ArgoCD. +If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD. +For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.). -### Synchronizing Changes from Original Repository +## High Availability -In the original [ArgoCD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). +This chart installs the non-HA version of Argo CD by default. If you want to run Argo CD in HA mode, you can use one of the example values in the next sections. +Please also have a look into the upstream [Operator Manual regarding High Availability](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail. -When installing ArgoCD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`. +> **Warning:** +> You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes. + +### HA mode with autoscaling + +```yaml +redis-ha: + enabled: true + +controller: + replicas: 1 + +server: + autoscaling: + enabled: true + minReplicas: 2 + +repoServer: + autoscaling: + enabled: true + minReplicas: 2 + +applicationSet: + replicas: 2 +``` + +### HA mode without autoscaling + +```yaml +redis-ha: + enabled: true + +controller: + replicas: 1 + +server: + replicas: 2 + +repoServer: + replicas: 2 + +applicationSet: + replicas: 2 +``` + +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +global: + domain: argocd.example.com + +certificate: + enabled: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +global: + domain: argocd.example.com + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect: '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + +## Synchronizing Changes from Original Repository + +In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). + +When installing Argo CD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`. To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`: @@ -30,32 +255,371 @@ cd argo-cd git diff v1.8.7 v2.0.0 -- manifests/install.yaml ``` -Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/crds). +Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds). -## Upgrading +### Custom resource definitions -### 3.2.* +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 5.2.0, the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo CD chart version prior to 5.2.0 or have elected to manage the Argo CD CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=" + +# Eg. version v2.4.9 +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" +``` + +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + +Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. + +### 7.0.0 + +We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. +If you used the value, please migrate like below. + +```yaml +# before +configs: + clusterCredentials: + - mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... + +# after +configs: + clusterCredentials: + mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... +``` + +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + +### 6.9.0 +ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). + +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + +### 6.1.0 + +Added support for global domain used by all components. + +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `.args.` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Please refer to [ingress configuration](#ingress-configuration) for examples. + +### 5.53.0 + +Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() + +### 5.52.0 + +Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. +If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. + +### 5.35.0 + +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + +### 5.31.0 +The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. +This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. +In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. + +### 5.26.0 + +This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. +Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics. + +To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`. +You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also. + +### 5.24.0 + +This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +Default `global.affinity` rules can be disabled when `none` value is used for the preset. + +### 5.22.0 + +This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. + +### 5.19.0 + +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. +You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. + +### 5.13.0 + +This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter. + +### 5.12.0 + +If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead. +For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`. +For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys. + +### 5.10.0 + +This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly. +The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project. + +### 5.7.0 + +This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively. +Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`. +If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes. + +### 5.5.20 + +This version moved API version templates into dedicated helper. If you are using these in your umbrella +chart please migrate your templates to pattern `argo-cd.apiVersion.`. + +### 5.5.0 + +This version introduces new `configs.params` section that replaces command line arguments for containers. +Please refer to documentation in values.yaml for migrating the configuration. + +### 5.2.0 + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs, please use following command: + +```bash +YOUR_ARGOCD_NAMESPACE="" # e.g. argo-cd +YOUR_ARGOCD_RELEASENAME="" # e.g. argo-cd + +for crd in "applications.argoproj.io" "applicationsets.argoproj.io" "argocdextensions.argoproj.io" "appprojects.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace="$YOUR_ARGOCD_NAMESPACE" + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name="$YOUR_ARGOCD_RELEASENAME" +done +``` + +### 5.0.0 + +This version **removes support for**: + +- deprecated repository credentials (parameter `configs.repositoryCredentials`) +- option to run application controller as a Deployment +- the parameters `server.additionalApplications` and `server.additionalProjects` + +Please carefully read the following section if you are using these parameters! + +In order to upgrade Applications and Projects safely against CRDs' upgrade, `server.additionalApplications` and `server.additionalProjects` are moved to [argocd-apps](../argocd-apps). + +If you are using `server.additionalApplications` or `server.additionalProjects`, you can adopt to [argocd-apps](../argocd-apps) as below: + +1. Add [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) to avoid resources being removed by upgrading Helm chart + +You can keep your existing CRDs by adding `"helm.sh/resource-policy": keep` on `additionalAnnotations`, under `server.additionalApplications` and `server.additionalProjects` blocks, and running `helm upgrade`. + +e.g: + +```yaml +server: + additionalApplications: + - name: guestbook + namespace: argocd + additionalLabels: {} + additionalAnnotations: + "helm.sh/resource-policy": keep # <-- add this + finalizers: + - resources-finalizer.argocd.argoproj.io + project: guestbook + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: guestbook + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ +``` + +You can also keep your existing CRDs by running the following scripts. + +```bash +# keep Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy=keep +done + +# keep Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy=keep +done +``` + +2. Upgrade argo-cd Helm chart to v5.0.0 + +3. Remove keep [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) + +```bash +# delete annotations from Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy- +done + +# delete annotations from Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy- +done +``` + +4. Adopt existing resources to [argocd-apps](../argocd-apps) + +### 4.9.0 + +This version starts to use upstream image with applicationset binary. Start command was changed from `applicationset-controller` to `argocd-applicationset-controller` + +### 4.3.* + +With this minor version, the notification notifier's `service.slack` is no longer configured by default. + +### 4.0.0 and above + +This helm chart version deploys Argo CD v2.3. The Argo CD Notifications and ApplicationSet are part of Argo CD now. You no longer need to install them separately. The Notifications and ApplicationSet components **are bundled into default** Argo CD installation. +Please read the [v2.2 to 2.3 upgrade instructions] in the upstream repository. + +### 3.13.0 + +This release removes the flag `--staticassets` from argocd server as it has been dropped upstream. If this flag needs to be enabled e.g for older releases of Argo CD, it can be passed via the `server.extraArgs` field + +### 3.10.2 + +Argo CD has recently deprecated the flag `--staticassets` and from chart version `3.10.2` has been disabled by default +It can be re-enabled by setting `server.staticAssets.enabled` to true + +### 3.8.1 + +This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization: + +```yaml +# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name) +repoServer: + serviceAccount: + create: true + +# Case 2) +controller: + serviceAccount: + name: "" # or + +# Case 3) +dex: + serviceAccount: + name: "" # or + +# Case 4) +server: + serviceAccount: + name: "" # or +``` + +Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE) + +### 3.2.* With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637). -[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an ArgoCD instance**, +[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an Argo CD instance**, especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`). If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like: ```yaml kubeVersionOverride: "1.18.0" -``` +``` Then you should no longer encounter this issue. - ### 3.0.0 and above Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3. ### 2.14.7 and above -The `matchLabels` key in the ArgoCD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. +The `matchLabels` key in the Argo CD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. ### 2.10.x to 2.11.0 @@ -66,6 +630,7 @@ The application controller is now available as a `StatefulSet` when the `control `controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings instead of a map What was + ```yaml server: extraArgs: @@ -82,7 +647,10 @@ server: ## Prerequisites -- Kubernetes 1.7+ +- Kubernetes: `>=1.25.0-0` + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. +- Helm v3.0.0+ ## Installing the Chart @@ -92,312 +660,1057 @@ To install the chart with the release name `my-release`: $ helm repo add argo https://argoproj.github.io/argo-helm "argo" has been added to your repositories -$ helm install --name my-release argo/argo-cd +$ helm install my-release argo/argo-cd NAME: my-release ... ``` -### Helm v3 Compatibility +## General parameters -Requires chart version 1.5.2 or newer. +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| apiVersionOverrides | object | `{}` | | +| crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | +| crds.annotations | object | `{}` | Annotations to be added to all CRDs | +| crds.install | bool | `true` | Install and upgrade CRDs | +| crds.keep | bool | `true` | Keep CRDs on chart uninstall | +| createAggregateRoles | bool | `false` | Create aggregated roles that extend existing cluster roles to interact with argo-cd resources | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | +| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | +| fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | +| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | +| nameOverride | string | `"argocd"` | Provide a name in place of `argocd` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | +| openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server | -Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks. +## Global Configs -## Chart Values +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. | +| global.additionalLabels | object | `{}` | Common labels for the all resources | +| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | +| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | +| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | +| global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | +| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | +| global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | +| global.domain | string | `"argocd.example.com"` | Default domain used by all components | +| global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | +| global.dualStack.ipFamilyPolicy | string | `""` | IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) | +| global.env | list | `[]` | Environment variables to pass to all deployed Deployments | +| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | +| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | +| global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all Argo CD deployments | +| global.image.tag | string | `""` | Overrides the global Argo CD image tag whose default is the chart appVersion | +| global.imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | +| global.logging.format | string | `"text"` | Set the global logging format. Either: `text` or `json` | +| global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` | +| global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | +| global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | +| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components | +| global.podAnnotations | object | `{}` | Annotations for the all deployed pods | +| global.podLabels | object | `{}` | Labels for the all deployed pods | +| global.priorityClassName | string | `""` | Default priority class for all components | +| global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| global.runtimeClassName | string | `""` | Runtime class name for all components | +| global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | +| global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | +| global.tolerations | list | `[]` | Default tolerations for all components | +| global.topologySpreadConstraints | list | `[]` | Default [TopologySpreadConstraints] rules for all components | -| Parameter | Description | Default | -|-----|------|---------| -| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | -| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | -| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.8.4"` | -| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | -| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | -| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | -| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` | -| nameOverride | Provide a name in place of `argocd` | `"argocd"` | -| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | -| installCRDs | Install CRDs if you are using Helm2. | `true` | -| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | -| configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | -| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | -| configs.secret.annotations | Annotations for argocd-secret | `{}` | -| configs.secret.argocdServerAdminPassword | Bcrypt hashed admin password | `null` | -| configs.secret.argocdServerAdminPasswordMtime | Admin password modification time | `date "2006-01-02T15:04:05Z" now` if configs.secret.argocdServerAdminPassword is set | -| configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` | -| configs.secret.createSecret | Create the argocd-secret. | `true` | -| configs.secret.githubSecret | GitHub incoming webhook secret | `""` | -| configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` | -| configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` | -| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | -| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | -| configs.styles | Define custom CSS styles for your argo instance ([Read More](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/)). This Settings will automatically mount the provided css and reference it in the argo configuration. | `""` (See [values.yaml](values.yaml)) | -| openshift.enabled | enables using arbitrary uid for argo repo server | `false` | +## Argo CD Configs -## ArgoCD Controller +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | +| configs.cm."admin.enabled" | bool | `true` | Enable local admin user | +| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) | +| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | +| configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | +| configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | +| configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | +| configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository | +| configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap | +| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] | +| configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap | +| configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap | +| configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm | +| configs.credentialTemplates | object | `{}` | Repository credentials to be used as Templates for other repos | +| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | +| configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | +| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | +| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | +| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) | +| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | +| configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | +| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | +| configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | +| configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | +| configs.params."controller.status.processors" | int | `20` | Number of application status processors | +| configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") | +| configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | +| configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | +| configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | +| configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | +| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) | +| configs.params."server.insecure" | bool | `false` | Run server without TLS | +| configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | +| configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | +| configs.params."server.x.frame.options" | string | `"sameorigin"` | Set X-Frame-Options header in HTTP responses to value. To disable, set to "". | +| configs.params.annotations | object | `{}` | Annotations to be added to the argocd-cmd-params-cm ConfigMap | +| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | +| configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | +| configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | +| configs.rbac."policy.matchMode" | string | `"glob"` | Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. | +| configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | +| configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. | +| configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. | +| configs.repositories | object | `{}` | Repositories list to be used by applications | +| configs.repositoriesAnnotations | object | `{}` | Annotations to be added to `configs.repositories` Secret | +| configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret | +| configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password | +| configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` | +| configs.secret.azureDevops.password | string | `""` | Shared secret password for authenticating Azure DevOps webhook events | +| configs.secret.azureDevops.username | string | `""` | Shared secret username for authenticating Azure DevOps webhook events | +| configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events | +| configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events | +| configs.secret.createSecret | bool | `true` | Create the argocd-secret | +| configs.secret.extra | object | `{}` | add additional secrets to be added to argocd-secret | +| configs.secret.githubSecret | string | `""` | Shared secret for authenticating GitHub webhook events | +| configs.secret.gitlabSecret | string | `""` | Shared secret for authenticating GitLab webhook events | +| configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | +| configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | +| configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap | +| configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. | +| configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories | +| configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. | +| configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | +| configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap | +| configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories | +| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. | -| Parameter | Description | Default | -|-----|---------|-------------| -| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` | -| controller.args.appResyncPeriod | define the controller `--app-resync` | `"180"` | -| controller.args.selfHealTimeout | define the controller `--self-heal-timeout-seconds` | `"5"` | -| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` | -| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | -| controller.containerPort | Controller listening port. | `8082` | -| controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` | -| controller.enableStatefulSet | Enable deploying the controller as a StatefulSet instead of a Deployment. Used for HA installations. | `false` | -| controller.env | Environment variables for the controller. | `[]` | -| controller.envFrom | `envFrom` to pass to the controller. | `[]` (See [values.yaml](values.yaml)) | -| controller.image.repository | Repository to use for the controller | `global.image.repository` | -| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | -| controller.image.tag | Tag to use for the controller | `global.image.tag` | -| controller.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| controller.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.logLevel | Controller log level | `"info"` | -| controller.metrics.enabled | Deploy metrics service | `false` | -| controller.metrics.service.annotations | Metrics service annotations | `{}` | -| controller.metrics.service.labels | Metrics service labels | `{}` | -| controller.metrics.service.servicePort | Metrics service port | `8082` | -| controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| controller.name | Controller name string. | `"application-controller"` | -| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| controller.podAnnotations | Annotations for the controller pods | `{}` | -| controller.podLabels | Labels for the controller pods | `{}` | -| controller.priorityClassName | Priority class for the controller pods | `""` | -| controller.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| controller.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.replicas | The number of controller pods to run | `1` |\ -| controller.resources | Resource limits and requests for the controller pods. | `{}` | -| controller.service.annotations | Controller service annotations. | `{}` | -| controller.service.labels | Controller service labels. | `{}` | -| controller.service.port | Controller service port. | `8082` | -| controller.serviceAccount.annotations | Controller service account annotations | `{}` | -| controller.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` | -| controller.serviceAccount.create | Create a service account for the controller | `true` | -| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` | -| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| controller.volumeMounts | Controller volume mounts | `[]` | -| controller.volumes | Controller volumes | `[]` | +## Argo CD Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| controller.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | +| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | +| controller.containerPorts.metrics | int | `8082` | Metrics container port | +| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment | +| controller.dnsConfig | object | `{}` | [DNS configuration] | +| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | +| controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution | +| controller.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for application controller | +| controller.env | list | `[]` | Environment variables to pass to application controller | +| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | +| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | +| controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | +| controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution | +| controller.hostNetwork | bool | `false` | Host Network for application controller pods | +| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | +| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | +| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller | +| controller.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| controller.initContainers | list | `[]` | Init containers to add to the application controller pod | +| controller.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric | +| controller.metrics.applicationLabels.labels | list | `[]` | Additional labels | +| controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels | +| controller.metrics.rules.annotations | object | `{}` | PrometheusRule annotations | +| controller.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the application controller | +| controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace | +| controller.metrics.rules.selector | object | `{}` | PrometheusRule selector | +| controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | +| controller.metrics.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | +| controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| controller.metrics.service.labels | object | `{}` | Metrics service labels | +| controller.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| controller.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| controller.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| controller.name | string | `"application-controller"` | Application controller name string | +| controller.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb | +| controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller | +| controller.pdb.labels | object | `{}` | Labels to be added to application controller pdb | +| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| controller.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | +| controller.podLabels | object | `{}` | Labels to be added to application controller pods | +| controller.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the application controller pods | +| controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | +| controller.resources | object | `{}` | Resource limits and requests for the application controller pods | +| controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | +| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller | +| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | +| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name | +| controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container | +| controller.volumes | list | `[]` | Additional volumes to the application controller pod | ## Argo Repo Server -| Property | Description | Default | -|-----|---------|-------------| -| repoServer.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| repoServer.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the repo server | `false` | -| repoServer.autoscaling.minReplicas | Minimum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | -| repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | -| repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| repoServer.containerPort | Repo server port | `8081` | -| repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` | -| repoServer.env | Environment variables for the repo server. | `[]` | -| repoServer.envFrom | `envFrom` to pass to the repo server. | `[]` (See [values.yaml](values.yaml)) | -| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | -| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | -| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | -| repoServer.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| repoServer.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.logLevel | Log level | `"info"` | -| repoServer.metrics.enabled | Deploy metrics service | `false` | -| repoServer.metrics.service.annotations | Metrics service annotations | `{}` | -| repoServer.metrics.service.labels | Metrics service labels | `{}` | -| repoServer.metrics.service.servicePort | Metrics service port | `8082` | -| repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| repoServer.name | Repo server name | `"repo-server"` | -| repoServer.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| repoServer.podAnnotations | Annotations for the repo server pods | `{}` | -| repoServer.podLabels | Labels for the repo server pods | `{}` | -| repoServer.priorityClassName | Priority class for the repo server | `""` | -| repoServer.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| repoServer.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.replicas | The number of repo server pods to run | `1` | -| repoServer.resources | Resource limits and requests for the repo server pods. | `{}` | -| repoServer.service.annotations | Repo server service annotations. | `{}` | -| repoServer.service.automountServiceAccountToken | Automount API credentials for the Service Account | `true` | -| repoServer.service.labels | Repo server service labels. | `{}` | -| repoServer.service.port | Repo server service port. | `8081` | -| repoServer.serviceAccount.annotations | Repo server service account annotations | `{}` | -| repoServer.serviceAccount.create | Create repo server service account | `false` | -| repoServer.serviceAccount.name | Repo server service account name | `"argocd-repo-server"` | -| repoServer.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| repoServer.volumeMounts | Repo server volume mounts | `[]` | -| repoServer.volumes | Repo server volumes | `[]` | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| repoServer.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | +| repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | +| repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | +| repoServer.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD repo server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | +| repoServer.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the repo server [HPA] | +| repoServer.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the repo server [HPA] | +| repoServer.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the repo server [HPA] | +| repoServer.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-repo-server-tls secret | +| repoServer.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | +| repoServer.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc) | +| repoServer.certificateSecret.enabled | bool | `false` | Create argocd-repo-server-tls secret | +| repoServer.certificateSecret.key | string | `""` | Certificate private key | +| repoServer.certificateSecret.labels | object | `{}` | Labels to be added to argocd-repo-server-tls secret | +| repoServer.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the Repo server's Cluster Role resource | +| repoServer.clusterRoleRules.rules | list | `[]` | List of custom rules for the Repo server's Cluster Role resource | +| repoServer.containerPorts.metrics | int | `8084` | Metrics container port | +| repoServer.containerPorts.server | int | `8081` | Repo server container port | +| repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | +| repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | +| repoServer.dnsConfig | object | `{}` | [DNS configuration] | +| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | +| repoServer.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for repo server | +| repoServer.env | list | `[]` | Environment variables to pass to repo server | +| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | +| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes | +| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | +| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | +| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods | +| repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server | +| repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server | +| repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | +| repoServer.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| repoServer.initContainers | list | `[]` | Init containers to add to the repo server pods | +| repoServer.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-repo-server container | +| repoServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| repoServer.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| repoServer.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| repoServer.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| repoServer.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| repoServer.metrics.enabled | bool | `false` | Deploy metrics service | +| repoServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| repoServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| repoServer.metrics.service.labels | object | `{}` | Metrics service labels | +| repoServer.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| repoServer.metrics.service.servicePort | int | `8084` | Metrics service port | +| repoServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| repoServer.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| repoServer.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| repoServer.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | +| repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| repoServer.name | string | `"repo-server"` | Repo server name | +| repoServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb | +| repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server | +| repoServer.pdb.labels | object | `{}` | Labels to be added to repo server pdb | +| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| repoServer.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| repoServer.podAnnotations | object | `{}` | Annotations to be added to repo server pods | +| repoServer.podLabels | object | `{}` | Labels to be added to repo server pods | +| repoServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the repo server pods | +| repoServer.rbac | list | `[]` | Repo server rbac rules | +| repoServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| repoServer.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| repoServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| repoServer.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| repoServer.replicas | int | `1` | The number of repo server pods to run | +| repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server | +| repoServer.service.annotations | object | `{}` | Repo server service annotations | +| repoServer.service.labels | object | `{}` | Repo server service labels | +| repoServer.service.port | int | `8081` | Repo server service port | +| repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name | +| repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| repoServer.serviceAccount.create | bool | `true` | Create repo server service account | +| repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| repoServer.serviceAccount.name | string | `""` | Repo server service account name | +| repoServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server | +| repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory | +| repoServer.volumeMounts | list | `[]` | Additional volumeMounts to the repo server main container | +| repoServer.volumes | list | `[]` | Additional volumes to the repo server pod | ## Argo Server -| Parameter | Description | Default | -|-----|---------|-------------| -| server.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| server.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the server | `false` | -| server.autoscaling.minReplicas | Minimum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | -| server.autoscaling.maxReplicas | Maximum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | -| server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| server.GKEbackendConfig.enabled | Enable BackendConfig custom resource for Google Kubernetes Engine. | `false` | -| server.GKEbackendConfig.spec | [BackendConfigSpec](https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom) | `{}` | -| server.certificate.additionalHosts | Certificate manager additional hosts | `[]` | -| server.certificate.domain | Certificate manager domain | `"argocd.example.com"` | -| server.certificate.enabled | Enables a certificate manager certificate. | `false` | -| server.certificate.issuer | Certificate manager issuer | `{}` | -| server.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | -| server.configAnnotations | ArgoCD configuration configmap annotations | `{}` | -| server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) | -| server.containerPort | Server container port. | `8080` | -| server.extraArgs | Additional arguments for the server. A list of flags. | `[]` | -| server.env | Environment variables for the server. | `[]` | -| server.envFrom | `envFrom` to pass to the server. | `[]` (See [values.yaml](values.yaml)) | -| server.image.repository | Repository to use for the server | `global.image.repository` | -| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | -| server.image.tag | Tag to use for the server | `global.image.tag` | -| server.ingress.annotations | Additional ingress annotations | `{}` | -| server.ingress.enabled | Enable an ingress resource for the server | `false` | -| server.ingress.hosts | List of ingress hosts | `[]` | -| server.ingress.labels | Additional ingress labels. | `{}` | -| server.ingress.ingressClassName | Defines which ingress controller will implement the resource | `""` | -| server.ingress.tls | Ingress TLS configuration. | `[]` | -| server.ingress.https | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | `false` | -| server.ingressGrpc.annotations | Additional ingress annotations for dedicated [gRPC-ingress] | `{}` | -| server.ingressGrpc.enabled | Enable an ingress resource for the server for dedicated [gRPC-ingress] | `false` | -| server.ingressGrpc.hosts | List of ingress hosts for dedicated [gRPC-ingress] | `[]` | -| server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` | -| server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` | -| server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` | -| server.route.enabled | Enable a OpenShift route for the server | `false` | -| server.route.hostname | Hostname of OpenShift route | `""` | -| server.lifecycle | PostStart and PreStop hooks configuration | `{}` | -| server.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| server.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.logLevel | Log level | `"info"` | -| server.metrics.enabled | Deploy metrics service | `false` | -| server.metrics.service.annotations | Metrics service annotations | `{}` | -| server.metrics.service.labels | Metrics service labels | `{}` | -| server.metrics.service.servicePort | Metrics service port | `8082` | -| server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| server.name | Argo CD server name | `"server"` | -| server.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| server.podAnnotations | Annotations for the server pods | `{}` | -| server.podLabels | Labels for the server pods | `{}` | -| server.priorityClassName | Priority class for the server | `""` | -| server.rbacConfigAnnotations | RBAC configmap annotations | `{}` | -| server.rbacConfig | [Argo CD RBAC policy](https://argoproj.github.io/argo-cd/operator-manual/rbac/) | `{}` | -| server.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| server.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.replicas | The number of server pods to run | `1` | -| server.resources | Resource limits and requests for the server | `{}` | -| server.service.annotations | Server service annotations | `{}` | -| server.service.labels | Server service labels | `{}` | -| server.service.servicePortHttp | Server service http port | `80` | -| server.service.servicePortHttps | Server service https port | `443` | -| server.service.servicePortHttpName | Server service http port name, can be used to route traffic via istio | `http` | -| server.service.servicePortHttpsName | Server service https port name, can be used to route traffic via istio | `https` | -| server.service.nodePortHttp | Server service http port for NodePort service type| `30080` | -| server.service.servicePortHttps | Server service http port for NodePort service type | `30443` | -| server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` | -| server.service.externalIPs | Server service external IPs. | `[]` | -| server.service.type | Server service type | `"ClusterIP"` | -| server.serviceAccount.annotations | Server service account annotations | `{}` | -| server.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` | -| server.serviceAccount.create | Create server service account | `true` | -| server.serviceAccount.name | Server service account name | `"argocd-server"` | -| server.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| server.volumeMounts | Server volume mounts | `[]` | -| server.volumes | Server volumes | `[]` | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| server.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | +| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | +| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | +| server.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | +| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo CD server [HPA] | +| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] | +| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | +| server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | +| server.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | +| server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | +| server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| server.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| server.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | +| server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | +| server.certificate.usages | list | `[]` | Usages for the certificate | +| server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | +| server.certificateSecret.crt | string | `""` | Certificate data | +| server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | +| server.certificateSecret.key | string | `""` | Private Key of the certificate | +| server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret | +| server.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the server's ClusterRole resource | +| server.clusterRoleRules.rules | list | `[]` | List of custom rules for the server's ClusterRole resource | +| server.containerPorts.metrics | int | `8083` | Metrics container port | +| server.containerPorts.server | int | `8080` | Server container port | +| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | +| server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | +| server.dnsConfig | object | `{}` | [DNS configuration] | +| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | +| server.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for the Argo CD server | +| server.env | list | `[]` | Environment variables to pass to Argo CD server | +| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | +| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | +| server.extensions.enabled | bool | `false` | Enable support for Argo CD extensions | +| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | +| server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | +| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image | +| server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | +| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | +| server.extraContainers | list | `[]` | Additional containers to be added to the server pod | +| server.hostNetwork | bool | `false` | Host Network for Server pods | +| server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server | +| server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server | +| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | +| server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| server.ingress.annotations | object | `{}` | Additional ingress annotations | +| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | +| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` | +| server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | +| server.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| server.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration | +| server.ingress.gke.backendConfig | object | `{}` (See [values.yaml]) | Google [BackendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer | +| server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource | +| server.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname | +| server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | +| server.ingress.labels | object | `{}` | Additional ingress labels | +| server.ingress.path | string | `"/"` | The path to Argo CD server | +| server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| server.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingress.hostname` | +| server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] | +| server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] | +| server.ingressGrpc.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] | +| server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.hostname | string | `""` (defaults to grpc.`server.ingress.hostname`) | Argo CD server hostname for dedicated [gRPC-ingress] | +| server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] | +| server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] | +| server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] | +| server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| server.ingressGrpc.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` | +| server.initContainers | list | `[]` | Init containers to add to the server pod | +| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-cd-server container | +| server.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| server.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| server.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| server.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| server.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| server.metrics.enabled | bool | `false` | Deploy metrics service | +| server.metrics.service.annotations | object | `{}` | Metrics service annotations | +| server.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| server.metrics.service.labels | object | `{}` | Metrics service labels | +| server.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| server.metrics.service.servicePort | int | `8083` | Metrics service port | +| server.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| server.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| server.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| server.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | +| server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| server.name | string | `"server"` | Argo CD server name | +| server.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb | +| server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server | +| server.pdb.labels | object | `{}` | Labels to be added to Argo CD server pdb | +| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| server.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| server.podAnnotations | object | `{}` | Annotations to be added to server pods | +| server.podLabels | object | `{}` | Labels to be added to server pods | +| server.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the Argo CD server pods | +| server.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| server.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| server.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| server.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| server.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| server.replicas | int | `1` | The number of server pods to run | +| server.resources | object | `{}` | Resource limits and requests for the Argo CD server | +| server.route.annotations | object | `{}` | Openshift Route annotations | +| server.route.enabled | bool | `false` | Enable an OpenShift Route for the Argo CD server | +| server.route.hostname | string | `""` | Hostname of OpenShift Route | +| server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route | +| server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | +| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server | +| server.service.annotations | object | `{}` | Server service annotations | +| server.service.externalIPs | list | `[]` | Server service external IPs | +| server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | +| server.service.labels | object | `{}` | Server service labels | +| server.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | +| server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | +| server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | +| server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") | +| server.service.nodePortHttps | int | `30443` | Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") | +| server.service.servicePortHttp | int | `80` | Server service http port | +| server.service.servicePortHttpName | string | `"http"` | Server service http port name, can be used to route traffic via istio | +| server.service.servicePortHttps | int | `443` | Server service https port | +| server.service.servicePortHttpsAppProtocol | string | `""` | Server service https port appProtocol | +| server.service.servicePortHttpsName | string | `"https"` | Server service https port name, can be used to route traffic via istio | +| server.service.sessionAffinity | string | `"None"` | Used to maintain session affinity. Supports `ClientIP` and `None` | +| server.service.type | string | `"ClusterIP"` | Server service type | +| server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| server.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| server.serviceAccount.create | bool | `true` | Create server service account | +| server.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| server.serviceAccount.name | string | `"argocd-server"` | Server service account name | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | +| server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | +| server.volumes | list | `[]` | Additional volumes to the server pod | ## Dex -| Property | Description | Default | -|-----|---------|-------------| -| dex.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| dex.containerPortGrpc | GRPC container port | `5557` | -| dex.containerPortHttp | HTTP container port | `5556` | -| dex.enabled | Enable dex | `true` | -| dex.image.imagePullPolicy | Dex imagePullPolicy | `"IfNotPresent"` | -| dex.image.repository | Dex image repository | `"quay.io/dexidp/dex"` | -| dex.image.tag | Dex image tag | `"v2.14.0"` | -| dex.initImage.repository | Argo CD init image repository. | `global.image.repository` | -| dex.initImage.imagePullPolicy | Argo CD init image imagePullPolicy | `global.image.imagePullPolicy` | -| dex.initImage.tag | Argo CD init image tag | `global.image.tag` | -| dex.metrics.enabled | Deploy metrics service | `false` | -| dex.metrics.service.annotations | Metrics service annotations | `{}` | -| dex.metrics.service.labels | Metrics service labels | `{}` | -| dex.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| dex.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| dex.name | Dex name | `"dex-server"` | -| dex.env | Environment variables for the Dex server. | `[]` | -| dex.envFrom | `envFrom` to pass to the Dex server. | `[]` (See [values.yaml](values.yaml)) | -| dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| dex.podAnnotations | Annotations for the Dex server pods | `{}` | -| dex.podLabels | Labels for the Dex server pods | `{}` | -| dex.priorityClassName | Priority class for dex | `""` | -| dex.resources | Resource limits and requests for dex | `{}` | -| dex.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` | -| dex.serviceAccount.create | Create dex service account | `true` | -| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` | -| dex.servicePortGrpc | Server GRPC port | `5557` | -| dex.servicePortHttp | Server HTTP port | `5556` | -| dex.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| dex.volumeMounts | Dex volume mounts | `"/shared"` | -| dex.volumes | Dex volumes | `{}` | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| dex.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret | +| dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | +| dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) | +| dex.certificateSecret.enabled | bool | `false` | Create argocd-dex-server-tls secret | +| dex.certificateSecret.key | string | `""` | Certificate private key | +| dex.certificateSecret.labels | object | `{}` | Labels to be added to argocd-dex-server-tls secret | +| dex.containerPorts.grpc | int | `5557` | gRPC container port | +| dex.containerPorts.http | int | `5556` | HTTP container port | +| dex.containerPorts.metrics | int | `5558` | Metrics container port | +| dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context | +| dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment | +| dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | +| dex.dnsConfig | object | `{}` | [DNS configuration] | +| dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | +| dex.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for Dex server | +| dex.enabled | bool | `true` | Enable dex | +| dex.env | list | `[]` | Environment variables to pass to the Dex server | +| dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server | +| dex.extraArgs | list | `[]` | Additional command line arguments to pass to the Dex server | +| dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | +| dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | +| dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | +| dex.image.tag | string | `"v2.42.0"` | Dex image tag | +| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| dex.initContainers | list | `[]` | Init containers to add to the dex pod | +| dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | +| dex.initImage.repository | string | `""` (defaults to global.image.repository) | Argo CD init image repository | +| dex.initImage.resources | object | `{}` (defaults to dex.resources) | Argo CD init image resources | +| dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag | +| dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 | +| dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe | +| dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe | +| dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | +| dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| dex.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| dex.logFormat | string | `""` (defaults to global.logging.format) | Dex log format. Either `text` or `json` | +| dex.logLevel | string | `""` (defaults to global.logging.level) | Dex log level. One of: `debug`, `info`, `warn`, `error` | +| dex.metrics.enabled | bool | `false` | Deploy metrics service | +| dex.metrics.service.annotations | object | `{}` | Metrics service annotations | +| dex.metrics.service.labels | object | `{}` | Metrics service labels | +| dex.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| dex.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| dex.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| dex.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| dex.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| dex.name | string | `"dex-server"` | Dex name | +| dex.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| dex.pdb.annotations | object | `{}` | Annotations to be added to Dex server pdb | +| dex.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Dex server | +| dex.pdb.labels | object | `{}` | Labels to be added to Dex server pdb | +| dex.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| dex.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| dex.podAnnotations | object | `{}` | Annotations to be added to the Dex server pods | +| dex.podLabels | object | `{}` | Labels to be added to the Dex server pods | +| dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods | +| dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 | +| dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe | +| dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe | +| dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | +| dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex | +| dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| dex.serviceAccount.create | bool | `true` | Create dex service account | +| dex.serviceAccount.name | string | `"argocd-dex-server"` | Dex service account name | +| dex.servicePortGrpc | int | `5557` | Service port for gRPC access | +| dex.servicePortGrpcName | string | `"grpc"` | Service port name for gRPC access | +| dex.servicePortHttp | int | `5556` | Service port for HTTP access | +| dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access | +| dex.servicePortMetrics | int | `5558` | Service port for metrics access | +| dex.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex | +| dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | +| dex.volumes | list | `[]` | Additional volumes to the dex pod | ## Redis -When Redis is completely disabled from the chart (`redis.enabled=false`) and -an external Redis instance wants to be used or -when Redis HA subcart is enabled (`redis.enabled=true and redis-ha.enabled=true`) -but HA proxy is disabled `redis-ha.haproxy.enabled=false` Redis flags need to be specified -through `xxx.extraArgs` +### Option 1 - Single Redis instance (default option) -| Parameter | Description | Default | -|-----|---------|-------------| -| redis.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| redis.containerPort | Redis container port | `6379` | -| redis.enabled | Enable redis | `true` | -| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` | -| redis.image.repository | Redis repository | `"redis"` | -| redis.image.tag | Redis tag | `"6.2.1-alpine"` | -| redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` | -| redis.name | Redis name | `"redis"` | -| redis.env | Environment variables for the Redis server. | `[]` | -| redis.envFrom | `envFrom` to pass to the Redis server. | `[]` (See [values.yaml](values.yaml)) | -| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| redis.podAnnotations | Annotations for the Redis server pods | `{}` | -| redis.podLabels | Labels for the Redis server pods | `{}` | -| redis.priorityClassName | Priority class for redis | `""` | -| redis.resources | Resource limits and requests for redis | `{}` | -| redis.securityContext | Redis Pod Security Context | See [values.yaml](values.yaml) | -| redis.servicePort | Redis service port | `6379` | -| redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| redis-ha | Configures [Redis HA subchart](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha) The properties below have been changed from the subchart defaults | | -| redis-ha.enabled | Enables the Redis HA subchart and disables the custom Redis single node deployment| `false` | -| redis-ha.exporter.enabled | If `true`, the prometheus exporter sidecar is enabled | `true` | -| redis-ha.persistentVolume.enabled | Configures persistency on Redis nodes | `false` -| redis-ha.redis.masterGroupName | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `argocd` -| redis-ha.redis.config | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | `` | -| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` | -| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` | -| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` | -| redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| redis.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| redis.containerPorts.metrics | int | `9121` | Metrics container port | +| redis.containerPorts.redis | int | `6379` | Redis container port | +| redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | +| redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment | +| redis.dnsConfig | object | `{}` | [DNS configuration] | +| redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods | +| redis.enabled | bool | `true` | Enable redis | +| redis.env | list | `[]` | Environment variables to pass to the Redis server | +| redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server | +| redis.exporter.containerSecurityContext | object | See [values.yaml] | Redis exporter security context | +| redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | +| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | +| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.67.0"` | Tag to use for the redis-exporter | +| redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | +| redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.exporter.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter (optional) | +| redis.exporter.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | +| redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | +| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | +| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | +| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| redis.image.tag | string | `"7.4.2-alpine"` | Redis tag | +| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| redis.initContainers | list | `[]` | Init containers to add to the redis pod | +| redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.metrics.enabled | bool | `false` | Deploy metrics service | +| redis.metrics.service.annotations | object | `{}` | Metrics service annotations | +| redis.metrics.service.clusterIP | string | `"None"` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| redis.metrics.service.labels | object | `{}` | Metrics service labels | +| redis.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| redis.metrics.service.servicePort | int | `9121` | Metrics service port | +| redis.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped | +| redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| redis.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| redis.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| redis.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| redis.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| redis.name | string | `"redis"` | Redis name | +| redis.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| redis.pdb.annotations | object | `{}` | Annotations to be added to Redis pdb | +| redis.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Redis | +| redis.pdb.labels | object | `{}` | Labels to be added to Redis pdb | +| redis.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| redis.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| redis.podAnnotations | object | `{}` | Annotations to be added to the Redis server pods | +| redis.podLabels | object | `{}` | Labels to be added to the Redis server pods | +| redis.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for redis pods | +| redis.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.resources | object | `{}` | Resource limits and requests for redis | +| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis | +| redis.securityContext | object | See [values.yaml] | Redis pod-level security context | +| redis.service.annotations | object | `{}` | Redis service annotations | +| redis.service.labels | object | `{}` | Additional redis service labels | +| redis.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| redis.serviceAccount.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account | +| redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod | +| redis.serviceAccount.name | string | `""` | Service account name for redis pod | +| redis.servicePort | int | `6379` | Redis service port | +| redis.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis | +| redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container | +| redis.volumes | list | `[]` | Additional volumes to the redis pod | -[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/ +### Option 2 - Redis HA + +This option uses the following third-party chart to bootstrap a clustered Redis: https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha. +For all available configuration options, please read upstream README and/or chart source. +The main options are listed here: + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | +| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH | +| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | +| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | +| redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | +| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | +| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | +| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | +| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | +| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | +| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | +| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | +| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | +| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| redis-ha.image.tag | string | `"7.4.2-alpine"` | Redis tag | +| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | +| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | +| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | +| redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | +| redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | +| redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | +| redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | +| redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | +| redis-ha.topologySpreadConstraints.whenUnsatisfiable | string | `""` (defaults to `ScheduleAnyway`) | Enforcement policy, hard or soft | +| redis-ha.exporter.image | string | `nil` (follows subchart default) | Exporter image | +| redis-ha.exporter.tag | string | `nil` (follows subchart default) | Exporter tag | +| redis-ha.haproxy.image.repository | string | `nil` (follows subchart default) | HAProxy Image Repository | +| redis-ha.haproxy.image.tag | string | `nil` (follows subchart default) | HAProxy Image Tag | +| redis-ha.image.repository | string | `nil` (follows subchart default) | Redis image repository | + +### Option 3 - External Redis + +If you want to use an existing Redis (eg. a managed service from a cloud provider), you can use these parameters: + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored | +| externalRedis.host | string | `""` | External Redis server host | +| externalRedis.password | string | `""` | External Redis password | +| externalRedis.port | int | `6379` | External Redis server port | +| externalRedis.secretAnnotations | object | `{}` | External Redis Secret annotations | +| externalRedis.username | string | `""` | External Redis username | + +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | +| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | +| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | +| redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job | +| redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job | +| redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name | +| redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job | +| redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | +| redisSecretInit.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for Redis secret-init Job | +| redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | +| redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context | +| redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod | +| redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod | +| redisSecretInit.tolerations | list | `[]` (defaults to global.tolerations) | Tolerations to be added to the Redis secret-init Job | + +## ApplicationSet + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature | +| applicationSet.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | +| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | +| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | +| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| applicationSet.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| applicationSet.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| applicationSet.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| applicationSet.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | +| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | +| applicationSet.containerPorts.probe | int | `8081` | Probe container port | +| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | +| applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | +| applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment | +| applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | +| applicationSet.dnsConfig | object | `{}` | [DNS configuration] | +| applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | +| applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller | +| applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | +| applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | +| applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller | +| applicationSet.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the ApplicationSet controller | +| applicationSet.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| applicationSet.extraVolumes | list | `[]` | List of extra volumes to add | +| applicationSet.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the ApplicationSet controller | +| applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller | +| applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller | +| applicationSet.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | If defined, uses a Secret to pull an image from a private Docker registry or repository. | +| applicationSet.ingress.annotations | object | `{}` | Additional ingress annotations | +| applicationSet.ingress.enabled | bool | `false` | Enable an ingress resource for ApplicationSet webhook | +| applicationSet.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration | +| applicationSet.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD ApplicationSet hostname | +| applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | +| applicationSet.ingress.labels | object | `{}` | Additional ingress labels | +| applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths | +| applicationSet.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| applicationSet.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` | +| applicationSet.initContainers | list | `[]` | Init containers to add to the ApplicationSet controller pod | +| applicationSet.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | +| applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| applicationSet.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| applicationSet.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| applicationSet.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| applicationSet.metrics.enabled | bool | `false` | Deploy metrics service | +| applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations | +| applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | +| applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port | +| applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| applicationSet.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| applicationSet.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| applicationSet.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | +| applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string | +| applicationSet.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb | +| applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller | +| applicationSet.pdb.labels | object | `{}` | Labels to be added to ApplicationSet controller pdb | +| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| applicationSet.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| applicationSet.podAnnotations | object | `{}` | Annotations for the ApplicationSet controller pods | +| applicationSet.podLabels | object | `{}` | Labels for the ApplicationSet controller pods | +| applicationSet.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the ApplicationSet controller pods | +| applicationSet.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | +| applicationSet.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| applicationSet.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| applicationSet.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| applicationSet.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | +| applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | +| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller | +| applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | +| applicationSet.service.labels | object | `{}` | ApplicationSet service labels | +| applicationSet.service.port | int | `7000` | ApplicationSet service port | +| applicationSet.service.portName | string | `"http-webhook"` | ApplicationSet service port name | +| applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type | +| applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | +| applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name | +| applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | + +## Notifications + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | +| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | +| notifications.containerPorts.metrics | int | `9001` | Metrics container port | +| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | +| notifications.context | object | `{}` | Define user-defined context | +| notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | +| notifications.deploymentStrategy | object | `{"type":"Recreate"}` | Deployment strategy to be added to the notifications controller Deployment | +| notifications.dnsConfig | object | `{}` | [DNS configuration] | +| notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods | +| notifications.enabled | bool | `true` | Enable notifications controller | +| notifications.extraArgs | list | `[]` | Extra arguments to provide to the notifications controller | +| notifications.extraContainers | list | `[]` | Additional containers to be added to the notifications controller pod | +| notifications.extraEnv | list | `[]` | Additional container environment variables | +| notifications.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the notifications controller | +| notifications.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| notifications.extraVolumes | list | `[]` | List of extra volumes to add | +| notifications.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the notifications controller | +| notifications.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the notifications controller | +| notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller | +| notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod | +| notifications.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` | +| notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` | +| notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| notifications.metrics.port | int | `9001` | Metrics port | +| notifications.metrics.service.annotations | object | `{}` | Metrics service annotations | +| notifications.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| notifications.metrics.service.labels | object | `{}` | Metrics service labels | +| notifications.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| notifications.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| notifications.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| notifications.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| notifications.name | string | `"notifications-controller"` | Notifications controller name string | +| notifications.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| notifications.notifiers | object | See [values.yaml] | Configures notification services such as slack, email or custom webhook | +| notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb | +| notifications.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the notifications controller | +| notifications.pdb.labels | object | `{}` | Labels to be added to notifications controller pdb | +| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| notifications.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods | +| notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods | +| notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods | +| notifications.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | +| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller | +| notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | +| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | +| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | +| notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret | +| notifications.secret.name | string | `"argocd-notifications-secret"` | notifications controller Secret name | +| notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| notifications.serviceAccount.create | bool | `true` | Create notifications controller service account | +| notifications.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name | +| notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions | +| notifications.templates | object | `{}` | The notification template is used to generate the notification content | +| notifications.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | +| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | + +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | +| commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | +| commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | +| commitServer.dnsConfig | object | `{}` | [DNS configuration] | +| commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | +| commitServer.enabled | bool | `false` | Enable commit server | +| commitServer.extraArgs | list | `[]` | commit server command line flags | +| commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server | +| commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server | +| commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| commitServer.extraVolumes | list | `[]` | List of extra volumes to add | +| commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server | +| commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server | +| commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server | +| commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] | +| commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out | +| commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| commitServer.metrics.service.labels | object | `{}` | Metrics service labels | +| commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name | +| commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | +| commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| commitServer.name | string | `"commit-server"` | Commit server name | +| commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | +| commitServer.podLabels | object | `{}` | Labels for the commit server pods | +| commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods | +| commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. | +| commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | +| commitServer.service.annotations | object | `{}` | commit server service annotations | +| commitServer.service.labels | object | `{}` | commit server service labels | +| commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| commitServer.serviceAccount.create | bool | `true` | Create commit server service account | +| commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name | +| commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom +[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ +[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ +[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters +[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup +[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ +[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ +[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ +[values.yaml]: values.yaml +[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md +[tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions +[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace +[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice +[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl new file mode 100644 index 00000000..d2862792 --- /dev/null +++ b/charts/argo-cd/README.md.gotmpl @@ -0,0 +1,863 @@ +# Argo CD Chart + +A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. + +Source code can be found here: + +{{ template "chart.sourcesList" . }} + +This is a **community maintained** chart. This chart installs [argo-cd](https://argo-cd.readthedocs.io/en/stable/), a declarative, GitOps continuous delivery tool for Kubernetes. + +The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases). + +If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD. +For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.). + +## High Availability + +This chart installs the non-HA version of Argo CD by default. If you want to run Argo CD in HA mode, you can use one of the example values in the next sections. +Please also have a look into the upstream [Operator Manual regarding High Availability](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail. + +> **Warning:** +> You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes. + +### HA mode with autoscaling + +```yaml +redis-ha: + enabled: true + +controller: + replicas: 1 + +server: + autoscaling: + enabled: true + minReplicas: 2 + +repoServer: + autoscaling: + enabled: true + minReplicas: 2 + +applicationSet: + replicas: 2 +``` + +### HA mode without autoscaling + +```yaml +redis-ha: + enabled: true + +controller: + replicas: 1 + +server: + replicas: 2 + +repoServer: + replicas: 2 + +applicationSet: + replicas: 2 +``` + +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +global: + domain: argocd.example.com + +certificate: + enabled: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +global: + domain: argocd.example.com + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect: '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + + +## Synchronizing Changes from Original Repository + +In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). + +When installing Argo CD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`. + +To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`: + +https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket + +Or you clone the repository and do a local `git-diff`: + +```bash +git clone https://github.com/argoproj/argo-cd.git +cd argo-cd +git diff v1.8.7 v2.0.0 -- manifests/install.yaml +``` + +Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds). + +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 5.2.0, the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo CD chart version prior to 5.2.0 or have elected to manage the Argo CD CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=" + +# Eg. version v2.4.9 +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" +``` + +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + +Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. + +### 7.0.0 + +We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. +If you used the value, please migrate like below. + +```yaml +# before +configs: + clusterCredentials: + - mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... + +# after +configs: + clusterCredentials: + mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... +``` + +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + +### 6.9.0 +ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). + +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + +### 6.1.0 + +Added support for global domain used by all components. + +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `.args.` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Please refer to [ingress configuration](#ingress-configuration) for examples. + +### 5.53.0 + +Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() + +### 5.52.0 + +Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. +If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. + +### 5.35.0 + +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + + +### 5.31.0 +The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. +This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. +In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. + +### 5.26.0 + +This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. +Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics. + +To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`. +You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also. + +### 5.24.0 + +This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +Default `global.affinity` rules can be disabled when `none` value is used for the preset. + +### 5.22.0 + +This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. + +### 5.19.0 + +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. +You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. + +### 5.13.0 + +This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter. + +### 5.12.0 + +If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead. +For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`. +For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys. + +### 5.10.0 + +This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly. +The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project. + +### 5.7.0 + +This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively. +Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`. +If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes. + +### 5.5.20 + +This version moved API version templates into dedicated helper. If you are using these in your umbrella +chart please migrate your templates to pattern `argo-cd.apiVersion.`. + +### 5.5.0 + +This version introduces new `configs.params` section that replaces command line arguments for containers. +Please refer to documentation in values.yaml for migrating the configuration. + +### 5.2.0 + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs, please use following command: + +```bash +YOUR_ARGOCD_NAMESPACE="" # e.g. argo-cd +YOUR_ARGOCD_RELEASENAME="" # e.g. argo-cd + +for crd in "applications.argoproj.io" "applicationsets.argoproj.io" "argocdextensions.argoproj.io" "appprojects.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace="$YOUR_ARGOCD_NAMESPACE" + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name="$YOUR_ARGOCD_RELEASENAME" +done +``` + +### 5.0.0 + +This version **removes support for**: + +- deprecated repository credentials (parameter `configs.repositoryCredentials`) +- option to run application controller as a Deployment +- the parameters `server.additionalApplications` and `server.additionalProjects` + +Please carefully read the following section if you are using these parameters! + +In order to upgrade Applications and Projects safely against CRDs' upgrade, `server.additionalApplications` and `server.additionalProjects` are moved to [argocd-apps](../argocd-apps). + +If you are using `server.additionalApplications` or `server.additionalProjects`, you can adopt to [argocd-apps](../argocd-apps) as below: + +1. Add [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) to avoid resources being removed by upgrading Helm chart + +You can keep your existing CRDs by adding `"helm.sh/resource-policy": keep` on `additionalAnnotations`, under `server.additionalApplications` and `server.additionalProjects` blocks, and running `helm upgrade`. + +e.g: + +```yaml +server: + additionalApplications: + - name: guestbook + namespace: argocd + additionalLabels: {} + additionalAnnotations: + "helm.sh/resource-policy": keep # <-- add this + finalizers: + - resources-finalizer.argocd.argoproj.io + project: guestbook + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: guestbook + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ +``` + +You can also keep your existing CRDs by running the following scripts. + +```bash +# keep Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy=keep +done + +# keep Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy=keep +done +``` + +2. Upgrade argo-cd Helm chart to v5.0.0 + +3. Remove keep [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) + +```bash +# delete annotations from Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy- +done + +# delete annotations from Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy- +done +``` + +4. Adopt existing resources to [argocd-apps](../argocd-apps) + +### 4.9.0 + +This version starts to use upstream image with applicationset binary. Start command was changed from `applicationset-controller` to `argocd-applicationset-controller` + +### 4.3.* + +With this minor version, the notification notifier's `service.slack` is no longer configured by default. + +### 4.0.0 and above + +This helm chart version deploys Argo CD v2.3. The Argo CD Notifications and ApplicationSet are part of Argo CD now. You no longer need to install them separately. The Notifications and ApplicationSet components **are bundled into default** Argo CD installation. +Please read the [v2.2 to 2.3 upgrade instructions] in the upstream repository. + +### 3.13.0 + +This release removes the flag `--staticassets` from argocd server as it has been dropped upstream. If this flag needs to be enabled e.g for older releases of Argo CD, it can be passed via the `server.extraArgs` field + +### 3.10.2 + +Argo CD has recently deprecated the flag `--staticassets` and from chart version `3.10.2` has been disabled by default +It can be re-enabled by setting `server.staticAssets.enabled` to true + +### 3.8.1 + +This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization: + +```yaml +# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name) +repoServer: + serviceAccount: + create: true + +# Case 2) +controller: + serviceAccount: + name: "" # or + +# Case 3) +dex: + serviceAccount: + name: "" # or + +# Case 4) +server: + serviceAccount: + name: "" # or +``` + +Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE) + +### 3.2.* + +With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637). +[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an Argo CD instance**, +especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`). + +If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like: + +```yaml +kubeVersionOverride: "1.18.0" +``` + +Then you should no longer encounter this issue. + + +### 3.0.0 and above + +Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3. + +### 2.14.7 and above + +The `matchLabels` key in the Argo CD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. + +### 2.10.x to 2.11.0 + +The application controller is now available as a `StatefulSet` when the `controller.enableStatefulSet` flag is set to true. Depending on your Helm deployment this may be a downtime or breaking change if enabled when using HA and will become the default in 3.x. + +### 1.8.7 to 2.x.x + +`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings instead of a map + +What was + +```yaml +server: + extraArgs: + insecure: "" +``` + +is now + +```yaml +server: + extraArgs: + - --insecure +``` + +## Prerequisites + +- {{ template "chart.kubeVersionLine" . }} + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. +- Helm v3.0.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-cd +NAME: my-release +... +``` + +## General parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if not (or (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) (hasPrefix "commitServer" .Key) ) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Global Configs + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "global" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Argo CD Configs + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "configs" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Argo CD Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "controller" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Argo Repo Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "repoServer" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Argo Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if and (hasPrefix "server" .Key) (not (hasPrefix "server.additional" .Key)) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Dex + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "dex" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Redis + +### Option 1 - Single Redis instance (default option) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "redis." .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Option 2 - Redis HA + +This option uses the following third-party chart to bootstrap a clustered Redis: https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha. +For all available configuration options, please read upstream README and/or chart source. +The main options are listed here: + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "redis-ha" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} +| redis-ha.exporter.image | string | `nil` (follows subchart default) | Exporter image | +| redis-ha.exporter.tag | string | `nil` (follows subchart default) | Exporter tag | +| redis-ha.haproxy.image.repository | string | `nil` (follows subchart default) | HAProxy Image Repository | +| redis-ha.haproxy.image.tag | string | `nil` (follows subchart default) | HAProxy Image Tag | +| redis-ha.image.repository | string | `nil` (follows subchart default) | Redis image repository | + +### Option 3 - External Redis + +If you want to use an existing Redis (eg. a managed service from a cloud provider), you can use these parameters: + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "externalRedis" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "redisSecretInit" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## ApplicationSet + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "applicationSet" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Notifications + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "notifications" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "commitServer" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom +[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ +[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ +[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters +[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup +[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ +[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ +[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ +[values.yaml]: values.yaml +[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md +[tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions +[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace +[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice +[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/ci/default-values.yaml b/charts/argo-cd/ci/default-values.yaml new file mode 100644 index 00000000..ffc41c8a --- /dev/null +++ b/charts/argo-cd/ci/default-values.yaml @@ -0,0 +1,3 @@ +# Test with default values +crds: + keep: false diff --git a/charts/argo-cd/ci/dynamic-sharding-values.yaml b/charts/argo-cd/ci/dynamic-sharding-values.yaml new file mode 100644 index 00000000..e0b72e73 --- /dev/null +++ b/charts/argo-cd/ci/dynamic-sharding-values.yaml @@ -0,0 +1,6 @@ +# Test application controller dynamic cluster distribution +crds: + keep: false + +controller: + dynamicClusterDistribution: true diff --git a/charts/argo-cd/ci/extension-values.yaml b/charts/argo-cd/ci/extension-values.yaml new file mode 100644 index 00000000..0896ca4c --- /dev/null +++ b/charts/argo-cd/ci/extension-values.yaml @@ -0,0 +1,14 @@ +# Test Argo CD extension +crds: + keep: false +# Ref: https://github.com/argoproj-labs/argocd-extension-metrics?tab=readme-ov-file#install-ui-extension +server: + extensions: + enabled: true + extensionList: + - name: extension-metrics + env: + - name: EXTENSION_URL + value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz + - name: EXTENSION_CHECKSUM_URL + value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt diff --git a/charts/argo-cd/ci/external-redis-values.yaml b/charts/argo-cd/ci/external-redis-values.yaml new file mode 100644 index 00000000..74409b78 --- /dev/null +++ b/charts/argo-cd/ci/external-redis-values.yaml @@ -0,0 +1,12 @@ +crds: + keep: false + +redis: + enabled: false + +redis-ha: + enabled: false + +externalRedis: + host: "redis-master.redis.svc.cluster.local" + password: "argocd" diff --git a/charts/argo-cd/ci/ha-autoscaling-values.yaml b/charts/argo-cd/ci/ha-autoscaling-values.yaml new file mode 100644 index 00000000..6e994e3f --- /dev/null +++ b/charts/argo-cd/ci/ha-autoscaling-values.yaml @@ -0,0 +1,16 @@ +# Test High Availability with autoscaling +crds: + keep: false + +redis-ha: + enabled: true + +server: + autoscaling: + enabled: true + minReplicas: 2 + +repoServer: + autoscaling: + enabled: true + minReplicas: 2 diff --git a/charts/argo-cd/ci/ha-static-values.yaml b/charts/argo-cd/ci/ha-static-values.yaml new file mode 100644 index 00000000..ad5efd35 --- /dev/null +++ b/charts/argo-cd/ci/ha-static-values.yaml @@ -0,0 +1,12 @@ +# Test High Availability without autoscaling +crds: + keep: false + +redis-ha: + enabled: true + +server: + replicas: 2 + +repoServer: + replicas: 2 diff --git a/charts/argo-cd/ci/with-commit-server-values.yaml b/charts/argo-cd/ci/with-commit-server-values.yaml new file mode 100644 index 00000000..b4ffedca --- /dev/null +++ b/charts/argo-cd/ci/with-commit-server-values.yaml @@ -0,0 +1,3 @@ +# Test Argo CD with optional component "commit-server" +commitServer: + enabled: true diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml deleted file mode 100644 index c62189e8..00000000 --- a/charts/argo-cd/crds/crd-application.yaml +++ /dev/null @@ -1,1762 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/name: applications.argoproj.io - app.kubernetes.io/part-of: argocd - name: applications.argoproj.io - annotations: - helm.sh/hook: crd-install -spec: - group: argoproj.io - names: - kind: Application - listKind: ApplicationList - plural: applications - shortNames: - - app - - apps - singular: application - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.sync.status - name: Sync Status - type: string - - jsonPath: .status.health.status - name: Health Status - type: string - - jsonPath: .status.sync.revision - name: Revision - priority: 10 - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Application is a definition of Application resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - operation: - description: Operation contains information about a requested or running operation - properties: - info: - description: Info is a list of informational items for this operation - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - initiatedBy: - description: InitiatedBy contains information about who initiated the operations - properties: - automated: - description: Automated is set to true if operation was initiated automatically by the application controller. - type: boolean - username: - description: Username contains the name of a user who started operation - type: string - type: object - retry: - description: Retry controls the strategy to apply if a sync fails - properties: - backoff: - description: Backoff controls how to backoff on subsequent retries of failed syncs - properties: - duration: - description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply the base duration after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of time allowed for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. - format: int64 - type: integer - type: object - sync: - description: Sync contains parameters for the operation - properties: - dryRun: - description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync - type: boolean - manifests: - description: Manifests is an optional field that overrides sync source with a local directory for development - items: - type: string - type: array - prune: - description: Prune specifies to delete resources from the cluster that are no longer tracked in git - type: boolean - resources: - description: Resources describes which resources shall be part of the sync - items: - description: SyncOperationResource contains resources to sync. - properties: - group: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - type: array - revision: - description: Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. - type: string - source: - description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation - properties: - chart: - description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing the values for the Helm parameter - type: string - type: object - type: array - parameters: - description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation - items: - description: HelmParameter is a parameter that's passed to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - releaseName: - description: ReleaseName is the Helm release name to use. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels to add to rendered manifests - type: object - images: - description: Images is a list of Kustomize image override specifications - items: - description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's environment - properties: - name: - description: Name is the name of the variable, usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. - type: string - required: - - repoURL - type: object - syncOptions: - description: SyncOptions provide per-sync sync-options, e.g. Validate=false - items: - type: string - type: array - syncStrategy: - description: SyncStrategy describes how to perform the sync - properties: - apply: - description: Apply will perform a `kubectl apply` to perform the sync. - properties: - force: - description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. - type: boolean - type: object - hook: - description: Hook will submit any referenced resources to perform the sync. This is the default strategy - properties: - force: - description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. - type: boolean - type: object - type: object - type: object - type: object - spec: - description: ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision. - properties: - destination: - description: Destination is a reference to the target Kubernetes server and namespace - properties: - name: - description: Name is an alternate way of specifying the target cluster by its symbolic name - type: string - namespace: - description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace - type: string - server: - description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API - type: string - type: object - ignoreDifferences: - description: IgnoreDifferences is a list of resources and their fields which should be ignored during comparison - items: - description: ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state. - properties: - group: - type: string - jsonPointers: - items: - type: string - type: array - kind: - type: string - name: - type: string - namespace: - type: string - required: - - jsonPointers - - kind - type: object - type: array - info: - description: Info contains a list of information (URLs, email addresses, and plain text) that relates to the application - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - description: Project is a reference to the project this application belongs to. The empty string means that application belongs to the 'default' project. - type: string - revisionHistoryLimit: - description: RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - format: int64 - type: integer - source: - description: Source is a reference to the location of the application's manifests or chart - properties: - chart: - description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing the values for the Helm parameter - type: string - type: object - type: array - parameters: - description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation - items: - description: HelmParameter is a parameter that's passed to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - releaseName: - description: ReleaseName is the Helm release name to use. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels to add to rendered manifests - type: object - images: - description: Images is a list of Kustomize image override specifications - items: - description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's environment - properties: - name: - description: Name is the name of the variable, usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. - type: string - required: - - repoURL - type: object - syncPolicy: - description: SyncPolicy controls when and how a sync will be performed - properties: - automated: - description: Automated will keep an application synced to the target revision - properties: - allowEmpty: - description: 'AllowEmpty allows apps have zero live resources (default: false)' - type: boolean - prune: - description: 'Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)' - type: boolean - selfHeal: - description: 'SelfHeal specifes whether to revert resources back to their desired state upon modification in the cluster (default: false)' - type: boolean - type: object - retry: - description: Retry controls failed sync retry behavior - properties: - backoff: - description: Backoff controls how to backoff on subsequent retries of failed syncs - properties: - duration: - description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply the base duration after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of time allowed for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. - format: int64 - type: integer - type: object - syncOptions: - description: Options allow you to specify whole app sync-options - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - status: - description: ApplicationStatus contains status information for the application - properties: - conditions: - description: Conditions is a list of currently observed application conditions - items: - description: ApplicationCondition contains details about an application condition, which is usally an error or warning - properties: - lastTransitionTime: - description: LastTransitionTime is the time the condition was last observed - format: date-time - type: string - message: - description: Message contains human-readable message indicating details about condition - type: string - type: - description: Type is an application condition type - type: string - required: - - message - - type - type: object - type: array - health: - description: Health contains information about the application's current health status - properties: - message: - description: Message is a human-readable informational message describing the health status - type: string - status: - description: Status holds the status code of the application or resource - type: string - type: object - history: - description: History contains information about the application's sync history - items: - description: RevisionHistory contains history information about a previous sync - properties: - deployStartedAt: - description: DeployStartedAt holds the time the sync operation started - format: date-time - type: string - deployedAt: - description: DeployedAt holds the time the sync operation completed - format: date-time - type: string - id: - description: ID is an auto incrementing identifier of the RevisionHistory - format: int64 - type: integer - revision: - description: Revision holds the revision the sync was performed against - type: string - source: - description: Source is a reference to the application source used for the sync operation - properties: - chart: - description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing the values for the Helm parameter - type: string - type: object - type: array - parameters: - description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation - items: - description: HelmParameter is a parameter that's passed to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - releaseName: - description: ReleaseName is the Helm release name to use. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels to add to rendered manifests - type: object - images: - description: Images is a list of Kustomize image override specifications - items: - description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's environment - properties: - name: - description: Name is the name of the variable, usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. - type: string - required: - - repoURL - type: object - required: - - deployedAt - - id - - revision - type: object - type: array - observedAt: - description: 'ObservedAt indicates when the application state was updated without querying latest git state Deprecated: controller no longer updates ObservedAt field' - format: date-time - type: string - operationState: - description: OperationState contains information about any ongoing operations, such as a sync - properties: - finishedAt: - description: FinishedAt contains time of operation completion - format: date-time - type: string - message: - description: Message holds any pertinent messages when attempting to perform operation (typically errors). - type: string - operation: - description: Operation is the original requested operation - properties: - info: - description: Info is a list of informational items for this operation - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - initiatedBy: - description: InitiatedBy contains information about who initiated the operations - properties: - automated: - description: Automated is set to true if operation was initiated automatically by the application controller. - type: boolean - username: - description: Username contains the name of a user who started operation - type: string - type: object - retry: - description: Retry controls the strategy to apply if a sync fails - properties: - backoff: - description: Backoff controls how to backoff on subsequent retries of failed syncs - properties: - duration: - description: Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply the base duration after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of time allowed for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. - format: int64 - type: integer - type: object - sync: - description: Sync contains parameters for the operation - properties: - dryRun: - description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync - type: boolean - manifests: - description: Manifests is an optional field that overrides sync source with a local directory for development - items: - type: string - type: array - prune: - description: Prune specifies to delete resources from the cluster that are no longer tracked in git - type: boolean - resources: - description: Resources describes which resources shall be part of the sync - items: - description: SyncOperationResource contains resources to sync. - properties: - group: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - type: array - revision: - description: Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec. - type: string - source: - description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation - properties: - chart: - description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing the values for the Helm parameter - type: string - type: object - type: array - parameters: - description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation - items: - description: HelmParameter is a parameter that's passed to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - releaseName: - description: ReleaseName is the Helm release name to use. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels to add to rendered manifests - type: object - images: - description: Images is a list of Kustomize image override specifications - items: - description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's environment - properties: - name: - description: Name is the name of the variable, usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. - type: string - required: - - repoURL - type: object - syncOptions: - description: SyncOptions provide per-sync sync-options, e.g. Validate=false - items: - type: string - type: array - syncStrategy: - description: SyncStrategy describes how to perform the sync - properties: - apply: - description: Apply will perform a `kubectl apply` to perform the sync. - properties: - force: - description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. - type: boolean - type: object - hook: - description: Hook will submit any referenced resources to perform the sync. This is the default strategy - properties: - force: - description: Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times. - type: boolean - type: object - type: object - type: object - type: object - phase: - description: Phase is the current phase of the operation - type: string - retryCount: - description: RetryCount contains time of operation retries - format: int64 - type: integer - startedAt: - description: StartedAt contains time of operation start - format: date-time - type: string - syncResult: - description: SyncResult is the result of a Sync operation - properties: - resources: - description: Resources contains a list of sync result items for each individual resource in a sync operation - items: - description: ResourceResult holds the operation result details of a specific resource - properties: - group: - description: Group specifies the API group of the resource - type: string - hookPhase: - description: HookPhase contains the state of any operation associated with this resource OR hook This can also contain values for non-hook resources. - type: string - hookType: - description: HookType specifies the type of the hook. Empty for non-hook resources - type: string - kind: - description: Kind specifies the API kind of the resource - type: string - message: - description: Message contains an informational or error message for the last sync OR operation - type: string - name: - description: Name specifies the name of the resource - type: string - namespace: - description: Namespace specifies the target namespace of the resource - type: string - status: - description: Status holds the final result of the sync. Will be empty if the resources is yet to be applied/pruned and is always zero-value for hooks - type: string - syncPhase: - description: SyncPhase indicates the particular phase of the sync that this result was acquired in - type: string - version: - description: Version specifies the API version of the resource - type: string - required: - - group - - kind - - name - - namespace - - version - type: object - type: array - revision: - description: Revision holds the revision this sync operation was performed to - type: string - source: - description: Source records the application source information of the sync, used for comparing auto-sync - properties: - chart: - description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing the values for the Helm parameter - type: string - type: object - type: array - parameters: - description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation - items: - description: HelmParameter is a parameter that's passed to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - releaseName: - description: ReleaseName is the Helm release name to use. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels to add to rendered manifests - type: object - images: - description: Images is a list of Kustomize image override specifications - items: - description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's environment - properties: - name: - description: Name is the name of the variable, usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. - type: string - required: - - repoURL - type: object - required: - - revision - type: object - required: - - operation - - phase - - startedAt - type: object - reconciledAt: - description: ReconciledAt indicates when the application state was reconciled using the latest git version - format: date-time - type: string - resources: - description: Resources is a list of Kubernetes resources managed by this application - items: - description: 'ResourceStatus holds the current sync and health status of a resource TODO: describe members of this type' - properties: - group: - type: string - health: - description: HealthStatus contains information about the currently observed health state of an application or resource - properties: - message: - description: Message is a human-readable informational message describing the health status - type: string - status: - description: Status holds the status code of the application or resource - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - description: SyncStatusCode is a type which represents possible comparison results - type: string - version: - type: string - type: object - type: array - sourceType: - description: SourceType specifies the type of this application - type: string - summary: - description: Summary contains a list of URLs and container images used by this application - properties: - externalURLs: - description: ExternalURLs holds all external URLs of application child resources. - items: - type: string - type: array - images: - description: Images holds all images of application child resources. - items: - type: string - type: array - type: object - sync: - description: Sync contains information about the application's current sync status - properties: - comparedTo: - description: ComparedTo contains information about what has been compared - properties: - destination: - description: Destination is a reference to the application's destination used for comparison - properties: - name: - description: Name is an alternate way of specifying the target cluster by its symbolic name - type: string - namespace: - description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace - type: string - server: - description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API - type: string - type: object - source: - description: Source is a reference to the application's source used for comparison - properties: - chart: - description: Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation - type: string - include: - description: Include contains a glob pattern to match paths against that should be explicitly included during manifest generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar represents a variable to be passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm template - items: - description: HelmFileParameter is a file parameter that's passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing the values for the Helm parameter - type: string - type: object - type: array - parameters: - description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation - items: - description: HelmParameter is a parameter that's passed to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to tell Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - releaseName: - description: ReleaseName is the Helm release name to use. If omitted it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed to helm template, typically defined as a block - type: string - version: - description: Version is the Helm version to use for templating (either "2" or "3") - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional annotations to add to rendered manifests - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels to add to rendered manifests - type: object - images: - description: Images is a list of Kustomize image override specifications - items: - description: KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for Kustomize apps - type: string - version: - description: Version controls which version of Kustomize to use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's environment - properties: - name: - description: Name is the name of the variable, usually expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. - type: string - required: - - repoURL - type: object - required: - - destination - - source - type: object - revision: - description: Revision contains information about the revision the comparison has been performed to - type: string - status: - description: Status is the sync state of the comparison - type: string - required: - - status - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: {} diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index a5f59108..8821ab75 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,16 +1,22 @@ In order to access the server UI you have the following options: -1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 +1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443 and then open the browser on http://localhost:8080 and accept the certificate 2. enable ingress in the values file `server.ingress.enabled` and either - - Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough - - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts + - Add the annotation for ssl passthrough: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough + - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts +{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}} After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: -kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d +kubectl -n {{ include "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d -(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli) +(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli) +{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}} +After reaching the UI the first time you can login using Dex or OIDC. +{{ else -}} +After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `configs.cm.dex.config` or OIDC via `configs.cm.oidc.config`. +{{ end -}} diff --git a/charts/argo-cd/templates/_common.tpl b/charts/argo-cd/templates/_common.tpl new file mode 100644 index 00000000..4173876c --- /dev/null +++ b/charts/argo-cd/templates/_common.tpl @@ -0,0 +1,147 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "argo-cd.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "argo-cd.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-cd.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create Argo CD app version +*/}} +{{- define "argo-cd.defaultTag" -}} +{{- default .Chart.AppVersion .Values.global.image.tag }} +{{- end -}} + +{{/* +Return valid version label +*/}} +{{- define "argo-cd.versionLabelValue" -}} +{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "argo-cd.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-cd.labels" -}} +helm.sh/chart: {{ include "argo-cd.chart" .context }} +{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argocd +app.kubernetes.io/version: {{ include "argo-cd.versionLabelValue" .context }} +{{- with .context.Values.global.additionalLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-cd.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }} +{{ end -}} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Common affinity definition +Pod affinity + - Soft prefers different nodes + - Hard requires different nodes and prefers different availibility zones +Node affinity + - Soft prefers given user expressions + - Hard requires given user expressions +*/}} +{{- define "argo-cd.affinity" -}} +{{- with .component.affinity -}} + {{- toYaml . -}} +{{- else -}} +{{- $preset := .context.Values.global.affinity -}} +{{- if (eq $preset.podAntiAffinity "soft") }} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname +{{- else if (eq $preset.podAntiAffinity "hard") }} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: topology.kubernetes.io/zone + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname +{{- end }} +{{- with $preset.nodeAffinity.matchExpressions }} +{{- if (eq $preset.nodeAffinity.type "soft") }} +nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + {{- toYaml . | nindent 6 }} +{{- else if (eq $preset.nodeAffinity.type "hard") }} +nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- toYaml . | nindent 6 }} +{{- end }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Common deployment strategy definition +- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite +*/}} +{{- define "argo-cd.strategy" -}} +{{- $preset := . -}} +{{- if (eq (toString $preset.type) "Recreate") }} +type: Recreate +{{- else if (eq (toString $preset.type) "RollingUpdate") }} +type: RollingUpdate +{{- with $preset.rollingUpdate }} +rollingUpdate: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 65081951..aeaf3df8 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -1,34 +1,22 @@ {{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "argo-cd.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "argo-cd.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - {{/* Create controller name and version as used by the chart label. +Truncated at 52 chars because StatefulSet label 'controller-revision-hash' is limited +to 63 chars and it includes 10 chars of hash and a separating '-'. */}} {{- define "argo-cd.controller.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 52 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-cd.controller.serviceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} {{- end -}} {{/* @@ -38,20 +26,85 @@ Create dex name and version as used by the chart label. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create Dex server endpoint +*/}} +{{- define "argo-cd.dex.server" -}} +{{- $insecure := index .Values.configs.params "dexserver.disable.tls" | toString -}} +{{- $scheme := (eq $insecure "true") | ternary "http" "https" -}} +{{- $host := include "argo-cd.dex.fullname" . -}} +{{- $port := int .Values.dex.servicePortHttp -}} +{{- printf "%s://%s:%d" $scheme $host $port }} +{{- end }} + +{{/* +Create the name of the dex service account to use +*/}} +{{- define "argo-cd.dex.serviceAccountName" -}} +{{- if .Values.dex.serviceAccount.create -}} + {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.dex.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create redis name and version as used by the chart label. */}} {{- define "argo-cd.redis.fullname" -}} -{{ $redisHa := (index .Values "redis-ha") }} +{{- $redisHa := (index .Values "redis-ha") -}} +{{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}} {{- if $redisHa.enabled -}} {{- if $redisHa.haproxy.enabled -}} - {{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- else -}} {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} +{{/* +Return Redis server endpoint +*/}} +{{- define "argo-cd.redis.server" -}} +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} + {{- printf "%s:%s" (include "argo-cd.redis.fullname" .) (toString .Values.redis.servicePort) }} +{{- else if and .Values.externalRedis.host .Values.externalRedis.port }} + {{- printf "%s:%s" .Values.externalRedis.host (toString .Values.externalRedis.port) }} +{{- end }} +{{- end -}} + +{{/* +Create the name of the redis service account to use +*/}} +{{- define "argo-cd.redis.serviceAccountName" -}} +{{- if .Values.redis.serviceAccount.create -}} + {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redis.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Create Redis secret-init name +*/}} +{{- define "argo-cd.redisSecretInit.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Redis secret-init service account to use +*/}} +{{- define "argo-cd.redisSecretInit.serviceAccountName" -}} +{{- if .Values.redisSecretInit.serviceAccount.create -}} + {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redisSecretInit.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create argocd server name and version as used by the chart label. */}} @@ -59,6 +112,17 @@ Create argocd server name and version as used by the chart label. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create the name of the Argo CD server service account to use +*/}} +{{- define "argo-cd.server.serviceAccountName" -}} +{{- if .Values.server.serviceAccount.create -}} + {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.server.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create argocd repo-server name and version as used by the chart label. */}} @@ -66,114 +130,148 @@ Create argocd repo-server name and version as used by the chart label. {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{/* -Create the name of the controller service account to use -*/}} -{{- define "argo-cd.controllerServiceAccountName" -}} -{{- if .Values.controller.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.controller.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the dex service account to use -*/}} -{{- define "argo-cd.dexServiceAccountName" -}} -{{- if .Values.dex.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.dex.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the ArgoCD server service account to use -*/}} -{{- define "argo-cd.serverServiceAccountName" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - {{/* Create the name of the repo-server service account to use */}} -{{- define "argo-cd.repoServerServiceAccountName" -}} +{{- define "argo-cd.repoServer.serviceAccountName" -}} {{- if .Values.repoServer.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }} + {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }} {{- else -}} {{ default "default" .Values.repoServer.serviceAccount.name }} {{- end -}} {{- end -}} {{/* -Create chart name and version as used by the chart label. +Create argocd application set name and version as used by the chart label. */}} -{{- define "argo-cd.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- define "argo-cd.applicationSet.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.applicationSet.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Common labels +Create the name of the application set service account to use */}} -{{- define "argo-cd.labels" -}} -helm.sh/chart: {{ include "argo-cd.chart" .context }} -{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} -app.kubernetes.io/managed-by: {{ .context.Release.Service }} -app.kubernetes.io/part-of: argocd -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "argo-cd.selectorLabels" -}} -{{- if .name -}} -app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }} -{{ end -}} -app.kubernetes.io/instance: {{ .context.Release.Name }} -{{- if .component }} -app.kubernetes.io/component: {{ .component }} -{{- end }} -{{- end }} - -{{/* -Return the appropriate apiVersion for ingress -*/}} -{{- define "argo-cd.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}} -{{- print "networking.k8s.io/v1beta1" -}} +{{- define "argo-cd.applicationSet.serviceAccountName" -}} +{{- if .Values.applicationSet.serviceAccount.create -}} + {{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }} {{- else -}} -{{- print "networking.k8s.io/v1" -}} + {{ default "default" .Values.applicationSet.serviceAccount.name }} {{- end -}} {{- end -}} {{/* -Return the target Kubernetes version +Create argocd notifications name and version as used by the chart label. */}} -{{- define "argo-cd.kubeVersion" -}} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- define "argo-cd.notifications.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.notifications.name | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{/* -Argo Configuration Preset Values (Incluenced by Values configuration) +{{/* +Create the name of the notifications service account to use */}} -{{- define "argo-cd.config.presets" -}} - {{- if .Values.configs.styles }} -ui.cssurl: "./custom/custom.styles.css" - {{- end }} +{{- define "argo-cd.notifications.serviceAccountName" -}} +{{- if .Values.notifications.serviceAccount.create -}} + {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.notifications.serviceAccount.name }} +{{- end -}} {{- end -}} -{{/* +{{/* +Create argocd commit-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.commitServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the commit-server service account to use +*/}} +{{- define "argo-cd.commitServer.serviceAccountName" -}} +{{- if .Values.commitServer.serviceAccount.create -}} + {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.commitServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Argo Configuration Preset Values (Influenced by Values configuration) +*/}} +{{- define "argo-cd.config.cm.presets" -}} +{{- $presets := dict -}} +{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} +{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}} +{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} +{{- end -}} +{{- if .Values.configs.styles -}} +{{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} +{{- end -}} +{{- toYaml $presets }} +{{- end -}} + +{{/* Merge Argo Configuration with Preset Configuration */}} -{{- define "argo-cd.config" -}} - {{- if .Values.server.configEnabled -}} -{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }} - {{- end -}} -{{- end -}} \ No newline at end of file +{{- define "argo-cd.config.cm" -}} +{{- $config := omit .Values.configs.cm "create" "annotations" -}} +{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}} +{{- range $key, $value := mergeOverwrite $preset $config }} +{{- $fmted := $value | toString }} +{{- if not (eq $fmted "") }} +{{ $key }}: {{ $fmted | toYaml }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Argo Params Default Configuration Presets +NOTE: Configuration keys must be stored as dict because YAML treats dot as separator +*/}} +{{- define "argo-cd.config.params.presets" -}} +{{- $presets := dict -}} +{{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}} +{{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}} +{{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} +{{- if .Values.dex.enabled -}} +{{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}} +{{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}} +{{- end -}} +{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}} +{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} +{{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} +{{- end -}} +{{- toYaml $presets }} +{{- end -}} + +{{/* +Merge Argo Params Configuration with Preset Configuration +*/}} +{{- define "argo-cd.config.params" -}} +{{- $config := omit .Values.configs.params "create" "annotations" }} +{{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}} +{{- range $key, $value := mergeOverwrite $preset $config }} +{{ $key }}: {{ toString $value | toYaml }} +{{- end }} +{{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-cd.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} + +{{/* +Dual stack definition +*/}} +{{- define "argo-cd.dualStack" -}} +{{- with .Values.global.dualStack.ipFamilyPolicy }} +ipFamilyPolicy: {{ . }} +{{- end }} +{{- with .Values.global.dualStack.ipFamilies }} +ipFamilies: {{ toYaml . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/_versions.tpl b/charts/argo-cd/templates/_versions.tpl new file mode 100644 index 00000000..966dad97 --- /dev/null +++ b/charts/argo-cd/templates/_versions.tpl @@ -0,0 +1,7 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-cd.kubeVersion" -}} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end }} diff --git a/charts/argo-cd/templates/aggregate-roles.yaml b/charts/argo-cd/templates/aggregate-roles.yaml new file mode 100644 index 00000000..12d0e006 --- /dev/null +++ b/charts/argo-cd/templates/aggregate-roles.yaml @@ -0,0 +1,70 @@ +{{- if .Values.createAggregateRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml index bd6ff8aa..615b56f9 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -1,23 +1,23 @@ -{{- if .Values.controller.clusterAdminAccess.enabled }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: -{{- if .Values.controller.clusterRoleRules.enabled }} -{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }} -{{ else }} -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' -{{- end }} + {{- if .Values.controller.clusterRoleRules.enabled }} + {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }} + {{- else }} + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml index 86d7c883..6076c531 100644 --- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -1,16 +1,16 @@ -{{- if .Values.controller.clusterAdminAccess.enabled }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml old mode 100755 new mode 100644 index 7902be76..0b8285b7 --- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -1,128 +1,420 @@ -{{- $redisHa := (index .Values "redis-ha") -}} +{{- if .Values.controller.dynamicClusterDistribution }} apiVersion: apps/v1 -kind: {{ .Values.controller.enableStatefulSet | ternary "StatefulSet" "Deployment" }} +kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} spec: + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} - {{- if .Values.controller.enableStatefulSet }} - serviceName: {{ template "argo-cd.controller.fullname" . }} - {{- end }} - revisionHistoryLimit: 5 - replicas: {{ .Values.controller.replicas }} template: metadata: - {{- if .Values.controller.podAnnotations }} annotations: - {{- range $key, $value := .Values.controller.podAnnotations }} + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} + {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} - {{- if .Values.controller.podLabels }} -{{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} containers: - - command: - - argocd-application-controller - - --status-processors - - {{ .Values.controller.args.statusProcessors | quote }} - - --operation-processors - - {{ .Values.controller.args.operationProcessors | quote }} - - --app-resync - - {{ .Values.controller.args.appResyncPeriod | quote }} - - --self-heal-timeout-seconds - - {{ .Values.controller.args.selfHealTimeout | quote }} - - --repo-server - - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - - --logformat - - {{ .Values.controller.logFormat }} - - --loglevel - - {{ .Values.controller.logLevel }} - {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - - --redis - - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} + - args: + - /usr/local/bin/argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + {{- if .Values.controller.metrics.applicationLabels.enabled }} + {{- range .Values.controller.metrics.applicationLabels.labels }} + - --metrics-application-labels + - {{ . }} + {{- end }} {{- end }} {{- with .Values.controller.extraArgs }} - {{- . | toYaml | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} - image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} name: {{ .Values.controller.name }} - {{- if .Values.controller.containerSecurityContext }} - securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.controller.env }} env: -{{- toYaml .Values.controller.env | nindent 8 }} - {{- end }} + {{- with (concat .Values.global.env .Values.controller.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION + value: "true" + - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME + value: {{ .Values.controller.heartbeatTime | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.hard.reconciliation + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.status.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.operation.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.format + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.level + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.metrics.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.resource.health.persist + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} + key: redis-password + {{- else }} + key: auth + {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.default.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true {{- with .Values.controller.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} + envFrom: + {{- toYaml . | nindent 10 }} {{- end }} ports: - - name: controller - containerPort: {{ .Values.controller.containerPort }} + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} protocol: TCP - livenessProbe: + readinessProbe: httpGet: path: /healthz - port: {{ .Values.controller.containerPort }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - readinessProbe: - tcpSocket: - port: {{ .Values.controller.containerPort }} + port: metrics initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + workingDir: /home/argocd volumeMounts: + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} - mountPath: /app/config/controller/tls name: argocd-repo-server-tls - {{- with .Values.controller.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - resources: -{{- toYaml .Values.controller.resources | nindent 10 }} - {{- if .Values.controller.nodeSelector }} - nodeSelector: -{{- toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.controller.tolerations }} - tolerations: -{{- toYaml .Values.controller.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.controller.affinity }} + - mountPath: /home/argocd + name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + {{- with .Values.controller.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} affinity: -{{- toYaml .Values.controller.affinity | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }} -{{- with .Values.global.hostAliases }} - hostAliases: -{{ toYaml . | indent 6 }} -{{- end }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} volumes: + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-repo-server-tls secret: + secretName: argocd-repo-server-tls + optional: true items: - key: tls.crt path: tls.crt @@ -130,11 +422,19 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: optional: true - secretName: argocd-repo-server-tls - {{- with .Values.controller.volumes }} - {{- toYaml . | nindent 6 }} + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} -{{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml deleted file mode 100644 index 7331765d..00000000 --- a/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.controller.metrics.enabled}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.controller.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} -{{- if .Values.controller.metrics.service.labels }} -{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.controller.fullname" . }}-metrics -spec: - ports: - - name: metrics - protocol: TCP - port: {{ .Values.controller.metrics.service.servicePort }} - targetPort: controller - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml new file mode 100644 index 00000000..086dfe9b --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.controller.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.controller.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} + {{- with .Values.controller.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.controller.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.controller.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.controller.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.controller.metrics.service.type }} + {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.controller.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.controller.metrics.service.portName }} + protocol: TCP + port: {{ .Values.controller.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml new file mode 100644 index 00000000..db1ee7c2 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml @@ -0,0 +1,20 @@ +{{- if .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: metrics + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml new file mode 100644 index 00000000..bef09799 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.controller.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.controller.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.controller.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml index 485ed1aa..6ddc7f4c 100644 --- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml @@ -1,11 +1,9 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ template "argo-cd.controller.fullname" . }} - {{- if .Values.controller.metrics.rules.namespace }} - namespace: {{ .Values.controller.metrics.rules.namespace }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- if .Values.controller.metrics.rules.selector }} @@ -14,6 +12,10 @@ metadata: {{- if .Values.controller.metrics.rules.additionalLabels }} {{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }} {{- end }} + {{- with .Values.controller.metrics.rules.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: groups: - name: argocd diff --git a/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml index 75aec8db..27e3e956 100644 --- a/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: @@ -33,4 +34,26 @@ rules: - events verbs: - create - - list \ No newline at end of file + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch +{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - argocd-app-controller-shard-cm + verbs: + - get + - list + - watch + - create + - update +{{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml index f37f4b0c..48681637 100644 --- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -1,14 +1,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.controller.fullname" . }} + name: {{ include "argo-cd.controller.fullname" . }} subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + - kind: ServiceAccount + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-application-controller/service.yaml b/charts/argo-cd/templates/argocd-application-controller/service.yaml deleted file mode 100644 index db563135..00000000 --- a/charts/argo-cd/templates/argocd-application-controller/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.controller.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.controller.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} -spec: - ports: - - name: {{ .Values.controller.service.portName }} - port: {{ .Values.controller.service.port }} - targetPort: {{ .Values.controller.containerPort }} - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index 4703236c..575cbf6d 100644 --- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -3,13 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.controllerServiceAccountName" . }} -{{- if .Values.controller.serviceAccount.annotations }} + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.controller.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.controller.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index 0b943982..d1912470 100644 --- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -1,31 +1,51 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.controller.fullname" . }} - {{- if .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - {{- if .Values.controller.metrics.serviceMonitor.selector }} -{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }} + {{- with .Values.controller.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- with .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - - port: metrics + - port: {{ .Values.controller.metrics.service.portName }} {{- with .Values.controller.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }} + {{- with .Values.controller.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }} {{- end }} - diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml new file mode 100644 index 00000000..733290d1 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -0,0 +1,444 @@ +{{- if not .Values.controller.dynamicClusterDistribution | default false }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.controller.statefulsetAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} + serviceName: {{ include "argo-cd.controller.fullname" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} + containers: + - args: + - /usr/local/bin/argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + {{- if .Values.controller.metrics.applicationLabels.enabled }} + {{- range .Values.controller.metrics.applicationLabels.labels }} + - --metrics-application-labels + - {{ . }} + {{- end }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + name: {{ .Values.controller.name }} + env: + {{- with (concat .Values.global.env .Values.controller.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_CONTROLLER_REPLICAS + value: {{ .Values.controller.replicas | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.hard.reconciliation + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.status.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.operation.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.format + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.level + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.metrics.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.resource.health.persist + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} + key: redis-password + {{- else }} + key: auth + {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.default.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + workingDir: /home/argocd + volumeMounts: + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + - name: argocd-application-controller-tmp + mountPath: /tmp + {{- with .Values.controller.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - emptyDir: {} + name: argocd-application-controller-tmp + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml new file mode 100644 index 00000000..fce26bf5 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml @@ -0,0 +1,39 @@ +{{- if .Values.applicationSet.certificate.enabled -}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + secretName: argocd-applicationset-controller-tls + commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} + dnsNames: + - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} + {{- range .Values.applicationSet.certificate.additionalHosts }} + - {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} + issuerRef: + {{- with .Values.applicationSet.certificate.issuer.group }} + group: {{ . | quote }} + {{- end }} + kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }} + name: {{ .Values.applicationSet.certificate.issuer.name | quote }} + {{- with .Values.applicationSet.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml new file mode 100644 index 00000000..2723e3d2 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -0,0 +1,90 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml new file mode 100644 index 00000000..9dcae8d2 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.applicationSet.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml new file mode 100644 index 00000000..9c085123 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -0,0 +1,354 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.applicationSet.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.applicationSet.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + replicas: {{ .Values.applicationSet.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.applicationSet.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }} + containers: + - name: {{ .Values.applicationSet.name }} + image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-applicationset-controller + - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} + - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} + - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} + {{- with .Values.applicationSet.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.applicationSet.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.syncs + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.concurrent.reconciliations.max + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true + {{- with .Values.applicationSet.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.applicationSet.containerPorts.metrics }} + protocol: TCP + - name: probe + containerPort: {{ .Values.applicationSet.containerPorts.probe }} + protocol: TCP + - name: webhook + containerPort: {{ .Values.applicationSet.containerPorts.webhook }} + protocol: TCP + {{- if .Values.applicationSet.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: probe + initialDelaySeconds: {{ .Values.applicationSet.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.applicationSet.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.applicationSet.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.applicationSet.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.applicationSet.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.applicationSet.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: probe + initialDelaySeconds: {{ .Values.applicationSet.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.applicationSet.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.applicationSet.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.applicationSet.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.applicationSet.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.applicationSet.resources | nindent 12 }} + {{- with .Values.applicationSet.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- with .Values.applicationSet.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /tmp + name: tmp + {{- with .Values.applicationSet.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.applicationSet.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.applicationSet.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with .Values.applicationSet.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.applicationSet.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml new file mode 100644 index 00000000..5cdf0cfe --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.applicationSet.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.applicationSet.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.applicationSet.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.applicationSet.ingress.path }} + pathType: {{ .Values.applicationSet.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" . }} + port: + number: {{ .Values.applicationSet.service.port }} + {{- range .Values.applicationSet.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.applicationSet.ingress.path .path }} + pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" $ }} + port: + number: {{ $.Values.applicationSet.service.port }} + {{- end }} + {{- with .Values.applicationSet.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }} + tls: + {{- if .Values.applicationSet.ingress.tls }} + - hosts: + - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} + secretName: argocd-applicationset-controller-tls + {{- end }} + {{- with .Values.applicationSet.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml new file mode 100644 index 00000000..de5638ad --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.applicationSet.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }} + {{- with .Values.applicationSet.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.applicationSet.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.applicationSet.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.applicationSet.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.applicationSet.metrics.service.type }} + {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.applicationSet.metrics.service.portName }} + protocol: TCP + port: {{ .Values.applicationSet.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml new file mode 100644 index 00000000..3a295f77 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + ingress: + {{- if .Values.applicationSet.ingress.enabled }} + - ports: + - port: webhook + {{- end }} + {{- if .Values.applicationSet.metrics.enabled }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + {{- end }} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml new file mode 100644 index 00000000..5d0ebc88 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.applicationSet.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.applicationSet.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.applicationSet.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} +{{- end }} diff --git a/charts/argocd-applicationset/templates/rbac.yaml b/charts/argo-cd/templates/argocd-applicationset/role.yaml similarity index 66% rename from charts/argocd-applicationset/templates/rbac.yaml rename to charts/argo-cd/templates/argocd-applicationset/role.yaml index 1181e3d2..d8cfed62 100644 --- a/charts/argocd-applicationset/templates/rbac.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml @@ -1,15 +1,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "argo-applicationset.fullname" . }} + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argo-applicationset.labels" . | nindent 4 }} + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: - apiGroups: - argoproj.io resources: - applications - - appprojects - applicationsets - applicationsets/finalizers verbs: @@ -28,17 +28,35 @@ rules: - get - patch - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch - apiGroups: - "" resources: - events verbs: - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update - delete - get - list - patch - - update - watch - apiGroups: - "" @@ -48,18 +66,6 @@ rules: - get - list - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - apps - extensions @@ -81,17 +87,3 @@ rules: - patch - update - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "argo-applicationset.fullname" . }} - labels: - {{- include "argo-applicationset.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "argo-applicationset.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "argo-applicationset.serviceAccountName" . }} diff --git a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml new file mode 100644 index 00000000..5d4f1e4a --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.applicationSet.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-applicationset/service.yaml b/charts/argo-cd/templates/argocd-applicationset/service.yaml new file mode 100644 index 00000000..bf58c6b4 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.applicationSet.service.annotations }} + annotations: + {{- range $key, $value := .Values.applicationSet.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +{{- with .Values.applicationSet.service.labels }} +{{- toYaml . | nindent 4 }} +{{- end }} +spec: + type: {{ .Values.applicationSet.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.applicationSet.service.portName }} + port: {{ .Values.applicationSet.service.port }} + targetPort: webhook + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml new file mode 100644 index 00000000..4869cad0 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.applicationSet.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.applicationSet.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml new file mode 100644 index 00000000..52d70700 --- /dev/null +++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.applicationSet.metrics.service.portName }} + {{- with .Values.applicationSet.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }} + {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/deployment.yaml b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml new file mode 100644 index 00000000..96cf6575 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml @@ -0,0 +1,238 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }} + containers: + - name: {{ .Values.commitServer.name }} + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-commit-server + {{- with .Values.commitServer.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.metrics.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.format + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + {{- with .Values.commitServer.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8086 + name: server + protocol: TCP + - containerPort: 8087 + name: metrics + protocol: TCP + {{- if .Values.commitServer.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.commitServer.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }} + {{- end }} + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commitServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.commitServer.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + mountPath: /app/config/ssh + - name: tls-certs + mountPath: /app/config/tls + - name: gpg-keys + mountPath: /app/config/gpg/source + - name: gpg-keyring + mountPath: /app/config/gpg/keys + # We need a writeable temp directory for the askpass socket file. + - name: tmp + mountPath: /tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + name: copyutil + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + volumes: + {{- with .Values.commitServer.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + emptyDir: {} + - name: tmp + emptyDir: {} + - name: argocd-commit-server-tls + secret: + secretName: argocd-commit-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - emptyDir: {} + name: var-files + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.commitServer.hostNetwork }} + hostNetwork: {{ .Values.commitServer.hostNetwork }} + {{- end }} + {{- with .Values.commitServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.commitServer.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/metrics.yaml b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml new file mode 100644 index 00000000..7d198a70 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.commitServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }} + {{- with .Values.commitServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.commitServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.commitServer.metrics.service.type }} + {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.commitServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.commitServer.metrics.service.servicePort }} + targetPort: 8087 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml new file mode 100644 index 00000000..6ec0a6ac --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }} + ports: + - protocol: TCP + port: 8086 + - from: + - namespaceSelector: { } + ports: + - port: 8087 +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/service.yaml b/charts/argo-cd/templates/argocd-commit-server/service.yaml new file mode 100644 index 00000000..7b0bf878 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commitServer.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + ports: + - name: server + protocol: TCP + port: 8086 + targetPort: 8086 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml new file mode 100644 index 00000000..d0cf9e73 --- /dev/null +++ b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.commitServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.commitServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index 0da0c1ed..6bd19f5c 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -1,15 +1,17 @@ -{{- if .Values.server.configEnabled }} +{{- if .Values.configs.cm.create }} apiVersion: v1 kind: ConfigMap metadata: name: argocd-cm + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} - {{- if .Values.server.configAnnotations }} + {{- with .Values.configs.cm.annotations }} annotations: - {{- range $key, $value := .Values.server.configAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} - {{- end }} -data: {{- include "argo-cd.config" $ | nindent 4 }} -{{- end }} \ No newline at end of file +data: + {{- include "argo-cd.config.cm" . | trim | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml new file mode 100644 index 00000000..f0c81b24 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -0,0 +1,17 @@ +{{- if .Values.configs.params.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmd-params-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }} + {{- if .Values.configs.params.annotations }} + annotations: + {{- range $key, $value := .Values.configs.params.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- include "argo-cd.config.params" . | trim | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml new file mode 100644 index 00000000..a5d29f6c --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml @@ -0,0 +1,25 @@ +{{- if .Values.configs.cmp.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmp-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }} + {{- with .Values.configs.cmp.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- range $cmp_plugin, $cmp_plugin_config := .Values.configs.cmp.plugins }} + {{ $cmp_plugin }}.yaml: | + apiVersion: argoproj.io/v1alpha1 + kind: ConfigManagementPlugin + metadata: + name: {{ $cmp_plugin }} + spec: + {{- toYaml $cmp_plugin_config | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml new file mode 100644 index 00000000..747fa13c --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.dex.enabled .Values.dex.certificateSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-dex-server-tls + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }} + {{- with .Values.dex.certificateSecret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.certificateSecret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: kubernetes.io/tls +data: + {{- with .Values.dex.certificateSecret.ca }} + ca.crt: {{ . | b64enc | quote }} + {{- end }} + tls.crt: {{ .Values.dex.certificateSecret.crt | b64enc | quote }} + tls.key: {{ .Values.dex.certificateSecret.key | b64enc | quote }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml new file mode 100644 index 00000000..ed299b59 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-gpg-keys-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} + {{- with .Values.configs.gpg.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- with .Values.configs.gpg.keys }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml new file mode 100644 index 00000000..663862e2 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.notifications.enabled .Values.notifications.cm.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-notifications-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +data: + context: | + argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }} + {{- with .Values.notifications.context }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.notifiers }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.notifications.subscriptions }} + subscriptions: | + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.templates }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.notifications.triggers }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml new file mode 100644 index 00000000..f64a91f5 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.notifications.enabled .Values.notifications.secret.create }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.notifications.secret.name }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.secret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: Opaque +stringData: + {{- with .Values.notifications.secret.items }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml index b02e3a00..ae48404e 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -1,18 +1,19 @@ -{{- if .Values.server.rbacConfigCreate }} +{{- if .Values.configs.rbac.create }} apiVersion: v1 kind: ConfigMap metadata: name: argocd-rbac-cm + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} - {{- if .Values.server.rbacConfigAnnotations }} + {{- with .Values.configs.rbac.annotations }} annotations: - {{- range $key, $value := .Values.server.rbacConfigAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} - {{- end }} -{{- if .Values.server.rbacConfig }} +{{- with (omit .Values.configs.rbac "create" "annotations") }} data: -{{- toYaml .Values.server.rbacConfig | nindent 4 }} + {{- toYaml . | nindent 2 }} {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml new file mode 100644 index 00000000..8635d64e --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml @@ -0,0 +1,25 @@ +{{- if .Values.repoServer.certificateSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repo-server-tls + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }} + {{- with .Values.repoServer.certificateSecret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.repoServer.certificateSecret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: kubernetes.io/tls +data: + {{- with .Values.repoServer.certificateSecret.ca }} + ca.crt: {{ . | b64enc | quote }} + {{- end }} + tls.crt: {{ .Values.repoServer.certificateSecret.crt | b64enc | quote }} + tls.key: {{ .Values.repoServer.certificateSecret.key | b64enc | quote }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml index d84d2649..9462be26 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -3,40 +3,44 @@ apiVersion: v1 kind: Secret metadata: name: argocd-secret + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} - {{- if .Values.configs.secret.annotations }} + {{- with .Values.configs.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.configs.secret.annotations }} annotations: - {{- range $key, $value := .Values.configs.secret.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} - {{- end }} + {{- end }} {{- end }} type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }} # Setting a blank data again will wipe admin password/key/cert data: - {{- if .Values.configs.secret.githubSecret }} - webhook.github.secret: {{ .Values.configs.secret.githubSecret | b64enc }} + {{- with .Values.configs.secret.githubSecret }} + webhook.github.secret: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.gitlabSecret }} - webhook.gitlab.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }} + {{- with .Values.configs.secret.gitlabSecret }} + webhook.gitlab.secret: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.bitbucketServerSecret }} - webhook.bitbucketserver.secret: {{ .Values.configs.secret.bitbucketServerSecret | b64enc }} + {{- with .Values.configs.secret.bitbucketServerSecret }} + webhook.bitbucketserver.secret: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.bitbucketUUID }} - webhook.bitbucket.uuid: {{ .Values.configs.secret.bitbucketUUID | b64enc }} + {{- with .Values.configs.secret.bitbucketUUID }} + webhook.bitbucket.uuid: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.gogsSecret }} - webhook.gogs.secret: {{ .Values.configs.secret.gogsSecret | b64enc }} + {{- with .Values.configs.secret.gogsSecret }} + webhook.gogs.secret: {{ . | b64enc }} {{- end }} - {{- if .Values.configs.secret.argocdServerTlsConfig }} - tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }} - tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }} + {{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }} + webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }} + webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }} {{- end }} {{- if .Values.configs.secret.argocdServerAdminPassword }} admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} - admin.passwordMtime: {{ default (date "2006-01-02T15:04:05Z" now) .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} + admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} {{- end }} {{- range $key, $value := .Values.configs.secret.extra }} {{ $key }}: {{ $value | b64enc }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml new file mode 100644 index 00000000..97116472 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.server.certificateSecret.enabled (not .Values.server.certificate.enabled) }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-server-tls + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }} + {{- with .Values.server.certificateSecret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.certificateSecret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.server.certificateSecret.crt | b64enc | quote }} + tls.key: {{ .Values.server.certificateSecret.key | b64enc | quote }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index 289885bd..0218d40b 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -1,13 +1,21 @@ +{{- if .Values.configs.ssh.create }} apiVersion: v1 -{{- toYaml .Values.configs.knownHosts | nindent 0 }} kind: ConfigMap metadata: + name: argocd-ssh-known-hosts-cm + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "ssh-known-hosts-cm") | nindent 4 }} - {{- if .Values.configs.knownHostsAnnotations }} + {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} + {{- with .Values.configs.ssh.annotations }} annotations: - {{- range $key, $value := .Values.configs.knownHostsAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} - {{- end }} - name: argocd-ssh-known-hosts-cm \ No newline at end of file +data: + ssh_known_hosts: | + {{- .Values.configs.ssh.knownHosts | nindent 4 }} + {{- with .Values.configs.ssh.extraHosts }} + {{- . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml index a8079671..77421542 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml @@ -2,10 +2,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: argocd-custom-styles + name: argocd-styles-cm + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} data: custom.styles.css: | {{- .Values.configs.styles | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index 5b3f5fe5..3aad4011 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -1,15 +1,19 @@ +{{- if .Values.configs.tls.create }} apiVersion: v1 -{{- if .Values.configs.tlsCerts }} -{{- toYaml .Values.configs.tlsCerts | nindent 0 }} -{{- end }} kind: ConfigMap metadata: + name: argocd-tls-certs-cm + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "tls-certs-cm") | nindent 4 }} - {{- if .Values.configs.tlsCertsAnnotations }} + {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} + {{- with .Values.configs.tls.annotations }} annotations: - {{- range $key, $value := .Values.configs.tlsCertsAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} - {{- end }} - name: argocd-tls-certs-cm \ No newline at end of file +{{- with .Values.configs.tls.certificates }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 4fb7e883..956bbf54 100644 --- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -1,26 +1,38 @@ -{{- range .Values.configs.clusterCredentials }} +{{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }} --- apiVersion: v1 kind: Secret metadata: - name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} + name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }} + namespace: {{ include "argo-cd.namespace" $ | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} - {{- with .labels }} + {{- with $cluster_value.labels }} {{- toYaml . | nindent 4 }} {{- end }} argocd.argoproj.io/secret-type: cluster - {{- with .annotations }} + {{- with $cluster_value.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} type: Opaque stringData: - name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} - server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} - {{- with .namespaces }} - namespaces: {{ . }} + {{- if $cluster_value.shard }} + shard: {{ $cluster_value.shard | quote }} + {{- end }} + name: {{ $cluster_key }} + server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} + {{- if $cluster_value.namespaces }} + namespaces: {{ $cluster_value.namespaces }} + {{- if $cluster_value.clusterResources }} + clusterResources: {{ $cluster_value.clusterResources | quote }} + {{- end }} + {{- end }} + {{- if $cluster_value.project }} + project: {{ $cluster_value.project | quote }} {{- end }} config: | - {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }} + {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml new file mode 100644 index 00000000..2cfefde9 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -0,0 +1,23 @@ +{{- if and (or .Values.externalRedis.username .Values.externalRedis.password) (not .Values.externalRedis.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-redis + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with .Values.externalRedis.secretAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: Opaque +data: + {{- with .Values.externalRedis.username }} + redis-username: {{ . | b64enc }} + {{- end }} + {{- with .Values.externalRedis.password }} + redis-password: {{ . | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml new file mode 100644 index 00000000..e4d23f9a --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml @@ -0,0 +1,21 @@ +{{- range $repo_cred_key, $repo_cred_value := .Values.configs.credentialTemplates }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repo-creds-{{ $repo_cred_key }} + namespace: {{ include "argo-cd.namespace" $ | quote }} + labels: + argocd.argoproj.io/secret-type: repo-creds + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with $.Values.configs.credentialTemplatesAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- range $key, $value := $repo_cred_value }} + {{ $key }}: {{ $value | toString | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml new file mode 100644 index 00000000..4a77cf1b --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml @@ -0,0 +1,21 @@ +{{- range $repo_key, $repo_value := .Values.configs.repositories }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repo-{{ $repo_key }} + namespace: {{ include "argo-cd.namespace" $ | quote }} + labels: + argocd.argoproj.io/secret-type: repository + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with $.Values.configs.repositoriesAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- range $key, $value := $repo_value }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml new file mode 100644 index 00000000..eba5973f --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +rules: + {{- with .Values.notifications.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} + {{- end }} + - apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - create + {{- end }} + {{- if .Values.notifications.cm.create }} + - apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get + {{- end }} + - apiGroups: + - "" + resourceNames: + - {{ .Values.notifications.secret.name }} + resources: + - secrets + verbs: + - get +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml new file mode 100644 index 00000000..9a6fa7c5 --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.notifications.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.notifications.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml new file mode 100644 index 00000000..cee627d5 --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -0,0 +1,207 @@ +{{- if .Values.notifications.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +spec: + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.notifications.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} + template: + metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.notifications.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.notifications.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.notifications.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.notifications.automountServiceAccountToken }} + containers: + - name: {{ .Values.notifications.name }} + image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-notifications + - --metrics-port={{ .Values.notifications.containerPorts.metrics }} + - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }} + - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} + - --namespace={{ include "argo-cd.namespace" . }} + - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + - --secret-name={{ .Values.notifications.secret.name }} + {{- range .Values.notifications.extraArgs }} + - {{ . | squote }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + {{- with .Values.notifications.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.notifications.containerPorts.metrics }} + protocol: TCP + {{- if .Values.notifications.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.notifications.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.notifications.resources | nindent 12 }} + {{- with .Values.notifications.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + workingDir: /app + volumeMounts: + - name: tls-certs + mountPath: /app/config/tls + - name: argocd-repo-server-tls + mountPath: /app/config/reposerver/tls + {{- with .Values.notifications.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.notifications.extraContainers }} + {{- tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + {{- with .Values.notifications.initContainers }} + initContainers: + {{- tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.notifications.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.notifications.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with .Values.notifications.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.notifications.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/charts/argo-cd/templates/argocd-notifications/metrics.yaml new file mode 100644 index 00000000..9dd18c8b --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.notifications.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }} + {{- with .Values.notifications.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.notifications.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.notifications.metrics.port | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.notifications.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.notifications.metrics.service.type }} + {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} + ports: + - name: {{ .Values.notifications.metrics.service.portName }} + protocol: TCP + port: {{ .Values.notifications.metrics.port }} + targetPort: metrics +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml new file mode 100644 index 00000000..b03c26ca --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.notifications.enabled .Values.global.networkPolicy.create .Values.notifications.metrics.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: metrics + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/pdb.yaml b/charts/argo-cd/templates/argocd-notifications/pdb.yaml new file mode 100644 index 00000000..4bdf211a --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/pdb.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.notifications.enabled .Values.notifications.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.notifications.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.notifications.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} +{{- end }} diff --git a/charts/argocd-notifications/templates/role.yaml b/charts/argo-cd/templates/argocd-notifications/role.yaml similarity index 54% rename from charts/argocd-notifications/templates/role.yaml rename to charts/argo-cd/templates/argocd-notifications/role.yaml index 0b07afd7..800a937a 100644 --- a/charts/argocd-notifications/templates/role.yaml +++ b/charts/argo-cd/templates/argocd-notifications/role.yaml @@ -1,9 +1,11 @@ +{{- if .Values.notifications.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "argocd-notifications.name" . }}-controller + name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argocd-notifications.labels" . | nindent 4 }} + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -27,7 +29,7 @@ rules: - apiGroups: - "" resourceNames: - - {{ include "argocd-notifications.name" . }}-cm + - argocd-notifications-cm resources: - configmaps verbs: @@ -35,8 +37,9 @@ rules: - apiGroups: - "" resourceNames: - - {{ include "argocd-notifications.name" . }}-secret + - {{ .Values.notifications.secret.name }} resources: - secrets verbs: - - get \ No newline at end of file + - get +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml new file mode 100644 index 00000000..e2259621 --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.notifications.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.notifications.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.notifications.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml new file mode 100644 index 00000000..3da8f27c --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.notifications.enabled .Values.notifications.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.notifications.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.notifications.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml new file mode 100644 index 00000000..22b882a6 --- /dev/null +++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.notifications.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.notifications.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.notifications.metrics.service.portName }} + path: /metrics + {{- if .Values.notifications.metrics.serviceMonitor.interval }} + interval: {{ .Values.notifications.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.notifications.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.notifications.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml new file mode 100644 index 00000000..23439b18 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +rules: + {{- with .Values.repoServer.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} + {{- else }} + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml new file mode 100644 index 00000000..d8bd88aa --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.repoServer.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index bd924d4b..f12332e9 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -1,155 +1,500 @@ -{{- $redisHa := (index .Values "redis-ha") -}} apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.repoServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.repoServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + {{- if not .Values.repoServer.autoscaling.enabled }} + replicas: {{ .Values.repoServer.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} - revisionHistoryLimit: 5 - {{- if (ne .Values.repoServer.autoscaling.enabled true) }} - replicas: {{ .Values.repoServer.replicas }} - {{- end }} template: metadata: - {{- if .Values.repoServer.podAnnotations }} annotations: - {{- range $key, $value := .Values.repoServer.podAnnotations }} + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.repoServer.certificateSecret.enabled }} + checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.configs.cmp.create }} + checksum/cmp-cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmp-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} + {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} - {{- if .Values.repoServer.podLabels }} -{{- toYaml .Values.repoServer.podLabels | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.repoServer.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.repoServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.repoServer.automountServiceAccountToken }} containers: - name: {{ .Values.repoServer.name }} - image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} + image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} - command: - - uid_entrypoint.sh - - argocd-repo-server - {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - - --redis - - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} - {{- end }} - - --logformat - - {{ .Values.repoServer.logFormat }} - - --loglevel - - {{ .Values.repoServer.logLevel }} + args: + - /usr/local/bin/argocd-repo-server + - --port={{ .Values.repoServer.containerPorts.server }} + - --metrics-port={{ .Values.repoServer.containerPorts.metrics }} {{- with .Values.repoServer.extraArgs }} - {{- . | toYaml | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.repoServer.containerSecurityContext }} - securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} - {{- end }} -{{- if or (.Values.repoServer.env) (.Values.openshift.enabled) }} env: -{{- if .Values.repoServer.env }} -{{- toYaml .Values.repoServer.env | nindent 8 }} -{{- end }} -{{- if .Values.openshift.enabled }} - - name: USER_NAME - value: argocd -{{- end }} -{{- end }} + {{- with (concat .Values.global.env .Values.repoServer.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.openshift.enabled }} + - name: USER_NAME + value: argocd + {{- end }} + - name: ARGOCD_REPO_SERVER_NAME + value: {{ template "argo-cd.repoServer.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.log.format + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.log.level + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.parallelism.limit + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.metrics.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.disable.tls + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.tls.minversion + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.tls.maxversion + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.tls.ciphers + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.repo.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} + key: redis-password + {{- else }} + key: auth + {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.default.cache.expiration + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.max.combined.directory.manifests.size + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.plugin.tar.exclusions + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.disable.helm.manifest.max.extracted.size + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir + {{- end }} {{- with .Values.repoServer.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} + envFrom: + {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: {{- if .Values.repoServer.volumeMounts }} -{{- toYaml .Values.repoServer.volumeMounts | nindent 8}} + {{- toYaml .Values.repoServer.volumeMounts | nindent 8 }} {{- end }} - - mountPath: /app/config/gpg/keys - name: gpg-keyring - {{- if .Values.configs.knownHosts }} - mountPath: /app/config/ssh name: ssh-known-hosts - {{- end }} - {{- if .Values.configs.tlsCerts }} - mountPath: /app/config/tls name: tls-certs - {{- end }} + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring - mountPath: /app/config/reposerver/tls name: argocd-repo-server-tls + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} + - mountPath: /helm-working-dir + name: helm-working-dir + {{- end }} + - mountPath: /home/argocd/cmp-server/plugins + name: plugins - mountPath: /tmp - name: tmp-dir + name: tmp ports: - name: repo-server - containerPort: {{ .Values.repoServer.containerPort }} + containerPort: {{ .Values.repoServer.containerPorts.server }} protocol: TCP - {{ if .Values.repoServer.metrics.enabled }} - name: metrics - containerPort: 8084 + containerPort: {{ .Values.repoServer.containerPorts.metrics }} protocol: TCP - {{- end }} livenessProbe: - tcpSocket: - port: {{ .Values.repoServer.containerPort }} + httpGet: + path: /healthz?full=true + port: metrics initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }} failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }} readinessProbe: - tcpSocket: - port: {{ .Values.repoServer.containerPort }} + httpGet: + path: /healthz + port: metrics initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }} failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} resources: -{{- toYaml .Values.repoServer.resources | nindent 10 }} - {{- if .Values.repoServer.nodeSelector }} - nodeSelector: -{{- toYaml .Values.repoServer.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.repoServer.tolerations }} - tolerations: -{{- toYaml .Values.repoServer.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.repoServer.affinity }} + {{- toYaml .Values.repoServer.resources | nindent 10 }} + {{- with .Values.repoServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.repoServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.repoServer.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} + name: copyutil + resources: + {{- toYaml .Values.repoServer.resources | nindent 10 }} + {{- with .Values.repoServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + {{- with .Values.repoServer.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) }} affinity: -{{- toYaml .Values.repoServer.affinity | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} -{{- with .Values.global.hostAliases }} - hostAliases: -{{ toYaml . | indent 6 }} -{{- end }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.repoServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} volumes: - {{- if .Values.repoServer.volumes }} -{{- toYaml .Values.repoServer.volumes | nindent 6}} + {{- with .Values.repoServer.volumes }} + {{- toYaml . | nindent 6 }} {{- end }} - - emptyDir: {} - name: gpg-keyring - {{- if .Values.configs.knownHosts }} - - configMap: + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} + - name: helm-working-dir + {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}} + {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + {{- end }} + - name: plugins + {{- if .Values.repoServer.existingVolumes.plugins -}} + {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: var-files + {{- if .Values.repoServer.existingVolumes.varFiles -}} + {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: tmp + {{- if .Values.repoServer.existingVolumes.tmp -}} + {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: ssh-known-hosts + configMap: name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - {{- end }} - {{- if .Values.configs.tlsCerts }} - - configMap: + - name: tls-certs + configMap: name: argocd-tls-certs-cm - name: tls-certs - {{- end }} + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + {{- if .Values.repoServer.existingVolumes.gpgKeyring -}} + {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} - name: argocd-repo-server-tls secret: + secretName: argocd-repo-server-tls + optional: true items: - key: tls.crt path: tls.crt @@ -157,14 +502,11 @@ spec: path: tls.key - key: ca.crt path: ca.crt - optional: true - secretName: argocd-repo-server-tls - - emptyDir: {} - name: tmp-dir - {{- if .Values.repoServer.initContainers }} - initContainers: -{{- toYaml .Values.repoServer.initContainers | nindent 6 }} + {{- if .Values.repoServer.hostNetwork }} + hostNetwork: {{ .Values.repoServer.hostNetwork }} {{- end }} -{{- if .Values.repoServer.priorityClassName }} - priorityClassName: {{ .Values.repoServer.priorityClassName }} -{{- end }} + {{- with .Values.repoServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.repoServer.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml index 65e379dd..7615a412 100644 --- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -1,28 +1,41 @@ {{- if .Values.repoServer.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }} - name: {{ template "argo-cd.repoServer.fullname" . }}-hpa + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} metrics: -{{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} + {{- with .Values.repoServer.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} + {{- else }} + {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu - targetAverageUtilization: {{ . }} -{{- end }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.repoServer.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml deleted file mode 100644 index 99061736..00000000 --- a/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.repoServer.metrics.enabled}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.repoServer.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} -{{- if .Values.repoServer.metrics.service.labels }} -{{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.repoServer.fullname" . }}-metrics -spec: - ports: - - name: metrics - protocol: TCP - port: {{ .Values.repoServer.metrics.service.servicePort }} - targetPort: metrics - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml new file mode 100644 index 00000000..6ede9ddb --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.repoServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} + {{- with .Values.repoServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.repoServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.repoServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.repoServer.metrics.service.type }} + {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.repoServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.repoServer.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml new file mode 100644 index 00000000..c11ab129 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml @@ -0,0 +1,40 @@ +{{- if .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + {{- if .Values.notifications.enabled }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }} + {{- end }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }} + ports: + - port: repo-server + protocol: TCP + {{- if .Values.repoServer.metrics.enabled }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + {{- end }} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml new file mode 100644 index 00000000..f79af3d7 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.repoServer.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + {{- with .Values.repoServer.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.repoServer.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.repoServer.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.repoServer.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml b/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml deleted file mode 100644 index 354e2ca9..00000000 --- a/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.configs.repositoryCredentials }} -apiVersion: v1 -kind: Secret -metadata: - name: argocd-repository-credentials - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} -type: Opaque -data: -{{- range $key, $value := .Values.configs.repositoryCredentials }} - {{ $key }}: {{ $value | b64enc }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo-cd/templates/argocd-repo-server/role.yaml index bc422c43..596874d4 100644 --- a/charts/argo-cd/templates/argocd-repo-server/role.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml index 3cfa312f..2bc88b66 100644 --- a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -2,15 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.repoServer.fullname" . }} + name: {{ include "argo-cd.repoServer.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.repoServerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo-cd/templates/argocd-repo-server/service.yaml index 6ab15747..24ca10ef 100644 --- a/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -9,12 +9,17 @@ metadata: {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +{{- with .Values.repoServer.service.labels }} +{{- toYaml . | nindent 4 }} +{{- end }} name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.repoServer.service.portName }} protocol: TCP port: {{ .Values.repoServer.service.port }} targetPort: repo-server selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} \ No newline at end of file + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml index b045da74..9b5777f1 100644 --- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -3,13 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.repoServerServiceAccountName" . }} -{{- if .Values.repoServer.serviceAccount.annotations }} + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.repoServer.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} -{{- end }} \ No newline at end of file + {{- with .Values.repoServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 05b38acc..3d7cc497 100644 --- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -1,31 +1,51 @@ -{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.repoServer.fullname" . }} - {{- if .Values.repoServer.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} - {{- if .Values.repoServer.metrics.serviceMonitor.selector }} -{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }} + {{- with .Values.repoServer.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- with .Values.repoServer.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - - port: metrics - {{- with .Values.controller.metrics.serviceMonitor.interval }} + - port: {{ .Values.repoServer.metrics.service.portName }} + {{- with .Values.repoServer.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics + {{- with .Values.repoServer.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }} + {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }} {{- end }} - diff --git a/charts/argo-cd/templates/argocd-server/applications.yaml b/charts/argo-cd/templates/argocd-server/applications.yaml deleted file mode 100644 index 1b9d424a..00000000 --- a/charts/argo-cd/templates/argocd-server/applications.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.server.additionalApplications }} -apiVersion: v1 -kind: List -items: -{{- range .Values.server.additionalApplications }} - - apiVersion: argoproj.io/v1alpha1 - kind: Application - metadata: - {{- if .additionalAnnotations }} - annotations: - {{- range $key, $value := .additionalAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- if .additionalLabels }} - labels: -{{- toYaml .additionalLabels | nindent 8 }} - {{- end }} - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} - {{- if .finalizers }} - finalizers: -{{- toYaml .finalizers | nindent 8 }} - {{- end }} - spec: - project: {{ tpl .project $ }} - source: -{{- toYaml .source | nindent 8 }} - destination: -{{- toYaml .destination | nindent 8 }} - {{- if .syncPolicy }} - syncPolicy: -{{- toYaml .syncPolicy | nindent 8 }} - {{- end }} - {{- if .ignoreDifferences }} - ignoreDifferences: -{{- toYaml .ignoreDifferences | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml new file mode 100644 index 00000000..46d24d3c --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml @@ -0,0 +1,71 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingressGrpc.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }}-grpc + port: + number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/aws/service.yaml b/charts/argo-cd/templates/argocd-server/aws/service.yaml new file mode 100644 index 00000000..0e9de75a --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +apiVersion: v1 +kind: Service +metadata: + annotations: + alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }}-grpc + namespace: {{ include "argo-cd.namespace" . }} +spec: + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.server.service.servicePortHttpName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttp }} + targetPort: {{ .Values.server.containerPorts.server }} + - name: {{ .Values.server.service.servicePortHttpsName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttps }} + targetPort: {{ .Values.server.containerPorts.server }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.server.ingress.aws.serviceType }} +{{- end -}} diff --git a/charts/argo-cd/templates/argocd-server/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/backendconfig.yaml deleted file mode 100644 index 16c99c0a..00000000 --- a/charts/argo-cd/templates/argocd-server/backendconfig.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.server.GKEbackendConfig.enabled }} -apiVersion: cloud.google.com/v1beta1 -kind: BackendConfig -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -spec: - {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml index edaea3b5..a9862139 100644 --- a/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -1,27 +1,50 @@ {{- if .Values.server.certificate.enabled -}} -{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} apiVersion: cert-manager.io/v1 -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }} -apiVersion: cert-manager.io/v1alpha3 -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }} -apiVersion: cert-manager.io/v1alpha2 -{{- else }} -apiVersion: certmanager.k8s.io/v1alpha1 -{{- end }} kind: Certificate metadata: - name: {{ template "argo-cd.server.fullname" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: - commonName: {{ .Values.server.certificate.domain | quote }} + {{- with .Values.server.certificate.secretTemplateAnnotations }} + secretTemplate: + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + secretName: argocd-server-tls + commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: - - {{ .Values.server.certificate.domain | quote }} - {{- range .Values.server.certificate.additionalHosts }} + - {{ .Values.server.certificate.domain | default .Values.global.domain }} + {{- range .Values.server.certificate.additionalHosts }} - {{ . | quote }} + {{- end }} + {{- with .Values.server.certificate.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.server.certificate.renewBefore }} + renewBefore: {{ . | quote }} {{- end }} issuerRef: + {{- with .Values.server.certificate.issuer.group }} + group: {{ . | quote }} + {{- end }} kind: {{ .Values.server.certificate.issuer.kind | quote }} name: {{ .Values.server.certificate.issuer.name | quote }} - secretName: argocd-tls-certificate + {{- with .Values.server.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.certificate.usages }} + usages: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml index 63e3ee47..1bc9aed5 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -1,30 +1,78 @@ -{{- if .Values.server.clusterAdminAccess.enabled }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: + {{- if .Values.server.clusterRoleRules.enabled }} + {{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }} + {{- else }} - apiGroups: - '*' resources: - '*' verbs: - - delete - - get - - patch + - delete # supports deletion a live object in UI + - get # supports viewing live object manifest in UI + - patch # supports `argocd app patch` - apiGroups: - "" resources: - events verbs: - - list + - list # supports listing events in UI + - create - apiGroups: - "" resources: - pods - pods/log + verbs: + - get # supports viewing pod logs from UI + {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + {{- end }} + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets verbs: - get -{{- end }} \ No newline at end of file + - list + - update + - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - create + - delete + - update + - patch + {{- end }} + - apiGroups: + - batch + resources: + {{/* supports triggering jobs from UI */}} + - jobs + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + {{/* supports triggering workflows from UI */}} + - create + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 9f5a960d..ce4a4d70 100644 --- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -1,16 +1,16 @@ -{{- if .Values.server.clusterAdminAccess.enabled }} +{{- if .Values.createClusterRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 44b89c0e..0b75f062 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -1,108 +1,423 @@ -{{- $redisHa := (index .Values "redis-ha") -}} apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.server.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.server.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + {{- if not .Values.server.autoscaling.enabled }} + replicas: {{ .Values.server.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} - revisionHistoryLimit: 5 - {{- if (ne .Values.server.autoscaling.enabled true) }} - replicas: {{ .Values.server.replicas }} - {{- end }} template: metadata: - {{- if .Values.server.podAnnotations }} annotations: - {{- range $key, $value := .Values.server.podAnnotations }} + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} + {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} - {{- if .Values.server.podLabels }} -{{- toYaml .Values.server.podLabels | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.server.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.server.automountServiceAccountToken }} containers: - name: {{ .Values.server.name }} - image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }} + image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} - command: - - argocd-server - - --staticassets - - /shared/app - - --repo-server - - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - {{- if .Values.dex.enabled }} - - --dex-server - - http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }} - {{- end }} - - --logformat - - {{ .Values.server.logFormat }} - - --loglevel - - {{ .Values.server.logLevel }} - {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - - --redis - - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} - {{- end }} + args: + - /usr/local/bin/argocd-server + - --port={{ .Values.server.containerPorts.server }} + - --metrics-port={{ .Values.server.containerPorts.metrics }} {{- with .Values.server.extraArgs }} - {{- . | toYaml | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.server.containerSecurityContext }} - securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.server.env }} env: -{{- toYaml .Values.server.env | nindent 8 }} - {{- end }} + {{- with (concat .Values.global.env .Values.server.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_SERVER_NAME + value: {{ template "argo-cd.server.fullname" . }} + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.insecure + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.basehref + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.rootpath + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.format + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.level + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.disable.auth + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.gzip + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.timeout.seconds + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.x.frame.options + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.content.security.policy + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.plaintext + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.strict.tls + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.plaintext + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.strict.tls + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.minversion + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.maxversion + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.ciphers + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.connection.status.cache.expiration + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.oidc.cache.expiration + optional: true + - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.login.attempts.expiration + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.staticassets + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} + key: redis-password + {{- else }} + key: auth + {{- end }} + optional: true + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.default.cache.expiration + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.http.cookie.maxnumber + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.proxy.extension + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.api.content.types + optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true {{- with .Values.server.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} + envFrom: + {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: - {{- if .Values.server.volumeMounts }} -{{- toYaml .Values.server.volumeMounts | nindent 8}} + {{- with .Values.server.volumeMounts }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.configs.knownHosts }} - mountPath: /app/config/ssh name: ssh-known-hosts - {{- end }} - {{- if .Values.configs.tlsCerts }} - mountPath: /app/config/tls name: tls-certs - {{- end }} - mountPath: /app/config/server/tls name: argocd-repo-server-tls - {{- if .Values.configs.styles }} - - mountPath: "/shared/app/custom/custom.styles.css" - subPath: "custom.styles.css" - name: custom-styles + - mountPath: /app/config/dex/tls + name: argocd-dex-server-tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /shared/app/custom + name: styles + - mountPath: /tmp + name: tmp + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + {{- if .Values.server.extensions.enabled }} + - mountPath: /tmp/extensions + name: extensions {{- end }} ports: - - name: {{ .Values.server.name }} - containerPort: {{ .Values.server.containerPort }} + - name: server + containerPort: {{ .Values.server.containerPorts.server }} protocol: TCP - {{ if .Values.server.metrics.enabled }} - name: metrics - containerPort: 8083 + containerPort: {{ .Values.server.containerPorts.metrics }} protocol: TCP - {{- end }} livenessProbe: httpGet: - path: /healthz - port: {{ .Values.server.containerPort }} + path: /healthz?full=true + port: server initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} @@ -111,61 +426,115 @@ spec: readinessProbe: httpGet: path: /healthz - port: {{ .Values.server.containerPort }} + port: server initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.server.readinessProbe.successThreshold }} failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} resources: -{{- toYaml .Values.server.resources | nindent 10 }} - {{- if .Values.server.lifecycle }} + {{- toYaml .Values.server.resources | nindent 10 }} + {{- with .Values.server.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.server.lifecycle }} lifecycle: -{{- toYaml .Values.server.lifecycle | nindent 10 }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.server.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- if .Values.server.extraContainers }} -{{- toYaml .Values.server.extraContainers | nindent 6 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: -{{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: -{{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.server.affinity }} + {{- if or .Values.server.initContainers (and .Values.server.extensions.enabled .Values.server.extensions.extensionList) }} + initContainers: + {{- with .Values.server.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- if .Values.server.extensions.enabled }} + {{- range .Values.server.extensions.extensionList }} + - name: {{ .name }} + image: {{ $.Values.server.extensions.image.repository }}:{{ $.Values.server.extensions.image.tag }} + imagePullPolicy: {{ default $.Values.global.image.imagePullPolicy $.Values.server.extensions.image.imagePullPolicy }} + resources: + {{- toYaml $.Values.server.extensions.resources | nindent 10 }} + {{- with $.Values.server.extensions.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - name: extensions + mountPath: /tmp/extensions/ + - name: tmp + mountPath: /tmp + env: + {{- toYaml .env | nindent 10 }} + {{- end }} + {{- end }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }} affinity: -{{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }} -{{- with .Values.global.hostAliases }} - hostAliases: -{{ toYaml . | indent 6 }} -{{- end }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.server.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} volumes: - {{- if .Values.server.volumes }} -{{- toYaml .Values.server.volumes | nindent 6}} + {{- with .Values.server.volumes }} + {{- toYaml . | nindent 6}} {{- end }} - - emptyDir: {} - name: static-files - {{- if .Values.configs.styles }} - - configMap: - name: argocd-custom-styles - name: custom-styles + {{- if .Values.server.extensions.enabled }} + - name: extensions + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} {{- end }} - {{- if .Values.configs.knownHosts }} - - configMap: + - name: plugins-home + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: ssh-known-hosts + configMap: name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - {{- end }} - {{- if .Values.configs.tlsCerts }} - - configMap: + - name: tls-certs + configMap: name: argocd-tls-certs-cm - name: tls-certs - {{- end }} + - name: styles + configMap: + name: argocd-styles-cm + optional: true - name: argocd-repo-server-tls secret: + secretName: argocd-repo-server-tls + optional: true items: - key: tls.crt path: tls.crt @@ -173,8 +542,27 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-dex-server-tls + secret: + secretName: argocd-dex-server-tls optional: true - secretName: argocd-repo-server-tls -{{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName }} -{{- end }} + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: server.profile.enabled + path: profiler.enabled + {{- if .Values.server.hostNetwork }} + hostNetwork: {{ .Values.server.hostNetwork }} + {{- end }} + {{- with .Values.server.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.server.dnsPolicy }} diff --git a/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml new file mode 100644 index 00000000..515e6d74 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.backendConfig }} +apiVersion: cloud.google.com/v1 +kind: BackendConfig +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.backendConfig }} +spec: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml new file mode 100644 index 00000000..ae460a38 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.frontendConfig }} +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.frontendConfig }} +spec: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml new file mode 100644 index 00000000..b030435b --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml @@ -0,0 +1,69 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + ingressClassName: "gce" + {{- if .Values.server.ingress.gke.managedCertificate.create }} + networking.gke.io/managed-certificates: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- if .Values.server.ingress.gke.frontendConfig }} + networking.gke.io/v1beta1.FrontendConfig: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ .Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml new file mode 100644 index 00000000..2dd6f5e9 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.managedCertificate.create }} +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + domains: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/argo-cd/templates/argocd-server/hpa.yaml index e079a7e2..51fe559d 100644 --- a/charts/argo-cd/templates/argocd-server/hpa.yaml +++ b/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -1,28 +1,41 @@ {{- if .Values.server.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-hpa" .Values.server.name)) | nindent 4 }} - name: {{ template "argo-cd.server.fullname" . }}-hpa + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} minReplicas: {{ .Values.server.autoscaling.minReplicas }} maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} metrics: -{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + {{- with .Values.server.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} + {{- else }} + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu - targetAverageUtilization: {{ . }} -{{- end }} + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml index 1f5fc4ea..3ad5a519 100644 --- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml @@ -1,88 +1,63 @@ {{- if .Values.server.ingressGrpc.enabled -}} -{{- $serviceName := include "argo-cd.server.fullname" . -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} -{{- $paths := .Values.server.ingressGrpc.paths -}} -{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} -apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} +{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: -{{- if .Values.server.ingressGrpc.annotations }} - annotations: - {{- range $key, $value := .Values.server.ingressGrpc.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }}-grpc + name: {{ include "argo-cd.server.fullname" . }}-grpc + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- if .Values.server.ingressGrpc.labels }} - {{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }} + {{- with .Values.server.ingressGrpc.labels }} + {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.ingressGrpc.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - {{- with .Values.server.ingress.ingressClassName }} + {{- with .Values.server.ingressGrpc.ingressClassName }} ingressClassName: {{ . }} {{- end }} - {{- end }} rules: - {{- if .Values.server.ingressGrpc.hosts }} - {{- range $host := .Values.server.ingressGrpc.hosts }} - - host: {{ $host }} + - host: {{ .Values.server.ingressGrpc.hostname | default $hostname }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} - {{- range $p := $paths }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix - {{- end }} + {{- with .Values.server.ingressGrpc.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingressGrpc.path }} + pathType: {{ .Values.server.ingressGrpc.pathType }} backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + number: {{ .Values.server.service.servicePortHttps }} + {{- range .Values.server.ingressGrpc.extraHosts }} + - host: {{ .name | quote }} + http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end -}} - {{- range $p := $paths }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix - {{- end }} + - path: {{ default $.Values.server.ingressGrpc.path .path }} + pathType: {{ default $.Values.server.ingressGrpc.pathType .pathType }} backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" $ }} port: - {{- if kindIs "float64" $servicePort }} - number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- if .Values.server.ingressGrpc.tls }} + number: {{ $.Values.server.service.servicePortHttps }} + {{- end }} + {{- with .Values.server.ingressGrpc.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} tls: - {{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingressGrpc.tls }} + - hosts: + - {{ .Values.server.ingressGrpc.hostname | default $hostname }} + secretName: argocd-server-grpc-tls + {{- end }} + {{- with .Values.server.ingressGrpc.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml index 1bd2c53c..8724baa7 100644 --- a/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -1,88 +1,69 @@ -{{- if .Values.server.ingress.enabled -}} -{{- $serviceName := include "argo-cd.server.fullname" . -}} -{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} -{{- $paths := .Values.server.ingress.paths -}} -{{- $extraPaths := .Values.server.ingress.extraPaths -}} -apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "generic") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: -{{- if .Values.server.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- if .Values.server.ingress.labels }} - {{- toYaml .Values.server.ingress.labels | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ tpl (toString $value) $ | quote }} {{- end }} -spec: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - {{- with .Values.server.ingress.ingressClassName }} - ingressClassName: {{ . }} {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ tpl . $ }} {{- end }} rules: - {{- if .Values.server.ingress.hosts }} - {{- range $host := .Values.server.ingress.hosts }} - - host: {{ $host }} + - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix - {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" . }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: + {{- range .Values.server.ingress.extraHosts }} + - host: {{ tpl .name $ | quote }} + http: paths: - {{- if $extraPaths }} - {{- toYaml $extraPaths | nindent 10 }} - {{- end }} - {{- range $p := $paths }} - - path: {{ $p }} - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix - {{- end }} + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} backend: - {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: - name: {{ $serviceName }} + name: {{ include "argo-cd.server.fullname" $ }} port: - {{- if kindIs "float64" $servicePort }} number: {{ $servicePort }} - {{- else }} - name: {{ $servicePort }} - {{- end }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- if .Values.server.ingress.tls }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} tls: - {{- toYaml .Values.server.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} + {{- range .Values.server.ingress.extraHosts }} + {{- if .name }} + - {{ tpl .name $ }} + {{- end }} + {{- end }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/metrics-service.yaml b/charts/argo-cd/templates/argocd-server/metrics-service.yaml deleted file mode 100644 index 3c1f4077..00000000 --- a/charts/argo-cd/templates/argocd-server/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.server.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.server.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.server.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} -{{- if .Values.server.metrics.service.labels }} -{{- toYaml .Values.server.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }}-metrics -spec: - ports: - - name: metrics - protocol: TCP - port: {{ .Values.server.metrics.service.servicePort }} - targetPort: metrics - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/metrics.yaml b/charts/argo-cd/templates/argocd-server/metrics.yaml new file mode 100644 index 00000000..d08dbae0 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.server.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.server.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} + {{- with .Values.server.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.server.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.server.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.server.metrics.service.type }} + {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.server.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.server.metrics.service.portName }} + protocol: TCP + port: {{ .Values.server.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml new file mode 100644 index 00000000..4621e24f --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -0,0 +1,17 @@ +{{- if .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - {} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/route.yaml b/charts/argo-cd/templates/argocd-server/openshift/route.yaml similarity index 65% rename from charts/argo-cd/templates/argocd-server/route.yaml rename to charts/argo-cd/templates/argocd-server/openshift/route.yaml index f6b1ce1c..b018f724 100644 --- a/charts/argo-cd/templates/argocd-server/route.yaml +++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml @@ -3,14 +3,17 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.route.annotations }} annotations: -{{ toYaml . | indent 4 }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} spec: - host: {{ .Values.server.route.hostname | quote }} + host: {{ .Values.server.route.hostname | default .Values.global.domain | quote }} to: kind: Service name: {{ template "argo-cd.server.fullname" . }} @@ -18,7 +21,7 @@ spec: port: targetPort: https tls: - termination: {{ .Values.server.route.termination_type | default "passthrough" }} - insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | default "None" }} + termination: {{ .Values.server.route.termination_type | quote }} + insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | quote }} wildcardPolicy: None {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/pdb.yaml b/charts/argo-cd/templates/argocd-server/pdb.yaml new file mode 100644 index 00000000..6bc93305 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.server.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.server.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.server.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/projects.yaml b/charts/argo-cd/templates/argocd-server/projects.yaml deleted file mode 100644 index 6b85889d..00000000 --- a/charts/argo-cd/templates/argocd-server/projects.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.server.additionalProjects }} -apiVersion: v1 -kind: List -items: -{{- range .Values.server.additionalProjects }} - - apiVersion: argoproj.io/v1alpha1 - kind: AppProject - metadata: - {{- if .additionalAnnotations }} - annotations: - {{- range $key, $value := .additionalAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- if .additionalLabels }} - labels: -{{- toYaml .additionalLabels | nindent 8 }} - {{- end }} - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} - spec: - description: {{ .description }} - sourceRepos: -{{- toYaml .sourceRepos | nindent 8 }} - destinations: -{{- toYaml .destinations | nindent 8 }} - {{- if .clusterResourceWhitelist }} - clusterResourceWhitelist: -{{- toYaml .clusterResourceWhitelist | nindent 8 }} - {{- end }} - {{- if .namespaceResourceBlacklist }} - namespaceResourceBlacklist: -{{- toYaml .namespaceResourceBlacklist | nindent 8 }} - {{- end }} - {{- if .namespaceResourceWhitelist }} - namespaceResourceWhitelist: -{{- toYaml .namespaceResourceWhitelist | nindent 8 }} - {{- end }} - {{- if .orphanedResources }} - orphanedResources: -{{- toYaml .orphanedResources | nindent 8 }} - {{- end }} - {{- if .roles }} - roles: -{{- toYaml .roles | nindent 8 }} - {{- end }} - {{- if .syncWindows }} - syncWindows: -{{- toYaml .syncWindows | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml index 46eb68d5..8d12e30d 100644 --- a/charts/argo-cd/templates/argocd-server/role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -1,7 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: @@ -22,6 +23,7 @@ rules: - argoproj.io resources: - applications + - applicationsets - appprojects verbs: - create @@ -37,4 +39,12 @@ rules: - events verbs: - create - - list \ No newline at end of file + - list +{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-server/rolebinding.yaml index 54d4eaeb..4d635aa9 100644 --- a/charts/argo-cd/templates/argocd-server/rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -1,7 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.server.fullname" . }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: @@ -10,5 +11,5 @@ roleRef: name: {{ template "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index 87877d92..86f8abb0 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -1,49 +1,59 @@ apiVersion: v1 kind: Service metadata: -{{- if .Values.server.service.annotations }} - annotations: - {{- range $key, $value := .Values.server.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} -{{- if .Values.server.service.labels }} -{{- toYaml .Values.server.service.labels | nindent 4 }} -{{- end }} + {{- with .Values.server.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: type: {{ .Values.server.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} + {{- with .Values.server.service.externalIPs }} + externalIPs: {{ . }} + {{- end }} + {{- if or (eq .Values.server.service.type "LoadBalancer") (eq .Values.server.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} + {{- end }} + {{- if eq .Values.server.service.type "LoadBalancer" }} + {{- with .Values.server.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + sessionAffinity: {{ .Values.server.service.sessionAffinity }} ports: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP port: {{ .Values.server.service.servicePortHttp }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: {{ .Values.server.containerPorts.server }} {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttp }} {{- end }} - name: {{ .Values.server.service.servicePortHttpsName }} protocol: TCP port: {{ .Values.server.service.servicePortHttps }} - targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} + targetPort: {{ .Values.server.containerPorts.server }} {{- if eq .Values.server.service.type "NodePort" }} nodePort: {{ .Values.server.service.nodePortHttps }} {{- end }} + {{- with .Values.server.service.servicePortHttpsAppProtocol }} + appProtocol: {{ . }} + {{- end }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} -{{- if eq .Values.server.service.type "LoadBalancer" }} -{{- if .Values.server.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }} -{{- end }} -{{- if .Values.server.service.externalIPs }} - externalIPs: {{ .Values.server.service.externalIPs }} -{{- end }} -{{- if .Values.server.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end -}} -{{- with .Values.server.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ . }} -{{- end }} + diff --git a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml index cd95480b..9789e1d0 100644 --- a/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -3,13 +3,17 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.serverServiceAccountName" . }} -{{- if .Values.server.serviceAccount.annotations }} + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.server.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.server.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 00002faa..49c24138 100644 --- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -1,31 +1,51 @@ -{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.server.fullname" . }} - {{- if .Values.server.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.server.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - {{- if .Values.server.metrics.serviceMonitor.selector }} -{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }} + {{- with .Values.server.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.server.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- with .Values.server.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.server.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - - port: metrics - {{- with .Values.controller.metrics.serviceMonitor.interval }} + - port: {{ .Values.server.metrics.service.portName }} + {{- with .Values.server.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} + {{- with .Values.server.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} path: /metrics + {{- with .Values.server.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }} + {{- with .Values.server.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }} {{- end }} - diff --git a/charts/argo-cd/templates/crds.yaml b/charts/argo-cd/templates/crds.yaml deleted file mode 100644 index 45ab72d4..00000000 --- a/charts/argo-cd/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.installCRDs }} -{{- range $path, $_ := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml new file mode 100644 index 00000000..2c69f9ba --- /dev/null +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -0,0 +1,5756 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: applications.argoproj.io + app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + name: applications.argoproj.io +spec: + group: argoproj.io + names: + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + - apps + singular: application + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.sync.status + name: Sync Status + type: string + - jsonPath: .status.health.status + name: Health Status + type: string + - jsonPath: .status.sync.revision + name: Revision + priority: 10 + type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Application is a definition of Application resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + operation: + description: Operation contains information about a requested or running + operation + properties: + info: + description: Info is a list of informational items for this operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent retries + of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default unit + is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed + for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply --dry-run` + without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync + source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from the cluster + that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall be part + of the sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by + not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources for + Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform + the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to + perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + spec: + description: ApplicationSpec represents desired application state. Contains + link to repository with application definition and additional parameters + link definition revision. + properties: + destination: + description: Destination is a reference to the target Kubernetes server + and namespace + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources and their fields + which should be ignored during comparison + items: + description: ResourceIgnoreDifferences contains resource filter + and list of json paths which should be ignored during comparison + with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information (URLs, email addresses, + and plain text) that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location of the application's + manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being used + during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether to + apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to + add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force + applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize to + use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + description: Sources is a reference to the location of the application's + manifests or chart + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being + used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to + force applying common annotations to resources for Kustomize + apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + description: SyncPolicy controls when and how a sync will be performed + properties: + automated: + description: Automated will keep an application synced to the + target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies whether to delete resources + from the cluster that are not found in the sources anymore + as part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal specifies whether to revert resources + back to their desired state upon modification in the cluster + (default: false)' + type: boolean + type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time + allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + status: + description: ApplicationStatus contains status information for the application + properties: + conditions: + description: Conditions is a list of currently observed application + conditions + items: + description: ApplicationCondition contains details about an application + condition, which is usually an error or warning + properties: + lastTransitionTime: + description: LastTransitionTime is the time the condition was + last observed + format: date-time + type: string + message: + description: Message contains human-readable message indicating + details about condition + type: string + type: + description: Type is an application condition type + type: string + required: + - message + - type + type: object + type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string + health: + description: Health contains information about the application's current + health status + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application or + resource + type: string + type: object + history: + description: History contains information about the application's + sync history + items: + description: RevisionHistory contains history information about + a previous sync + properties: + deployStartedAt: + description: DeployStartedAt holds the time the sync operation + started + format: date-time + type: string + deployedAt: + description: DeployedAt holds the time the sync operation completed + format: date-time + type: string + id: + description: ID is an auto incrementing identifier of the RevisionHistory + format: int64 + type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + revision: + description: Revision holds the revision the sync was performed + against + type: string + revisions: + description: Revisions holds the revision of each source in + sources field the sync was performed against + items: + type: string + type: array + source: + description: Source is a reference to the application source + used for the sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application sources + used for the sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - deployedAt + - id + type: object + type: array + observedAt: + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field + format: date-time + type: string + operationState: + description: OperationState contains information about any ongoing + operations, such as a sync + properties: + finishedAt: + description: FinishedAt contains time of operation completion + format: date-time + type: string + message: + description: Message holds any pertinent messages when attempting + to perform operation (typically errors). + type: string + operation: + description: Operation is the original requested operation + properties: + info: + description: Info is a list of informational items for this + operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was + initiated automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who + started operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync + fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base + duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of + time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for + retrying a failed sync. If set to 0, no retries will + be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply + --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides + sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from + the cluster that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall + be part of the sync + items: + description: SyncOperationResource contains resources + to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to + Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles do + not exist locally by not appending them to helm + template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over + Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of + Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in + the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required + information about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles + do not exist locally by not appending them + to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during manifest + generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource + definition installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to + be passed to helm template, typically defined + as a block. ValuesObject takes precedence + over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to + use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of + additional annotations to add to rendered + manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of + kustomize components to add to the kustomization + before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize + patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize + Replicas override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the + Git repository, and is only valid for applications + sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the + variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an + array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map + type parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a + string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source + within sources field. This field will not be used + if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, + e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the + sync + properties: + apply: + description: Apply will perform a `kubectl apply` + to perform the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources + to perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + phase: + description: Phase is the current phase of the operation + type: string + retryCount: + description: RetryCount contains time of operation retries + format: int64 + type: integer + startedAt: + description: StartedAt contains time of operation start + format: date-time + type: string + syncResult: + description: SyncResult is the result of a Sync operation + properties: + managedNamespaceMetadata: + description: ManagedNamespaceMetadata contains the current + sync state of managed namespace metadata + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + resources: + description: Resources contains a list of sync result items + for each individual resource in a sync operation + items: + description: ResourceResult holds the operation result details + of a specific resource + properties: + group: + description: Group specifies the API group of the resource + type: string + hookPhase: + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. + type: string + hookType: + description: HookType specifies the type of the hook. + Empty for non-hook resources + type: string + kind: + description: Kind specifies the API kind of the resource + type: string + message: + description: Message contains an informational or error + message for the last sync OR operation + type: string + name: + description: Name specifies the name of the resource + type: string + namespace: + description: Namespace specifies the target namespace + of the resource + type: string + status: + description: Status holds the final result of the sync. + Will be empty if the resources is yet to be applied/pruned + and is always zero-value for hooks + type: string + syncPhase: + description: SyncPhase indicates the particular phase + of the sync that this result was acquired in + type: string + version: + description: Version specifies the API version of the + resource + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + revision: + description: Revision holds the revision this sync operation + was performed to + type: string + revisions: + description: Revisions holds the revision this sync operation + was performed for respective indexed source in sources field + items: + type: string + type: array + source: + description: Source records the application source information + of the sync, used for comparing auto-sync + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Source records the application source information + of the sync, used for comparing auto-sync + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - revision + type: object + required: + - operation + - phase + - startedAt + type: object + reconciledAt: + description: ReconciledAt indicates when the application state was + reconciled using the latest git version + format: date-time + type: string + resourceHealthSource: + description: 'ResourceHealthSource indicates where the resource health + status is stored: inline if not set or appTree' + type: string + resources: + description: Resources is a list of Kubernetes resources managed by + this application + items: + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type + properties: + group: + type: string + health: + description: HealthStatus contains information about the currently + observed health state of an application or resource + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application + or resource + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + description: SyncStatusCode is a type which represents possible + comparison results + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object + sourceType: + description: SourceType specifies the type of this application + type: string + sourceTypes: + description: SourceTypes specifies the type of the sources included + in the application + items: + description: ApplicationSourceType specifies the type of the application's + source + type: string + type: array + summary: + description: Summary contains a list of URLs and container images + used by this application + properties: + externalURLs: + description: ExternalURLs holds all external URLs of application + child resources. + items: + type: string + type: array + images: + description: Images holds all images of application child resources. + items: + type: string + type: array + type: object + sync: + description: Sync contains information about the application's current + sync status + properties: + comparedTo: + description: ComparedTo contains information about what has been + compared + properties: + destination: + description: Destination is a reference to the application's + destination used for comparison + properties: + name: + description: Name is an alternate way of specifying the + target cluster by its symbolic name. This must be set + if Server is not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a reference to the application's + ignored differences used for comparison + items: + description: ResourceIgnoreDifferences contains resource + filter and list of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + source: + description: Source is a reference to the application's source + used for comparison + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application's multiple + sources used for comparison + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - destination + type: object + revision: + description: Revision contains information about the revision + the comparison has been performed to + type: string + revisions: + description: Revisions contains information about the revisions + of multiple sources the comparison has been performed to + items: + type: string + type: array + status: + description: Status is the sync state of the comparison + type: string + required: + - status + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +{{- end }} + diff --git a/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/templates/crds/crd-applicationset.yaml new file mode 100644 index 00000000..eff945f8 --- /dev/null +++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -0,0 +1,17466 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + name: applicationsets.argoproj.io +spec: + group: argoproj.io + names: + kind: ApplicationSet + listKind: ApplicationSetList + plural: applicationsets + shortNames: + - appset + - appsets + singular: applicationset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + applyNestedSelectors: + type: boolean + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + goTemplate: + type: boolean + goTemplateOptions: + items: + type: string + type: array + ignoreApplicationDifferences: + items: + properties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + name: + type: string + type: object + type: array + preservedFields: + properties: + annotations: + items: + type: string + type: array + labels: + items: + type: string + type: array + type: object + strategy: + properties: + rollingSync: + properties: + steps: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: array + type: object + type: + type: string + type: object + syncPolicy: + properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string + preserveResourcesOnDeletion: + type: boolean + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + templatePatch: + type: string + required: + - generators + - template + type: object + status: + properties: + applicationStatus: + items: + properties: + application: + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + step: + type: string + targetRevisions: + items: + type: string + type: array + required: + - application + - message + - status + - step + - targetRevisions + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - message + - reason + - status + - type + type: object + type: array + resources: + items: + properties: + group: + type: string + health: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-cd/crds/crd-project.yaml b/charts/argo-cd/templates/crds/crd-project.yaml similarity index 56% rename from charts/argo-cd/crds/crd-project.yaml rename to charts/argo-cd/templates/crds/crd-project.yaml index 40182848..1865aa2d 100644 --- a/charts/argo-cd/crds/crd-project.yaml +++ b/charts/argo-cd/templates/crds/crd-project.yaml @@ -1,12 +1,21 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} name: appprojects.argoproj.io - annotations: - helm.sh/hook: crd-install spec: group: argoproj.io names: @@ -22,13 +31,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)' + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,9 +60,12 @@ spec: description: AppProjectSpec is the specification of an AppProject properties: clusterResourceBlacklist: - description: ClusterResourceBlacklist contains list of blacklisted cluster level resources + description: ClusterResourceBlacklist contains list of blacklisted + cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -50,9 +77,12 @@ spec: type: object type: array clusterResourceWhitelist: - description: ClusterResourceWhitelist contains list of whitelisted cluster level resources + description: ClusterResourceWhitelist contains list of whitelisted + cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -66,26 +96,63 @@ spec: description: description: Description contains optional project description type: string - destinations: - description: Destinations contains list of destinations available for deployment + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. items: - description: ApplicationDestination holds information about the application's destination + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. properties: - name: - description: Name is an alternate way of specifying the target cluster by its symbolic name + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation type: string namespace: - description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. type: string server: - description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array + destinations: + description: Destinations contains list of destinations available + for deployment + items: + description: ApplicationDestination holds information about the + application's destination + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. type: string type: object type: array namespaceResourceBlacklist: - description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources + description: NamespaceResourceBlacklist contains list of blacklisted + namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -97,9 +164,12 @@ spec: type: object type: array namespaceResourceWhitelist: - description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources + description: NamespaceResourceWhitelist contains list of whitelisted + namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -111,12 +181,15 @@ spec: type: object type: array orphanedResources: - description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project + description: OrphanedResources specifies if controller should monitor + orphaned resources of apps in this project properties: ignore: - description: Ignore contains a list of resources that are to be excluded from orphaned resources monitoring + description: Ignore contains a list of resources that are to be + excluded from orphaned resources monitoring items: - description: OrphanedResourceKey is a reference to a resource to be ignored from + description: OrphanedResourceKey is a reference to a resource + to be ignored from properties: group: type: string @@ -127,26 +200,36 @@ spec: type: object type: array warn: - description: Warn indicates if warning condition should be created for apps which have orphaned resources + description: Warn indicates if warning condition should be created + for apps which have orphaned resources type: boolean type: object + permitOnlyProjectScopedClusters: + description: PermitOnlyProjectScopedClusters determines whether destinations + can only reference clusters which are project-scoped + type: boolean roles: - description: Roles are user defined RBAC roles associated with this project + description: Roles are user defined RBAC roles associated with this + project items: - description: ProjectRole represents a role that has access to a project + description: ProjectRole represents a role that has access to a + project properties: description: description: Description is a description of the role type: string groups: - description: Groups are a list of OIDC group claims bound to this role + description: Groups are a list of OIDC group claims bound to + this role items: type: string type: array jwtTokens: - description: JWTTokens are a list of generated JWT tokens bound to this role + description: JWTTokens are a list of generated JWT tokens bound + to this role items: - description: JWTToken holds the issuedAt and expiresAt values of a token + description: JWTToken holds the issuedAt and expiresAt values + of a token properties: exp: format: int64 @@ -164,7 +247,8 @@ spec: description: Name is a name for this role type: string policies: - description: Policies Stores a list of casbin formated strings that define access policies for the role in the project + description: Policies Stores a list of casbin formatted strings + that define access policies for the role in the project items: type: string type: array @@ -173,9 +257,11 @@ spec: type: object type: array signatureKeys: - description: SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync + description: SignatureKeys contains a list of PGP key IDs that commits + in Git must be signed with in order to be allowed for sync items: - description: SignatureKey is the specification of a key required to verify commit signatures with + description: SignatureKey is the specification of a key required + to verify commit signatures with properties: keyID: description: The ID of the key in hexadecimal notation @@ -184,48 +270,68 @@ spec: - keyID type: object type: array + sourceNamespaces: + description: SourceNamespaces defines the namespaces application resources + are allowed to be created in + items: + type: string + type: array sourceRepos: - description: SourceRepos contains list of repository URLs which can be used for deployment + description: SourceRepos contains list of repository URLs which can + be used for deployment items: type: string type: array syncWindows: - description: SyncWindows controls when syncs can be run for apps in this project + description: SyncWindows controls when syncs can be run for apps in + this project items: - description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps + description: SyncWindow contains the kind, time, duration and attributes + that are used to assign the syncWindows to apps properties: applications: - description: Applications contains a list of applications that the window will apply to + description: Applications contains a list of applications that + the window will apply to items: type: string type: array clusters: - description: Clusters contains a list of clusters that the window will apply to + description: Clusters contains a list of clusters that the window + will apply to items: type: string type: array duration: - description: Duration is the amount of time the sync window will be open + description: Duration is the amount of time the sync window + will be open type: string kind: description: Kind defines if the window allows or blocks syncs type: string manualSync: - description: ManualSync enables manual syncs when they would otherwise be blocked + description: ManualSync enables manual syncs when they would + otherwise be blocked type: boolean namespaces: - description: Namespaces contains a list of namespaces that the window will apply to + description: Namespaces contains a list of namespaces that the + window will apply to items: type: string type: array schedule: - description: Schedule is the time the window will begin, specified in cron format + description: Schedule is the time the window will begin, specified + in cron format + type: string + timeZone: + description: TimeZone of the sync that will be applied to the + schedule type: string type: object type: array type: object status: - description: AppProjectStatus contains status information for AppProject CRs + description: AppProjectStatus contains status information for AppProject + CRs properties: jwtTokensByRole: additionalProperties: @@ -233,7 +339,8 @@ spec: properties: items: items: - description: JWTToken holds the issuedAt and expiresAt values of a token + description: JWTToken holds the issuedAt and expiresAt values + of a token properties: exp: format: int64 @@ -248,7 +355,8 @@ spec: type: object type: array type: object - description: JWTTokensByRole contains a list of JWT tokens issued for a given role + description: JWTTokensByRole contains a list of JWT tokens issued + for a given role type: object type: object required: @@ -257,3 +365,4 @@ spec: type: object served: true storage: true +{{- end }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 557140ce..4c6209ad 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -2,110 +2,240 @@ apiVersion: apps/v1 kind: Deployment metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dex.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} - app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.dex.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} template: metadata: - {{- if .Values.dex.podAnnotations }} annotations: - {{- range $key, $value := .Values.dex.podAnnotations }} + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (index .Values.configs.cm "dex.config") }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.dex.certificateSecret.enabled }} + checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.dex.podAnnotations) }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} + {{- end }} + {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }} - app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} - {{- if .Values.dex.podLabels }} -{{- toYaml .Values.dex.podLabels | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.dex.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with.Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.dex.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.dex.automountServiceAccountToken }} + containers: + - name: {{ .Values.dex.name }} + image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }} + command: + - /shared/argocd-dex + - --logformat={{ default .Values.global.logging.format .Values.dex.logFormat }} + - --loglevel={{ default .Values.global.logging.level .Values.dex.logLevel }} + args: + - rundex + {{- with .Values.dex.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.dex.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: dexserver.disable.tls + optional: true + {{- with .Values.dex.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.dex.containerPorts.http }} + protocol: TCP + - name: grpc + containerPort: {{ .Values.dex.containerPorts.grpc }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.dex.containerPorts.metrics }} + protocol: TCP + {{- if .Values.dex.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.dex.livenessProbe.httpPath }} + port: {{ .Values.dex.livenessProbe.httpPort }} + scheme: {{ .Values.dex.livenessProbe.httpScheme }} + initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.dex.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.dex.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.dex.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.dex.readinessProbe.httpPath }} + port: {{ .Values.dex.readinessProbe.httpPort }} + scheme: {{ .Values.dex.readinessProbe.httpScheme }} + initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.dex.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.dex.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.dex.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: static-files + mountPath: /shared + - name: dexconfig + mountPath: /tmp + - name: argocd-dex-server-tls + mountPath: /tls + {{- with .Values.dex.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} initContainers: - name: copyutil - image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} + image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} - resources: -{{- toYaml .Values.dex.resources | nindent 10 }} - {{- if .Values.dex.containerSecurityContext }} - securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} - {{- end }} command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /shared/argocd-dex volumeMounts: - mountPath: /shared name: static-files - containers: - - name: {{ .Values.dex.name }} - image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} - imagePullPolicy: {{ .Values.dex.image.imagePullPolicy }} - command: - - /shared/argocd-dex - - rundex - {{- if .Values.dex.containerSecurityContext }} - securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.dex.env }} - env: -{{- toYaml .Values.dex.env | nindent 8 }} - {{- end }} - {{- with .Values.dex.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.dex.containerPortHttp }} - protocol: TCP - - name: grpc - containerPort: {{ .Values.dex.containerPortGrpc }} - protocol: TCP - {{- if .Values.dex.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.dex.containerPortMetrics }} - protocol: TCP - {{- end }} - volumeMounts: - mountPath: /tmp - name: tmp-dir - {{- if .Values.dex.volumeMounts }} - {{- toYaml .Values.dex.volumeMounts | nindent 8 }} - {{- end }} + name: dexconfig resources: -{{- toYaml .Values.dex.resources | nindent 10 }} - {{- if .Values.dex.nodeSelector }} - nodeSelector: -{{- toYaml .Values.dex.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.dex.tolerations }} - tolerations: -{{- toYaml .Values.dex.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.dex.affinity }} - affinity: -{{- toYaml .Values.dex.affinity | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} - volumes: - - emptyDir: {} - name: tmp-dir - {{- if .Values.dex.volumes }} - {{- toYaml .Values.dex.volumes | nindent 6 }} + {{- toYaml (default .Values.dex.resources .Values.dex.initImage.resources) | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.dex.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} -{{- if .Values.dex.priorityClassName }} - priorityClassName: {{ .Values.dex.priorityClassName }} -{{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.dex) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.dex.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.dex.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + - name: static-files + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: dexconfig + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-dex-server-tls + secret: + secretName: argocd-dex-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with .Values.dex.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.dex.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dex.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo-cd/templates/dex/networkpolicy.yaml new file mode 100644 index 00000000..6d0c9789 --- /dev/null +++ b/charts/argo-cd/templates/dex/networkpolicy.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.global.networkPolicy.create .Values.dex.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + ports: + - port: http + protocol: TCP + - port: grpc + protocol: TCP + {{- if .Values.dex.metrics.enabled }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + protocol: TCP + {{- end }} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/dex/pdb.yaml b/charts/argo-cd/templates/dex/pdb.yaml new file mode 100644 index 00000000..12161024 --- /dev/null +++ b/charts/argo-cd/templates/dex/pdb.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.dex.enabled .Values.dex.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + {{- with .Values.dex.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.dex.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.dex.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/dex/role.yaml b/charts/argo-cd/templates/dex/role.yaml index 6b9b3f69..e79b3cf7 100644 --- a/charts/argo-cd/templates/dex/role.yaml +++ b/charts/argo-cd/templates/dex/role.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} rules: @@ -15,4 +16,4 @@ rules: - get - list - watch -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/argo-cd/templates/dex/rolebinding.yaml index 4cc47005..792a465a 100644 --- a/charts/argo-cd/templates/dex/rolebinding.yaml +++ b/charts/argo-cd/templates/dex/rolebinding.yaml @@ -2,15 +2,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-cd.dex.fullname" . }} + name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-cd.dex.fullname" . }} + name: {{ include "argo-cd.dex.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "argo-cd.dexServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file + name: {{ include "argo-cd.dex.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 6fa77c4e..b52acfb1 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} {{- if .Values.dex.metrics.service.annotations }} annotations: {{- range $key, $value := .Values.dex.metrics.service.annotations }} @@ -15,17 +16,18 @@ metadata: {{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - - name: http + - name: {{ .Values.dex.servicePortHttpName }} protocol: TCP port: {{ .Values.dex.servicePortHttp }} targetPort: http - - name: grpc + - name: {{ .Values.dex.servicePortGrpcName }} protocol: TCP port: {{ .Values.dex.servicePortGrpc }} targetPort: grpc {{- if .Values.dex.metrics.enabled }} - - name: metrics + - name: {{ .Values.dex.metrics.service.portName }} protocol: TCP port: {{ .Values.dex.servicePortMetrics }} targetPort: metrics diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml index 71707f09..aeff2441 100644 --- a/charts/argo-cd/templates/dex/serviceaccount.yaml +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -3,13 +3,14 @@ apiVersion: v1 kind: ServiceAccount automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ template "argo-cd.dexServiceAccountName" . }} -{{- if .Values.dex.serviceAccount.annotations }} + name: {{ include "argo-cd.dex.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.dex.serviceAccount.annotations }} annotations: - {{- range $key, $value := .Values.dex.serviceAccount.annotations }} + {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} -{{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/templates/dex/servicemonitor.yaml index 58bae6e2..2564cfa1 100644 --- a/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -1,30 +1,48 @@ -{{- if and .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "argo-cd.dex.fullname" . }} - {{- if .Values.dex.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.dex.metrics.serviceMonitor.namespace }} - {{- end }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} - {{- if .Values.dex.metrics.serviceMonitor.selector }} -{{- toYaml .Values.dex.metrics.serviceMonitor.selector | nindent 4 }} + {{- with .Values.dex.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.dex.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.dex.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- with .Values.dex.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: endpoints: - - port: metrics - {{- with .Values.controller.metrics.serviceMonitor.interval }} + - port: {{ .Values.dex.metrics.service.portName }} + {{- with .Values.dex.metrics.serviceMonitor.interval }} interval: {{ . }} {{- end }} path: /metrics + {{- with .Values.dex.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . |nindent 8 }} + {{- end }} + honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }} + {{- with .Values.dex.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-cd.namespace" . }} selector: matchLabels: {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/extra-manifests.yaml b/charts/argo-cd/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/charts/argo-cd/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argo-cd/templates/networkpolicy-default-deny.yaml b/charts/argo-cd/templates/networkpolicy-default-deny.yaml new file mode 100644 index 00000000..06d1979a --- /dev/null +++ b/charts/argo-cd/templates/networkpolicy-default-deny.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.global.networkPolicy.create .Values.global.networkPolicy.defaultDenyIngress }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} + name: {{ template "argo-cd.fullname" . }}-default-deny + namespace: {{ include "argo-cd.namespace" . }} +spec: + podSelector: {} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml new file mode 100644 index 00000000..5fd41f64 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -0,0 +1,70 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.jobAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +spec: + ttlSecondsAfterFinished: 60 + template: + metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redisSecretInit.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redisSecretInit.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - command: + - argocd + - admin + - redis-initial-password + image: {{ default .Values.global.image.repository .Values.redisSecretInit.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.redisSecretInit.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redisSecretInit.image.imagePullPolicy }} + name: secret-init + resources: + {{- toYaml .Values.redisSecretInit.resources | nindent 10 }} + {{- with .Values.redisSecretInit.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.redisSecretInit.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + restartPolicy: OnFailure + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/role.yaml b/charts/argo-cd/templates/redis-secret-init/role.yaml new file mode 100644 index 00000000..9e8259f9 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/role.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml new file mode 100644 index 00000000..a199628a --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.redisSecretInit.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml new file mode 100644 index 00000000..85540d26 --- /dev/null +++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.redisSecretInit.enabled .Values.redisSecretInit.serviceAccount.create (not .Values.externalRedis.host) }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index a6f0c46a..65581665 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -1,87 +1,220 @@ -{{- $redisHa := (index .Values "redis-ha") -}} +{{- $redisHa := index .Values "redis-ha" -}} {{- if and .Values.redis.enabled (not $redisHa.enabled) -}} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "argo-cd.redis.fullname" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.redis.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} - app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} spec: + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} selector: matchLabels: app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} template: metadata: - {{- if .Values.redis.podAnnotations }} - annotations: - {{- range $key, $value := .Values.redis.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }} - app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} - {{- if .Values.redis.podLabels }} -{{- toYaml .Values.redis.podLabels | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redis.podLabels) }} + {{- toYaml . | nindent 8 }} {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redis.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - automountServiceAccountToken: false - {{- if .Values.redis.securityContext }} - securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.redis.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.redis.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.redis.automountServiceAccountToken }} containers: - - name: {{ template "argo-cd.redis.fullname" . }} + - name: {{ .Values.redis.name }} + image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.image.imagePullPolicy }} args: + {{- with .Values.redis.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} - --save - "" - --appendonly - "no" - {{- with .Values.redis.extraArgs }} - {{- . | toYaml | nindent 8 }} - {{- end }} - image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} - imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} - {{- if .Values.redis.containerSecurityContext }} - securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.redis.env }} + - --requirepass $(REDIS_PASSWORD) env: -{{- toYaml .Values.redis.env | nindent 8 }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + {{- with (concat .Values.global.env .Values.redis.env) }} + {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.redis.envFrom }} - envFrom: {{- toYaml . | nindent 8 }} + envFrom: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh {{- end }} ports: - - containerPort: {{ .Values.redis.containerPort }} -{{- if .Values.redis.volumeMounts }} - - volumeMounts: -{{- toYaml .Values.redis.volumeMounts | nindent 10 }} -{{- end }} + - name: redis + containerPort: {{ .Values.redis.containerPorts.redis }} + protocol: TCP resources: -{{- toYaml .Values.redis.resources | nindent 10 }} - {{- if .Values.redis.nodeSelector }} + {{- toYaml .Values.redis.resources | nindent 10 }} + {{- with .Values.redis.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /health + name: health + {{- with .Values.redis.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.redis.exporter.enabled }} + - name: metrics + image: {{ .Values.redis.exporter.image.repository }}:{{ .Values.redis.exporter.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.exporter.image.imagePullPolicy }} + env: + - name: REDIS_ADDR + value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + {{- with (concat .Values.global.env .Values.redis.exporter.env) }} + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.redis.containerPorts.metrics }} + protocol: TCP + {{- if .Values.redis.exporter.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.redis.exporter.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.redis.exporter.resources | nindent 10 }} + {{- with .Values.redis.exporter.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} + {{- with .Values.redis.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.redis.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.redis.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: -{{- toYaml .Values.redis.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.redis.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.tolerations | default .Values.global.tolerations }} tolerations: -{{- toYaml .Values.redis.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.redis.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redis) }} affinity: -{{- toYaml .Values.redis.affinity | nindent 8 }} - {{- end }} -{{- if .Values.redis.volumes }} + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.redis.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" $ }}-{{ $.Values.redis.name }} + {{- end }} + {{- end }} + {{- end }} volumes: -{{- toYaml .Values.redis.volumes | nindent 8}} -{{- end }} -{{- if .Values.redis.priorityClassName }} - priorityClassName: {{ .Values.redis.priorityClassName }} -{{- end }} + - name: health + configMap: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + defaultMode: 493 + {{- with .Values.redis.volumes }} + {{- toYaml . | nindent 8}} + {{- end }} + {{- with .Values.redis.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.redis.dnsPolicy }} {{- end }} diff --git a/charts/argo-cd/templates/redis/health-configmap.yaml b/charts/argo-cd/templates/redis/health-configmap.yaml new file mode 100644 index 00000000..7443625f --- /dev/null +++ b/charts/argo-cd/templates/redis/health-configmap.yaml @@ -0,0 +1,37 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" +{{- end }} diff --git a/charts/argo-cd/templates/redis/metrics.yaml b/charts/argo-cd/templates/redis/metrics.yaml new file mode 100644 index 00000000..040f5ebf --- /dev/null +++ b/charts/argo-cd/templates/redis/metrics.yaml @@ -0,0 +1,35 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.redis.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with .Values.redis.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.redis.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.redis.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.redis.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.redis.metrics.service.type }} + {{- if and .Values.redis.metrics.service.clusterIP (eq .Values.redis.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.redis.metrics.service.clusterIP }} + {{- end }} + ports: + - name: {{ .Values.redis.metrics.service.portName }} + protocol: TCP + port: {{ .Values.redis.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/redis/networkpolicy.yaml b/charts/argo-cd/templates/redis/networkpolicy.yaml new file mode 100644 index 00000000..d602a931 --- /dev/null +++ b/charts/argo-cd/templates/redis/networkpolicy.yaml @@ -0,0 +1,37 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and .Values.global.networkPolicy.create .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + ports: + - port: redis + protocol: TCP + {{- if .Values.redis.metrics.enabled }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + protocol: TCP + {{- end }} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/redis/pdb.yaml b/charts/argo-cd/templates/redis/pdb.yaml new file mode 100644 index 00000000..c614144d --- /dev/null +++ b/charts/argo-cd/templates/redis/pdb.yaml @@ -0,0 +1,28 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) .Values.redis.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with .Values.redis.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.redis.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.redis.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} +{{- end }} diff --git a/charts/argo-cd/templates/redis/service.yaml b/charts/argo-cd/templates/redis/service.yaml index cf1f98bf..a60cf77e 100644 --- a/charts/argo-cd/templates/redis/service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -4,12 +4,24 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with .Values.redis.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - - port: {{ .Values.redis.servicePort }} - targetPort: {{ .Values.redis.servicePort }} + - name: redis + port: {{ .Values.redis.servicePort }} + targetPort: redis selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/redis/serviceaccount.yaml b/charts/argo-cd/templates/redis/serviceaccount.yaml new file mode 100644 index 00000000..bc942e22 --- /dev/null +++ b/charts/argo-cd/templates/redis/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.redis.enabled .Values.redis.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.redis.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.redis.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/templates/redis/servicemonitor.yaml new file mode 100644 index 00000000..4710d286 --- /dev/null +++ b/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled .Values.redis.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.redis.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with .Values.redis.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.redis.metrics.service.portName }} + {{- with .Values.redis.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.redis.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.redis.metrics.serviceMonitor.honorLabels }} + {{- with .Values.redis.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml old mode 100755 new mode 100644 index fdd50b36..f1213daf --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1,132 +1,771 @@ -## ArgoCD configuration +## Argo CD configuration ## Ref: https://github.com/argoproj/argo-cd ## + +# -- Provide a name in place of `argocd` nameOverride: argocd +# -- String to fully override `"argo-cd.fullname"` fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" +# -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" +# Override APIVersions +# If you want to template helm charts but cannot access k8s API server +# you can set api versions here +apiVersionOverrides: {} -# Optional CRD installation for those without Helm hooks -installCRDs: true +# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: false +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD runs +createClusterRoles: true +openshift: + # -- enables using arbitrary uid for argo repo server + enabled: false + +## Custom resource configuration +crds: + # -- Install and upgrade CRDs + install: true + # -- Keep CRDs on chart uninstall + keep: true + # -- Annotations to be added to all CRDs + annotations: {} + # -- Addtional labels to be added to all CRDs + additionalLabels: {} + +## Globally shared configuration global: + # -- Default domain used by all components + ## Used for ingresses, certificates, SSO, notifications, etc. + domain: argocd.example.com + + # -- Runtime class name for all components + runtimeClassName: "" + + # -- Common labels for the all resources + additionalLabels: {} + # app: argo-cd + + # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected. + revisionHistoryLimit: 3 + + # Default image used by all components image: + # -- If defined, a repository applied to all Argo CD deployments repository: quay.io/argoproj/argocd - tag: v2.0.3 + # -- Overrides the global Argo CD image tag whose default is the chart appVersion + tag: "" + # -- If defined, a imagePullPolicy applied to all Argo CD deployments imagePullPolicy: IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + imagePullSecrets: [] + + # Default logging options used by all components + logging: + # -- Set the global logging format. Either: `text` or `json` + format: text + # -- Set the global logging level. One of: `debug`, `info`, `warn` or `error` + level: info + + # -- Annotations for the all deployed Statefulsets + statefulsetAnnotations: {} + + # -- Annotations for the all deployed Deployments + deploymentAnnotations: {} + + # -- Annotations for the all deployed pods + podAnnotations: {} + + # -- Labels for the all deployed pods + podLabels: {} + + # -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. + addPrometheusAnnotations: false + + # -- Toggle and define pod-level security context. + # @default -- `{}` (See [values.yaml]) securityContext: {} # runAsUser: 999 # runAsGroup: 999 # fsGroup: 999 - imagePullSecrets: [] + + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files hostAliases: [] # - ip: 10.20.30.40 # hostnames: # - git.myhostname -## Controller + # Configure dual-stack used by all component services + dualStack: + # -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + ipFamilyPolicy: "" + # -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + ipFamilies: [] + + # Default network policy rules used by all components + networkPolicy: + # -- Create NetworkPolicy objects for all components + create: false + # -- Default deny all ingress traffic + defaultDenyIngress: false + + # -- Default priority class for all components + priorityClassName: "" + + # -- Default node selector for all components + nodeSelector: + kubernetes.io/os: linux + + # -- Default tolerations for all components + tolerations: [] + + # Default affinity preset for all components + affinity: + # -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard` + podAntiAffinity: soft + # Node affinity rules + nodeAffinity: + # -- Default node affinity rules. Either: `none`, `soft` or `hard` + type: hard + # -- Default match expressions for node affinity + matchExpressions: [] + # - key: topology.kubernetes.io/zone + # operator: In + # values: + # - antarctica-east1 + # - antarctica-west1 + + # -- Default [TopologySpreadConstraints] rules for all components + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector of the component + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy for the all deployed Deployments + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Environment variables to pass to all deployed Deployments + env: [] + + # -- Annotations for the all deployed Certificates + certificateAnnotations: {} + +## Argo Configs +configs: + # General Argo CD configuration + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml + cm: + # -- Create the argocd-cm configmap for [declarative setup] + create: true + + # -- Annotations to be added to argocd-cm configmap + annotations: {} + + # -- The name of tracking label used by Argo CD for resource pruning + application.instanceLabelKey: argocd.argoproj.io/instance + + # -- Enable control of the service account used for the sync operation (alpha) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ + application.sync.impersonation.enabled: false + + # -- Enable logs RBAC enforcement + ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement + server.rbac.log.enforce.enable: false + + # -- Enable exec feature in Argo UI + ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource + exec.enabled: false + + # -- Enable local admin user + ## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user + admin.enabled: true + + # -- Timeout to discover if a new manifests version got published to the repository + timeout.reconciliation: 180s + + # -- Timeout to refresh application data as well as target manifests cache + timeout.hard.reconciliation: 0s + + # -- Enable Status Badge + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/ + statusbadge.enabled: false + + # Dex configuration + # dex.config: | + # connectors: + # # GitHub example + # - type: github + # id: github + # name: GitHub + # config: + # clientID: aabbccddeeff00112233 + # clientSecret: $dex.github.clientSecret # Alternatively $:dex.github.clientSecret + # orgs: + # - name: your-github-org + + # OIDC configuration as an alternative to dex (optional). + # oidc.config: | + # name: AzureAD + # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 + # clientID: CLIENT_ID + # clientSecret: $oidc.azuread.clientSecret + # rootCA: | + # -----BEGIN CERTIFICATE----- + # ... encoded certificate data here ... + # -----END CERTIFICATE----- + # requestedIDTokenClaims: + # groups: + # essential: true + # requestedScopes: + # - openid + # - profile + # - email + + # Extension Configuration + ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/ + # extension.config: | + # extensions: + # - name: httpbin + # backend: + # connectionTimeout: 2s + # keepAlive: 15s + # idleConnectionTimeout: 60s + # maxIdleConnections: 30 + # services: + # - url: http://httpbin.org + # headers: + # - name: some-header + # value: '$some.argocd.secret.key' + # cluster: + # name: some-cluster + # server: https://some-cluster + + # Argo CD configuration parameters + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml + params: + # -- Create the argocd-cmd-params-cm configmap + # If false, it is expected the configmap will be created by something else. + create: true + + # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap + annotations: {} + + ## Generic parameters + # -- Open-Telemetry collector address: (e.g. "otel-collector:4317") + otlp.address: '' + + ## Controller Properties + # -- Number of application status processors + controller.status.processors: 20 + # -- Number of application operation processors + controller.operation.processors: 10 + # -- Specifies timeout between application self heal attempts + controller.self.heal.timeout.seconds: 5 + # -- Repo server RPC call timeout seconds. + controller.repo.server.timeout.seconds: 60 + + ## Server properties + # -- Run server without TLS + ## NOTE: This value should be set when you generate params by other means as it changes ports used by ingress template. + server.insecure: false + # -- Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / + server.basehref: / + # -- Used if Argo CD is running behind reverse proxy under subpath different from / + server.rootpath: '' + # -- Directory path that contains additional static assets + server.staticassets: /shared/app + # -- Disable Argo CD RBAC for user authentication + server.disable.auth: false + # -- Enable GZIP compression + server.enable.gzip: true + # -- Enable proxy extension feature. (proxy extension is in Alpha phase) + server.enable.proxy.extension: false + # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". + server.x.frame.options: sameorigin + + ## Repo-server properties + # -- Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. + reposerver.parallelism.limit: 0 + + ## ApplicationSet Properties + # -- Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` + applicationsetcontroller.policy: sync + # -- Enables use of the Progressive Syncs capability + applicationsetcontroller.enable.progressive.syncs: false + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) + # @default -- `""` (default is only the ns where the controller is installed) + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/ + applicationsetcontroller.namespaces: "" + + # -- Enables [Applications in any namespace] + ## List of additional namespaces where applications may be created in and reconciled from. + ## The namespace where Argo CD is installed to will always be allowed. + ## Set comma-separated list. (e.g. app-team-one, app-team-two) + application.namespaces: "" + + # -- JQ Path expression timeout + ## By default, the evaluation of a JQPathExpression is limited to one second. + ## If you encounter a "JQ patch execution timed out" error message due to a complex JQPathExpression + ## that requires more time to evaluate, you can extend the timeout period. + controller.ignore.normalizer.jq.timeout: "1s" + + # Argo CD RBAC policy configuration + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md + rbac: + # -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. + # If false, it is expected the configmap will be created by something else. + # Argo CD will not work if there is no configmap created with the name above. + create: true + + # -- Annotations to be added to argocd-rbac-cm configmap + annotations: {} + + # -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). + # If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... + policy.default: '' + + # -- File containing user-defined policies and role definitions. + # @default -- `''` (See [values.yaml]) + policy.csv: '' + # Policy rules are in the form: + # p, subject, resource, action, object, effect + # Role definitions and bindings are in the form: + # g, subject, inherited-subject + # policy.csv: | + # p, role:org-admin, applications, *, */*, allow + # p, role:org-admin, clusters, get, *, allow + # p, role:org-admin, repositories, *, *, allow + # p, role:org-admin, logs, get, *, allow + # p, role:org-admin, exec, create, */*, allow + # g, your-github-org:your-team, role:org-admin + + # -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). + # The scope value can be a string, or a list of strings. + scopes: "[groups]" + + # -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. + policy.matchMode: "glob" + + # GnuPG public keys for commit verification + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ + gpg: + # -- Annotations to be added to argocd-gpg-keys-cm configmap + annotations: {} + + # -- [GnuPG] public keys to add to the keyring + # @default -- `{}` (See [values.yaml]) + ## Note: Public keys should be exported with `gpg --export --armor ` + keys: {} + # 4AEE18F83AFDEB23: | + # -----BEGIN PGP PUBLIC KEY BLOCK----- + # ... + # -----END PGP PUBLIC KEY BLOCK----- + + # SSH known hosts for Git repositories + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys + ssh: + # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. + create: true + + # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap + annotations: {} + + # -- Known hosts to be added to the known host list by default. + # @default -- See [values.yaml] + knownHosts: | + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + + # -- Additional known hosts for private repositories + extraHosts: '' + + # Repository TLS certificates + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca + tls: + # -- Annotations to be added to argocd-tls-certs-cm configmap + annotations: {} + + # -- TLS certificates for Git repositories + # @default -- `{}` (See [values.yaml]) + certificates: {} + # server.example.com: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + + # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm. + create: true + + # ConfigMap for Config Management Plugins + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ + cmp: + # -- Create the argocd-cmp-cm configmap + create: false + + # -- Annotations to be added to argocd-cmp-cm configmap + annotations: {} + + # -- Plugin yaml files to be added to argocd-cmp-cm + plugins: {} + # --- First plugin + # my-plugin: + # init: + # command: [sh] + # args: [-c, 'echo "Initializing..."'] + # generate: + # command: [sh, -c] + # args: + # - | + # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}" + # discover: + # fileName: "./subdir/s*.yaml" + # find: + # glob: "**/Chart.yaml" + # command: [sh, -c, find . -name env.yaml] + + # --- Second plugin + # my-plugin2: + # init: + # command: [sh] + # args: [-c, 'echo "Initializing..."'] + # generate: + # command: [sh, -c] + # args: + # - | + # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}" + # discover: + # fileName: "./subdir/s*.yaml" + # find: + # glob: "**/Chart.yaml" + # command: [sh, -c, find . -name env.yaml] + + # -- Provide one or multiple [external cluster credentials] + # @default -- `{}` (See [values.yaml]) + ## Ref: + ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters + ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials + ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters + clusterCredentials: {} + # mycluster: + # server: https://mycluster.example.com + # labels: {} + # annotations: {} + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + # mycluster2: + # server: https://mycluster2.example.com + # labels: {} + # annotations: {} + # namespaces: namespace1,namespace2 + # clusterResources: true + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + # mycluster3-project-scoped: + # server: https://mycluster3.example.com + # labels: {} + # annotations: {} + # project: my-project1 + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + # mycluster4-sharded: + # shard: 1 + # server: https://mycluster4.example.com + # labels: {} + # annotations: {} + # config: + # bearerToken: "" + # tlsClientConfig: + # insecure: false + # caData: "" + + # -- Repository credentials to be used as Templates for other repos + ## Creates a secret for each key/value specified below to create repository credentials + credentialTemplates: {} + # github-enterprise-creds-1: + # url: https://github.com/argoproj + # githubAppID: 1 + # githubAppInstallationID: 2 + # githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3 + # githubAppPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + # https-creds: + # url: https://github.com/argoproj + # password: my-password + # username: my-username + # ssh-creds: + # url: git@github.com:argoproj-labs + # sshPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + + # -- Annotations to be added to `configs.credentialTemplates` Secret + credentialTemplatesAnnotations: {} + + # -- Repositories list to be used by applications + ## Creates a secret for each key/value specified below to create repositories + ## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates". + repositories: {} + # istio-helm-repo: + # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts + # name: istio.io + # type: helm + # private-helm-repo: + # url: https://my-private-chart-repo.internal + # name: private-repo + # type: helm + # password: my-password + # username: my-username + # private-repo: + # url: https://github.com/argoproj/private-repo + + # -- Annotations to be added to `configs.repositories` Secret + repositoriesAnnotations: {} + + # Argo CD sensitive data + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets + secret: + # -- Create the argocd-secret + createSecret: true + # -- Labels to be added to argocd-secret + labels: {} + # -- Annotations to be added to argocd-secret + annotations: {} + + # -- Shared secret for authenticating GitHub webhook events + githubSecret: "" + # -- Shared secret for authenticating GitLab webhook events + gitlabSecret: "" + # -- Shared secret for authenticating BitbucketServer webhook events + bitbucketServerSecret: "" + # -- UUID for authenticating Bitbucket webhook events + bitbucketUUID: "" + # -- Shared secret for authenticating Gogs webhook events + gogsSecret: "" + ## Azure DevOps + azureDevops: + # -- Shared secret username for authenticating Azure DevOps webhook events + username: "" + # -- Shared secret password for authenticating Azure DevOps webhook events + password: "" + + # -- add additional secrets to be added to argocd-secret + ## Custom secrets. Useful for injecting SSO secrets into environment variables. + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets + ## Note that all values must be non-empty. + extra: + {} + # LDAP_PASSWORD: "mypassword" + + # -- Bcrypt hashed admin password + ## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with + ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` + argocdServerAdminPassword: "" + # -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` + # @default -- `""` (defaults to current time) + argocdServerAdminPasswordMtime: "" + + # -- Define custom [CSS styles] for your argo instance. + # This setting will automatically mount the provided CSS and reference it in the argo configuration. + # @default -- `""` (See [values.yaml]) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ + styles: "" + # styles: | + # .sidebar { + # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); + # } + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argocd-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argocd" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argocd-secrets-store + # type: Opaque + # labels: + # app.kubernetes.io/part-of: argocd + +## Application controller controller: + # -- Application controller name string name: application-controller - image: - repository: # defaults to global.image.repository - tag: # defaults to global.image.tag - imagePullPolicy: # IfNotPresent - - # If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable + # -- The number of application controller pods to run. + # Additional replicas will cause sharding of managed clusters across number of replicas. + ## With dynamic cluster distribution turned on, sharding of the clusters will gracefully + ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha) replicas: 1 - # Deploy the application as a StatefulSet instead of a Deployment, this is required for HA capability. - # This is a feature flag that will become the default in chart version 3.x - enableStatefulSet: false + # -- Enable dynamic cluster distribution (alpha) + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution + ## This is done using a deployment instead of a statefulSet + ## When replicas are added or removed, the sharding algorithm is re-run to ensure that the + ## clusters are distributed according to the algorithm. If the algorithm is well-balanced, + ## like round-robin, then the shards will be well-balanced. + dynamicClusterDistribution: false - ## Argo controller commandline flags - args: - statusProcessors: "20" - operationProcessors: "10" - appResyncPeriod: "180" - selfHealTimeout: "5" + # -- Runtime class name for the application controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" - ## Argo controller log format: text|json - logFormat: text - ## Argo controller log level - logLevel: info + # -- Application controller heartbeat time + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution + heartbeatTime: 10 - ## Additional command line arguments to pass to argocd-controller - ## + # -- Maximum number of controller revisions that will be maintained in StatefulSet history + revisionHistoryLimit: 5 + + ## Application controller Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the application controller + enabled: false + # -- Labels to be added to application controller pdb + labels: {} + # -- Annotations to be added to application controller pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `controller.pdb.minAvailable` + maxUnavailable: "" + + ## Application controller image + image: + # -- Repository to use for the application controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the application controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the application controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to application controller extraArgs: [] - ## Environment variables to pass to argocd-controller - ## - env: - [] - # - name: "ARGOCD_CONTROLLER_REPLICAS" - # value: "" + # -- Environment variables to pass to application controller + env: [] - ## envFrom to pass to argocd-controller - ## + # -- envFrom to pass to application controller + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Annotations to be added to controller pods - ## + # -- Additional containers to be added to the application controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the application controller pod + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the server pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + ## Note: Supports use of custom Helm templates + initContainers: [] + # - name: download-tools + # image: alpine:3 + # command: [sh, -c] + # args: + # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && + # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + + # -- Additional volumeMounts to the application controller main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin + # name: custom-tools + # subPath: kubelogin + + # -- Additional volumes to the application controller pod + volumes: [] + # - name: custom-tools + # emptyDir: {} + + ## Application controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for application controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # -- Annotations for the application controller StatefulSet + statefulsetAnnotations: {} + + # -- Annotations for the application controller Deployment + deploymentAnnotations: {} + + # -- Annotations to be added to application controller pods podAnnotations: {} - ## Labels to be added to controller pods - ## + # -- Labels to be added to application controller pods podLabels: {} - ## Labels to set container specific security contexts - containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true - - ## Configures the controller port - containerPort: 8082 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - ## Additional volumeMounts to the controller main container. - volumeMounts: [] - - ## Additional volumes to the controller pod. - volumes: [] - - ## Controller service configuration - service: - annotations: {} - labels: {} - port: 8082 - portName: https-controller - - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} - - priorityClassName: "" - + # -- Resource limits and requests for the application controller pods resources: {} # limits: # cpu: 500m @@ -135,41 +774,163 @@ controller: # cpu: 250m # memory: 256Mi + # Application controller container ports + containerPorts: + # -- Metrics container port + metrics: 8082 + + # -- Host Network for application controller pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for application controller pods + dnsPolicy: "ClusterFirst" + + # -- Application controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + # Readiness probe for application controller + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Priority class for the application controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the application controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + serviceAccount: + # -- Create a service account for the application controller create: true + # -- Service account name name: argocd-application-controller - ## Annotations applied to created service account + # -- Annotations applied to created service account annotations: {} - ## Automount API credentials for the Service Account + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account automountServiceAccountToken: true - ## Server metrics controller configuration + ## Application controller metrics configuration metrics: + # -- Deploy metrics service enabled: false + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + applicationLabels: + # -- Enables additional labels in argocd_app_labels metric + enabled: false + # -- Additional labels + labels: [] service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations annotations: {} + # -- Metrics service labels labels: {} + # -- Metrics service port servicePort: 8082 + # -- Metrics service port name + portName: http-metrics serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Prometheus ServiceMonitor interval interval: 30s - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} rules: + # -- Deploy a PrometheusRule for the application controller enabled: false + # -- PrometheusRule namespace + namespace: "" # "monitoring" + # -- PrometheusRule selector + selector: {} + # prometheus: kube-prometheus + + # -- PrometheusRule labels + additionalLabels: {} + # -- PrometheusRule annotations + annotations: {} + + # -- PrometheusRule.Spec for the application controller spec: [] # - alert: ArgoAppMissing # expr: | - # absent(argocd_app_info) + # absent(argocd_app_info) == 1 # for: 15m # labels: # severity: critical # annotations: - # summary: "[ArgoCD] No reported applications" + # summary: "[Argo CD] No reported applications" # description: > - # ArgoCD has not reported any applications data for the past 15 minutes which + # Argo CD has not reported any applications data for the past 15 minutes which # means that it must be down or not functioning properly. This needs to be # resolved for this cloud to continue to maintain state. # - alert: ArgoAppNotSynced @@ -184,112 +945,175 @@ controller: # The application [{{`{{$labels.name}}`}} has not been synchronized for over # 12 hours which means that the state of this cloud has drifted away from the # state inside Git. - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} - ## Enable Admin ClusterRole resources. - ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster. - clusterAdminAccess: - enabled: true - ## Enable Custom Rules for the Application Controller's Cluster Role resource ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off clusterRoleRules: + # -- Enable custom rules for the application controller's ClusterRole resource enabled: false + # -- List of custom rules for the application controller's ClusterRole resource rules: [] - ## Dex dex: + # -- Enable dex enabled: true + # -- Dex name name: dex-server + # -- Additional command line arguments to pass to the Dex server + extraArgs: [] + + # -- Runtime class name for Dex + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + metrics: + # -- Deploy metrics service enabled: false service: + # -- Metrics service annotations annotations: {} + # -- Metrics service labels labels: {} + # -- Metrics service port name + portName: http-metrics serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Prometheus ServiceMonitor interval interval: 30s - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + ## Dex Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the Dex server + enabled: false + # -- Labels to be added to Dex server pdb + labels: {} + # -- Annotations to be added to Dex server pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `dex.pdb.minAvailable` + maxUnavailable: "" + + ## Dex image image: + # -- Dex image repository repository: ghcr.io/dexidp/dex - tag: v2.27.0 - imagePullPolicy: IfNotPresent - initImage: - repository: - tag: - imagePullPolicy: + # -- Dex image tag + tag: v2.42.0 + # -- Dex imagePullPolicy + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" - ## Environment variables to pass to the Dex server - ## + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # Argo CD init image that creates Dex config + initImage: + # -- Argo CD init image repository + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Argo CD init image tag + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Argo CD init image imagePullPolicy + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + # -- Argo CD init image resources + # @default -- `{}` (defaults to dex.resources) + resources: {} + # requests: + # cpu: 5m + # memory: 96Mi + # limits: + # cpu: 10m + # memory: 144Mi + + # -- Environment variables to pass to the Dex server env: [] - ## envFrom to pass to the Dex server + # -- envFrom to pass to the Dex server + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Annotations to be added to the Dex server pods - ## + # -- Additional containers to be added to the dex pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the dex pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- Additional volumeMounts to the dex main container + volumeMounts: [] + + # -- Additional volumes to the dex pod + volumes: [] + + ## Dex server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for Dex server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # TLS certificate configuration via Secret + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server + ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers. + certificateSecret: + # -- Create argocd-dex-server-tls secret + enabled: false + # -- Labels to be added to argocd-dex-server-tls secret + labels: {} + # -- Annotations to be added to argocd-dex-server-tls secret + annotations: {} + # -- Certificate authority. Required for self-signed certificates. + ca: '' + # -- Certificate private key + key: '' + # -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) + crt: '' + + # -- Annotations to be added to the Dex server Deployment + deploymentAnnotations: {} + + # -- Annotations to be added to the Dex server pods podAnnotations: {} - ## Labels to be added to the Dex server pods - ## + # -- Labels to be added to the Dex server pods podLabels: {} - serviceAccount: - create: true - name: argocd-dex-server - ## Annotations applied to created service account - annotations: {} - ## Automount API credentials for the Service Account - automountServiceAccountToken: true - - ## Additional volumeMounts to the controller main container. - volumeMounts: - - name: static-files - mountPath: /shared - - ## Additional volumes to the controller pod. - volumes: - - name: static-files - emptyDir: {} - - ## Dex deployment container ports - containerPortHttp: 5556 - servicePortHttp: 5556 - containerPortGrpc: 5557 - servicePortGrpc: 5557 - containerPortMetrics: 5558 - servicePortMetrics: 5558 - - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} - - priorityClassName: "" - - ## Labels to set container specific security contexts - containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true - + # -- Resource limits and requests for dex resources: {} # limits: # cpu: 50m @@ -298,69 +1122,317 @@ dex: # cpu: 10m # memory: 32Mi + # Dex container ports + # NOTE: These ports are currently hardcoded and cannot be changed + containerPorts: + # -- HTTP container port + http: 5556 + # -- gRPC container port + grpc: 5557 + # -- Metrics container port + metrics: 5558 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Dex server pods + dnsPolicy: "ClusterFirst" + + # -- Dex container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for Dex server + ## Supported from Dex >= 2.28.0 + livenessProbe: + # -- Enable Kubernetes liveness probe for Dex >= 2.28.0 + enabled: false + # -- Http path to use for the liveness probe + httpPath: /healthz/live + # -- Http port to use for the liveness probe + httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + readinessProbe: + # -- Enable Kubernetes readiness probe for Dex >= 2.28.0 + enabled: false + # -- Http path to use for the readiness probe + httpPath: /healthz/ready + # -- Http port to use for the readiness probe + httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create dex service account + create: true + # -- Dex service account name + name: argocd-dex-server + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Service port for HTTP access + servicePortHttp: 5556 + # -- Service port name for HTTP access + servicePortHttpName: http + # -- Service port for gRPC access + servicePortGrpc: 5557 + # -- Service port name for gRPC access + servicePortGrpcName: grpc + # -- Service port for metrics access + servicePortMetrics: 5558 + + # -- Priority class for the dex pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to dex + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the Dex server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Dex log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + logFormat: "" + # -- Dex log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + logLevel: "" + ## Redis redis: + # -- Enable redis enabled: true + # -- Redis name name: redis - image: - repository: redis - tag: 6.2.2-alpine - imagePullPolicy: IfNotPresent + # -- Runtime class name for redis + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" - ## Additional command line arguments to pass to redis-server - ## + ## Redis Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the Redis + enabled: false + # -- Labels to be added to Redis pdb + labels: {} + # -- Annotations to be added to Redis pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `redis.pdb.minAvailable` + maxUnavailable: "" + + ## Redis image + image: + # -- Redis repository + repository: public.ecr.aws/docker/library/redis + # -- Redis tag + tag: 7.4.2-alpine + # -- Redis image pull policy + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + ## Prometheus redis-exporter sidecar + exporter: + # -- Enable Prometheus redis-exporter sidecar + enabled: false + # -- Environment variables to pass to the Redis exporter + env: [] + ## Prometheus redis-exporter image + image: + # -- Repository to use for the redis-exporter + repository: public.ecr.aws/bitnami/redis-exporter + # -- Tag to use for the redis-exporter + tag: 1.67.0 + # -- Image pull policy for the redis-exporter + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Redis exporter security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for Redis exporter (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter (optional) + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + + # -- Resource limits and requests for redis-exporter sidecar + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to redis-server extraArgs: [] # - --bind # - "0.0.0.0" - containerPort: 6379 - servicePort: 6379 - - ## Environment variables to pass to the Redis server - ## + # -- Environment variables to pass to the Redis server env: [] - ## envFrom to pass to the Redis server - ## + # -- envFrom to pass to the Redis server + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Annotations to be added to the Redis server pods - ## + ## Probes for Redis server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + + # -- Additional containers to be added to the redis pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the redis pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- Additional volumeMounts to the redis container + volumeMounts: [] + + # -- Additional volumes to the redis pod + volumes: [] + + # -- Annotations to be added to the Redis server Deployment + deploymentAnnotations: {} + + # -- Annotations to be added to the Redis server pods podAnnotations: {} - ## Labels to be added to the Redis server pods - ## + # -- Labels to be added to the Redis server pods podLabels: {} - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} - - priorityClassName: "" - - ## Labels to set container specific security contexts - containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true - - ## Redis Pod specific security context - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - runAsNonRoot: true - + # -- Resource limits and requests for redis resources: {} # limits: # cpu: 200m @@ -369,404 +1441,464 @@ redis: # cpu: 100m # memory: 64Mi - volumeMounts: [] - volumes: [] + # -- Redis pod-level security context + # @default -- See [values.yaml] + securityContext: + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault -# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true) -# the custom redis deployment is omitted -redis-ha: - enabled: false - # Check the redis-ha chart for more properties - exporter: - enabled: true - persistentVolume: + # Redis container ports + containerPorts: + # -- Redis container port + redis: 6379 + # -- Metrics container port + metrics: 9121 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Redis server pods + dnsPolicy: "ClusterFirst" + + # -- Redis container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + + # -- Redis service port + servicePort: 6379 + + # -- Priority class for redis pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to redis + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create a service account for the redis pod + create: false + # -- Service account name for redis pod + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: false + + service: + # -- Redis service annotations + annotations: {} + # -- Additional redis service labels + labels: {} + + metrics: + # -- Deploy metrics service enabled: false - redis: - masterGroupName: argocd - config: - save: '""' - haproxy: - enabled: true - metrics: - enabled: true + + # Redis metrics service configuration + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: None + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 9121 + # -- Metrics service port name + portName: http-metrics + + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Interval at which metrics should be scraped + interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + +## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` +# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml +redis-ha: + # -- Enables the Redis HA subchart and disables the custom Redis single node deployment + enabled: false + ## Redis image image: - tag: 6.2.2-alpine + # -- Redis repository + repository: public.ecr.aws/docker/library/redis + # -- Redis tag + tag: 7.4.2-alpine + ## Prometheus redis-exporter sidecar + exporter: + # -- Enable Prometheus redis-exporter sidecar + enabled: false + # -- Repository to use for the redis-exporter + image: public.ecr.aws/bitnami/redis-exporter + # -- Tag to use for the redis-exporter + tag: 1.58.0 + persistentVolume: + # -- Configures persistence on Redis nodes + enabled: false + ## Redis specific configuration options + redis: + # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated + masterGroupName: argocd + # -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) + # @default -- See [values.yaml] + config: + # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled + # @default -- `'""'` + save: '""' + ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. + haproxy: + # -- Enabled HAProxy LoadBalancing/Proxy + enabled: true + # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. + labels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + metrics: + # -- HAProxy enable prometheus metric scraping + enabled: true + # -- Whether the haproxy pods should be forced to run on separate nodes. + hardAntiAffinity: true + # -- Additional affinities to add to the haproxy pods. + additionalAffinities: {} + # -- Assign custom [affinity] rules to the haproxy pods. + affinity: | + + # -- [Tolerations] for use with node taints for haproxy pods. + tolerations: [] + # -- HAProxy container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- Configures redis-ha with AUTH + auth: true + # -- Existing Secret to use for redis-ha authentication. + # By default the redis-secret-init Job is generating this Secret. + existingSecret: argocd-redis + + # -- Whether the Redis server pods should be forced to run on separate nodes. + hardAntiAffinity: true + + # -- Additional affinities to add to the Redis server pods. + additionalAffinities: {} + + # -- Assign custom [affinity] rules to the Redis pods. + affinity: | + + # -- [Tolerations] for use with node taints for Redis pods. + tolerations: [] + + # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: + # -- Enable Redis HA topology spread constraints + enabled: false + # -- Max skew of pods tolerated + # @default -- `""` (defaults to `1`) + maxSkew: "" + # -- Topology key for spread + # @default -- `""` (defaults to `topology.kubernetes.io/zone`) + topologyKey: "" + # -- Enforcement policy, hard or soft + # @default -- `""` (defaults to `ScheduleAnyway`) + whenUnsatisfiable: "" + # -- Redis HA statefulset container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + +# External Redis parameters +externalRedis: + # -- External Redis server host + host: "" + # -- External Redis username + username: "" + # -- External Redis password + password: "" + # -- External Redis server port + port: 6379 + # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. + # When it's set, the `externalRedis.password` parameter is ignored + existingSecret: "" + # -- External Redis Secret annotations + secretAnnotations: {} + +redisSecretInit: + # -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods + enabled: true + # -- Redis secret-init name + name: redis-secret-init + + image: + # -- Repository to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the Redis secret-init Job + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Annotations to be added to the Redis secret-init Job + jobAnnotations: {} + + # -- Annotations to be added to the Redis secret-init Job + podAnnotations: {} + + # -- Labels to be added to the Redis secret-init Job + podLabels: {} + + # -- Resource limits and requests for Redis secret-init Job + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + + # -- Application controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + # -- Redis secret-init Job pod-level security context + securityContext: {} + + serviceAccount: + # -- Create a service account for the redis pod + create: true + # -- Service account name for redis pod + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Priority class for Redis secret-init Job + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- Assign custom [affinity] rules to the Redis secret-init Job + affinity: {} + + # -- Node selector to be added to the Redis secret-init Job + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- Tolerations to be added to the Redis secret-init Job + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] ## Server server: + # -- Argo CD server name name: server + # -- The number of server pods to run replicas: 1 + # -- Runtime class name for the Argo CD server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Argo CD server Horizontal Pod Autoscaler autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server enabled: false + # -- Minimum number of replicas for the Argo CD server [HPA] minReplicas: 1 + # -- Maximum number of replicas for the Argo CD server [HPA] maxReplicas: 5 + # -- Average CPU utilization percentage for the Argo CD server [HPA] targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the Argo CD server [HPA] targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] + ## Argo CD server Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the Argo CD server + enabled: false + # -- Labels to be added to Argo CD server pdb + labels: {} + # -- Annotations to be added to Argo CD server pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `server.pdb.minAvailable` + maxUnavailable: "" + + ## Argo CD server image image: - repository: # defaults to global.image.repository - tag: # defaults to global.image.tag - imagePullPolicy: # IfNotPresent + # -- Repository to use for the Argo CD server + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the Argo CD server + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the Argo CD server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent - ## Additional command line arguments to pass to argocd-server - ## + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to Argo CD server extraArgs: [] - # - --insecure - ## Environment variables to pass to argocd-server - ## + # -- Environment variables to pass to Argo CD server env: [] - ## envFrom to pass to argocd-server - ## + # -- envFrom to pass to Argo CD server + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Specify postStart and preStop lifecycle hooks for your argo-cd-server container - ## + # -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container lifecycle: {} - ## Argo server log format: text|json - logFormat: text - ## Argo server log level - logLevel: info - - ## Annotations to be added to controller pods - ## - podAnnotations: {} - - ## Labels to be added to controller pods - ## - podLabels: {} - - ## Configures the server port - containerPort: 8080 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - ## Additional volumeMounts to the server main container. - volumeMounts: [] - - ## Additional volumes to the controller pod. - volumes: [] - - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} - - priorityClassName: "" - - ## Labels to set container specific security contexts - containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true - - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 50m - # memory: 64Mi - - ## Certificate configuration - certificate: + ## Argo CD extensions + ## This function in tech preview stage, do expect instability or breaking changes in newer versions. + ## Ref: https://github.com/argoproj-labs/argocd-extension-installer + ## When you enable extensions, you need to configure RBAC of logged in Argo CD user. + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource + extensions: + # -- Enable support for Argo CD extensions enabled: false - domain: argocd.example.com - issuer: {} - additionalHosts: [] - ## Server service configuration - service: - annotations: {} - labels: {} - type: ClusterIP - ## For node port default ports - nodePortHttp: 30080 - nodePortHttps: 30443 - servicePortHttp: 80 - servicePortHttps: 443 - servicePortHttpName: http - servicePortHttpsName: https - namedTargetPort: true - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalIPs: [] - externalTrafficPolicy: "" + ## Argo CD extension installer image + image: + # -- Repository to use for extension installer image + repository: "quay.io/argoprojlabs/argocd-extension-installer" + # -- Tag to use for extension installer image + tag: "v0.0.8" + # -- Image pull policy for extensions + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" - ## Server metrics service configuration - metrics: - enabled: false - service: - annotations: {} - labels: {} - servicePort: 8083 - serviceMonitor: - enabled: false - interval: 30s - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} + # -- Extensions for Argo CD + # @default -- `[]` (See [values.yaml]) + ## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension + extensionList: [] + # - name: extension-metrics + # env: + # - name: EXTENSION_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz + # - name: EXTENSION_CHECKSUM_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt - serviceAccount: - create: true - name: argocd-server - ## Annotations applied to created service account - annotations: {} - ## Automount API credentials for the Service Account - automountServiceAccountToken: true + # -- Server UI extensions container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL - ingress: - enabled: false - annotations: {} - labels: {} - ingressClassName: "" - - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - ## - hosts: - [] - # - argocd.example.com - paths: - - / - extraPaths: - [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) - # - path: /* - # pathType: Prefix - # backend: - # service - # name: ssl-redirect - # port: - # name: use-annotation - tls: - [] - # - secretName: argocd-tls-certificate - # hosts: - # - argocd.example.com - https: false - # dedicated ingress for gRPC as documented at - # https://argoproj.github.io/argo-cd/operator-manual/ingress/ - ingressGrpc: - enabled: false - annotations: {} - labels: {} - ingressClassName: "" - - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - ## - hosts: - [] - # - argocd.example.com - paths: - - / - extraPaths: - [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) - # - path: /* - # pathType: Prefix - # backend: - # service - # name: ssl-redirect - # port: - # name: use-annotation - tls: - [] - # - secretName: argocd-tls-certificate - # hosts: - # - argocd.example.com - https: false - - # Create a OpenShift Route with SSL passthrough for UI and CLI - # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain - # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: - # If 'hostname' is an empty string "" OpenShift will create a hostname for you. - route: - enabled: false - hostname: "" - - ## ArgoCD config - ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml - configEnabled: true - config: - # Argo CD's externally facing base URL (optional). Required when configuring SSO - url: https://argocd.example.com - # Argo CD instance label key - application.instanceLabelKey: argocd.argoproj.io/instance - # repositories: | - # - url: git@github.com:group/repo.git - # sshPrivateKeySecret: - # name: secret-name - # key: sshPrivateKey - # - type: helm - # url: https://charts.helm.sh/stable - # name: stable - # - type: helm - # url: https://argoproj.github.io/argo-helm - # name: argo - # oidc.config: | - # name: AzureAD - # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 - # clientID: CLIENT_ID - # clientSecret: $oidc.azuread.clientSecret - # requestedIDTokenClaims: - # groups: - # essential: true - # requestedScopes: - # - openid - # - profile - # - email - - ## Annotations to be added to ArgoCD ConfigMap - configAnnotations: {} - - ## ArgoCD rbac config - ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md - rbacConfig: - {} - # policy.csv is an file containing user-defined RBAC policies and role definitions (optional). - # Policy rules are in the form: - # p, subject, resource, action, object, effect - # Role definitions and bindings are in the form: - # g, subject, inherited-subject - # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information. - # policy.csv: | - # # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project' - # p, my-org:team-alpha, applications, sync, my-project/*, allow - # # Grant all members of 'my-org:team-beta' admins - # g, my-org:team-beta, role:admin - # policy.default is the name of the default role which Argo CD will falls back to, when - # authorizing API requests (optional). If omitted or empty, users may be still be able to login, - # but will see no apps, projects, etc... - # policy.default: role:readonly - # scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). - # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings. - # scopes: '[cognito:groups, email]' - - ## Annotations to be added to ArgoCD rbac ConfigMap - rbacConfigAnnotations: {} - - # Boolean determining whether or not to create the configmap. If false, it is expected the configmap will be created - # by something else. ArgoCD will not work if there is no configMap created with the name above. - rbacConfigCreate: true - - ## Not well tested and not well supported on release v1.0.0. - ## Applications - ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ - additionalApplications: [] - # - name: guestbook - # namespace: argocd - # additionalLabels: {} - # additionalAnnotations: {} - # project: guestbook - # source: - # repoURL: https://github.com/argoproj/argocd-example-apps.git - # targetRevision: HEAD - # path: guestbook - # directory: - # recurse: true - # destination: - # server: https://kubernetes.default.svc - # namespace: guestbook - # syncPolicy: - # automated: - # prune: false - # selfHeal: false - - ## Projects - ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ - additionalProjects: [] - # - name: guestbook - # namespace: argocd - # additionalLabels: {} - # additionalAnnotations: {} - # description: Example Project - # sourceRepos: - # - '*' - # destinations: - # - namespace: guestbook - # server: https://kubernetes.default.svc - # clusterResourceWhitelist: [] - # namespaceResourceBlacklist: - # - group: '' - # kind: ResourceQuota - # - group: '' - # kind: LimitRange - # - group: '' - # kind: NetworkPolicy - # orphanedResources: {} - # roles: [] - # namespaceResourceWhitelist: - # - group: 'apps' - # kind: Deployment - # - group: 'apps' - # kind: StatefulSet - # orphanedResources: {} - # roles: [] - # syncWindows: - # - kind: allow - # schedule: '10 1 * * *' - # duration: 1h - # applications: - # - '*-prod' - # manualSync: true - - ## Enable Admin ClusterRole resources. - ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster. - clusterAdminAccess: - enabled: true - - ## Enable BackendConfig custom resource for Google Kubernetes Engine - GKEbackendConfig: - enabled: false - spec: {} - # spec: - # iap: - # enabled: true - # oauthclientCredentials: - # secretName: argocd-secret + # -- Resource limits and requests for the argocd-extensions container + resources: {} + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + # -- Additional containers to be added to the server pod + ## Note: Supports use of custom Helm templates extraContainers: [] - ## Additional containers to be added to the controller pod. - ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. # - name: my-sidecar # image: nginx:latest # - name: lemonldap-ng-controller @@ -788,95 +1920,697 @@ server: # - name: copy-portal-skins # mountPath: /srv/var/lib/lemonldap-ng/portal/skins + # -- Init containers to add to the server pod + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the application controller pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + initContainers: [] + # - name: download-tools + # image: alpine:3 + # command: [sh, -c] + # args: + # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && + # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + + # -- Additional volumeMounts to the server main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin + # name: custom-tools + # subPath: kubelogin + + # -- Additional volumes to the server pod + volumes: [] + # - name: custom-tools + # emptyDir: {} + + ## Argo CD server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for the Argo CD server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # -- Annotations to be added to server Deployment + deploymentAnnotations: {} + + # -- Annotations to be added to server pods + podAnnotations: {} + + # -- Labels to be added to server pods + podLabels: {} + + # -- Resource limits and requests for the Argo CD server + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 50m + # memory: 64Mi + + # Server container ports + containerPorts: + # -- Server container port + server: 8080 + # -- Metrics container port + metrics: 8083 + + # -- Host Network for Server pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Server pods + dnsPolicy: "ClusterFirst" + + # -- Server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Priority class for the Argo CD server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # TLS certificate configuration via cert-manager + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server + certificate: + # -- Deploy a Certificate resource (requires cert-manager) + enabled: false + # -- Certificate primary domain (commonName) + # @default -- `""` (defaults to global.domain) + domain: "" + # -- Certificate Subject Alternate Names (SANs) + additionalHosts: [] + # -- The requested 'duration' (i.e. lifetime) of the certificate. + # @default -- `""` (defaults to 2160h = 90d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + duration: "" + # -- How long before the expiry a certificate should be renewed. + # @default -- `""` (defaults to 360h = 15d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + renewBefore: "" + # Certificate issuer + ## Ref: https://cert-manager.io/docs/concepts/issuer + issuer: + # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` + group: "" + # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` + kind: "" + # -- Certificate issuer name. Eg. `letsencrypt` + name: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 + # -- Annotations to be applied to the Server Certificate + annotations: {} + # -- Usages for the certificate + ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage + usages: [] + # -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources + secretTemplateAnnotations: {} + + # TLS certificate configuration via Secret + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server + certificateSecret: + # -- Create argocd-server-tls secret + enabled: false + # -- Annotations to be added to argocd-server-tls secret + annotations: {} + # -- Labels to be added to argocd-server-tls secret + labels: {} + # -- Private Key of the certificate + key: '' + # -- Certificate data + crt: '' + + ## Server service configuration + service: + # -- Server service annotations + annotations: {} + # -- Server service labels + labels: {} + # -- Server service type + type: ClusterIP + # -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") + nodePortHttp: 30080 + # -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") + nodePortHttps: 30443 + # -- Server service http port + servicePortHttp: 80 + # -- Server service https port + servicePortHttps: 443 + # -- Server service http port name, can be used to route traffic via istio + servicePortHttpName: http + # -- Server service https port name, can be used to route traffic via istio + servicePortHttpsName: https + # -- Server service https port appProtocol + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + servicePortHttpsAppProtocol: "" + # -- The class of the load balancer implementation + loadBalancerClass: "" + # -- LoadBalancer will get created with the IP specified in this field + loadBalancerIP: "" + # -- Source IP ranges to allow access to service from + ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer + ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb + loadBalancerSourceRanges: [] + # -- Server service external IPs + externalIPs: [] + # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: Cluster + # -- Used to maintain session affinity. Supports `ClientIP` and `None` + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + sessionAffinity: None + + ## Server metrics service configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8083 + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # monitoring + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create server service account + create: true + # -- Server service account name + name: argocd-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # Argo CD server ingress configuration + ingress: + # -- Enable an ingress resource for the Argo CD server + enabled: false + # -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke` + ## Additional configuration might be required in related configuration sections + controller: generic + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough + annotations: {} + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + + # -- Defines which ingress controller will implement the resource + ingressClassName: "" + + # -- Argo CD server hostname + # @default -- `""` (defaults to global.domain) + hostname: "" + + # -- The path to Argo CD server + path: / + + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret `argocd-server-tls` + ## You can create this secret via `certificate` or `certificateSecret` option + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - http: + # paths: + # - path: / + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.server.fullname" . }}' + # port: + # name: '{{ .Values.server.service.servicePortHttpsName }}' + + # -- Additional TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - hosts: + # - argocd.example.com + # secretName: your-certificate-name + + # AWS specific options for Application Load Balancer + # Applies only when `serv.ingress.controller` is set to `aws` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode + aws: + # -- Backend protocol version for the AWS ALB gRPC service + ## This tells AWS to send traffic from the ALB using gRPC. + ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings + backendProtocolVersion: GRPC + # -- Service type for the AWS ALB gRPC service + ## Can be of type NodePort or ClusterIP depending on which mode you are running. + ## Instance mode needs type NodePort, IP mode needs type ClusterIP + ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic + serviceType: NodePort + + # Google specific options for Google Application Load Balancer + # Applies only when `server.ingress.controller` is set to `gke` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress + gke: + # -- Google [BackendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + backendConfig: {} + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argocd-secret + + # -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + frontendConfig: {} + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + + # Managed GKE certificate for ingress hostname + managedCertificate: + # -- Create ManagedCertificate resource and annotations for Google Load balancer + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + create: true + # -- Additional domains for ManagedCertificate resource + extraDomains: [] + # - argocd.example.com + + # Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts + ingressGrpc: + # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] + enabled: false + # -- Additional ingress annotations for dedicated [gRPC-ingress] + annotations: {} + # -- Additional ingress labels for dedicated [gRPC-ingress] + labels: {} + # -- Defines which ingress controller will implement the resource [gRPC-ingress] + ingressClassName: "" + + # -- Argo CD server hostname for dedicated [gRPC-ingress] + # @default -- `""` (defaults to grpc.`server.ingress.hostname`) + hostname: "" + + # -- Argo CD server ingress path for dedicated [gRPC-ingress] + path: / + + # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` + ## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: grpc.argocd.example.com + # path: / + + # -- Additional ingress paths for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - http: + # paths: + # - path: / + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.server.fullname" . }}' + # port: + # name: '{{ .Values.server.service.servicePortHttpName }}' + + # -- Additional TLS configuration for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - secretName: your-certificate-name + # hosts: + # - argocd.example.com + + # Create a OpenShift Route with SSL passthrough for UI and CLI + # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain + # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: + # If 'hostname' is an empty string "" OpenShift will create a hostname for you. + route: + # -- Enable an OpenShift Route for the Argo CD server + enabled: false + # -- Openshift Route annotations + annotations: {} + # -- Hostname of OpenShift Route + hostname: "" + # -- Termination type of Openshift Route + termination_type: passthrough + # -- Termination policy of Openshift Route + termination_policy: None + + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the server's ClusterRole resource + enabled: false + # -- List of custom rules for the server's ClusterRole resource + rules: [] + ## Repo Server repoServer: + # -- Repo server name name: repo-server + # -- The number of repo server pods to run replicas: 1 + # -- Runtime class name for the repo server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Repo server Horizontal Pod Autoscaler autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server enabled: false + # -- Minimum number of replicas for the repo server [HPA] minReplicas: 1 + # -- Maximum number of replicas for the repo server [HPA] maxReplicas: 5 + # -- Average CPU utilization percentage for the repo server [HPA] targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the repo server [HPA] targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD repo server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] + ## Repo server Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the repo server + enabled: false + # -- Labels to be added to repo server pdb + labels: {} + # -- Annotations to be added to repo server pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `repoServer.pdb.minAvailable` + maxUnavailable: "" + + ## Repo server image image: - repository: # defaults to global.image.repository - tag: # defaults to global.image.tag - imagePullPolicy: # IfNotPresent + # -- Repository to use for the repo server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the repo server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the repo server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" - ## Additional command line arguments to pass to argocd-repo-server - ## + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to repo server extraArgs: [] - ## Environment variables to pass to argocd-repo-server - ## + # -- Environment variables to pass to repo server env: [] - ## envFrom to pass to argocd-repo-server - ## + # -- envFrom to pass to repo server + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Argo repoServer log format: text|json - logFormat: text - ## Argo repoServer log level - logLevel: info + # -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container + lifecycle: {} - ## Annotations to be added to repo server pods - ## - podAnnotations: {} + # -- Additional containers to be added to the repo server pod + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ + ## Note: Supports use of custom Helm templates + extraContainers: [] + # - name: cmp-my-plugin + # command: + # - "/var/run/argocd/argocd-cmp-server" + # image: busybox + # securityContext: + # runAsNonRoot: true + # runAsUser: 999 + # volumeMounts: + # - mountPath: /var/run/argocd + # name: var-files + # - mountPath: /home/argocd/cmp-server/plugins + # name: plugins + # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. + # - mountPath: /home/argocd/cmp-server/config/plugin.yaml + # subPath: my-plugin.yaml + # name: argocd-cmp-cm + # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # # mitigate path traversal attacks. + # - mountPath: /tmp + # name: cmp-tmp + # - name: cmp-my-plugin2 + # command: + # - "/var/run/argocd/argocd-cmp-server" + # image: busybox + # securityContext: + # runAsNonRoot: true + # runAsUser: 999 + # volumeMounts: + # - mountPath: /var/run/argocd + # name: var-files + # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. + # - mountPath: /home/argocd/cmp-server/plugins + # name: plugins + # - mountPath: /home/argocd/cmp-server/config/plugin.yaml + # subPath: my-plugin2.yaml + # name: argocd-cmp-cm + # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # # mitigate path traversal attacks. + # - mountPath: /tmp + # name: cmp-tmp - ## Labels to be added to repo server pods - ## - podLabels: {} + # -- Init containers to add to the repo server pods + initContainers: [] - ## Configures the repo server port - containerPort: 8081 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - ## Additional volumeMounts to the repo server main container. + # -- Additional volumeMounts to the repo server main container volumeMounts: [] - ## Additional volumes to the repo server pod. + # -- Additional volumes to the repo server pod volumes: [] + # - name: argocd-cmp-cm + # configMap: + # name: argocd-cmp-cm + # - name: cmp-tmp + # emptyDir: {} - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} + # -- Volumes to be used in replacement of emptydir on default volumes + existingVolumes: {} + # gpgKeyring: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-keyring + # helmWorkingDir: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-workdir + # tmp: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-tmp + # varFiles: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-varfiles + # plugins: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-plugins - priorityClassName: "" + ## RepoServer emptyDir volumes + emptyDir: + # -- EmptyDir size limit for repo server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" - ## Labels to set container specific security contexts - containerSecurityContext: - {} - # capabilities: - # drop: - # - all - # readOnlyRootFilesystem: true + # -- Toggle the usage of a ephemeral Helm working directory + useEphemeralHelmWorkingDir: true + # -- Annotations to be added to repo server Deployment + deploymentAnnotations: {} + + # -- Annotations to be added to repo server pods + podAnnotations: {} + + # -- Labels to be added to repo server pods + podLabels: {} + + # -- Resource limits and requests for the repo server pods resources: {} # limits: # cpu: 50m @@ -885,40 +2619,195 @@ repoServer: # cpu: 10m # memory: 64Mi + # Repo server container ports + containerPorts: + # -- Repo server container port + server: 8081 + # -- Metrics container port + metrics: 8084 + + # -- Host Network for Repo server pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Repo server pods + dnsPolicy: "ClusterFirst" + + # -- Repo server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the repo server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the repo server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the repo server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # TLS certificate configuration via Secret + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server + ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers. + certificateSecret: + # -- Create argocd-repo-server-tls secret + enabled: false + # -- Annotations to be added to argocd-repo-server-tls secret + annotations: {} + # -- Labels to be added to argocd-repo-server-tls secret + labels: {} + # -- Certificate authority. Required for self-signed certificates. + ca: '' + # -- Certificate private key + key: '' + # -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc) + crt: '' + ## Repo server service configuration service: + # -- Repo server service annotations annotations: {} + # -- Repo server service labels labels: {} + # -- Repo server service port port: 8081 - portName: https-repo-server + # -- Repo server service port name + portName: tcp-repo-server ## Repo server metrics service configuration metrics: + # -- Deploy metrics service enabled: false service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations annotations: {} + # -- Metrics service labels labels: {} + # -- Metrics service port servicePort: 8084 + # -- Metrics service port name + portName: http-metrics serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Prometheus ServiceMonitor interval interval: 30s - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + ## Enable Custom Rules for the Repo server's Cluster Role resource + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the Repo server's Cluster Role resource + enabled: false + # -- List of custom rules for the Repo server's Cluster Role resource + rules: [] + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true ## Repo server service account ## If create is set to true, make sure to uncomment the name and update the rbac section below serviceAccount: - create: false - # name: argocd-repo-server - ## Annotations applied to created service account + # -- Create repo server service account + create: true + # -- Repo server service account name + name: "" # "argocd-repo-server" + # -- Annotations applied to created service account annotations: {} - ## Automount API credentials for the Service Account + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account automountServiceAccountToken: true - ## Repo server rbac rules - # rbac: + # -- Repo server rbac rules + rbac: [] # - apiGroups: # - argoproj.io # resources: @@ -928,168 +2817,1116 @@ repoServer: # - list # - watch - ## Use init containers to configure custom tooling - ## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/ - ## When using the volumes & volumeMounts section bellow, please comment out those above. - # volumes: - # - name: custom-tools - # emptyDir: {} - # - # initContainers: - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm +## ApplicationSet controller +applicationSet: + # -- ApplicationSet controller name string + name: applicationset-controller -## Argo Configs -configs: - ## External Cluster Credentials - ## reference: - ## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters - ## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials - clusterCredentials: [] - # - name: mycluster - # server: https://mycluster.com - # labels: {} - # annotations: {} - # config: - # bearerToken: "" - # tlsClientConfig: - # insecure: false - # caData: "" - # - name: mycluster2 - # server: https://mycluster2.com - # labels: {} - # annotations: {} - # namespaces: namespace1,namespace2 - # config: - # bearerToken: "" - # tlsClientConfig: - # insecure: false - # caData: "" + # -- The number of ApplicationSet controller pods to run + replicas: 1 - knownHostsAnnotations: {} - knownHosts: - data: - ssh_known_hosts: | - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - tlsCertsAnnotations: {} - tlsCerts: - {} - # data: - # argocd.example.com: | - # -----BEGIN CERTIFICATE----- - # MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL - # BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE - # BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0 - # c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda - # Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT - # YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES - # MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi - # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5 - # NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc - # CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u - # P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G - # ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+ - # YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E - # Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko - # Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J - # kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u - # kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO - # gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7 - # bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86 - # r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/ - # BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn - # Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx - # CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2 - # XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT - # +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr - # d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO - # OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so - # 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr - # jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8 - # 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W - # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK - # XWyb96wrUlv+E8I= - # -----END CERTIFICATE----- - # Creates a secret with optional repository credentials - repositoryCredentials: - {} - # sample-ssh-key: | - # -----BEGIN RSA PRIVATE KEY----- - # MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N - # z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4 - # nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB - # AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x - # O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe - # tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6 - # cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8 - # 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM - # hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK - # xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ - # FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc - # NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le - # XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo= - # -----END RSA PRIVATE KEY----- - secret: - createSecret: true - ## Annotations to be added to argocd-secret - ## + # -- Runtime class name for the ApplicationSet controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## ApplicationSet controller Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the ApplicationSet controller + enabled: false + # -- Labels to be added to ApplicationSet controller pdb + labels: {} + # -- Annotations to be added to ApplicationSet controller pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `applicationSet.pdb.minAvailable` + maxUnavailable: "" + + ## ApplicationSet controller image + image: + # -- Repository to use for the ApplicationSet controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the ApplicationSet controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the ApplicationSet controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- If defined, uses a Secret to pull an image from a private Docker registry or repository. + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- ApplicationSet controller command line flags + extraArgs: [] + + # -- Environment variables to pass to the ApplicationSet controller + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the ApplicationSet controller + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Additional containers to be added to the ApplicationSet controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the ApplicationSet controller pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + ## ApplicationSet controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for applicationSet controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + ## Metrics service configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8080 + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # monitoring + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + ## ApplicationSet service configuration + service: + # -- ApplicationSet service annotations + annotations: {} + # -- ApplicationSet service labels + labels: {} + # -- ApplicationSet service type + type: ClusterIP + # -- ApplicationSet service port + port: 7000 + # -- ApplicationSet service port name + portName: http-webhook + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create ApplicationSet controller service account + create: true + # -- ApplicationSet controller service account name + name: argocd-applicationset-controller + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Annotations to be added to ApplicationSet controller Deployment + deploymentAnnotations: {} + + # -- Annotations for the ApplicationSet controller pods + podAnnotations: {} + + # -- Labels for the ApplicationSet controller pods + podLabels: {} + + # -- Resource limits and requests for the ApplicationSet controller pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # ApplicationSet controller container ports + containerPorts: + # -- Metrics container port + metrics: 8080 + # -- Probe container port + probe: 8081 + # -- Webhook container port + webhook: 7000 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for ApplicationSet controller pods + dnsPolicy: "ClusterFirst" + + # -- ApplicationSet controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for ApplicationSet controller (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for ApplicationSet controller + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for ApplicationSet controller + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the ApplicationSet controller Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the ApplicationSet controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # TLS certificate configuration via cert-manager + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration + certificate: + # -- Deploy a Certificate resource (requires cert-manager) + enabled: false + # -- Certificate primary domain (commonName) + # @default -- `""` (defaults to global.domain) + domain: "" + # -- Certificate Subject Alternate Names (SANs) + additionalHosts: [] + # -- The requested 'duration' (i.e. lifetime) of the certificate. + # @default -- `""` (defaults to 2160h = 90d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + duration: "" + # -- How long before the expiry a certificate should be renewed. + # @default -- `""` (defaults to 360h = 15d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + renewBefore: "" + # Certificate issuer + ## Ref: https://cert-manager.io/docs/concepts/issuer + issuer: + # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` + group: "" + # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` + kind: "" + # -- Certificate issuer name. Eg. `letsencrypt` + name: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 + # -- Annotations to be applied to the ApplicationSet Certificate annotations: {} - # Webhook Configs - githubSecret: "" - gitlabSecret: "" - bitbucketServerSecret: "" - bitbucketUUID: "" - gogsSecret: "" + ## Ingress for the Git Generator webhook + ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) + ingress: + # -- Enable an ingress resource for ApplicationSet webhook + enabled: false + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + annotations: {} - # Custom secrets. Useful for injecting SSO secrets into environment variables. - # Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/ - # Note that all values must be non-empty. - extra: - {} - # LDAP_PASSWORD: "mypassword" + # -- Defines which ingress ApplicationSet controller will implement the resource + ingressClassName: "" - # Argo TLS Data. - argocdServerTlsConfig: - {} - # key: - # crt: | - # -----BEGIN CERTIFICATE----- - # - # -----END CERTIFICATE----- - # -----BEGIN CERTIFICATE----- - # - # -----END CERTIFICATE----- + # -- Argo CD ApplicationSet hostname + # @default -- `""` (defaults to global.domain) + hostname: "" - # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with - # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` - # argocdServerAdminPassword: "" - # Password modification time defaults to current time if not set - # argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z" + # -- List of ingress paths + path: /api/webhook - ## Custom CSS Styles - ## Reference: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ - # styles: | - # .nav-bar { - # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); - # } + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix -openshift: + # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - http: + # paths: + # - path: /api/webhook + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.applicationSet.fullname" . }}' + # port: + # name: '{{ .Values.applicationSet.service.portName }}' + + # -- Additional ingress TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - secretName: argocd-applicationset-tls + # hosts: + # - argocd-applicationset.example.com + # -- Enable ApplicationSet in any namespace feature + allowAnyNamespace: false +## Notifications controller +notifications: + # -- Enable notifications controller + enabled: true + + # -- Notifications controller name string + name: notifications-controller + + # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates + # @default -- `""` (defaults to https://`global.domain`) + argocdUrl: "" + + # -- Runtime class name for the notifications controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Notifications controller Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the notifications controller + enabled: false + # -- Labels to be added to notifications controller pdb + labels: {} + # -- Annotations to be added to notifications controller pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `notifications.pdb.minAvailable` + maxUnavailable: "" + + ## Notifications controller image + image: + # -- Repository to use for the notifications controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the notifications controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the notifications controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Notifications controller log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + logFormat: "" + # -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + logLevel: "" + + # -- Extra arguments to provide to the notifications controller + extraArgs: [] + + # -- Additional container environment variables + extraEnv: [] + + # -- envFrom to pass to the notifications controller + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Additional containers to be added to the notifications controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the notifications controller pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + # -- Define user-defined context + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context + context: {} + # region: east + # environmentName: staging + + secret: + # -- Whether helm chart creates notifications controller secret + ## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name. + create: true + + # -- notifications controller Secret name + name: "argocd-notifications-secret" + + # -- key:value pairs of annotations to be added to the secret + annotations: {} + + # -- key:value pairs of labels to be added to the secret + labels: {} + + # -- Generic key:value pairs to be inserted into the secret + ## Can be used for templates, notification services etc. Some examples given below. + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ + items: {} + # slack-token: + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/ + + # grafana-apiKey: + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/ + + # webhooks-github-token: + + # email-username: + # email-password: + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/ + + metrics: + # -- Enables prometheus metrics server + enabled: false + # -- Metrics port + port: 9001 + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + + # -- Configures notification services such as slack, email or custom webhook + # @default -- See [values.yaml] + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ + notifiers: {} + # service.slack: | + # token: $slack-token + + # -- Annotations to be applied to the notifications controller Deployment + deploymentAnnotations: {} + + # -- Annotations to be applied to the notifications controller Pods + podAnnotations: {} + + # -- Labels to be applied to the notifications controller Pods + podLabels: {} + + # -- Resource limits and requests for the notifications controller + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # Notification controller container ports + containerPorts: + # -- Metrics container port + metrics: 9001 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for notifications controller Pods + dnsPolicy: "ClusterFirst" + + # -- Notification controller container-level security Context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for notifications controller Pods (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the application controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the notifications controller Deployment + deploymentStrategy: + type: Recreate + + # -- Priority class for the notifications controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create notifications controller service account + create: true + # -- Notification controller service account name + name: argocd-notifications-controller + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + cm: + # -- Whether helm chart creates notifications controller config map + create: true + + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- List of custom rules for the notifications controller's ClusterRole resource + rules: [] + + # -- Contains centrally managed global application subscriptions + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/ + subscriptions: [] + # # subscription for on-sync-status-unknown trigger notifications + # - recipients: + # - slack:test2 + # - email:test@gmail.com + # triggers: + # - on-sync-status-unknown + # # subscription restricted to applications with matching labels only + # - recipients: + # - slack:test3 + # selector: test=true + # triggers: + # - on-sync-status-unknown + + # -- The notification template is used to generate the notification content + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/ + templates: {} + # template.app-deployed: | + # email: + # subject: New version of an application {{.app.metadata.name}} is up and running. + # message: | + # {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests. + # slack: + # attachments: | + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#18be52", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # }, + # { + # "title": "Revision", + # "value": "{{.app.status.sync.revision}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-health-degraded: | + # email: + # subject: Application {{.app.metadata.name}} has degraded. + # message: | + # {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. + # Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#f4c030", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-sync-failed: | + # email: + # subject: Failed to sync application {{.app.metadata.name}}. + # message: | + # {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} + # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#E96D76", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-sync-running: | + # email: + # subject: Start syncing application {{.app.metadata.name}}. + # message: | + # The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. + # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#0DADEA", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-sync-status-unknown: | + # email: + # subject: Application {{.app.metadata.name}} sync status is 'Unknown' + # message: | + # {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. + # Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + # {{if ne .serviceType "slack"}} + # {{range $c := .app.status.conditions}} + # * {{$c.message}} + # {{end}} + # {{end}} + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#E96D76", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-sync-succeeded: | + # email: + # subject: Application {{.app.metadata.name}} has been successfully synced. + # message: | + # {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. + # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#18be52", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + + # -- The trigger defines the condition when the notification should be sent + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/ + triggers: {} + # trigger.on-deployed: | + # - description: Application is synced and healthy. Triggered once per commit. + # oncePer: app.status.sync.revision + # send: + # - app-deployed + # when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' + # trigger.on-health-degraded: | + # - description: Application has degraded + # send: + # - app-health-degraded + # when: app.status.health.status == 'Degraded' + # trigger.on-sync-failed: | + # - description: Application syncing has failed + # send: + # - app-sync-failed + # when: app.status.operationState.phase in ['Error', 'Failed'] + # trigger.on-sync-running: | + # - description: Application is being synced + # send: + # - app-sync-running + # when: app.status.operationState.phase in ['Running'] + # trigger.on-sync-status-unknown: | + # - description: Application status is 'Unknown' + # send: + # - app-sync-status-unknown + # when: app.status.sync.status == 'Unknown' + # trigger.on-sync-succeeded: | + # - description: Application syncing has succeeded + # send: + # - app-sync-succeeded + # when: app.status.operationState.phase in ['Succeeded'] + # + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers + # defaultTriggers: | + # - on-sync-status-unknown + +commitServer: + # -- Enable commit server enabled: false + + # -- Commit server name + name: commit-server + + # -- Runtime class name for the commit server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## commit server controller image + image: + # -- Repository to use for the commit server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the commit server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the commit server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- commit server command line flags + extraArgs: [] + + # -- Environment variables to pass to the commit server + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the commit server + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + metrics: + # -- Enables prometheus metrics server + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8087 + # -- Metrics service port name + portName: metrics + + ## commit server service configuration + service: + # -- commit server service annotations + annotations: {} + # -- commit server service labels + labels: {} + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: false + + serviceAccount: + # -- Create commit server service account + create: true + # -- commit server service account name + name: argocd-commit-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Annotations to be added to commit server Deployment + deploymentAnnotations: {} + + # -- Annotations for the commit server pods + podAnnotations: {} + + # -- Labels for the commit server pods + podLabels: {} + + # -- Resource limits and requests for the commit server pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for commit server pods + dnsPolicy: "ClusterFirst" + + # -- commit server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + + ## Probes for commit server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 30 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 5 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the commit server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the commit server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the commit server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" diff --git a/charts/argo-events/.helmignore b/charts/argo-events/.helmignore index f0c13194..ec59d66d 100644 --- a/charts/argo-events/.helmignore +++ b/charts/argo-events/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +ci/ +*.gotmpl diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 6a7b1b7e..a184cb91 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,17 +1,22 @@ apiVersion: v2 -description: A Helm chart to install Argo-Events in k8s Cluster +appVersion: v1.9.5 +description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 1.6.1 +version: 2.4.13 +home: https://github.com/argoproj/argo-helm +icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: + - argoproj - argo-events - - sensor-controller - - eventsource-controller - - eventbus-controller sources: - https://github.com/argoproj/argo-events maintainers: - - name: VaibhavPage - - name: whynowy -appVersion: 1.3.1 -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -home: https://github.com/argoproj/argo-helm + - name: argoproj + url: https://argoproj.github.io/ +annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + artifacthub.io/changes: | + - kind: changed + description: Bump argo-events to v1.9.5 diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index 3c375c3a..7e9f6e37 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -1,20 +1,242 @@ # Argo-Events Chart This is a **community maintained** chart. It installs the [argo-events](https://github.com/argoproj/argo-events) application. This application comes packaged with: + - Sensor Custom Resource Definition (See CRD Notes) - EventSource Custom Resource Definition (See CRD Notes) - EventBus Custom Resource Definition (See CRD Notes) -- Sensor Controller Deployment -- EventSource Controller Deployment -- EventBus Controller Deployment -- Service Account -- Roles -- Role Bindings -- Cluster Roles -- Cluster Role Bindings +- Controller Deployment +- Validation Webhook Deployment +- Service Accounts +- Roles / Cluster Roles +- Role Bindings / Cluster Role Bindings -## Notes on CRD Installation +To regenerate this document, please run: -Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart. +```shell +./scripts/helm-docs.sh +``` -You can install the CRDs manually from `crds` folder. \ No newline at end of file +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-events +NAME: my-release +... +``` + +## Upgrading + +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +You can install the CRDs manually from `templates/crds` folder. + +### 2.0.* + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs please use following command: + +```bash +for crd in "eventbus.argoproj.io" "eventsources.argoproj.io" "sensors.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace= + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name= +done +``` + +## Values + +### General parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) | +| configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) | +| configs.jetstream.streamConfig.discard | int | `0` | 0: DiscardOld, 1: DiscardNew | +| configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment | +| configs.jetstream.streamConfig.maxAge | string | `"72h"` | Maximum age of existing messages, i.e. “72h”, “4h35m” | +| configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | | +| configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message | +| configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 | +| configs.jetstream.streamConfig.retention | int | `0` | 0: Limits, 1: Interest, 2: WorkQueue | +| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | +| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | +| configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` | | +| configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[0].version | string | `"latest"` | | +| configs.jetstream.versions[1].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[1].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[1].natsImage | string | `"nats:2.8.1"` | | +| configs.jetstream.versions[1].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[1].version | string | `"2.8.1"` | | +| configs.jetstream.versions[2].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[2].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[2].natsImage | string | `"nats:2.8.1-alpine"` | | +| configs.jetstream.versions[2].startCommand | string | `"nats-server"` | | +| configs.jetstream.versions[2].version | string | `"2.8.1-alpine"` | | +| configs.jetstream.versions[3].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[3].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[3].natsImage | string | `"nats:2.8.2"` | | +| configs.jetstream.versions[3].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[3].version | string | `"2.8.2"` | | +| configs.jetstream.versions[4].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[4].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[4].natsImage | string | `"nats:2.8.2-alpine"` | | +| configs.jetstream.versions[4].startCommand | string | `"nats-server"` | | +| configs.jetstream.versions[4].version | string | `"2.8.2-alpine"` | | +| configs.jetstream.versions[5].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[5].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[5].natsImage | string | `"nats:2.9.1"` | | +| configs.jetstream.versions[5].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[5].version | string | `"2.9.1"` | | +| configs.jetstream.versions[6].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[6].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[6].natsImage | string | `"nats:2.9.12"` | | +| configs.jetstream.versions[6].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[6].version | string | `"2.9.12"` | | +| configs.jetstream.versions[7].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` | | +| configs.jetstream.versions[7].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` | | +| configs.jetstream.versions[7].natsImage | string | `"nats:2.9.16"` | | +| configs.jetstream.versions[7].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[7].version | string | `"2.9.16"` | | +| configs.jetstream.versions[8].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` | | +| configs.jetstream.versions[8].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` | | +| configs.jetstream.versions[8].natsImage | string | `"nats:2.10.10"` | | +| configs.jetstream.versions[8].startCommand | string | `"/nats-server"` | | +| configs.jetstream.versions[8].version | string | `"2.10.10"` | | +| configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus | +| crds.annotations | object | `{}` | Annotations to be added to all CRDs | +| crds.install | bool | `true` | Install and upgrade CRDs | +| crds.keep | bool | `true` | Keep CRDs on chart uninstall | +| createAggregateRoles | bool | `false` | Create clusterroles that extend existing clusterroles to interact with argo-events crds Only applies for cluster-wide installation (`controller.rbac.namespaced: false`) | +| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | +| fullnameOverride | string | `""` | String to fully override "argo-events.fullname" template | +| global.additionalLabels | object | `{}` | Additional labels to add to all resources | +| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | +| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo Events deployments | +| global.image.repository | string | `"quay.io/argoproj/argo-events"` | If defined, a repository applied to all Argo Events deployments | +| global.image.tag | string | `""` | Overrides the global Argo Events image tag whose default is the chart appVersion | +| global.imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository | +| global.podAnnotations | object | `{}` | Annotations for the all deployed pods | +| global.podLabels | object | `{}` | Labels for the all deployed pods | +| global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] | +| nameOverride | string | `"argo-events"` | Provide a name in place of `argo-events` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | +| openshift | bool | `false` | Deploy on OpenShift | + +### Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| controller.containerSecurityContext | object | `{}` | Events controller container-level security context | +| controller.env | list | `[]` | Environment variables to pass to events controller | +| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to events controller | +| controller.extraContainers | list | `[]` | Additional containers to be added to the events controller pods | +| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the events controller | +| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the events controller | +| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the events controller | +| controller.initContainers | list | `[]` | Init containers to add to the events controller pods | +| controller.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.labels | object | `{}` | Metrics service labels | +| controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| controller.name | string | `"controller-manager"` | Argo Events controller name string | +| controller.nodeSelector | object | `{}` | [Node selector] | +| controller.pdb.annotations | object | `{}` | Annotations to be added to events controller pdb | +| controller.pdb.enabled | bool | `false` | Deploy a PodDisruptionBudget for the events controller | +| controller.pdb.labels | object | `{}` | Labels to be added to events controller pdb | +| controller.podAnnotations | object | `{}` | Annotations to be added to events controller pods | +| controller.podLabels | object | `{}` | Labels to be added to events controller pods | +| controller.priorityClassName | string | `""` | Priority class for the events controller pods | +| controller.rbac.enabled | bool | `true` | Create events controller RBAC | +| controller.rbac.managedNamespace | string | `""` | Additional namespace to be monitored by the controller | +| controller.rbac.namespaced | bool | `false` | Restrict events controller to operate only in a single namespace instead of cluster-wide scope. | +| controller.rbac.rules | list | `[]` | Additional user rules for event controller's rbac | +| controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.replicas | int | `1` | The number of events controller pods to run. | +| controller.resources | object | `{}` | Resource limits and requests for the events controller pods | +| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| controller.serviceAccount.create | bool | `true` | Create a service account for the events controller | +| controller.serviceAccount.name | string | `""` | Service account name | +| controller.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the events controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to the events controller main container | +| controller.volumes | list | `[]` | Additional volumes to the events controller pod | + +### Webhook + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| webhook.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| webhook.containerSecurityContext | object | `{}` | Event controller container-level security context | +| webhook.enabled | bool | `false` | Enable admission webhook. Applies only for cluster-wide installation | +| webhook.env | list | `[]` (See [values.yaml]) | Environment variables to pass to event controller | +| webhook.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to event controller | +| webhook.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the event controller | +| webhook.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the event controller | +| webhook.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the event controller | +| webhook.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| webhook.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| webhook.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| webhook.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| webhook.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| webhook.name | string | `"events-webhook"` | Argo Events admission webhook name string | +| webhook.nodeSelector | object | `{}` | [Node selector] | +| webhook.pdb.annotations | object | `{}` | Annotations to be added to admission webhook pdb | +| webhook.pdb.enabled | bool | `false` | Deploy a PodDisruptionBudget for the admission webhook | +| webhook.pdb.labels | object | `{}` | Labels to be added to admission webhook pdb | +| webhook.podAnnotations | object | `{}` | Annotations to be added to event controller pods | +| webhook.podLabels | object | `{}` | Labels to be added to event controller pods | +| webhook.port | int | `443` | Port to listen on | +| webhook.priorityClassName | string | `""` | Priority class for the event controller pods | +| webhook.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| webhook.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| webhook.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| webhook.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| webhook.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| webhook.replicas | int | `1` | The number of webhook pods to run. | +| webhook.resources | object | `{}` | Resource limits and requests for the event controller pods | +| webhook.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| webhook.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| webhook.serviceAccount.create | bool | `true` | Create a service account for the admission webhook | +| webhook.serviceAccount.name | string | `""` | Service account name | +| webhook.tolerations | list | `[]` | [Tolerations] for use with node taints | +| webhook.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the event controller | +| webhook.volumeMounts | list | `[]` | Additional volumeMounts to the event controller main container | +| webhook.volumes | list | `[]` | Additional volumes to the event controller pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ +[values.yaml]: values.yaml diff --git a/charts/argo-events/README.md.gotmpl b/charts/argo-events/README.md.gotmpl new file mode 100644 index 00000000..505217ba --- /dev/null +++ b/charts/argo-events/README.md.gotmpl @@ -0,0 +1,97 @@ +# Argo-Events Chart + +This is a **community maintained** chart. It installs the [argo-events](https://github.com/argoproj/argo-events) application. This application comes packaged with: + +- Sensor Custom Resource Definition (See CRD Notes) +- EventSource Custom Resource Definition (See CRD Notes) +- EventBus Custom Resource Definition (See CRD Notes) +- Controller Deployment +- Validation Webhook Deployment +- Service Accounts +- Roles / Cluster Roles +- Role Bindings / Cluster Role Bindings + +To regenerate this document, please run: + +```shell +./scripts/helm-docs.sh +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-events +NAME: my-release +... +``` + +## Upgrading + +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +You can install the CRDs manually from `templates/crds` folder. + +### 2.0.* + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs please use following command: + +```bash +for crd in "eventbus.argoproj.io" "eventsources.argoproj.io" "sensors.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace= + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name= +done +``` + +## Values + +### General parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if not (or (hasPrefix "controller" .Key) (hasPrefix "webhook" .Key) ) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "controller" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + + +### Webhook + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "webhook" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ +[values.yaml]: values.yaml diff --git a/charts/argo-events/ci/test-values.yaml b/charts/argo-events/ci/test-values.yaml index 3078a2d3..122ae333 100644 --- a/charts/argo-events/ci/test-values.yaml +++ b/charts/argo-events/ci/test-values.yaml @@ -1,3 +1 @@ -serviceAccount: argo-events-sa-test -instanceID: test-argo-events singleNamespace: false diff --git a/charts/argo-events/crds/eventbus-crd.yml b/charts/argo-events/crds/eventbus-crd.yml deleted file mode 100644 index 052984c6..00000000 --- a/charts/argo-events/crds/eventbus-crd.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventbus.argoproj.io -spec: - group: argoproj.io - names: - kind: EventBus - listKind: EventBusList - plural: eventbus - shortNames: - - eb - singular: eventbus - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} diff --git a/charts/argo-events/crds/eventsource-crd.yml b/charts/argo-events/crds/eventsource-crd.yml deleted file mode 100644 index ea49a4aa..00000000 --- a/charts/argo-events/crds/eventsource-crd.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventsources.argoproj.io -spec: - group: argoproj.io - scope: Namespaced - names: - kind: EventSource - plural: eventsources - singular: eventsource - listKind: EventSourceList - shortNames: - - es - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} diff --git a/charts/argo-events/crds/sensor-crd.yml b/charts/argo-events/crds/sensor-crd.yml deleted file mode 100644 index d2414bc3..00000000 --- a/charts/argo-events/crds/sensor-crd.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sensors.argoproj.io -spec: - group: argoproj.io - names: - kind: Sensor - listKind: SensorList - plural: sensors - singular: sensor - shortNames: - - sn - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} diff --git a/charts/argo-events/templates/_helpers.tpl b/charts/argo-events/templates/_helpers.tpl index f0d83d2e..79c7051d 100644 --- a/charts/argo-events/templates/_helpers.tpl +++ b/charts/argo-events/templates/_helpers.tpl @@ -1,16 +1,149 @@ {{/* vim: set filetype=mustache: */}} + {{/* Expand the name of the chart. */}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- define "argo-events.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- define "argo-events.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create controller name and version as used by the chart label. +*/}} +{{- define "argo-events.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-events.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-events.controller.serviceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-events.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create webhook name and version as used by the chart label. +*/}} +{{- define "argo-events.webhook.fullname" }} +{{- printf "%s-%s" (include "argo-events.fullname" .) .Values.webhook.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the webhook service account to use +*/}} +{{- define "argo-events.webhook.serviceAccountName" -}} +{{- if .Values.webhook.serviceAccount.create -}} + {{ default (include "argo-events.webhook.fullname" .) .Values.webhook.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.webhook.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-events.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create kubernetes friendly chart version label for the controller. + +Examples: +image.tag = v1.7.3 +output = v1.7.3 + +image.tag = v1.7.3@sha256:a40f4f3ea20d354f00ab469a9f73102668fa545c4d632e1a8e11a206ad3093f3 +output = v1.7.3 +*/}} +{{- define "argo-events.controller_chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-events.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + +{{/* +Create kubernetes friendly chart version label for the events webhook. + +Examples: +image.tag = v1.7.3 +output = v1.7.3 + +image.tag = v1.7.3@sha256:a40f4f3ea20d354f00ab469a9f73102668fa545c4d632e1a8e11a206ad3093f3 +output = v1.7.3 +*/}} +{{- define "argo-events.webhook_chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-events.defaultTag" .) .Values.webhook.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-events.labels" -}} +helm.sh/chart: {{ include "argo-events.chart" .context }} +{{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argo-events +{{- with .context.Values.global.additionalLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-events.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-events.name" .context }}-{{ .name }} +{{- end }} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Return the default Argo Events app version +*/}} +{{- define "argo-events.defaultTag" -}} + {{- default .Chart.AppVersion .Values.global.image.tag }} +{{- end -}} + +{{/* +Define Pdb apiVersion +*/}} +{{- define "argo-events.pdb.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "policy/v1" }} +{{- printf "policy/v1" -}} +{{- else }} +{{- printf "policy/v1beta1" -}} +{{- end }} +{{- end }} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-events.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-events/templates/aggregate-roles.yaml b/charts/argo-events/templates/aggregate-roles.yaml new file mode 100644 index 00000000..70802798 --- /dev/null +++ b/charts/argo-events/templates/aggregate-roles.yaml @@ -0,0 +1,86 @@ +{{- if and .Values.createAggregateRoles (not .Values.controller.rbac.namespaced) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-events.fullname" . }}-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- include "argo-events.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-events.fullname" . }}-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- include "argo-events.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-events.fullname" . }}-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- include "argo-events.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - get + - list + - watch +{{- end }} diff --git a/charts/argo-events/templates/argo-events-cluster-roles.yaml b/charts/argo-events/templates/argo-events-cluster-roles.yaml deleted file mode 100644 index bfd2d021..00000000 --- a/charts/argo-events/templates/argo-events-cluster-roles.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if not .Values.singleNamespace }} - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: argo-events-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: argo-events-role -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} - {{- if .Values.additionalSaNamespaces }} - {{ $sa := .Values.serviceAccount }} - {{- range $namespace := .Values.additionalSaNamespaces }} - - kind: ServiceAccount - name: {{ $sa }} - namespace: {{ $namespace }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: argo-events-role -rules: -{{- if .Values.additionalServiceAccountRules }} -{{ .Values.additionalServiceAccountRules | toYaml | nindent 2}} -{{- end }} - - apiGroups: - - argoproj.io - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - resources: - - workflows - - workflows/finalizers - - workflowtemplates - - workflowtemplates/finalizers - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - - apiGroups: - - "" - resources: - - pods - - pods/exec - - configmaps - - secrets - - services - - events - - persistentvolumeclaims - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "batch" - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "apps" - resources: - - deployments - - statefulsets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - -{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml new file mode 100644 index 00000000..e3047de7 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "argo-events.controller.fullname" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} +data: + controller-config.yaml: | + eventBus: + {{- if .Values.configs.nats.versions }} + nats: + versions: + {{- range .Values.configs.nats.versions }} + - version: {{ .version }} + natsStreamingImage: {{ .natsStreamingImage }} + metricsExporterImage: {{ .metricsExporterImage }} + {{- end }} + {{- end }} + {{- if .Values.configs.jetstream.versions }} + jetstream: + # Default JetStream settings, could be overridden by EventBus JetStream specs + settings: | + # https://docs.nats.io/running-a-nats-service/configuration#jetstream + # Only configure "max_memory_store" or "max_file_store", do not set "store_dir" as it has been hardcoded. + max_memory_store: {{ .Values.configs.jetstream.settings.maxMemoryStore | default -1 }} + max_file_store: {{ .Values.configs.jetstream.settings.maxFileStore | default -1 }} + # The default properties of the streams to be created in this JetStream service + streamConfig: | + maxMsgs: {{ .Values.configs.jetstream.streamConfig.maxMsgs }} + maxAge: {{ .Values.configs.jetstream.streamConfig.maxAge }} + maxBytes: {{ .Values.configs.jetstream.streamConfig.maxBytes }} + replicas: {{ .Values.configs.jetstream.streamConfig.replicas }} + duplicates: {{ .Values.configs.jetstream.streamConfig.duplicates }} + retention: {{ .Values.configs.jetstream.streamConfig.retention }} + discard: {{ .Values.configs.jetstream.streamConfig.discard }} + versions: + {{- range .Values.configs.jetstream.versions }} + - version: {{ .version }} + natsImage: {{ .natsImage }} + metricsExporterImage: {{ .metricsExporterImage }} + configReloaderImage: {{ .configReloaderImage }} + startCommand: {{ .startCommand }} + {{- end }} + {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml new file mode 100644 index 00000000..17bf0a6a --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -0,0 +1,149 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "argo-events.controller.fullname" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }} +spec: + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + revisionHistoryLimit: 5 + replicas: {{ .Values.controller.replicas }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/argo-events-controller/config.yaml") . | sha256sum }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + app.kubernetes.io/version: {{ include "argo-events.controller_chart_version_label" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.controller.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.controller.name }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + args: + - controller + {{- if .Values.controller.rbac.namespaced }} + - --namespaced + {{- end }} + {{- if .Values.controller.rbac.managedNamespace }} + - --managed-namespace + - {{ .Values.controller.rbac.managedNamespace }} + {{- end }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + env: + - name: ARGO_EVENTS_IMAGE + value: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag }} + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.controller.env }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeMounts: + - name: config + mountPath: /etc/argo-events + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: metrics + containerPort: 7777 + protocol: TCP + - name: probe + containerPort: 8081 + protocol: TCP + livenessProbe: + httpGet: + port: probe + path: /healthz + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + port: probe + path: /readyz + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- with .Values.controller.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.controller.extraContainers }} + {{- toYaml . | nindent 6 }} + {{- end -}} + {{- with .Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "argo-events.controller.serviceAccountName" . }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "argo-events.controller.fullname" . }} + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/pdb.yaml b/charts/argo-events/templates/argo-events-controller/pdb.yaml new file mode 100644 index 00000000..269e2de4 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/pdb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.controller.pdb.enabled }} +apiVersion: {{ template "argo-events.pdb.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-events.controller.fullname" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.controller.pdb.minAvailable }} + minAvailable: {{ .Values.controller.pdb.minAvailable }} + {{- else if .Values.controller.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/rbac.yaml b/charts/argo-events/templates/argo-events-controller/rbac.yaml new file mode 100644 index 00000000..69a0adcb --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/rbac.yaml @@ -0,0 +1,126 @@ +{{- if .Values.controller.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} +metadata: + name: {{ include "argo-events.controller.fullname" . }} + {{- if .Values.controller.rbac.namespaced }} + namespace: {{ include "argo-events.namespace" . | quote }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +rules: +{{- if .Values.openshift }} +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + {{- if not .Values.controller.rbac.namespaced }} +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - update + {{- end }} +{{- end }} +{{- with .Values.controller.rbac.rules }} + {{- toYaml . | nindent 0 }} +{{- end }} +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - configmaps + - services + - persistentvolumeclaims + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ .Values.controller.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }} +metadata: + name: {{ include "argo-events.controller.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} + name: {{ include "argo-events.controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-events.controller.serviceAccountName" . }} + namespace: {{ include "argo-events.namespace" . | quote }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/service.yaml b/charts/argo-events/templates/argo-events-controller/service.yaml new file mode 100644 index 00000000..55fe9361 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.controller.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-events.controller.fullname" . }}-metrics + namespace: {{ include "argo-events.namespace" . | quote }} + {{- with .Values.controller.metrics.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 4 }} + {{- with .Values.controller.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.controller.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml new file mode 100644 index 00000000..bd697989 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.controller.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-events.controller.serviceAccountName" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + {{- with .Values.controller.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml new file mode 100644 index 00000000..371794ee --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-events.controller.fullname" . }} + namespace: {{ default (include "argo-events.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-events.namespace" . | quote }} + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 6 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-roles.yaml b/charts/argo-events/templates/argo-events-roles.yaml deleted file mode 100644 index 56721159..00000000 --- a/charts/argo-events/templates/argo-events-roles.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if .Values.singleNamespace }} - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-events-binding - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-events-role -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} - {{- if .Values.additionalSaNamespaces }} - {{ $sa := .Values.serviceAccount }} - {{- range $namespace := .Values.additionalSaNamespaces }} - - kind: ServiceAccount - name: {{ $sa }} - namespace: {{ $namespace }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-events-role - namespace: {{ .Release.Namespace }} -rules: - {{- if .Values.additionalServiceAccountRules }} - {{ .Values.additionalServiceAccountRules | toYaml | nindent 2}} - {{- end }} - - apiGroups: - - argoproj.io - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - resources: - - workflows - - workflows/finalizers - - workflowtemplates - - workflowtemplates/finalizers - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - - apiGroups: - - "" - resources: - - pods - - pods/exec - - configmaps - - secrets - - services - - events - - persistentvolumeclaims - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "batch" - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "apps" - resources: - - deployments - - statefulsets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - -{{- end }} diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml deleted file mode 100644 index fec88b4d..00000000 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# All argo-events services are bound to the "argo-events" service account. -# In RBAC enabled setups, this SA is bound to specific roles. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} - {{- with .Values.serviceAccountAnnotations }} - annotations: {{- toYaml . | nindent 4 }} - {{- end }} -{{- if .Values.additionalSaNamespaces }} -{{ $annotations := .Values.serviceAccountAnnotations }} -{{ $sa := .Values.serviceAccount }} -{{- range $namespace := .Values.additionalSaNamespaces }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ $sa }} - namespace: {{ $namespace }} - {{- with $annotations }} - annotations: {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml new file mode 100644 index 00000000..e47f01b0 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml @@ -0,0 +1,79 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-events-webhook + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} +rules: +{{- if .Values.openshift }} +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - update +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update +{{- end }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - argoproj.io + resources: + - eventbus + - eventsources + - sensors + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml new file mode 100644 index 00000000..c701c8d7 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-events.webhook.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-events-webhook +subjects: +- kind: ServiceAccount + name: {{ include "argo-events.webhook.serviceAccountName" . }} + namespace: {{ include "argo-events.namespace" . | quote }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/deployment.yaml b/charts/argo-events/templates/argo-events-webhook/deployment.yaml new file mode 100644 index 00000000..0b995ba2 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml @@ -0,0 +1,126 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: events-webhook + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} + app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }} +spec: + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.webhook.name) | nindent 6 }} + revisionHistoryLimit: 5 + replicas: {{ .Values.webhook.replicas }} + template: + metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.webhook.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 8 }} + app.kubernetes.io/version: {{ include "argo-events.webhook_chart_version_label" . }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.webhook.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.webhook.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.webhook.name }} + image: {{ default .Values.global.image.repository .Values.webhook.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.webhook.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.webhook.image.imagePullPolicy }} + args: + - webhook-service + {{- with .Values.webhook.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PORT + value: "{{ .Values.webhook.port }}" + {{- with .Values.webhook.env }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.envFrom }} + envFrom: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: webhook + containerPort: {{ .Values.webhook.port }} + protocol: TCP + livenessProbe: + tcpSocket: + port: webhook + initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.webhook.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.webhook.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.webhook.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.webhook.livenessProbe.failureThreshold }} + readinessProbe: + tcpSocket: + port: webhook + initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.webhook.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.webhook.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.webhook.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.webhook.readinessProbe.failureThreshold }} + {{- with .Values.webhook.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.webhook.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "argo-events.webhook.serviceAccountName" . }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.webhook.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/pdb.yaml b/charts/argo-events/templates/argo-events-webhook/pdb.yaml new file mode 100644 index 00000000..26ee675d --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/pdb.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.webhook.enabled .Values.webhook.pdb.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: {{ template "argo-events.pdb.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-events.webhook.fullname" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} + {{- with .Values.webhook.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.webhook.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.webhook.pdb.minAvailable }} + minAvailable: {{ .Values.webhook.pdb.minAvailable }} + {{- else if .Values.webhook.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.webhook.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.webhook.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml new file mode 100644 index 00000000..797ceb43 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: v1 +kind: Service +metadata: + name: events-webhook + namespace: {{ include "argo-events.namespace" . | quote }} + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} +spec: + ports: + - port: {{ int .Values.webhook.port }} + targetPort: webhook + selector: + {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml new file mode 100644 index 00000000..0efad0c2 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.webhook.serviceAccount.create (not .Values.controller.rbac.namespaced) }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-events.webhook.serviceAccountName" . }} + namespace: {{ include "argo-events.namespace" . | quote }} + {{- with .Values.webhook.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/crds/eventbus-crd.yml b/charts/argo-events/templates/crds/eventbus-crd.yml new file mode 100644 index 00000000..f967b9b0 --- /dev/null +++ b/charts/argo-events/templates/crds/eventbus-crd.yml @@ -0,0 +1,48 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventbus.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: EventBus + listKind: EventBusList + plural: eventbus + shortNames: + - eb + singular: eventbus + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-events/templates/crds/eventsource-crd.yml b/charts/argo-events/templates/crds/eventsource-crd.yml new file mode 100644 index 00000000..72fee21c --- /dev/null +++ b/charts/argo-events/templates/crds/eventsource-crd.yml @@ -0,0 +1,48 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventsources.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: EventSource + listKind: EventSourceList + plural: eventsources + shortNames: + - es + singular: eventsource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-events/templates/crds/sensor-crd.yml similarity index 54% rename from charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml rename to charts/argo-events/templates/crds/sensor-crd.yml index 9585686a..3dbf2dc8 100644 --- a/charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml +++ b/charts/argo-events/templates/crds/sensor-crd.yml @@ -1,16 +1,24 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: workfloweventbindings.argoproj.io + name: sensors.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: - kind: WorkflowEventBinding - listKind: WorkflowEventBindingList - plural: workfloweventbindings + kind: Sensor + listKind: SensorList + plural: sensors shortNames: - - wfeb - singular: workfloweventbinding + - sn + singular: sensor scope: Namespaced versions: - name: v1alpha1 @@ -26,9 +34,15 @@ spec: spec: type: object x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true required: - metadata - spec type: object served: true storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-events/templates/eventbus-controller-deployment.yaml b/charts/argo-events/templates/eventbus-controller-deployment.yaml deleted file mode 100644 index 591d8da3..00000000 --- a/charts/argo-events/templates/eventbus-controller-deployment.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.eventbusController.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - release: {{ .Release.Name }} - {{- with .Values.eventbusController.podLabels }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.eventbusController.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.eventbusController.name }} - image: "{{ .Values.registry }}/{{ .Values.eventbusController.image }}:{{ .Values.eventbusController.tag }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - {{- if .Values.singleNamespace }} - args: - - --namespaced - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NATS_STREAMING_IMAGE - value: {{ .Values.eventbusController.natsStreamingImage }} - - name: NATS_METRICS_EXPORTER_IMAGE - value: {{ .Values.eventbusController.natsMetricsExporterImage }} - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - resources: {{- toYaml .Values.eventbusController.resources | nindent 12 }} - {{- with .Values.eventbusController.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.eventbusController.nodeSelector }} - nodeSelector: {{ toYaml .Values.eventbusController.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.eventbusController.tolerations }} - tolerations: {{ toYaml .Values.eventbusController.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.eventbusController.affinity }} - affinity: {{ toYaml .Values.eventbusController.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-events/templates/eventbus-crd.yaml b/charts/argo-events/templates/eventbus-crd.yaml deleted file mode 100644 index 4a67294e..00000000 --- a/charts/argo-events/templates/eventbus-crd.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventbus.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: EventBus - listKind: EventBusList - plural: eventbus - shortNames: - - eb - singular: eventbus - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/templates/eventsource-controller-deployment.yaml b/charts/argo-events/templates/eventsource-controller-deployment.yaml deleted file mode 100644 index 62fe150e..00000000 --- a/charts/argo-events/templates/eventsource-controller-deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.eventsourceController.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - release: {{ .Release.Name }} - {{- with .Values.eventsourceController.podLabels }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.eventsourceController.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.eventsourceController.name }} - image: "{{ .Values.registry }}/{{ .Values.eventsourceController.image }}:{{ .Values.eventsourceController.tag }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - {{- if .Values.singleNamespace }} - args: - - --namespaced - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: EVENTSOURCE_IMAGE - value: "{{ .Values.registry }}/{{ .Values.eventsourceController.eventsourceImage }}:{{ .Values.eventsourceController.tag }}" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - resources: {{- toYaml .Values.eventsourceController.resources | nindent 12 }} - {{- with .Values.eventsourceController.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.eventsourceController.nodeSelector }} - nodeSelector: {{ toYaml .Values.eventsourceController.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.eventsourceController.tolerations }} - tolerations: {{ toYaml .Values.eventsourceController.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.eventsourceController.affinity }} - affinity: {{ toYaml .Values.eventsourceController.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-events/templates/eventsource-crd.yaml b/charts/argo-events/templates/eventsource-crd.yaml deleted file mode 100644 index 5c6a0b6b..00000000 --- a/charts/argo-events/templates/eventsource-crd.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.installCRD }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventsources.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - scope: Namespaced - names: - kind: EventSource - plural: eventsources - singular: eventsource - listKind: EventSourceList - shortNames: - - es - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/templates/extra-manifests.yaml b/charts/argo-events/templates/extra-manifests.yaml new file mode 100644 index 00000000..f17b1a93 --- /dev/null +++ b/charts/argo-events/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argo-events/templates/sensor-controller-deployment.yaml b/charts/argo-events/templates/sensor-controller-deployment.yaml deleted file mode 100644 index 0b51d1de..00000000 --- a/charts/argo-events/templates/sensor-controller-deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.sensorController.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-{{ .Values.sensorController.name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.sensorController.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.sensorController.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.sensorController.name }} - release: {{ .Release.Name }} - {{- with .Values.sensorController.podLabels }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.sensorController.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.sensorController.name }} - image: "{{ .Values.registry }}/{{ .Values.sensorController.image }}:{{ .Values.sensorController.tag }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - {{- if .Values.singleNamespace }} - args: - - --namespaced - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SENSOR_IMAGE - value: "{{ .Values.registry }}/{{ .Values.sensorController.sensorImage }}:{{ .Values.sensorController.tag }}" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - resources: {{- toYaml .Values.sensorController.resources | nindent 12 }} - {{- with .Values.sensorController.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.sensorController.nodeSelector }} - nodeSelector: {{ toYaml .Values.sensorController.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.sensorController.tolerations }} - tolerations: {{ toYaml .Values.sensorController.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.sensorController.affinity }} - affinity: {{ toYaml .Values.sensorController.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-events/templates/sensor-crd.yaml b/charts/argo-events/templates/sensor-crd.yaml deleted file mode 100644 index d121019e..00000000 --- a/charts/argo-events/templates/sensor-crd.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.installCRD }} -# Define a "sensor" custom resource definition -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sensors.argoproj.io - annotations: - helm.sh/hook: crd-install - helm.sh/hook-delete-policy: before-hook-creation -spec: - group: argoproj.io - names: - kind: Sensor - listKind: SensorList - plural: sensors - singular: sensor - shortNames: - - sn - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} -{{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 55dd6643..fb9878c9 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -1,93 +1,477 @@ -# docker registry -registry: quay.io +## Argo Events configuration +## Ref: https://github.com/argoproj/argo-events +## -# The image pull policy -imagePullPolicy: Always +# -- Provide a name in place of `argo-events` +nameOverride: argo-events +# -- String to fully override "argo-events.fullname" template +fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" -# Secrets with credentials to pull images from a private registry -imagePullSecrets: [] -# - name: argo-pull-secret +# -- Deploy on OpenShift +openshift: false -# If set to false, skip installing the CRDs. Requires user to have them installed prior to helm chart installation. -installCRD: true +# -- Create clusterroles that extend existing clusterroles to interact with argo-events crds +# Only applies for cluster-wide installation (`controller.rbac.namespaced: false`) +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: false -# ServiceAccount to use for running controller. -serviceAccount: argo-events-sa +## Custom resource configuration +crds: + # -- Install and upgrade CRDs + install: true + # -- Keep CRDs on chart uninstall + keep: true + # -- Annotations to be added to all CRDs + annotations: {} -# serviceAccountAnnotations can be used to enable GKE workload identity, or other use-cases -serviceAccountAnnotations: {} +global: + image: + # -- If defined, a repository applied to all Argo Events deployments + repository: quay.io/argoproj/argo-events + # -- Overrides the global Argo Events image tag whose default is the chart appVersion + tag: "" + # -- If defined, a imagePullPolicy applied to all Argo Events deployments + imagePullPolicy: IfNotPresent -# Create service accounts in additional namespaces specified -# The SA will always be created in the release namespaces -additionalSaNamespaces: [] - # - argo-prod -additionalServiceAccountRules: -- apiGroups: - - apiextensions.k8s.io - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - resources: - - customresourcedefinitions - -instanceID: argo-events - -# set `singleNamespace` to false to have the controllers -# listen on all namespaces. Otherwise the controllers will listen -# on the namespace provided -namespace: argo-events -singleNamespace: true - -# sensor controller -sensorController: - name: sensor-controller - image: argoproj/sensor-controller - tag: v1.3.1 - replicaCount: 1 - sensorImage: argoproj/sensor + # -- If defined, uses a Secret to pull an image from a private Docker registry or repository + imagePullSecrets: [] + # -- Annotations for the all deployed pods podAnnotations: {} - nodeSelector: {} + # -- Labels for the all deployed pods podLabels: {} - priorityClassName: "" - tolerations: [] - affinity: {} - resources: {} -eventsourceController: - name: eventsource-controller - image: argoproj/eventsource-controller - tag: v1.3.1 - replicaCount: 1 - eventsourceImage: argoproj/eventsource + # -- Additional labels to add to all resources + additionalLabels: {} + # app: argo-events + + # -- Toggle and define securityContext. See [values.yaml] + securityContext: {} + # runAsNonRoot: true + # runAsUser: 9731 + # runAsGroup: 9731 + # fsGroup: 9731 + + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files + hostAliases: [] + # - ip: 10.20.30.40 + # hostnames: + # - git.myhostname + +## Event bus configuration +configs: + ## NATS event bus + nats: + # -- Supported versions of NATS event bus + # @default -- See [values.yaml] + versions: + - version: latest + natsStreamingImage: nats-streaming:latest + metricsExporterImage: natsio/prometheus-nats-exporter:latest + - version: 0.22.1 + natsStreamingImage: nats-streaming:0.22.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.8.0 + + ## JetStream event bus + jetstream: + # Default JetStream settings, could be overridden by EventBus JetStream spec + # Ref: https://docs.nats.io/running-a-nats-service/configuration#jetstream + settings: + # -- Maximum size of the memory storage (e.g. 1G) + maxMemoryStore: -1 + # -- Maximum size of the file storage (e.g. 20G) + maxFileStore: -1 + streamConfig: + # -- Maximum number of messages before expiring oldest message + maxMsgs: 1000000 + # -- Maximum age of existing messages, i.e. “72h”, “4h35m” + maxAge: 72h + # Total size of messages before expiring oldest message, 0 means unlimited. + maxBytes: 1GB + # -- Number of replicas, defaults to 3 and requires minimal 3 + replicas: 3 + # -- Not documented at the moment + duplicates: 300s + # -- 0: Limits, 1: Interest, 2: WorkQueue + retention: 0 + # -- 0: DiscardOld, 1: DiscardNew + discard: 0 + # Supported versions of JetStream eventbus + versions: + - version: latest + natsImage: nats:2.10.10 + metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0 + configReloaderImage: natsio/nats-server-config-reloader:0.14.0 + startCommand: /nats-server + - version: 2.8.1 + natsImage: nats:2.8.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.8.1-alpine + natsImage: nats:2.8.1-alpine + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: nats-server + - version: 2.8.2 + natsImage: nats:2.8.2 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.8.2-alpine + natsImage: nats:2.8.2-alpine + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: nats-server + - version: 2.9.1 + natsImage: nats:2.9.1 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.9.12 + natsImage: nats:2.9.12 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.9.16 + natsImage: nats:2.9.16 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server + - version: 2.10.10 + natsImage: nats:2.10.10 + metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0 + configReloaderImage: natsio/nats-server-config-reloader:0.14.0 + startCommand: /nats-server + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argo-events-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argo-events" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argo-events-secrets-store + # type: Opaque + # labels: + # app.kubernetes.io/part-of: argocd + +## Argo Events controller +controller: + # -- Argo Events controller name string + name: controller-manager + + rbac: + # -- Create events controller RBAC + enabled: true + # -- Restrict events controller to operate only in a single namespace instead of cluster-wide scope. + namespaced: false + # -- Additional namespace to be monitored by the controller + managedNamespace: "" + # -- Additional user rules for event controller's rbac + rules: [] + + image: + # -- Repository to use for the events controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the events controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the events controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- The number of events controller pods to run. + replicas: 1 + + # Pod disruption budget + pdb: + # -- Deploy a PodDisruptionBudget for the events controller + enabled: false + # minAvailable: 1 + # maxUnavailable: 0 + # -- Labels to be added to events controller pdb + labels: {} + # -- Annotations to be added to events controller pdb + annotations: {} + + # -- Environment variables to pass to events controller + env: [] + # - name: DEBUG_LOG + # value: "true" + + # -- envFrom to pass to events controller + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Annotations to be added to events controller pods podAnnotations: {} - nodeSelector: {} - podLabels: {} - priorityClassName: "" - tolerations: [] - affinity: {} - resources: {} -eventbusController: - name: eventbus-controller - image: argoproj/eventbus-controller - tag: v1.3.1 - replicaCount: 1 + # -- Labels to be added to events controller pods + podLabels: {} + + # -- Events controller container-level security context + containerSecurityContext: {} + # capabilities: + # drop: + # - all + # readOnlyRootFilesystem: true + # runAsNonRoot: true + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- Additional volumes to the events controller pod + volumes: [] + + # -- Additional volumeMounts to the events controller main container + volumeMounts: [] + + # -- [Node selector] + nodeSelector: {} + # -- [Tolerations] for use with node taints + tolerations: [] + # -- Assign custom [affinity] rules to the deployment + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the events controller + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Priority class for the events controller pods + priorityClassName: "" + + # -- Resource limits and requests for the events controller pods + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + # -- Additional containers to be added to the events controller pods + extraContainers: [] + + # -- Init containers to add to the events controller pods + initContainers: [] + + serviceAccount: + # -- Create a service account for the events controller + create: true + # -- Service account name + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + ## Events controller metrics configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8082 + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + +## Argo Events admission webhook +webhook: + # -- Enable admission webhook. Applies only for cluster-wide installation + enabled: false + + # -- Argo Events admission webhook name string + name: events-webhook + + image: + # -- Repository to use for the event controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the event controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the event controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- The number of webhook pods to run. + replicas: 1 + + # Pod disruption budget + pdb: + # -- Deploy a PodDisruptionBudget for the admission webhook + enabled: false + # minAvailable: 1 + # maxUnavailable: 0 + # -- Labels to be added to admission webhook pdb + labels: {} + # -- Annotations to be added to admission webhook pdb + annotations: {} + + # -- Environment variables to pass to event controller + # @default -- `[]` (See [values.yaml]) + env: [] + # - name: DEBUG_LOG + # value: "true" + + # -- envFrom to pass to event controller + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Annotations to be added to event controller pods podAnnotations: {} - nodeSelector: {} - podLabels: {} - priorityClassName: "" - tolerations: [] - affinity: {} - resources: {} - natsStreamingImage: nats-streaming:0.17.0 - natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2 -securityContext: - runAsNonRoot: true - runAsUser: 9731 + # -- Labels to be added to event controller pods + podLabels: {} + + # -- Port to listen on + port: 443 + + # -- Event controller container-level security context + containerSecurityContext: {} + # capabilities: + # drop: + # - all + # readOnlyRootFilesystem: true + # runAsNonRoot: true + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- Additional volumeMounts to the event controller main container + volumeMounts: [] + + # -- Additional volumes to the event controller pod + volumes: [] + + # -- [Node selector] + nodeSelector: {} + # -- [Tolerations] for use with node taints + tolerations: [] + # -- Assign custom [affinity] rules to the deployment + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the event controller + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Priority class for the event controller pods + priorityClassName: "" + + # -- Resource limits and requests for the event controller pods + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + serviceAccount: + # -- Create a service account for the admission webhook + create: true + # -- Service account name + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true diff --git a/charts/argo-rollouts/.helmignore b/charts/argo-rollouts/.helmignore index f0c13194..ec59d66d 100644 --- a/charts/argo-rollouts/.helmignore +++ b/charts/argo-rollouts/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +ci/ +*.gotmpl diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index d053ac6e..a9ed74ee 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -1,11 +1,22 @@ apiVersion: v2 -appVersion: "v1.0.1" +appVersion: v1.8.0 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 1.0.1 -icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png +version: 2.39.0 home: https://github.com/argoproj/argo-helm +icon: https://argoproj.github.io/argo-rollouts/assets/logo.png +keywords: + - argoproj + - argo-rollouts +sources: + - https://github.com/argoproj/argo-rollouts maintainers: - - name: alexmt - - name: dthomson25 - - name: jessesuen + - name: argoproj + url: https://argoproj.github.io/ +annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + artifacthub.io/changes: | + - kind: changed + description: Bump argo-rollouts to v1.8.0 diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 8916a86c..aa09ca14 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -15,7 +15,6 @@ The default installation is intended to be similar to the provided Argo Rollouts - Kubernetes 1.7+ - Helm v3.0.0+ - ## Installing the Chart To install the chart with the release name `my-release`: @@ -25,37 +24,190 @@ $ helm repo add argo https://argoproj.github.io/argo-helm $ helm install my-release argo/argo-rollouts ``` +### UI Dashboard + +If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-rollouts dashboard by +`kubectl port-forward service/argo-rollouts-dashboard 31000:3100` and pointing the browser to `localhost:31000` + +| :warning: WARNING when the Service type is set to LoadBalancer or NodePort | +|:---------------------------------------------------------------------------| +| The chart provides an option to change the service type (`dashboard.service.type`). Also it provides the ability to expose the dashboard via Ingress. Dashboard was never intended to be exposed as an administrative console -- it started out as a local view available via CLI. It should be protected by something (e.g. network access or even better an oauth proxy). | + +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + ## Chart Values +### General parameters + | Key | Type | Default | Description | |-----|------|---------|-------------| +| apiVersionOverrides.ingress | string | `""` | String to override apiVersion of ingresses rendered by this helm chart | | clusterInstall | bool | `true` | `false` runs controller in namespaced mode (does not require cluster RBAC) | +| crdAnnotations | object | `{}` | Annotations to be added to all CRDs | +| createClusterAggregateRoles | bool | `true` | flag to enable creation of cluster aggregate roles (requires cluster RBAC) | +| extraObjects | list | `[]` | Additional manifests to deploy within the chart. A list of objects. | +| fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template | +| global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments | +| global.deploymentLabels | object | `{}` | Labels for all deployed Deployments | +| global.revisionHistoryLimit | int | `10` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. | +| installCRDs | bool | `true` | Install and upgrade CRDs | +| keepCRDs | bool | `true` | Keep CRD's on helm uninstall | +| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | +| nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template | +| notifications.configmap.create | bool | `true` | Whether to create notifications configmap | +| notifications.notifiers | object | `{}` | Configures notification services | +| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret | +| notifications.secret.create | bool | `false` | Whether to create notifications secret. | +| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret | +| notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts | +| notifications.templates | object | `{}` | Notification templates | +| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +| providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers | +| providerRBAC.enabled | bool | `true` | Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole | +| providerRBAC.providers.ambassador | bool | `true` | Adds RBAC rules for the Ambassador provider | +| providerRBAC.providers.apisix | bool | `true` | Adds RBAC rules for the Apisix provider | +| providerRBAC.providers.awsAppMesh | bool | `true` | Adds RBAC rules for the AWS App Mesh provider | +| providerRBAC.providers.awsLoadBalancerController | bool | `true` | Adds RBAC rules for the AWS Load Balancer Controller provider | +| providerRBAC.providers.contour | bool | `true` | Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` | +| providerRBAC.providers.gatewayAPI | bool | `true` | Adds RBAC rules for the Gateway API provider | +| providerRBAC.providers.glooPlatform | bool | `true` | Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` | +| providerRBAC.providers.istio | bool | `true` | Adds RBAC rules for the Istio provider | +| providerRBAC.providers.smi | bool | `true` | Adds RBAC rules for the SMI provider | +| providerRBAC.providers.traefik | bool | `true` | Adds RBAC rules for the Traefik provider | + +### Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context to set on container level | +| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` | +| controller.containerPorts.healthz | int | `8080` | Healthz container port | +| controller.containerPorts.metrics | int | `8090` | Metrics container port | +| controller.createClusterRole | bool | `true` | flag to enable creation of cluster controller role (requires cluster RBAC) | +| controller.deploymentAnnotations | object | `{}` | Annotations to be added to the controller deployment | +| controller.deploymentLabels | object | `{}` | Labels to be added to the controller deployment | +| controller.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-controller. A list of flags. | +| controller.extraContainers | list | `[]` | Literal yaml for extra containers to be added to controller deployment. | +| controller.extraEnv | list | `[]` | Additional environment variables for rollouts-controller. A list of name/value maps. | | controller.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | -| controller.image.registry | string | `quay.io` | Registry to use | +| controller.image.registry | string | `"quay.io"` | Registry to use | | controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use | | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | -| controller.resources | object | `{}` | Resource limits and requests for the controller pods. | -| controller.tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | -| controller.affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | -| controller.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | +| controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod | +| controller.lifecycle | object | `{}` | Specify lifecycle hooks for the controller | +| controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | +| controller.logging.kloglevel | string | `"0"` | Set the klog logging level | +| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | +| controller.metricProviderPlugins | list | `[]` | Configures 3rd party metric providers for controller | | controller.metrics.enabled | bool | `false` | Deploy metrics service | -| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.service.annotations | object | `{}` | Service annotations | +| controller.metrics.service.port | int | `8090` | Metrics service port | +| controller.metrics.service.portName | string | `"metrics"` | Metrics service port name | | controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor | | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor | -| imagePullSecrets | list | `[]` | Registry secret names as an array | -| installCRDs | bool | `true` | Install and upgrade CRDs | -| crdAnnotations | object | `{}` | Annotations to be added to all CRDs | -| podAnnotations | object | `{}` | Annotations to be added to the Rollout pods | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | MetricRelabelConfigs to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Namespace to be used for the ServiceMonitor | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | RelabelConfigs to apply to samples before scraping | +| controller.nodeSelector | object | `{}` | [Node selector] | +| controller.pdb.annotations | object | `{}` | Annotations to be added to controller [Pod Disruption Budget] | +| controller.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the controller | +| controller.pdb.labels | object | `{}` | Labels to be added to controller [Pod Disruption Budget] | +| controller.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | +| controller.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | +| controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | +| controller.podLabels | object | `{}` | Labels to be added to the application controller pods | +| controller.priorityClassName | string | `""` | [priorityClassName] for the controller | +| controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller | +| controller.replicas | int | `2` | The number of controller pods to run | +| controller.resources | object | `{}` | Resource limits and requests for the controller pods. | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| controller.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller | +| controller.trafficRouterPlugins | list | `[]` | Configures 3rd party traffic router plugins for controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container | +| controller.volumes | list | `[]` | Additional volumes to add to the controller pod | +| podAnnotations | object | `{}` | Annotations for the all deployed pods | | podLabels | object | `{}` | Labels to be added to the Rollout pods | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level | -| containerSecurityContext | object | `{}` | Security Context to set on container level | +| serviceAnnotations | object | `{}` | Annotations to be added to the Rollout service | + +### Dashboard + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| dashboard.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` | +| dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | +| dashboard.createClusterRole | bool | `true` | flag to enable creation of dashbord cluster role (requires cluster RBAC) | +| dashboard.deploymentAnnotations | object | `{}` | Annotations to be added to the dashboard deployment | +| dashboard.deploymentLabels | object | `{}` | Labels to be added to the dashboard deployment | +| dashboard.enabled | bool | `false` | Deploy dashboard server | +| dashboard.extraArgs | list | `[]` | Additional command line arguments to pass to rollouts-dashboard. A list of flags. | +| dashboard.extraEnv | list | `[]` | Additional environment variables for rollouts-dashboard. A list of name/value maps. | +| dashboard.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| dashboard.image.registry | string | `"quay.io"` | Registry to use | +| dashboard.image.repository | string | `"argoproj/kubectl-argo-rollouts"` | Repository to use | +| dashboard.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | +| dashboard.ingress.annotations | object | `{}` | Dashboard ingress annotations | +| dashboard.ingress.enabled | bool | `false` | Enable dashboard ingress support | +| dashboard.ingress.extraPaths | list | `[]` | Dashboard ingress extra paths | +| dashboard.ingress.hosts | list | `[]` | Dashboard ingress hosts | +| dashboard.ingress.ingressClassName | string | `""` | Dashboard ingress class name | +| dashboard.ingress.labels | object | `{}` | Dashboard ingress labels | +| dashboard.ingress.pathType | string | `"Prefix"` | Dashboard ingress path type | +| dashboard.ingress.paths | list | `["/"]` | Dashboard ingress paths | +| dashboard.ingress.tls | list | `[]` | Dashboard ingress tls | +| dashboard.logging.kloglevel | string | `"0"` | Set the klog logging level | +| dashboard.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | +| dashboard.nodeSelector | object | `{}` | [Node selector] | +| dashboard.pdb.annotations | object | `{}` | Annotations to be added to dashboard [Pod Disruption Budget] | +| dashboard.pdb.enabled | bool | `false` | Deploy a [Pod Disruption Budget] for the dashboard | +| dashboard.pdb.labels | object | `{}` | Labels to be added to dashboard [Pod Disruption Budget] | +| dashboard.pdb.maxUnavailable | string | `nil` | Maximum number / percentage of pods that may be made unavailable | +| dashboard.pdb.minAvailable | string | `nil` | Minimum number / percentage of pods that should remain scheduled | +| dashboard.podAnnotations | object | `{}` | Annotations to be added to application dashboard pods | +| dashboard.podLabels | object | `{}` | Labels to be added to the application dashboard pods | +| dashboard.podSecurityContext | object | `{"runAsNonRoot":true}` | Security Context to set on pod level | +| dashboard.priorityClassName | string | `""` | [priorityClassName] for the dashboard server | +| dashboard.readonly | bool | `false` | Set cluster role to readonly | +| dashboard.replicas | int | `1` | The number of dashboard pods to run | +| dashboard.resources | object | `{}` | Resource limits and requests for the dashboard pods. | +| dashboard.service.annotations | object | `{}` | Service annotations | +| dashboard.service.externalIPs | list | `[]` | Dashboard service external IPs | +| dashboard.service.labels | object | `{}` | Service labels | +| dashboard.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | +| dashboard.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | +| dashboard.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | +| dashboard.service.nodePort | int | `nil` | Service nodePort | +| dashboard.service.port | int | `3100` | Service port | +| dashboard.service.portName | string | `"dashboard"` | Service port name | +| dashboard.service.targetPort | int | `3100` | Service target port | +| dashboard.service.type | string | `"ClusterIP"` | Sets the type of the Service | +| dashboard.serviceAccount.annotations | object | `{}` | Annotations to add to the dashboard service account | +| dashboard.serviceAccount.create | bool | `true` | Specifies whether a dashboard service account should be created | +| dashboard.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| dashboard.tolerations | list | `[]` | [Tolerations] for use with node taints | +| dashboard.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the dashboard server | +| dashboard.volumeMounts | list | `[]` | Additional volumeMounts to add to the dashboard container | +| dashboard.volumes | list | `[]` | Additional volumes to add to the dashboard pod | ## Upgrading +### To 2.0.0 + +* The argo-rollouts dashboard is added to the template and can be enabled by setting `dashboard.enabled=true`. +* There is a breaking change where the selector label `app.kubernetes.io/component: {{ .Values.controller.component }}` is added to rollout's deployment and service in order to distinguish between the controller and the dashboard component. + To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment and Service resource** before you upgrade. This is necessary because Deployment's label selector is immutable. + ### To 1.0.0 * This is a breaking change which only supports Helm v3.0.0+ now. If you still use Helm v2, please consider upgrading because v2 is EOL since November 2020. @@ -68,3 +220,16 @@ $ helm install my-release argo/argo-rollouts * Breaking parameters update * `securityContext` was renamed to `containerSecurityContext` * Added `controller.image.registry`. Prior to this chart version you had to override the registry via `controller.image.repository` + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ +[Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets +[values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-rollouts?modal=changelog diff --git a/charts/argo-rollouts/README.md.gotmpl b/charts/argo-rollouts/README.md.gotmpl new file mode 100644 index 00000000..735dae2c --- /dev/null +++ b/charts/argo-rollouts/README.md.gotmpl @@ -0,0 +1,107 @@ +# Argo Rollouts Chart + +A Helm chart for Argo Rollouts, progressive delivery for Kubernetes. + +Source code can be found [here](https://github.com/argoproj/argo-rollouts) + +## Additional Information + +This is a **community maintained** chart. This chart installs [argo-rollouts](https://argoproj.github.io/argo-rollouts/), progressive delivery for Kubernetes. + +The default installation is intended to be similar to the provided Argo Rollouts [releases](https://github.com/argoproj/argo-rollouts/releases). + +## Prerequisites + +- Kubernetes 1.7+ +- Helm v3.0.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +$ helm install my-release argo/argo-rollouts +``` + +### UI Dashboard + +If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-rollouts dashboard by +`kubectl port-forward service/argo-rollouts-dashboard 31000:3100` and pointing the browser to `localhost:31000` + +| :warning: WARNING when the Service type is set to LoadBalancer or NodePort | +|:---------------------------------------------------------------------------| +| The chart provides an option to change the service type (`dashboard.service.type`). Also it provides the ability to expose the dashboard via Ingress. Dashboard was never intended to be exposed as an administrative console -- it started out as a local view available via CLI. It should be protected by something (e.g. network access or even better an oauth proxy). | + +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + +## Chart Values + +### General parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if not (or (hasPrefix "controller" .Key) (hasPrefix "dashboard" .Key) (hasPrefix "container" .Key) (hasPrefix "pod" .Key) (hasPrefix "service" .Key) ) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} + {{- if hasPrefix "server.additional" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if or (hasPrefix "controller" .Key) (hasPrefix "container" .Key) (hasPrefix "pod" .Key) (hasPrefix "service" .Key) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Dashboard + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "dashboard" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Upgrading + +### To 2.0.0 + +* The argo-rollouts dashboard is added to the template and can be enabled by setting `dashboard.enabled=true`. +* There is a breaking change where the selector label `app.kubernetes.io/component: {{ `{{ .Values.controller.component }}` }}` is added to rollout's deployment and service in order to distinguish between the controller and the dashboard component. + To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment and Service resource** before you upgrade. This is necessary because Deployment's label selector is immutable. + +### To 1.0.0 + +* This is a breaking change which only supports Helm v3.0.0+ now. If you still use Helm v2, please consider upgrading because v2 is EOL since November 2020. + To migrate to Helm v3 please have a look at the [Helm 2to3 Plugin](https://github.com/helm/helm-2to3). This tool will convert the existing ConfigMap used for Tiller to a Secret of type `helm.sh/release.v1`. +* `quay.io` is the default registry now +* We introduce a template function for the labels here to reduce code duplication. This also affects the Deployment `matchLabels` selector. + To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment resource** before you upgrade. This is necessary because Deployment's label selector is immutable. +* All resources are now prefixed with the template `"argo-rollouts.fullname"`. + This enables the users to override resource names via the `nameOverride` and `fullnameOverride` parameters. +* Breaking parameters update + * `securityContext` was renamed to `containerSecurityContext` + * Added `controller.image.registry`. Prior to this chart version you had to override the registry via `controller.image.repository` + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[priorityClassName]: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ +[Pod Disruption Budget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets +[values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-rollouts?modal=changelog diff --git a/charts/argo-rollouts/ci/default-values.yaml b/charts/argo-rollouts/ci/default-values.yaml new file mode 100644 index 00000000..507f1e54 --- /dev/null +++ b/charts/argo-rollouts/ci/default-values.yaml @@ -0,0 +1 @@ +# Test with default values diff --git a/charts/argo-rollouts/ci/enable-dashboard-values.yaml b/charts/argo-rollouts/ci/enable-dashboard-values.yaml new file mode 100644 index 00000000..5c0a1c04 --- /dev/null +++ b/charts/argo-rollouts/ci/enable-dashboard-values.yaml @@ -0,0 +1,6 @@ +# Test with dashboard enabled +# Do not deploy the CRDs as they are already present from the previous test +installCRDs: false + +dashboard: + enabled: true diff --git a/charts/argo-rollouts/ci/enable-extra-objects-values.yaml b/charts/argo-rollouts/ci/enable-extra-objects-values.yaml new file mode 100644 index 00000000..8d18ecd3 --- /dev/null +++ b/charts/argo-rollouts/ci/enable-extra-objects-values.yaml @@ -0,0 +1,14 @@ +# Test with extraObjects enabled +# Do not deploy the CRDs as they are already present from the previous test +installCRDs: false + +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: datadog + type: Opaque + data: + address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com + api-key: dGVzdC1hcGkta2V5Cg== # test-api-key + app-key: dGVzdC1hcHAta2V5Cg== # test-app-key diff --git a/charts/argo-rollouts/templates/_helpers.tpl b/charts/argo-rollouts/templates/_helpers.tpl index 2e5153b5..820996a8 100644 --- a/charts/argo-rollouts/templates/_helpers.tpl +++ b/charts/argo-rollouts/templates/_helpers.tpl @@ -31,6 +31,20 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create kubernetes friendly chart version label. + +Examples: +image.tag = v1.3.1 +output = v1.3.1 + +image.tag = v1.3.1@sha256:38828e693b02e6f858d89fa22a9d9811d3d7a2430a1d4c7d687b6f509775c6ce +output = v1.3.1 +*/}} +{{- define "argo-rollouts.chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default .Chart.AppVersion $.Values.controller.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + {{/* Common labels */}} @@ -38,7 +52,7 @@ Common labels helm.sh/chart: {{ include "argo-rollouts.chart" . }} {{ include "argo-rollouts.selectorLabels" . }} {{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ include "argo-rollouts.chart_version_label" . }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: argo-rollouts @@ -62,3 +76,344 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Return the appropriate apiVersion for ingress +*/}} +{{- define "argo-rollouts.ingress.apiVersion" -}} +{{- if .Values.apiVersionOverrides.ingress -}} +{{- print .Values.apiVersionOverrides.ingress -}} +{{- else if semverCompare "<1.14-0" (include "argo-rollouts.kubeVersion" $) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "argo-rollouts.kubeVersion" $) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-rollouts.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for pod disruption budget +*/}} +{{- define "argo-rollouts.podDisruptionBudget.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "argo-rollouts.kubeVersion" $) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the rules for controller's Role and ClusterRole +*/}} +{{- define "argo-rollouts.controller.roleRules" -}} +- apiGroups: + - argoproj.io + resources: + - rollouts + - rollouts/status + - rollouts/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - experiments + - experiments/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - analysistemplates + - clusteranalysistemplates + verbs: + - get + - list + - watch +# replicaset access needed for managing ReplicaSets +- apiGroups: + - apps + resources: + - replicasets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +# deployments and podtemplates read access needed for workload reference support +- apiGroups: + - "" + - apps + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch + - update +# services patch needed to update selector of canary/stable/active/preview services +# services create needed to create and delete services for experiments +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - patch + - create + - delete +# leases create/get/update needed for leader election +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +# secret read access to run analysis templates which reference secrets +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +{{- if .Values.providerRBAC.providers.gatewayAPI }} + - create + - update +{{- end }} +# pod list/update needed for updating ephemeral data +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - update + - watch +# pods eviction needed for restart +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +# event write needed for emitting events +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch +# ingress patch needed for managing ingress annotations, create needed for nginx canary +- apiGroups: + - networking.k8s.io + - extensions + resources: + - ingresses + verbs: + - create + - get + - list + - watch + - update + - patch +# job access needed for analysis template job metrics +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +{{- if .Values.providerRBAC.enabled }} +{{- if .Values.providerRBAC.providers.istio }} +# virtualservice/destinationrule access needed for using the Istio provider +- apiGroups: + - networking.istio.io + resources: + - virtualservices + - destinationrules + verbs: + - watch + - get + - update + - patch + - list +{{- end }} +{{- if .Values.providerRBAC.providers.smi }} +# trafficsplit access needed for using the SMI provider +- apiGroups: + - split.smi-spec.io + resources: + - trafficsplits + verbs: + - create + - watch + - get + - update + - patch +{{- end }} +{{- if .Values.providerRBAC.providers.ambassador }} +# ambassador access needed for Ambassador provider +- apiGroups: + - getambassador.io + - x.getambassador.io + resources: + - mappings + - ambassadormappings + verbs: + - create + - watch + - get + - update + - list + - delete +{{- end }} +{{- if .Values.providerRBAC.providers.awsLoadBalancerController }} +# Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +- apiGroups: + - elbv2.k8s.aws + resources: + - targetgroupbindings + verbs: + - list + - get +{{- end }} +{{- if .Values.providerRBAC.providers.awsAppMesh }} +# AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualservices + verbs: + - watch + - get + - list +# AppMesh virtualnode CRD r/w access needed for using the App Mesh provider +- apiGroups: + - appmesh.k8s.aws + resources: + - virtualnodes + - virtualrouters + verbs: + - watch + - get + - list + - update + - patch +{{- end }} +{{- if .Values.providerRBAC.providers.traefik }} +# Traefik access needed when using the Traefik provider +- apiGroups: + - traefik.containo.us + - traefik.io + resources: + - traefikservices + verbs: + - watch + - get + - update +{{- end }} +{{- if .Values.providerRBAC.providers.apisix }} +# Access needed when using the Apisix provider +- apiGroups: + - apisix.apache.org + resources: + - apisixroutes + verbs: + - watch + - get + - update +{{- end }} +{{- if .Values.providerRBAC.providers.contour }} + # Access needed when using the Contour provider +- apiGroups: + - projectcontour.io + resources: + - httpproxies + verbs: + - get + - list + - watch + - update +{{- end }} +{{- if .Values.providerRBAC.providers.glooPlatform }} + # Access needed when using the Gloo Platform provider +- apiGroups: + - networking.gloo.solo.io + resources: + - routetables + verbs: + - '*' +{{- end }} +{{- if .Values.providerRBAC.providers.gatewayAPI }} + # Access needed when using the Gateway API provider +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + - tcproutes + - tlsroutes + - udproutes + - grpcroutes + verbs: + - get + - list + - watch + - update +{{- end }} +{{- with .Values.providerRBAC.additionalRules }} +{{ toYaml . }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml b/charts/argo-rollouts/templates/aggregate-roles.yaml similarity index 96% rename from charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml rename to charts/argo-rollouts/templates/aggregate-roles.yaml index ab3ac6dd..86823903 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml +++ b/charts/argo-rollouts/templates/aggregate-roles.yaml @@ -1,4 +1,4 @@ -{{- if .Values.clusterInstall }} +{{- if and .Values.clusterInstall .Values.createClusterAggregateRoles }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml deleted file mode 100644 index 5872d59d..00000000 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml +++ /dev/null @@ -1,171 +0,0 @@ -{{- if .Values.clusterInstall }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "argo-rollouts.fullname" . }} - labels: - app.kubernetes.io/component: {{ .Values.controller.component }} - {{- include "argo-rollouts.labels" . | nindent 4 }} -rules: -- apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/status - - rollouts/finalizers - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch -# replicaset access needed for managing ReplicaSets -- apiGroups: - - apps - resources: - - replicasets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - - apps - resources: - - deployments - - podtemplates - verbs: - - get - - list - - watch -# services patch needed to update selector of canary/stable/active/preview services -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - patch -# secret read access to run analysis templates which reference secrets -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -# pod list/update needed for updating ephemeral data -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - update -# pods eviction needed for restart -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -# event write needed for emitting events -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -# ingress patch needed for managing ingress annotations, create needed for nginx canary -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - patch -# job access needed for analysis template job metrics -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# virtualservice access needed for using the Istio provider -- apiGroups: - - networking.istio.io - resources: - - virtualservices - - destinationrules - verbs: - - watch - - get - - update - - patch - - list -# trafficsplit access needed for using the SMI provider -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - watch - - get - - update - - patch -- apiGroups: - - getambassador.io - resources: - - mappings - verbs: - - create - - watch - - get - - update - - list - - delete -{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml deleted file mode 100644 index fb632312..00000000 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "argo-rollouts.fullname" . }} - labels: - app.kubernetes.io/component: {{ .Values.controller.component }} - {{- include "argo-rollouts.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} - strategy: - type: Recreate - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} - {{- range $key, $value := .Values.podLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }} - containers: - - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}" - {{- if not .Values.clusterInstall }} - args: - - --namespaced - {{- end }} - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - name: argo-rollouts - ports: - - containerPort: 8090 - name: metrics - securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 10 }} - resources: - {{- toYaml .Values.controller.resources | nindent 10 }} - {{- if .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- if .Values.controller.tolerations }} - tolerations: - {{- toYaml .Values.controller.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.controller.affinity }} - affinity: - {{- toYaml .Values.controller.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml deleted file mode 100644 index 6f2c975f..00000000 --- a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.controller.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "argo-rollouts.fullname" . }}-metrics - labels: - app.kubernetes.io/component: server - {{- include "argo-rollouts.labels" . | nindent 4 }} - {{- with .Values.serviceAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - ports: - - name: metrics - protocol: TCP - port: 8090 - targetPort: 8090 - selector: - {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-role.yaml b/charts/argo-rollouts/templates/argo-rollouts-role.yaml deleted file mode 100644 index a981d95d..00000000 --- a/charts/argo-rollouts/templates/argo-rollouts-role.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- if not .Values.clusterInstall }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "argo-rollouts.fullname" . }} - labels: - app.kubernetes.io/component: {{ .Values.controller.component }} - {{- include "argo-rollouts.labels" . | nindent 4 }} -rules: -- apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/status - - rollouts/finalizers - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - analysistemplates - - clusteranalysistemplates - verbs: - - get - - list - - watch -# replicaset access needed for managing ReplicaSets -- apiGroups: - - apps - resources: - - replicasets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# services patch needed to update selector of canary/stable/active/preview services -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - patch -# secret read access to run analysis templates which reference secrets -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -# pod list/update needed for updating ephemeral data -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - update -# pods eviction needed for restart -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -# event write needed for emitting events -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -# ingress patch needed for managing ingress annotations, create needed for nginx canary -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - patch -# job access needed for analysis template job metrics -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -# virtualservice access needed for using the Istio provider -- apiGroups: - - networking.istio.io - resources: - - virtualservices - verbs: - - watch - - get - - update - - list -# trafficsplit access needed for using the SMI provider -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - watch - - get - - update - - patch -{{- end }} diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml new file mode 100644 index 00000000..026f23d7 --- /dev/null +++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.clusterInstall .Values.controller.createClusterRole }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-rollouts.fullname" . }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +rules: + {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml b/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml similarity index 79% rename from charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml rename to charts/argo-rollouts/templates/controller/clusterrolebinding.yaml index b48ce5b5..740f8f6b 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml +++ b/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.clusterInstall }} +{{- if and .Values.clusterInstall .Values.controller.createClusterRole }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -13,5 +13,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/controller/configmap.yaml b/charts/argo-rollouts/templates/controller/configmap.yaml new file mode 100644 index 00000000..a1971ab9 --- /dev/null +++ b/charts/argo-rollouts/templates/controller/configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argo-rollouts-config + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +data: + {{- with .Values.controller.metricProviderPlugins }} + metricProviderPlugins: |- + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.trafficRouterPlugins }} + trafficRouterPlugins: |- + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/argo-rollouts/templates/controller/deployment.yaml b/charts/argo-rollouts/templates/controller/deployment.yaml new file mode 100644 index 00000000..7aea72a4 --- /dev/null +++ b/charts/argo-rollouts/templates/controller/deployment.yaml @@ -0,0 +1,140 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.controller.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + template: + metadata: + {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.controller.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.controller.podLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }} + containers: + - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}" + args: + - --healthzPort={{ .Values.controller.containerPorts.healthz }} + - --metricsport={{ .Values.controller.containerPorts.metrics }} + - "--loglevel={{ .Values.controller.logging.level }}" + - "--logformat={{ .Values.controller.logging.format }}" + - "--kloglevel={{ .Values.controller.logging.kloglevel }}" + {{- if not .Values.clusterInstall }} + - --namespaced + {{- end }} + {{- if gt (int .Values.controller.replicas) 1 }} + - --leader-elect + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.extraEnv }} + env: + {{- toYaml . | nindent 8 }} + {{- end }} + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + name: argo-rollouts + ports: + - containerPort: {{ .Values.controller.containerPorts.metrics }} + name: metrics + - containerPort: {{ .Values.controller.containerPorts.healthz }} + name: healthz + livenessProbe: + {{- toYaml .Values.controller.livenessProbe | nindent 10 }} + readinessProbe: + {{- toYaml .Values.controller.readinessProbe | nindent 10 }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 10 }} + {{- with .Values.controller.lifecycle }} + lifecycle: {{ toYaml . | nindent 10 }} + {{- end }} + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + volumeMounts: + - name: plugin-bin + mountPath: /home/argo-rollouts/plugin-bin + - name: tmp + mountPath: /tmp + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.extraContainers }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml .Values.controller.nodeSelector | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: + {{- toYaml .Values.controller.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.affinity }} + affinity: + {{- toYaml .Values.controller.affinity | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + app.kubernetes.io/component: {{ $.Values.controller.component }} + {{- include "argo-rollouts.selectorLabels" $ | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.controller.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + volumes: + - name: plugin-bin + emptyDir: {} + - name: tmp + emptyDir: {} + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-rollouts/templates/controller/metrics-service.yaml b/charts/argo-rollouts/templates/controller/metrics-service.yaml new file mode 100644 index 00000000..671a0837 --- /dev/null +++ b/charts/argo-rollouts/templates/controller/metrics-service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.controller.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-rollouts.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + annotations: + {{- with .Values.serviceAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - name: {{ .Values.controller.metrics.service.portName }} + protocol: TCP + port: {{ .Values.controller.metrics.service.port }} + targetPort: metrics + selector: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/argo-rollouts/templates/controller/notifications-configmap.yaml b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml new file mode 100644 index 00000000..680f468f --- /dev/null +++ b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml @@ -0,0 +1,24 @@ +{{ if .Values.notifications.configmap.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argo-rollouts-notification-configmap + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +data: + {{- with .Values.notifications.notifiers }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.notifications.templates }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.notifications.triggers }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.notifications.subscriptions }} + subscriptions: | + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/controller/notifications-secret.yaml b/charts/argo-rollouts/templates/controller/notifications-secret.yaml new file mode 100644 index 00000000..f48d895f --- /dev/null +++ b/charts/argo-rollouts/templates/controller/notifications-secret.yaml @@ -0,0 +1,21 @@ +{{ if .Values.notifications.secret.create }} +apiVersion: v1 +kind: Secret +metadata: + name: argo-rollouts-notification-secret + namespace: {{ .Release.Namespace | quote }} + {{- with .Values.notifications.secret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.notifications.secret.items }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml b/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml new file mode 100644 index 00000000..7080b55c --- /dev/null +++ b/charts/argo-rollouts/templates/controller/poddisruptionbudget.yaml @@ -0,0 +1,28 @@ +{{- if .Values.controller.pdb.enabled }} +apiVersion: {{ include "argo-rollouts.podDisruptionBudget.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.controller.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.pdb.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.controller.pdb.minAvailable }} + minAvailable: {{ .Values.controller.pdb.minAvailable }} + {{- else if .Values.controller.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ .Values.controller.component }} +{{- end }} diff --git a/charts/argo-rollouts/templates/controller/role.yaml b/charts/argo-rollouts/templates/controller/role.yaml new file mode 100644 index 00000000..6ba0805a --- /dev/null +++ b/charts/argo-rollouts/templates/controller/role.yaml @@ -0,0 +1,12 @@ +{{- if not .Values.clusterInstall }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +rules: + {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }} +{{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml b/charts/argo-rollouts/templates/controller/rolebinding.yaml similarity index 84% rename from charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml rename to charts/argo-rollouts/templates/controller/rolebinding.yaml index 128df3ab..e76bb194 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml +++ b/charts/argo-rollouts/templates/controller/rolebinding.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} @@ -13,4 +14,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "argo-rollouts.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-sa.yaml b/charts/argo-rollouts/templates/controller/serviceaccount.yaml similarity index 89% rename from charts/argo-rollouts/templates/argo-rollouts-sa.yaml rename to charts/argo-rollouts/templates/controller/serviceaccount.yaml index 327eb6a5..b0f56633 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-sa.yaml +++ b/charts/argo-rollouts/templates/controller/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "argo-rollouts.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} labels: app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml b/charts/argo-rollouts/templates/controller/servicemonitor.yaml similarity index 56% rename from charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml rename to charts/argo-rollouts/templates/controller/servicemonitor.yaml index f94a25b8..d7ab901e 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml +++ b/charts/argo-rollouts/templates/controller/servicemonitor.yaml @@ -3,8 +3,9 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "argo-rollouts.fullname" . }} + namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }} labels: - app.kubernetes.io/component: server + app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} {{- range $key, $value := .Values.controller.metrics.serviceMonitor.additionalLabels }} {{ $key }}: {{ $value | quote }} @@ -15,12 +16,20 @@ metadata: {{- end }} spec: endpoints: - - port: metrics + - port: {{ .Values.controller.metrics.service.portName }} + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} selector: matchLabels: - app.kubernetes.io/component: server + app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} {{- end }} diff --git a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml index 08786ca0..d723b248 100644 --- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml @@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.14.0 + {{- if .Values.keepCRDs }} + "helm.sh/resource-policy": keep + {{- end }} {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} @@ -28,6 +31,10 @@ spec: jsonPath: .status.phase name: Status type: string + - description: Time since resource was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: @@ -71,6 +78,28 @@ spec: - name type: object type: array + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array + measurementRetention: + items: + properties: + limit: + format: int32 + type: integer + metricName: + type: string + required: + - limit + - metricName + type: object + type: array metrics: items: properties: @@ -79,6 +108,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -104,14 +138,111 @@ spec: type: string provider: properties: - datadog: + cloudWatch: properties: interval: type: string + metricDataQueries: + items: + properties: + expression: + type: string + id: + type: string + label: + type: string + metricStat: + properties: + metric: + properties: + dimensions: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + metricName: + type: string + namespace: + type: string + type: object + period: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + stat: + type: string + unit: + type: string + type: object + period: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + returnData: + type: boolean + type: object + type: array + required: + - metricDataQueries + type: object + datadog: + properties: + aggregator: + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area + type: string + apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: + type: string + interval: + default: 5m + type: string + queries: + additionalProperties: + type: string + type: object + query: + type: string + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object + type: object + graphite: + properties: + address: + type: string + query: + type: string + type: object + influxdb: + properties: + profile: + type: string query: type: string - required: - - query type: object job: properties: @@ -134,14 +265,68 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer + completionMode: + type: string completions: format: int32 type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -165,6 +350,9 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + suspend: + type: boolean template: properties: metadata: @@ -225,6 +413,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -271,10 +460,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -306,6 +497,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -349,6 +575,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -390,6 +651,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -433,6 +729,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -478,6 +809,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -487,6 +819,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -502,6 +835,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -513,6 +847,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -528,6 +863,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -537,6 +873,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -582,6 +919,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -632,6 +977,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -658,6 +1011,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -707,6 +1070,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -749,6 +1115,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -798,17 +1174,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -864,6 +1270,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -880,6 +1288,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -929,6 +1347,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1036,6 +1457,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1045,6 +1467,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1060,6 +1483,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1071,6 +1495,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1086,6 +1511,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1095,6 +1521,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1140,6 +1567,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1190,6 +1625,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1216,6 +1659,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1265,6 +1718,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1291,6 +1747,10 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: properties: exec: @@ -1303,6 +1763,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1352,17 +1822,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1418,6 +1918,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1434,6 +1936,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1483,6 +1995,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1554,6 +2069,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -1562,6 +2079,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1594,6 +2112,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1603,6 +2122,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1618,6 +2138,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1629,6 +2150,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1644,6 +2166,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1653,6 +2176,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1698,6 +2222,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1748,6 +2280,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1774,6 +2314,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1823,6 +2373,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1865,6 +2418,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1914,17 +2477,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1980,6 +2573,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1996,6 +2591,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2045,6 +2650,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2103,6 +2711,14 @@ spec: additionalProperties: type: string type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -2127,12 +2743,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2191,6 +2838,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2250,9 +2899,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2375,25 +3037,44 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: type: string - query: - type: string - type: object - wavefront: - properties: - address: - type: string - query: - type: string - type: object - web: - properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object headers: items: properties: @@ -2408,8 +3089,87 @@ spec: type: array insecure: type: boolean + query: + type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object + timeout: + format: int64 + type: integer + type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object + wavefront: + properties: + address: + type: string + query: + type: string + type: object + web: + properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + body: + type: string + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string + method: + type: string timeoutSeconds: format: int64 type: integer @@ -2428,11 +3188,44 @@ spec: type: array terminate: type: boolean + ttlStrategy: + properties: + secondsAfterCompletion: + format: int32 + type: integer + secondsAfterFailure: + format: int32 + type: integer + secondsAfterSuccess: + format: int32 + type: integer + type: object required: - metrics type: object status: properties: + completedAt: + format: date-time + type: string + dryRunSummary: + properties: + count: + format: int32 + type: integer + error: + format: int32 + type: integer + failed: + format: int32 + type: integer + inconclusive: + format: int32 + type: integer + successful: + format: int32 + type: integer + type: object message: type: string metricResults: @@ -2441,9 +3234,14 @@ spec: consecutiveError: format: int32 type: integer + consecutiveSuccess: + format: int32 + type: integer count: format: int32 type: integer + dryRun: + type: boolean error: format: int32 type: integer @@ -2481,6 +3279,10 @@ spec: type: array message: type: string + metadata: + additionalProperties: + type: string + type: object name: type: string phase: @@ -2495,6 +3297,24 @@ spec: type: array phase: type: string + runSummary: + properties: + count: + format: int32 + type: integer + error: + format: int32 + type: integer + failed: + format: int32 + type: integer + inconclusive: + format: int32 + type: integer + successful: + format: int32 + type: integer + type: object startedAt: format: date-time type: string diff --git a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml index 12fc5340..b0f34229 100644 --- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml @@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.14.0 + {{- if .Values.keepCRDs }} + "helm.sh/resource-policy": keep + {{- end }} {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} @@ -23,7 +26,12 @@ spec: preserveUnknownFields: false scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - description: Time since resource was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -66,6 +74,28 @@ spec: - name type: object type: array + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array + measurementRetention: + items: + properties: + limit: + format: int32 + type: integer + metricName: + type: string + required: + - limit + - metricName + type: object + type: array metrics: items: properties: @@ -74,6 +104,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -99,14 +134,111 @@ spec: type: string provider: properties: - datadog: + cloudWatch: properties: interval: type: string + metricDataQueries: + items: + properties: + expression: + type: string + id: + type: string + label: + type: string + metricStat: + properties: + metric: + properties: + dimensions: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + metricName: + type: string + namespace: + type: string + type: object + period: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + stat: + type: string + unit: + type: string + type: object + period: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + returnData: + type: boolean + type: object + type: array + required: + - metricDataQueries + type: object + datadog: + properties: + aggregator: + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area + type: string + apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: + type: string + interval: + default: 5m + type: string + queries: + additionalProperties: + type: string + type: object + query: + type: string + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object + type: object + graphite: + properties: + address: + type: string + query: + type: string + type: object + influxdb: + properties: + profile: + type: string query: type: string - required: - - query type: object job: properties: @@ -129,14 +261,68 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer + completionMode: + type: string completions: format: int32 type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -160,6 +346,9 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + suspend: + type: boolean template: properties: metadata: @@ -220,6 +409,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -266,10 +456,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -301,6 +493,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -344,6 +571,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -385,6 +647,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -428,6 +725,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -473,6 +805,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -482,6 +815,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -497,6 +831,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -508,6 +843,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -523,6 +859,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -532,6 +869,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -577,6 +915,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -627,6 +973,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -653,6 +1007,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -702,6 +1066,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -744,6 +1111,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -793,17 +1170,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -859,6 +1266,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -875,6 +1284,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -924,6 +1343,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1031,6 +1453,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1040,6 +1463,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1055,6 +1479,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1066,6 +1491,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1081,6 +1507,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1090,6 +1517,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1135,6 +1563,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1185,6 +1621,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1211,6 +1655,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1260,6 +1714,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1286,6 +1743,10 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: properties: exec: @@ -1298,6 +1759,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1347,17 +1818,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1413,6 +1914,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1429,6 +1932,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1478,6 +1991,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1549,6 +2065,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -1557,6 +2075,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1589,6 +2108,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1598,6 +2118,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1613,6 +2134,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1624,6 +2146,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1639,6 +2162,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1648,6 +2172,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1693,6 +2218,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1743,6 +2276,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1769,6 +2310,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1818,6 +2369,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1860,6 +2414,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1909,17 +2473,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1975,6 +2569,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1991,6 +2587,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2040,6 +2646,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2098,6 +2707,14 @@ spec: additionalProperties: type: string type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -2122,12 +2739,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2186,6 +2834,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2245,9 +2895,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2370,25 +3033,44 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: type: string - query: - type: string - type: object - wavefront: - properties: - address: - type: string - query: - type: string - type: object - web: - properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object headers: items: properties: @@ -2403,8 +3085,87 @@ spec: type: array insecure: type: boolean + query: + type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object + timeout: + format: int64 + type: integer + type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object + wavefront: + properties: + address: + type: string + query: + type: string + type: object + web: + properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + body: + type: string + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string + method: + type: string timeoutSeconds: format: int64 type: integer @@ -2421,12 +3182,20 @@ spec: - provider type: object type: array - required: - - metrics + templates: + items: + properties: + clusterScope: + type: boolean + templateName: + type: string + type: object + type: array type: object required: - spec type: object served: true storage: true + subresources: {} {{- end }} diff --git a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml index e357b4d2..e8a9a6d4 100644 --- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml +++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml @@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.14.0 + {{- if .Values.keepCRDs }} + "helm.sh/resource-policy": keep + {{- end }} {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} @@ -23,7 +26,12 @@ spec: preserveUnknownFields: false scope: Cluster versions: - - name: v1alpha1 + - additionalPrinterColumns: + - description: Time since resource was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -66,6 +74,28 @@ spec: - name type: object type: array + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array + measurementRetention: + items: + properties: + limit: + format: int32 + type: integer + metricName: + type: string + required: + - limit + - metricName + type: object + type: array metrics: items: properties: @@ -74,6 +104,11 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + consecutiveSuccessLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true count: anyOf: - type: integer @@ -99,14 +134,111 @@ spec: type: string provider: properties: - datadog: + cloudWatch: properties: interval: type: string + metricDataQueries: + items: + properties: + expression: + type: string + id: + type: string + label: + type: string + metricStat: + properties: + metric: + properties: + dimensions: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + metricName: + type: string + namespace: + type: string + type: object + period: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + stat: + type: string + unit: + type: string + type: object + period: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + returnData: + type: boolean + type: object + type: array + required: + - metricDataQueries + type: object + datadog: + properties: + aggregator: + enum: + - avg + - min + - max + - sum + - last + - percentile + - mean + - l2norm + - area + type: string + apiVersion: + default: v1 + enum: + - v1 + - v2 + type: string + formula: + type: string + interval: + default: 5m + type: string + queries: + additionalProperties: + type: string + type: object + query: + type: string + secretRef: + properties: + name: + type: string + namespaced: + type: boolean + type: object + type: object + graphite: + properties: + address: + type: string + query: + type: string + type: object + influxdb: + properties: + profile: + type: string query: type: string - required: - - query type: object job: properties: @@ -129,14 +261,68 @@ spec: backoffLimit: format: int32 type: integer + backoffLimitPerIndex: + format: int32 + type: integer + completionMode: + type: string completions: format: int32 type: integer manualSelector: type: boolean + maxFailedIndexes: + format: int32 + type: integer parallelism: format: int32 type: integer + podFailurePolicy: + properties: + rules: + items: + properties: + action: + type: string + onExitCodes: + properties: + containerName: + type: string + operator: + type: string + values: + items: + format: int32 + type: integer + type: array + x-kubernetes-list-type: set + required: + - operator + - values + type: object + onPodConditions: + items: + properties: + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - action + type: object + type: array + x-kubernetes-list-type: atomic + required: + - rules + type: object + podReplacementPolicy: + type: string selector: properties: matchExpressions: @@ -160,6 +346,9 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + suspend: + type: boolean template: properties: metadata: @@ -220,6 +409,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -266,10 +456,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -301,6 +493,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -344,6 +571,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -385,6 +647,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -428,6 +725,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -473,6 +805,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -482,6 +815,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -497,6 +831,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -508,6 +843,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -523,6 +859,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -532,6 +869,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -577,6 +915,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -627,6 +973,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -653,6 +1007,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -702,6 +1066,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -744,6 +1111,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -793,17 +1170,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -859,6 +1266,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -875,6 +1284,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -924,6 +1343,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1031,6 +1453,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1040,6 +1463,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1055,6 +1479,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1066,6 +1491,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1081,6 +1507,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1090,6 +1517,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1135,6 +1563,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1185,6 +1621,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1211,6 +1655,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1260,6 +1714,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1286,6 +1743,10 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: properties: exec: @@ -1298,6 +1759,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1347,17 +1818,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1413,6 +1914,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1429,6 +1932,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1478,6 +1991,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1549,6 +2065,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -1557,6 +2075,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1589,6 +2108,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1598,6 +2118,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1613,6 +2134,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1624,6 +2146,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1639,6 +2162,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1648,6 +2172,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1693,6 +2218,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1743,6 +2276,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1769,6 +2310,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1818,6 +2369,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1860,6 +2414,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1909,17 +2473,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1975,6 +2569,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1991,6 +2587,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2040,6 +2646,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2098,6 +2707,14 @@ spec: additionalProperties: type: string type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -2122,12 +2739,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2186,6 +2834,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2245,9 +2895,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2370,25 +3033,44 @@ spec: type: string query: type: string + timeout: + format: int64 + type: integer required: - query type: object + plugin: + type: object + x-kubernetes-preserve-unknown-fields: true prometheus: properties: address: type: string - query: - type: string - type: object - wavefront: - properties: - address: - type: string - query: - type: string - type: object - web: - properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object headers: items: properties: @@ -2403,8 +3085,87 @@ spec: type: array insecure: type: boolean + query: + type: string + rangeQuery: + properties: + end: + type: string + start: + type: string + step: + type: string + type: object + timeout: + format: int64 + type: integer + type: object + skywalking: + properties: + address: + type: string + interval: + type: string + query: + type: string + type: object + wavefront: + properties: + address: + type: string + query: + type: string + type: object + web: + properties: + authentication: + properties: + oauth2: + properties: + clientId: + type: string + clientSecret: + type: string + scopes: + items: + type: string + type: array + tokenUrl: + type: string + type: object + sigv4: + properties: + profile: + type: string + region: + type: string + roleArn: + type: string + type: object + type: object + body: + type: string + headers: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + insecure: + type: boolean + jsonBody: + type: object + x-kubernetes-preserve-unknown-fields: true jsonPath: type: string + method: + type: string timeoutSeconds: format: int64 type: integer @@ -2421,12 +3182,20 @@ spec: - provider type: object type: array - required: - - metrics + templates: + items: + properties: + clusterScope: + type: boolean + templateName: + type: string + type: object + type: array type: object required: - spec type: object served: true storage: true + subresources: {} {{- end }} diff --git a/charts/argo-rollouts/templates/crds/experiment-crd.yaml b/charts/argo-rollouts/templates/crds/experiment-crd.yaml index 5f9f8cfc..58c0e72e 100644 --- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml +++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml @@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.14.0 + {{- if .Values.keepCRDs }} + "helm.sh/resource-policy": keep + {{- end }} {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} @@ -28,6 +31,10 @@ spec: jsonPath: .status.phase name: Status type: string + - description: Time since resource was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: @@ -87,11 +94,47 @@ spec: - templateName type: object type: array + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array duration: type: string + measurementRetention: + items: + properties: + limit: + format: int32 + type: integer + metricName: + type: string + required: + - limit + - metricName + type: object + type: array progressDeadlineSeconds: format: int32 type: integer + scaleDownDelaySeconds: + format: int32 + type: integer templates: items: properties: @@ -126,6 +169,12 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + service: + properties: + name: + type: string + type: object template: properties: metadata: @@ -186,6 +235,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -232,10 +282,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -267,6 +319,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -310,6 +397,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -351,6 +473,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -394,6 +551,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -439,6 +631,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -448,6 +641,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -463,6 +657,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -474,6 +669,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -489,6 +685,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -498,6 +695,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -543,6 +741,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -593,6 +799,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -619,6 +833,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -668,6 +892,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -710,6 +937,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -759,17 +996,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -825,6 +1092,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -841,6 +1110,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -890,6 +1169,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -997,6 +1279,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1006,6 +1289,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1021,6 +1305,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1032,6 +1317,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1047,6 +1333,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1056,6 +1343,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1101,6 +1389,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1151,6 +1447,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1177,6 +1481,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1226,6 +1540,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1252,6 +1569,10 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: properties: exec: @@ -1264,6 +1585,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1313,17 +1644,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1379,6 +1740,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1395,6 +1758,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1444,6 +1817,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1515,6 +1891,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -1523,6 +1901,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1555,6 +1934,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1564,6 +1944,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1579,6 +1960,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1590,6 +1972,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1605,6 +1988,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1614,6 +1998,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1659,6 +2044,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1709,6 +2102,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1735,6 +2136,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1784,6 +2195,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1826,6 +2240,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1875,17 +2299,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1941,6 +2395,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1957,6 +2413,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2006,6 +2472,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2064,6 +2533,14 @@ spec: additionalProperties: type: string type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -2088,12 +2565,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2152,6 +2660,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2211,9 +2721,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2313,12 +2836,16 @@ spec: type: string name: type: string + podTemplateHash: + type: string readyReplicas: format: int32 type: integer replicas: format: int32 type: integer + serviceName: + type: string status: type: string updatedReplicas: diff --git a/charts/argo-rollouts/templates/crds/rollout-crd.yaml b/charts/argo-rollouts/templates/crds/rollout-crd.yaml index 10d0a8e1..a883137d 100644 --- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml +++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml @@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.5.0 + controller-gen.kubebuilder.io/version: v0.14.0 + {{- if .Values.keepCRDs }} + "helm.sh/resource-policy": keep + {{- end }} {{- if .Values.crdAnnotations }} {{- toYaml .Values.crdAnnotations | nindent 4 }} {{- end }} @@ -42,6 +45,10 @@ spec: jsonPath: .status.availableReplicas name: Available type: integer + - description: Time since resource was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: @@ -54,11 +61,22 @@ spec: type: object spec: properties: + analysis: + properties: + successfulRunHistoryLimit: + format: int32 + type: integer + unsuccessfulRunHistoryLimit: + format: int32 + type: integer + type: object minReadySeconds: format: int32 type: integer paused: type: boolean + progressDeadlineAbort: + type: boolean progressDeadlineSeconds: format: int32 type: integer @@ -71,6 +89,12 @@ spec: revisionHistoryLimit: format: int32 type: integer + rollbackWindow: + properties: + revisions: + format: int32 + type: integer + type: object selector: properties: matchExpressions: @@ -94,10 +118,14 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic strategy: properties: blueGreen: properties: + abortScaleDownDelaySeconds: + format: int32 + type: integer activeMetadata: properties: annotations: @@ -136,6 +164,17 @@ spec: x-kubernetes-int-or-string: true postPromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -159,6 +198,28 @@ spec: - name type: object type: array + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array + measurementRetention: + items: + properties: + limit: + format: int32 + type: integer + metricName: + type: string + required: + - limit + - metricName + type: object + type: array templates: items: properties: @@ -171,6 +232,17 @@ spec: type: object prePromotionAnalysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -194,6 +266,28 @@ spec: - name type: object type: array + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array + measurementRetention: + items: + properties: + limit: + format: int32 + type: integer + metricName: + type: string + required: + - limit + - metricName + type: object + type: array templates: items: properties: @@ -231,8 +325,22 @@ spec: type: object canary: properties: + abortScaleDownDelaySeconds: + format: int32 + type: integer analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -256,6 +364,28 @@ spec: - name type: object type: array + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array + measurementRetention: + items: + properties: + limit: + format: int32 + type: integer + metricName: + type: string + required: + - limit + - metricName + type: object + type: array startingStep: format: int32 type: integer @@ -295,6 +425,8 @@ spec: type: object canaryService: type: string + dynamicStableScale: + type: boolean maxSurge: anyOf: - type: integer @@ -305,6 +437,19 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + minPodsPerReplicaSet: + format: int32 + type: integer + pingPong: + properties: + pingService: + type: string + pongService: + type: string + required: + - pingService + - pongService + type: object scaleDownDelayRevisionLimit: format: int32 type: integer @@ -329,6 +474,17 @@ spec: properties: analysis: properties: + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object args: items: properties: @@ -352,6 +508,28 @@ spec: - name type: object type: array + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array + measurementRetention: + items: + properties: + limit: + format: int32 + type: integer + metricName: + type: string + required: + - limit + - metricName + type: object + type: array templates: items: properties: @@ -403,6 +581,26 @@ spec: - templateName type: object type: array + analysisRunMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + dryRun: + items: + properties: + metricName: + type: string + required: + - metricName + type: object + type: array duration: type: string templates: @@ -447,8 +645,17 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + service: + properties: + name: + type: string + type: object specRef: type: string + weight: + format: int32 + type: integer required: - name - specRef @@ -465,6 +672,16 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + plugin: + properties: + config: + type: object + x-kubernetes-preserve-unknown-fields: true + name: + type: string + required: + - name + type: object setCanaryScale: properties: matchTrafficWeight: @@ -476,6 +693,74 @@ spec: format: int32 type: integer type: object + setHeaderRoute: + properties: + match: + items: + properties: + headerName: + type: string + headerValue: + properties: + exact: + type: string + prefix: + type: string + regex: + type: string + type: object + required: + - headerName + - headerValue + type: object + type: array + name: + type: string + type: object + setMirrorRoute: + properties: + match: + items: + properties: + headers: + additionalProperties: + properties: + exact: + type: string + prefix: + type: string + regex: + type: string + type: object + type: object + method: + properties: + exact: + type: string + prefix: + type: string + regex: + type: string + type: object + path: + properties: + exact: + type: string + prefix: + type: string + regex: + type: string + type: object + type: object + type: array + name: + type: string + percentage: + format: int32 + type: integer + required: + - name + type: object setWeight: format: int32 type: integer @@ -489,13 +774,27 @@ spec: type: string ingress: type: string + ingresses: + items: + type: string + type: array rootService: type: string servicePort: format: int32 type: integer + stickinessConfig: + properties: + durationSeconds: + format: int64 + type: integer + enabled: + type: boolean + required: + - durationSeconds + - enabled + type: object required: - - ingress - servicePort type: object ambassador: @@ -507,6 +806,54 @@ spec: required: - mappings type: object + apisix: + properties: + route: + properties: + name: + type: string + rules: + items: + type: string + type: array + required: + - name + type: object + type: object + appMesh: + properties: + virtualNodeGroup: + properties: + canaryVirtualNodeRef: + properties: + name: + type: string + required: + - name + type: object + stableVirtualNodeRef: + properties: + name: + type: string + required: + - name + type: object + required: + - canaryVirtualNodeRef + - stableVirtualNodeRef + type: object + virtualService: + properties: + name: + type: string + routes: + items: + type: string + type: array + required: + - name + type: object + type: object istio: properties: destinationRule: @@ -530,13 +877,75 @@ spec: items: type: string type: array + tcpRoutes: + items: + properties: + port: + format: int64 + type: integer + type: object + type: array + tlsRoutes: + items: + properties: + port: + format: int64 + type: integer + sniHosts: + items: + type: string + type: array + type: object + type: array required: - name - - routes type: object - required: - - virtualService + virtualServices: + items: + properties: + name: + type: string + routes: + items: + type: string + type: array + tcpRoutes: + items: + properties: + port: + format: int64 + type: integer + type: object + type: array + tlsRoutes: + items: + properties: + port: + format: int64 + type: integer + sniHosts: + items: + type: string + type: array + type: object + type: array + required: + - name + type: object + type: array type: object + managedRoutes: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + maxTrafficWeight: + format: int32 + type: integer nginx: properties: additionalIngressAnnotations: @@ -545,11 +954,20 @@ spec: type: object annotationPrefix: type: string + canaryIngressAnnotations: + additionalProperties: + type: string + type: object stableIngress: type: string - required: - - stableIngress + stableIngresses: + items: + type: string + type: array type: object + plugins: + type: object + x-kubernetes-preserve-unknown-fields: true smi: properties: rootService: @@ -557,6 +975,13 @@ spec: trafficSplitName: type: string type: object + traefik: + properties: + weightedTraefikServiceName: + type: string + required: + - weightedTraefikServiceName + type: object type: object type: object type: object @@ -620,6 +1045,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: format: int32 type: integer @@ -666,10 +1092,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: properties: @@ -701,6 +1129,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -744,6 +1207,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -785,6 +1283,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -828,6 +1361,41 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic namespaces: items: type: string @@ -873,6 +1441,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -882,6 +1451,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -897,6 +1467,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -908,6 +1479,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -923,6 +1495,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -932,6 +1505,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -977,6 +1551,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1027,6 +1609,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1053,6 +1643,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1102,6 +1702,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1144,6 +1747,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1193,17 +1806,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1259,6 +1902,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1275,6 +1920,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1324,6 +1979,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1431,6 +2089,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1440,6 +2099,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -1455,6 +2115,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -1466,6 +2127,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1481,6 +2143,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -1490,6 +2153,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -1535,6 +2199,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1585,6 +2257,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1611,6 +2291,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1660,6 +2350,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1686,6 +2379,10 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: properties: exec: @@ -1698,6 +2395,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1747,17 +2454,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -1813,6 +2550,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1829,6 +2568,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1878,6 +2627,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1949,6 +2701,8 @@ spec: type: boolean hostPID: type: boolean + hostUsers: + type: boolean hostname: type: string imagePullSecrets: @@ -1957,6 +2711,7 @@ spec: name: type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: items: @@ -1989,6 +2744,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: properties: apiVersion: @@ -1998,6 +2754,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: properties: containerName: @@ -2013,6 +2770,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: properties: key: @@ -2024,6 +2782,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -2039,6 +2798,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic prefix: type: string secretRef: @@ -2048,6 +2808,7 @@ spec: optional: type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: @@ -2093,6 +2854,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2143,6 +2912,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2169,6 +2946,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2218,6 +3005,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2260,6 +3050,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2309,17 +3109,47 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: x-kubernetes-preserve-unknown-fields: true requests: x-kubernetes-preserve-unknown-fields: true type: object + restartPolicy: + type: string securityContext: properties: allowPrivilegeEscalation: @@ -2375,6 +3205,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2391,6 +3223,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2440,6 +3282,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2498,6 +3343,14 @@ spec: additionalProperties: type: string type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -2522,12 +3375,43 @@ spec: - conditionType type: object type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: properties: fsGroup: @@ -2586,6 +3470,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2645,9 +3531,22 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string topologyKey: type: string whenUnsatisfiable: @@ -2663,7 +3562,9 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumes: - x-kubernetes-preserve-unknown-fields: true + items: + x-kubernetes-preserve-unknown-fields: true + type: array required: - containers type: object @@ -2676,6 +3577,8 @@ spec: type: string name: type: string + scaleDown: + type: string type: object type: object status: @@ -2688,6 +3591,90 @@ spec: abortedAt: format: date-time type: string + alb: + properties: + canaryTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + ingress: + type: string + loadBalancer: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + stableTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + type: object + albs: + items: + properties: + canaryTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + ingress: + type: string + loadBalancer: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + stableTargetGroup: + properties: + arn: + type: string + fullName: + type: string + name: + type: string + required: + - arn + - name + type: object + type: object + type: array availableReplicas: format: int32 type: integer @@ -2752,6 +3739,93 @@ spec: - name - status type: object + stablePingPong: + type: string + stepPluginStatuses: + items: + properties: + backoff: + type: string + disabled: + type: boolean + executions: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + index: + format: int32 + type: integer + message: + type: string + name: + type: string + operation: + type: string + phase: + type: string + startedAt: + format: date-time + type: string + status: + type: object + x-kubernetes-preserve-unknown-fields: true + updatedAt: + format: date-time + type: string + required: + - index + - name + - operation + type: object + type: array + weights: + properties: + additional: + items: + properties: + podTemplateHash: + type: string + serviceName: + type: string + weight: + format: int32 + type: integer + required: + - weight + type: object + type: array + canary: + properties: + podTemplateHash: + type: string + serviceName: + type: string + weight: + format: int32 + type: integer + required: + - weight + type: object + stable: + properties: + podTemplateHash: + type: string + serviceName: + type: string + weight: + format: int32 + type: integer + required: + - weight + type: object + verified: + type: boolean + required: + - canary + - stable + type: object type: object collisionCount: format: int32 @@ -2828,6 +3902,8 @@ spec: updatedReplicas: format: int32 type: integer + workloadObservedGeneration: + type: string type: object required: - spec diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml new file mode 100644 index 00000000..cb3e457a --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -0,0 +1,88 @@ +{{- if and .Values.dashboard.enabled .Values.clusterInstall .Values.dashboard.createClusterRole }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - rollouts + - rollouts/status + - rollouts/finalizers + verbs: + - get + - list + - watch + {{- if not .Values.dashboard.readonly }} + - update + - patch + {{- end }} + - apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - experiments + - experiments/finalizers + verbs: + {{- if not .Values.dashboard.readonly }} + - create + {{- end }} + - get + - list + - watch + - apiGroups: + - argoproj.io + resources: + - analysistemplates + - clusteranalysistemplates + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + {{- if not .Values.dashboard.readonly }} + - update + - patch + {{- end }} + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml new file mode 100644 index 00000000..2dbf7379 --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.dashboard.enabled .Values.clusterInstall .Values.dashboard.createClusterRole }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-rollouts.fullname" . }}-dashboard +subjects: +- kind: ServiceAccount + name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml new file mode 100644 index 00000000..ec0114ba --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -0,0 +1,107 @@ +{{- if .Values.dashboard.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dashboard.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} + labels: + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.dashboard.deploymentLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ .Values.dashboard.component }} + strategy: + type: Recreate + replicas: {{ .Values.dashboard.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + template: + metadata: + {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.dashboard.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- range $key, $value := (mergeOverwrite (deepCopy .Values.podLabels) .Values.dashboard.podLabels) }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + containers: + - image: "{{ .Values.dashboard.image.registry }}/{{ .Values.dashboard.image.repository }}:{{ default .Chart.AppVersion .Values.dashboard.image.tag }}" + imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }} + args: + - dashboard + - "--loglevel={{ .Values.dashboard.logging.level }}" + - "--kloglevel={{ .Values.dashboard.logging.kloglevel }}" + {{- with .Values.dashboard.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dashboard.extraEnv }} + env: + {{- toYaml . | nindent 8 }} + {{- end }} + name: argo-rollouts-dashboard + ports: + - containerPort: {{ .Values.dashboard.service.targetPort }} + name: dashboard + securityContext: + {{- toYaml .Values.dashboard.containerSecurityContext | nindent 10 }} + resources: + {{- toYaml .Values.dashboard.resources | nindent 10 }} + {{- with .Values.dashboard.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.dashboard.nodeSelector }} + nodeSelector: + {{- toYaml .Values.dashboard.nodeSelector | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.dashboard.podSecurityContext | nindent 8 }} + {{- if .Values.dashboard.tolerations }} + tolerations: + {{- toYaml .Values.dashboard.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.dashboard.affinity }} + affinity: + {{- toYaml .Values.dashboard.affinity | nindent 8 }} + {{- end }} + {{- with .Values.dashboard.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-rollouts.selectorLabels" $ | nindent 12 }} + app.kubernetes.io/component: {{ $.Values.dashboard.component }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.dashboard.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.dashboard.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/ingress.yaml b/charts/argo-rollouts/templates/dashboard/ingress.yaml new file mode 100644 index 00000000..e7f9e41e --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/ingress.yaml @@ -0,0 +1,90 @@ +{{- if and .Values.dashboard.enabled .Values.dashboard.ingress.enabled -}} +{{- $serviceName := printf "%s-dashboard" (include "argo-rollouts.fullname" .) -}} +{{- $servicePort := .Values.dashboard.service.port -}} +{{- $paths := .Values.dashboard.ingress.paths -}} +{{- $extraPaths := .Values.dashboard.ingress.extraPaths -}} +{{- $pathType := .Values.dashboard.ingress.pathType -}} +apiVersion: {{ include "argo-rollouts.ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.dashboard.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.dashboard.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- if .Values.dashboard.ingress.labels }} + {{- toYaml .Values.dashboard.ingress.labels | nindent 4 }} + {{- end }} +spec: + {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }} + {{- with .Values.dashboard.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + {{- end }} + rules: + {{- if .Values.dashboard.ingress.hosts }} + {{- range $host := .Values.dashboard.ingress.hosts }} + - host: {{ $host }} + http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- if $extraPaths }} + {{- toYaml $extraPaths | nindent 10 }} + {{- end }} + {{- range $p := $paths }} + - path: {{ $p }} + {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }} + service: + name: {{ $serviceName }} + port: + {{- if kindIs "float64" $servicePort }} + number: {{ $servicePort }} + {{- else }} + name: {{ $servicePort }} + {{- end }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- if .Values.dashboard.ingress.tls }} + tls: + {{- toYaml .Values.dashboard.ingress.tls | nindent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml b/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml new file mode 100644 index 00000000..d12ba62a --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/poddisruptionbudget.yaml @@ -0,0 +1,28 @@ +{{- if .Values.dashboard.pdb.enabled }} +apiVersion: {{ include "argo-rollouts.podDisruptionBudget.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.dashboard.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dashboard.pdb.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.dashboard.pdb.minAvailable }} + minAvailable: {{ .Values.dashboard.pdb.minAvailable }} + {{- else if .Values.dashboard.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.dashboard.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ .Values.dashboard.component }} +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/service.yaml b/charts/argo-rollouts/templates/dashboard/service.yaml new file mode 100644 index 00000000..b7e553d7 --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/service.yaml @@ -0,0 +1,47 @@ +{{- if .Values.dashboard.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.dashboard.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.serviceAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dashboard.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.dashboard.service.externalIPs }} + externalIPs: {{- toYaml . | nindent 4 }} + {{- end }} + {{- if eq .Values.dashboard.service.type "LoadBalancer" }} + {{- with .Values.dashboard.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- with .Values.dashboard.service.loadBalancerIP }} + loadBalancerIP: {{ . | quote }} + {{- end }} + {{- with .Values.dashboard.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + type: {{ .Values.dashboard.service.type }} + ports: + - name: {{ .Values.dashboard.service.portName }} + protocol: TCP + port: {{ .Values.dashboard.service.port }} + targetPort: {{ .Values.dashboard.service.targetPort }} + {{- if and (eq .Values.dashboard.service.type "NodePort") .Values.dashboard.service.nodePort }} + nodePort: {{ .Values.dashboard.service.nodePort }} + {{- end }} + selector: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml b/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml new file mode 100644 index 00000000..4b531bd9 --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.dashboard.enabled .Values.dashboard.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.dashboard.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/extra-manifests.yaml b/charts/argo-rollouts/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/charts/argo-rollouts/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index e778377f..26633455 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -1,76 +1,499 @@ +# -- Install and upgrade CRDs installCRDs: true +# -- Keep CRD's on helm uninstall +keepCRDs: true +# -- `false` runs controller in namespaced mode (does not require cluster RBAC) clusterInstall: true +# -- flag to enable creation of cluster aggregate roles (requires cluster RBAC) +createClusterAggregateRoles: true + +# -- String to partially override "argo-rollouts.fullname" template +nameOverride: + +# -- String to fully override "argo-rollouts.fullname" template +fullnameOverride: + +## Override APIVersions +## If you want to template helm charts but cannot access k8s API server +## you can set api versions here +apiVersionOverrides: + # -- String to override apiVersion of ingresses rendered by this helm chart + ingress: "" # networking.k8s.io/v1beta1 + +# -- Override the Kubernetes version, which is used to evaluate certain manifests +kubeVersionOverride: "" + +# -- Additional manifests to deploy within the chart. A list of objects. +## Can be used to add secrets for Analysis with 3rd-party monitoring solutions. +extraObjects: [] + # - apiVersion: v1 + # kind: Secret + # metadata: + # name: datadog + # type: Opaque + # data: + # address: https://api.datadoghq.com + # api-key: + # app-key: + +global: + # -- Annotations for all deployed Deployments + deploymentAnnotations: {} + # -- Labels for all deployed Deployments + deploymentLabels: {} + # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected. + revisionHistoryLimit: 10 + controller: + # -- Value of label `app.kubernetes.io/component` component: rollouts-controller - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## + # -- Annotations to be added to the controller deployment + deploymentAnnotations: {} + # -- Labels to be added to the controller deployment + deploymentLabels: {} + # -- Annotations to be added to application controller pods + podAnnotations: {} + # -- Labels to be added to the application controller pods + podLabels: {} + # -- [Node selector] nodeSelector: {} + # -- [Tolerations] for use with node taints tolerations: [] + # -- Assign custom [affinity] rules to the deployment affinity: {} + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the klog logging level + kloglevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" + + # -- Assign custom [TopologySpreadConstraints] rules to the controller + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- Specify lifecycle hooks for the controller + lifecycle: {} + # -- [priorityClassName] for the controller + priorityClassName: "" + # -- The number of controller pods to run + replicas: 2 image: + # -- Registry to use registry: quay.io + # -- Repository to use repository: argoproj/argo-rollouts + # -- Overrides the image tag (default is the chart appVersion) tag: "" + # -- Image pull policy pullPolicy: IfNotPresent + # -- Additional command line arguments to pass to rollouts-controller. A list of flags. + extraArgs: [] + + # -- Additional environment variables for rollouts-controller. A list of name/value maps. + extraEnv: [] + # - name: AWS_REGION + # value: us-east-1 + + # -- Literal yaml for extra containers to be added to controller deployment. + ## Additional containers to add to the rollouts controller deployment + ## This will be rendered as the literal yaml + extraContainers: [] + + # -- Init containers to add to the rollouts controller pod + ## This will be rendered as the literal yaml + initContainers: [] + # - name: download-tools + # image: alpine:3.8 + # command: [sh, -c] + # args: + # - ls + + # -- Resource limits and requests for the controller pods. resources: {} # limits: # cpu: 100m # memory: 128Mi + # ephemeral-storage: 1Gi # requests: # cpu: 50m # memory: 64Mi + # -- flag to enable creation of cluster controller role (requires cluster RBAC) + createClusterRole: true + + # Controller container ports + containerPorts: + # -- Metrics container port + metrics: 8090 + # -- Healthz container port + healthz: 8080 + metrics: + # -- Deploy metrics service enabled: false + service: + # -- Metrics service port name + portName: metrics + # -- Metrics service port + port: 8090 + # -- Service annotations + annotations: {} serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Namespace to be used for the ServiceMonitor + namespace: "" + # -- Labels to be added to the ServiceMonitor additionalLabels: {} + # -- Annotations to be added to the ServiceMonitor additionalAnnotations: {} + # -- RelabelConfigs to apply to samples before scraping + relabelings: [] + # -- MetricRelabelConfigs to apply to samples before ingestion + metricRelabelings: [] + + # -- Configure liveness [probe] for the controller + # @default -- See [values.yaml] + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + periodSeconds: 20 + failureThreshold: 3 + successThreshold: 1 + timeoutSeconds: 10 + + # -- Configure readiness [probe] for the controller + # @default -- See [values.yaml] + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 15 + periodSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + timeoutSeconds: 4 + + ## Configure Pod Disruption Budget for the controller + pdb: + # -- Labels to be added to controller [Pod Disruption Budget] + labels: {} + # -- Annotations to be added to controller [Pod Disruption Budget] + annotations: {} + # -- Deploy a [Pod Disruption Budget] for the controller + enabled: false + # -- Minimum number / percentage of pods that should remain scheduled + minAvailable: # 1 + # -- Maximum number / percentage of pods that may be made unavailable + maxUnavailable: # 0 + + # -- Additional volumes to add to the controller pod + volumes: [] + # - configMap: + # name: my-certs-cm + # name: my-certs + + # -- Additional volumeMounts to add to the controller container + volumeMounts: [] + # - mountPath: /etc/ssl/certs + # name: my-certs + + # -- Configures 3rd party metric providers for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/ + metricProviderPlugins: [] + # - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// + + # -- Configures 3rd party traffic router plugins for controller + ## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/ + trafficRouterPlugins: [] + # - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration + # location: "file://./my-custom-plugin" # supports http(s):// urls and file:// serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" -## Annotations to be added to all CRDs -## +# -- Annotations to be added to all CRDs crdAnnotations: {} -## Annotations to be added to the Rollout pods -## +# -- Annotations for the all deployed pods podAnnotations: {} -## Security Context to set on pod level -## +# -- Security Context to set on pod level podSecurityContext: runAsNonRoot: true -## Security Context to set on container level -## -containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +# -- Security Context to set on container level +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault -## Annotations to be added to the Rollout service -## +# -- Annotations to be added to the Rollout service serviceAnnotations: {} -## Labels to be added to the Rollout pods -## +# -- Labels to be added to the Rollout pods podLabels: {} -# Secrets with credentials to pull images from a private registry +# -- Secrets with credentials to pull images from a private registry. Registry secret names as an array. imagePullSecrets: [] # - name: argo-pull-secret + +providerRBAC: + # -- Toggles addition of provider-specific RBAC rules to the controller Role and ClusterRole + enabled: true + # providerRBAC.enabled must be true in order to toggle the individual providers + providers: + # -- Adds RBAC rules for the Istio provider + istio: true + # -- Adds RBAC rules for the SMI provider + smi: true + # -- Adds RBAC rules for the Ambassador provider + ambassador: true + # -- Adds RBAC rules for the AWS Load Balancer Controller provider + awsLoadBalancerController: true + # -- Adds RBAC rules for the AWS App Mesh provider + awsAppMesh: true + # -- Adds RBAC rules for the Traefik provider + traefik: true + # -- Adds RBAC rules for the Apisix provider + apisix: true + # -- Adds RBAC rules for the Contour provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/blob/main/README.md` + contour: true + # -- Adds RBAC rules for the Gloo Platform provider, see `https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-glooplatform/blob/main/README.md` + glooPlatform: true + # -- Adds RBAC rules for the Gateway API provider + gatewayAPI: true + # -- Additional RBAC rules for others providers + additionalRules: [] + +dashboard: + # -- Deploy dashboard server + enabled: false + # -- Set cluster role to readonly + readonly: false + # -- Value of label `app.kubernetes.io/component` + component: rollouts-dashboard + # -- Annotations to be added to the dashboard deployment + deploymentAnnotations: {} + # -- Labels to be added to the dashboard deployment + deploymentLabels: {} + # -- Annotations to be added to application dashboard pods + podAnnotations: {} + # -- Labels to be added to the application dashboard pods + podLabels: {} + # -- [Node selector] + nodeSelector: {} + # -- [Tolerations] for use with node taints + tolerations: [] + # -- Assign custom [affinity] rules to the deployment + affinity: {} + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the klog logging level + kloglevel: "0" + + # -- Assign custom [TopologySpreadConstraints] rules to the dashboard server + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- [priorityClassName] for the dashboard server + priorityClassName: "" + + # -- flag to enable creation of dashbord cluster role (requires cluster RBAC) + createClusterRole: true + + # -- The number of dashboard pods to run + replicas: 1 + image: + # -- Registry to use + registry: quay.io + # -- Repository to use + repository: argoproj/kubectl-argo-rollouts + # -- Overrides the image tag (default is the chart appVersion) + tag: "" + # -- Image pull policy + pullPolicy: IfNotPresent + # -- Additional command line arguments to pass to rollouts-dashboard. A list of flags. + extraArgs: [] + # -- Additional environment variables for rollouts-dashboard. A list of name/value maps. + extraEnv: [] + # - name: FOO + # value: bar + # -- Resource limits and requests for the dashboard pods. + resources: {} + # -- Security Context to set on pod level + podSecurityContext: + runAsNonRoot: true + # -- Security Context to set on container level + containerSecurityContext: {} + service: + # -- Sets the type of the Service + type: ClusterIP + # -- The class of the load balancer implementation + loadBalancerClass: "" + # -- LoadBalancer will get created with the IP specified in this field + loadBalancerIP: "" + # -- Source IP ranges to allow access to service from + loadBalancerSourceRanges: [] + # -- Dashboard service external IPs + externalIPs: [] + # -- Service annotations + annotations: {} + # -- Service labels + labels: {} + # -- Service port name + portName: dashboard + # -- Service port + port: 3100 + # -- Service target port + targetPort: 3100 + # -- (int) Service nodePort + nodePort: + serviceAccount: + # -- Specifies whether a dashboard service account should be created + create: true + # -- Annotations to add to the dashboard service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + ## Configure Pod Disruption Budget for the dashboard + pdb: + # -- Labels to be added to dashboard [Pod Disruption Budget] + labels: {} + # -- Annotations to be added to dashboard [Pod Disruption Budget] + annotations: {} + # -- Deploy a [Pod Disruption Budget] for the dashboard + enabled: false + # -- Minimum number / percentage of pods that should remain scheduled + minAvailable: # 1 + # -- Maximum number / percentage of pods that may be made unavailable + maxUnavailable: # 0 + + ## Ingress configuration. + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + # -- Enable dashboard ingress support + enabled: false + # -- Dashboard ingress annotations + annotations: {} + # -- Dashboard ingress labels + labels: {} + # -- Dashboard ingress class name + ingressClassName: "" + + # -- Dashboard ingress hosts + ## Argo Rollouts Dashboard Ingress. + ## Hostnames must be provided if Ingress is enabled. + ## Secrets must be manually created in the namespace + hosts: [] + # - argorollouts.example.com + + # -- Dashboard ingress paths + paths: + - / + # -- Dashboard ingress path type + pathType: Prefix + # -- Dashboard ingress extra paths + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used) + # - path: /* + # pathType: Prefix + # backend: + # service + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Dashboard ingress tls + tls: [] + # - secretName: argorollouts-example-tls + # hosts: + # - argorollouts.example.com + + # -- Additional volumes to add to the dashboard pod + volumes: [] + + # -- Additional volumeMounts to add to the dashboard container + volumeMounts: [] + +notifications: + configmap: + # -- Whether to create notifications configmap + create: true + + secret: + # -- Whether to create notifications secret. + ## If you want to manually create secret, do not forget to add proper label to it: "app.kubernetes.io/component: {{ .Values.controller.component }}". + create: false + # -- Generic key:value pairs to be inserted into the notifications secret + items: {} + # slack-token: + # -- Annotations to be added to the notifications secret + annotations: {} + + # -- Configures notification services + notifiers: {} + # service.slack: | + # token: $slack-token + + # -- Notification templates + templates: {} + # template.my-purple-template: | + # message: | + # Rollout {{.rollout.metadata.name}} has purple image + # slack: + # attachments: | + # [{ + # "title": "{{ .rollout.metadata.name}}", + # "color": "#800080" + # }] + + # -- The trigger defines the condition when the notification should be sent + triggers: {} + # trigger.on-purple: | + # - send: [my-purple-template] + # when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple' + + # -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts + subscriptions: [] + # - recipients: + # - slack: + # triggers: + # - on-rollout-completed + # - on-rollout-aborted diff --git a/charts/argo-workflows/.helmignore b/charts/argo-workflows/.helmignore index f0c13194..ec59d66d 100644 --- a/charts/argo-workflows/.helmignore +++ b/charts/argo-workflows/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +ci/ +*.gotmpl diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index cc7f7c86..c1f8df1a 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -1,15 +1,20 @@ apiVersion: v2 +appVersion: v3.6.4 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.2.3 -appVersion: "v3.0.2" -icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png +version: 0.45.7 +icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: - https://github.com/argoproj/argo-workflows maintainers: - - name: alexec - - name: alexmt - - name: jessesuen - - name: benjaminws + - name: argoproj + url: https://argoproj.github.io/ +annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + artifacthub.io/changes: | + - kind: fixed + description: Update the SSO configuration instructions to reflect the correct field name diff --git a/charts/argo-workflows/README.md b/charts/argo-workflows/README.md index 7e1c9dd7..6e400596 100644 --- a/charts/argo-workflows/README.md +++ b/charts/argo-workflows/README.md @@ -1,21 +1,95 @@ # Argo Workflows Chart -This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). +This is a **community maintained** chart. It is used to set up argo and its needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. ## Pre-Requisites -This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these. +### Custom resource definitions -A few options are: +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. -- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute -- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 3.4.0 (chart version 0.19.0), the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo Workflows chart version prior to 3.4.0 (chart version 0.19.0) or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=" + +# Eg. version v3.3.9 +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" +``` + +### ServiceAccount for Workflow Spec +In order for each Workflow run, you create ServiceAccount via `values.yaml` like below. + +```yaml +workflow: + serviceAccount: + create: true + name: "argo-workflow" + rbac: + create: true +controller: + workflowNamespaces: + - default + - foo + - bar +``` + +Set ServiceAccount on Workflow. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: hello-world- +spec: + entrypoint: whalesay + serviceAccountName: argo-workflow # Set ServiceAccount + templates: + - name: whalesay + container: + image: docker/whalesay + command: [ cowsay ] + args: [ "hello world" ] +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-workflows +NAME: my-release +... +``` + +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. ## Usage Notes -This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. +### High Availability + +This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. +Please see the upstream [Operator Manual's High Availability page](https://argo-workflows.readthedocs.io/en/stable/high-availability/) to understand how to scale Argo Workflows in depth. + +### Workflow controller + +This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. + +### Argo Workflows server authentication + +Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means. +Please refer to [Argo Server Auth Mode] for more details. + +Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details. ## Values @@ -25,7 +99,280 @@ Fields to note: - `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute - `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name - `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor -- `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran +- `singleNamespace`: When true, restricts the workflow controller to operate + in just the single namespace (that one of the Helm release). +- `controller.workflowNamespaces`: This is a list of namespaces where the + workflow controller will manage workflows. Only valid when `singleNamespace` + is false. + +### General parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart | +| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | +| apiVersionOverrides.monitoring | string | `""` | String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart | +| commonLabels | object | `{}` | Labels to set on all resources | +| crds.annotations | object | `{}` | Annotations to be added to all CRDs | +| crds.install | bool | `true` | Install and upgrade CRDs | +| crds.keep | bool | `true` | Keep CRDs on chart uninstall | +| createAggregateRoles | bool | `true` | Create clusterroles that extend existing clusterroles to interact with argo-cd crds | +| emissary.images | list | `[]` | The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. | +| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | +| fullnameOverride | string | `nil` | String to fully override "argo-workflows.fullname" template | +| images.pullPolicy | string | `"Always"` | imagePullPolicy to apply to all containers | +| images.pullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | +| images.tag | string | `""` | Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. | +| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | +| nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | +| singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. | + +### Workflow + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. | +| workflow.rbac.agentPermissions | bool | `false` | Allows permissions for the Argo Agent. Only required if using http/plugin templates | +| workflow.rbac.artifactGC | bool | `false` | Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc | +| workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) | +| workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding | +| workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created | +| workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| workflow.serviceAccount.name | string | `"argo-workflow"` | Service account which is used to run workflows | +| workflow.serviceAccount.pullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` | + +### Workflow Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| controller.affinity | object | `{}` | Assign custom [affinity] rules | +| controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. | +| controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding | +| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] | +| controller.configMap.annotations | object | `{}` | ConfigMap annotations | +| controller.configMap.create | bool | `true` | Create a ConfigMap for the controller | +| controller.configMap.name | string | `""` | ConfigMap name | +| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ | +| controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment | +| controller.extraArgs | list | `[]` | Extra arguments to be added to the controller | +| controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment | +| controller.extraEnv | list | `[]` | Extra environment variables to provide to the controller container | +| controller.extraInitContainers | list | `[]` | Enables init containers to be added to the controller deployment | +| controller.image.registry | string | `"quay.io"` | Registry to use for the controller | +| controller.image.repository | string | `"argoproj/workflow-controller"` | Registry to use for the controller | +| controller.image.tag | string | `""` | Image tag for the workflow controller. Defaults to `.Values.images.tag`. | +| controller.initialDelay | string | `nil` | Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224 | +| controller.instanceID.enabled | bool | `false` | Configures the controller to filter workflow submissions to only those which have a matching instanceID attribute. | +| controller.instanceID.explicitID | string | `""` | Use a custom instanceID | +| controller.instanceID.useReleaseName | bool | `false` | Use ReleaseName as instanceID | +| controller.kubeConfig | object | `{}` (See [values.yaml]) | Configure when workflow controller runs in a different k8s cluster with the workflow workloads, or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. | +| controller.links | list | `[]` | Configure Argo Server to show custom [links] | +| controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller | +| controller.loadBalancerClass | string | `""` | The class of the load balancer implementation | +| controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | +| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | +| controller.logging.globallevel | string | `"0"` | Set the glog logging level | +| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | +| controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server | +| controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service | +| controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.metricsConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes metrics | +| controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | +| controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | +| controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". | +| controller.metricsConfig.port | int | `9090` | Port is the port where metrics are emitted | +| controller.metricsConfig.portName | string | `"metrics"` | Container metrics port name | +| controller.metricsConfig.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping | +| controller.metricsConfig.secure | bool | `false` | Flag that use a self-signed cert for TLS | +| controller.metricsConfig.servicePort | int | `8080` | Service metrics port | +| controller.metricsConfig.servicePortName | string | `"metrics"` | Service metrics port name | +| controller.metricsConfig.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric | +| controller.name | string | `"workflow-controller"` | Workflow controller name string | +| controller.namespaceParallelism | string | `nil` | Limits the maximum number of incomplete workflows in a namespace | +| controller.navColor | string | `""` | Set ui navigation bar background color | +| controller.nodeEvents.enabled | bool | `true` | Enable to emit events on node completion. | +| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] | +| controller.parallelism | string | `nil` | parallelism dictates how many workflows can be running at the same time | +| controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods | +| controller.persistence | object | `{}` | enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. | +| controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods | +| controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers | +| controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. | +| controller.podGCGracePeriodSeconds | string | `30` seconds (Kubernetes default) | Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. | +| controller.podLabels | object | `{}` | Optional labels to add to the controller pods | +| controller.podSecurityContext | object | `{}` | SecurityContext to set on the controller pods | +| controller.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages. | +| controller.rbac.accessAllSecrets | bool | `false` | Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. | +| controller.rbac.create | bool | `true` | Adds Role and RoleBinding for the controller. | +| controller.rbac.secretWhitelist | list | `[]` | Allows controller to get, list, and watch certain k8s secrets | +| controller.rbac.writeConfigMaps | bool | `false` | Allows controller to create and update ConfigMaps. Enables memoization feature | +| controller.replicas | int | `1` | The number of controller pods to run | +| controller.resourceRateLimit | object | `{}` | Globally limits the rate at which pods are created. This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of parallel nodes. | +| controller.resources | object | `{}` | Resource limits and requests for the controller | +| controller.retentionPolicy | object | `{}` | Workflow retention by number of workflows | +| controller.revisionHistoryLimit | int | `10` | The number of revisions to keep. | +| controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext | +| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| controller.serviceAccount.create | bool | `true` | Create a service account for the controller | +| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| controller.serviceAccount.name | string | `""` | Service account name | +| controller.serviceAnnotations | object | `{}` | Annotations to be applied to the controller Service | +| controller.serviceLabels | object | `{}` | Optional labels to add to the controller Service | +| controller.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| controller.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service | +| controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server | +| controller.telemetryConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. | +| controller.telemetryConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes telemetry data | +| controller.telemetryConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory | +| controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path | +| controller.telemetryConfig.port | int | `8081` | telemetry container port | +| controller.telemetryConfig.secure | bool | `false` | Flag that use a self-signed cert for TLS | +| controller.telemetryConfig.servicePort | int | `8081` | telemetry service port | +| controller.telemetryConfig.servicePortName | string | `"telemetry"` | telemetry service port name | +| controller.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the workflow controller | +| controller.volumeMounts | list | `[]` | Additional volume mounts to the controller main container | +| controller.volumes | list | `[]` | Additional volumes to the controller pod | +| controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ | +| controller.workflowEvents.enabled | bool | `true` | Enable to emit events on workflow status changes. | +| controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. | +| controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ | +| controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers | +| controller.workflowWorkers | string | `nil` | Number of workflow workers | + +### Workflow Main Container + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| mainContainer.env | list | `[]` | Adds environment variables for the Workflow main container | +| mainContainer.envFrom | list | `[]` | Adds reference environment variables for the Workflow main container | +| mainContainer.imagePullPolicy | string | `""` | imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`. | +| mainContainer.resources | object | `{}` | Resource limits and requests for the Workflow main container | +| mainContainer.securityContext | object | `{}` | sets security context for the Workflow main container | + +### Workflow Executor + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| executor.args | list | `[]` | Passes arguments to the executor processes | +| executor.env | list | `[]` | Adds environment variables for the executor. | +| executor.image.pullPolicy | string | `""` | Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`. | +| executor.image.registry | string | `"quay.io"` | Registry to use for the Workflow Executors | +| executor.image.repository | string | `"argoproj/argoexec"` | Repository to use for the Workflow Executors | +| executor.image.tag | string | `""` | Image tag for the workflow executor. Defaults to `.Values.images.tag`. | +| executor.resources | object | `{}` | Resource limits and requests for the Workflow Executors | +| executor.securityContext | object | `{}` | sets security context for the executor container | + +### Workflow Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | +| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | +| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine | +| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] | +| server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate | +| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. | +| server.affinity | object | `{}` | Assign custom [affinity] rules | +| server.authMode | string | `""` | Deprecated; use server.authModes instead. | +| server.authModes | list | `[]` | A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. | +| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer | +| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server | +| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] | +| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo Server [HPA] | +| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo Server [HPA] | +| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo Server [HPA] | +| server.baseHref | string | `"/"` | Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. | +| server.clusterWorkflowTemplates.enableEditing | bool | `true` | Give the server permissions to edit ClusterWorkflowTemplates. | +| server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. | +| server.deploymentAnnotations | object | `{}` | optional map of annotations to be applied to the ui Deployment | +| server.enabled | bool | `true` | Deploy the Argo Server | +| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary. | +| server.extraContainers | list | `[]` | Extra containers to be added to the server deployment | +| server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container | +| server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment | +| server.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | +| server.image.registry | string | `"quay.io"` | Registry to use for the server | +| server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server | +| server.image.tag | string | `""` | Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. | +| server.ingress.annotations | object | `{}` | Additional ingress annotations | +| server.ingress.enabled | bool | `false` | Enable an ingress resource | +| server.ingress.extraPaths | list | `[]` | Additional ingress paths | +| server.ingress.hosts | list | `[]` | List of ingress hosts | +| server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | +| server.ingress.labels | object | `{}` | Additional ingress labels | +| server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| server.ingress.paths | list | `["/"]` | List of ingress paths | +| server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for server container | +| server.loadBalancerClass | string | `""` | The class of the load balancer implementation | +| server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` | +| server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` | +| server.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) | +| server.logging.globallevel | string | `"0"` | Set the glog logging level | +| server.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) | +| server.name | string | `"server"` | Server name string | +| server.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] | +| server.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the server pods | +| server.podAnnotations | object | `{}` | optional map of annotations to be applied to the ui Pods | +| server.podLabels | object | `{}` | Optional labels to add to the UI pods | +| server.podSecurityContext | object | `{}` | SecurityContext to set on the server pods | +| server.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages | +| server.rbac.create | bool | `true` | Adds Role and RoleBinding for the server. | +| server.replicas | int | `1` | The number of server pods to run | +| server.resources | object | `{}` | Resource limits and requests for the server | +| server.revisionHistoryLimit | int | `10` | The number of revisions to keep. | +| server.secure | bool | `false` | Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. | +| server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context | +| server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| server.serviceAccount.create | bool | `true` | Create a service account for the server | +| server.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| server.serviceAccount.name | string | `""` | Service account name | +| server.serviceAnnotations | object | `{}` | Annotations to be applied to the UI Service | +| server.serviceLabels | object | `{}` | Optional labels to add to the UI Service | +| server.serviceNodePort | string | `nil` | Service node port | +| server.servicePort | int | `2746` | Service port for server | +| server.servicePortName | string | `""` | Service port name | +| server.serviceType | string | `"ClusterIP"` | Service type for server pods | +| server.sso.clientId.key | string | `"client-id"` | Key of secret to retrieve the app OIDC client ID | +| server.sso.clientId.name | string | `"argo-server-sso"` | Name of secret to retrieve the app OIDC client ID | +| server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret | +| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | +| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | +| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authModes` as `sso`. | +| server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider | +| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | +| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | +| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | +| server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. | +| server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets | +| server.sso.redirectUrl | string | `""` | The OIDC redirect URL. Should be in the form /oauth2/callback. | +| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider | +| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) | +| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. | +| server.tolerations | list | `[]` | [Tolerations] for use with node taints | +| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server | +| server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. | +| server.volumes | list | `[]` | Additional volumes to the server pod. | + +### Artifact Repository + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| artifactRepository.archiveLogs | bool | `false` | Archive the main container logs as an artifact | +| artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage | +| artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store | +| artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store | +| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). Each map key is the name of configmap | +| customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) | +| useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) | ## Breaking changes from the deprecated `argo` chart @@ -45,4 +392,19 @@ Fields to note: 1. switched to quay.io as the default registry for all images 1. removed any included usage of Minio 1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create` -1. moved the previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` +1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` + +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[links]: https://argo-workflows.readthedocs.io/en/stable/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 +[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/stable/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ diff --git a/charts/argo-workflows/README.md.gotmpl b/charts/argo-workflows/README.md.gotmpl new file mode 100644 index 00000000..69838b5a --- /dev/null +++ b/charts/argo-workflows/README.md.gotmpl @@ -0,0 +1,212 @@ +# Argo Workflows Chart + +This is a **community maintained** chart. It is used to set up argo and its needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). + +If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace. + +## Pre-Requisites + +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +Helm cannot upgrade custom resource definitions in the `/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 3.4.0 (chart version 0.19.0), the CRDs have been moved to `/templates` to address this design decision. + +If you are using Argo Workflows chart version prior to 3.4.0 (chart version 0.19.0) or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=" + +# Eg. version v3.3.9 +kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9" +``` + +### ServiceAccount for Workflow Spec +In order for each Workflow run, you create ServiceAccount via `values.yaml` like below. + +```yaml +workflow: + serviceAccount: + create: true + name: "argo-workflow" + rbac: + create: true +controller: + workflowNamespaces: + - default + - foo + - bar +``` + +Set ServiceAccount on Workflow. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Workflow +metadata: + generateName: hello-world- +spec: + entrypoint: whalesay + serviceAccountName: argo-workflow # Set ServiceAccount + templates: + - name: whalesay + container: + image: docker/whalesay + command: [ cowsay ] + args: [ "hello world" ] +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-workflows +NAME: my-release +... +``` + +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. + +## Usage Notes + +### High Availability + +This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point. +Please see the upstream [Operator Manual's High Availability page](https://argo-workflows.readthedocs.io/en/stable/high-availability/) to understand how to scale Argo Workflows in depth. + +### Workflow controller + +This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs. + +### Argo Workflows server authentication + +Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means. +Please refer to [Argo Server Auth Mode] for more details. + +Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details. + + +## Values + +The `values.yaml` contains items used to tweak a deployment of this chart. +Fields to note: + +- `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute +- `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name +- `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor +- `singleNamespace`: When true, restricts the workflow controller to operate + in just the single namespace (that one of the Helm release). +- `controller.workflowNamespaces`: This is a list of namespaces where the + workflow controller will manage workflows. Only valid when `singleNamespace` + is false. + +### General parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if not (or (hasPrefix "workflow" .Key) (hasPrefix "controller" .Key) (hasPrefix "executor" .Key) (hasPrefix "server" .Key) (hasPrefix "artifactRepository" .Key) (hasPrefix "customArtifact" .Key) (hasPrefix "use" .Key) (hasPrefix "mainContainer" .Key) ) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Workflow + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "workflow" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Workflow Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "controller" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Workflow Main Container + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "mainContainer" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Workflow Executor + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "executor" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Workflow Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "server" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Artifact Repository + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if or (hasPrefix "artifactRepository" .Key) (hasPrefix "use" .Key) (hasPrefix "customArtifact" .Key) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Breaking changes from the deprecated `argo` chart + +1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory +1. the CRDs were updated to `apiextensions.k8s.io/v1` +1. the container image registry/project/tag format was changed to be more in line with the more common + + ```yaml + image: + registry: quay.io + repository: argoproj/argocli + tag: v3.0.1 + ``` + + this also makes it easier for automatic update tooling (eg. renovate bot) to detect and update images. + +1. switched to quay.io as the default registry for all images +1. removed any included usage of Minio +1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create` +1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig` + +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[links]: https://argo-workflows.readthedocs.io/en/stable/links/ +[columns]: https://github.com/argoproj/argo-workflows/pull/10693 +[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[values.yaml]: values.yaml +[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog +[SSO RBAC]: https://argo-workflows.readthedocs.io/en/stable/argo-server-sso/ +[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ diff --git a/charts/argo-workflows/ci/default-values.yaml b/charts/argo-workflows/ci/default-values.yaml new file mode 100644 index 00000000..ffc41c8a --- /dev/null +++ b/charts/argo-workflows/ci/default-values.yaml @@ -0,0 +1,3 @@ +# Test with default values +crds: + keep: false diff --git a/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml new file mode 100644 index 00000000..54c6c523 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-ref.yaml @@ -0,0 +1,41 @@ +artifactRepositoryRef: + # 1st ConfigMap + artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # 1st data + default-v1-s3-artifact-repository: + archiveLogs: true + s3: + bucket: my-bucket + endpoint: minio:9000 + insecure: true + accessKeySecret: + name: my-minio-cred + key: accesskey + secretKeySecret: + name: my-minio-cred + key: secretkey + # 2nd data + oss-artifact-repository: + archiveLogs: false + oss: + endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + bucket: $mybucket + accessKeySecret: + name: $mybucket-credentials + key: accessKey + secretKeySecret: + name: $mybucket-credentials + key: secretKey + # 2nd ConfigMap + another-artifact-repositories: + annotations: + workflows.argoproj.io/default-artifact-repository: gcs + gcs: + archiveLogs: false + bucket: my-bucket + keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey diff --git a/charts/argo-workflows/ci/enable-artifact-repo-values.yaml b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml new file mode 100644 index 00000000..c20a5775 --- /dev/null +++ b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml @@ -0,0 +1,46 @@ +# Test with artifact repository +crds: + keep: false + +useStaticCredentials: true +artifactRepository: + archiveLogs: false + s3: + accessKeySecret: + name: "{{ .Release.Name }}-minio" + key: accesskey + secretKeySecret: + name: "{{ .Release.Name }}-minio" + key: secretkey + insecure: false + bucket: + endpoint: + region: + roleARN: + useSDKCreds: true + encryptionOptions: + enableEncryption: true + gcs: + bucket: project-argo + keyFormat: "{{ `{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}` }}" + serviceAccountKeySecret: + name: my-gcs-credentials + key: serviceAccountKey + azure: + endpoint: https://mystorageaccountname.blob.core.windows.net + container: my-container-name + blobNameFormat: path/in/container + useSDKCreds: true + accountKeySecret: + name: my-azure-storage-credentials + key: account-access-key + +customArtifactRepository: + artifactory: + repoUrl: https://artifactory.example.com/raw + usernameSecret: + name: artifactory-creds + key: username + passwordSecret: + name: artifactory-creds + key: password diff --git a/charts/argo-workflows/ci/enable-ingress-values.yaml b/charts/argo-workflows/ci/enable-ingress-values.yaml index d3485603..bfcc37c3 100644 --- a/charts/argo-workflows/ci/enable-ingress-values.yaml +++ b/charts/argo-workflows/ci/enable-ingress-values.yaml @@ -1,5 +1,8 @@ +crds: + keep: false + server: ingress: enabled: true hosts: - - argo-workflows.127.0.0.1.xip.io + - argo-workflows.example.com diff --git a/charts/argo-workflows/ci/enable-metrics-values.yaml b/charts/argo-workflows/ci/enable-metrics-values.yaml index 64c56cc1..32c007be 100644 --- a/charts/argo-workflows/ci/enable-metrics-values.yaml +++ b/charts/argo-workflows/ci/enable-metrics-values.yaml @@ -1,3 +1,6 @@ +crds: + keep: false + controller: serviceMonitor: enabled: false diff --git a/charts/argo-workflows/ci/enable-rbac-values.yaml b/charts/argo-workflows/ci/enable-rbac-values.yaml index 10f717ac..70924084 100644 --- a/charts/argo-workflows/ci/enable-rbac-values.yaml +++ b/charts/argo-workflows/ci/enable-rbac-values.yaml @@ -1,3 +1,6 @@ +crds: + keep: false + workflow: serviceAccount: create: true # Specifies whether a service account should be created diff --git a/charts/argo-workflows/ci/ha-values.yaml b/charts/argo-workflows/ci/ha-values.yaml new file mode 100644 index 00000000..2f495169 --- /dev/null +++ b/charts/argo-workflows/ci/ha-values.yaml @@ -0,0 +1,23 @@ +# Sample values for High Availability configuration, following https://argo-workflows.readthedocs.io/en/stable/high-availability/ + +controller: + # in v3.0+, a second controller can be ran as a hot-standby: https://argo-workflows.readthedocs.io/en/stable/high-availability/#workflow-controller + replicas: 2 # should be strictly greater than PDB minAvailable + # enable PDB with at least one Pod + pdb: + # -- Configure [Pod Disruption Budget] for the controller pods + enabled: true + minAvailable: 1 + +server: + # enable HPA with at least two Pods + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server + enabled: true + # -- Minimum number of replicas for the Argo Server [HPA] + minReplicas: 2 # should be strictly greater than PDB minAvailable + # enable PDB with at least one Pod + pdb: + # -- Configure [Pod Disruption Budget] for the controller pods + enabled: true + minAvailable: 1 diff --git a/charts/argo-workflows/templates/NOTES.txt b/charts/argo-workflows/templates/NOTES.txt index b4933a7d..43c1c8f8 100644 --- a/charts/argo-workflows/templates/NOTES.txt +++ b/charts/argo-workflows/templates/NOTES.txt @@ -1,3 +1,7 @@ +{{- if .Values.server.authMode }} +DEPRECATED option server.authMode - Use server.authModes +{{- end }} + 1. Get Argo Server external IP/domain by running: kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }} diff --git a/charts/argo-workflows/templates/_helpers.tpl b/charts/argo-workflows/templates/_helpers.tpl index a72c148f..ebbba978 100644 --- a/charts/argo-workflows/templates/_helpers.tpl +++ b/charts/argo-workflows/templates/_helpers.tpl @@ -45,6 +45,32 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create kubernetes friendly chart version label for the controller. +Examples: +image.tag = v3.4.4 +output = v3.4.4 + +image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696 +output = v3.4.4 +*/}} +{{- define "argo-workflows.controller_chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + +{{/* +Create kubernetes friendly chart version label for the server. +Examples: +image.tag = v3.4.4 +output = v3.4.4 + +image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696 +output = v3.4.4 +*/}} +{{- define "argo-workflows.server_chart_version_label" -}} +{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.server.image.tag) "") "" | trunc 63 | quote -}} +{{- end -}} + {{/* Common labels */}} @@ -53,6 +79,9 @@ helm.sh/chart: {{ include "argo-workflows.chart" .context }} {{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} app.kubernetes.io/part-of: argo-workflows +{{- with .context.Values.commonLabels }} +{{ toYaml .}} +{{- end }} {{- end }} {{/* @@ -65,9 +94,17 @@ app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }} app.kubernetes.io/instance: {{ .context.Release.Name }} {{- if .component }} app.kubernetes.io/component: {{ .component }} +app: {{ .component }} {{- end }} {{- end }} +{{/* +Create the name of the controller configMap +*/}} +{{- define "argo-workflows.controller.config-map.name" -}} +{{- .Values.controller.configMap.name | default (printf "%s-%s" (include "argo-workflows.controller.fullname" .) "configmap") | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create the name of the server service account to use */}} @@ -94,11 +131,81 @@ Create the name of the controller service account to use Return the appropriate apiVersion for ingress */}} {{- define "argo-workflows.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}} +{{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}} {{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}} +{{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}} {{- print "networking.k8s.io/v1beta1" -}} {{- else -}} {{- print "networking.k8s.io/v1" -}} {{- end -}} {{- end -}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-workflows.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end -}} + +{{/* +Return the default Argo Workflows app version +*/}} +{{- define "argo-workflows.defaultTag" -}} + {{- default .Chart.AppVersion .Values.images.tag }} +{{- end -}} + +{{/* +Return full image name including or excluding registry based on existence +*/}} +{{- define "argo-workflows.image" -}} +{{- if and .image.registry .image.repository -}} + {{ .image.registry }}/{{ .image.repository }} +{{- else -}} + {{ .image.repository }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for autoscaling +*/}} +{{- define "argo-workflows.apiVersion.autoscaling" -}} +{{- if .Values.apiVersionOverrides.autoscaling -}} +{{- print .Values.apiVersionOverrides.autoscaling -}} +{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}} +{{- print "autoscaling/v2beta1" -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for GKE resources +*/}} +{{- define "argo-workflows.apiVersions.cloudgoogle" -}} +{{- if .Values.apiVersionOverrides.cloudgoogle -}} +{{- print .Values.apiVersionOverrides.cloudgoogle -}} +{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}} +{{- print "cloud.google.com/v1" -}} +{{- else -}} +{{- print "cloud.google.com/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for monitoring CRDs +*/}} +{{- define "argo-workflows.apiVersions.monitoring" -}} +{{- if .Values.apiVersionOverrides.monitoring -}} +{{- print .Values.apiVersionOverrides.monitoring -}} +{{- else -}} +{{- print "monitoring.coreos.com/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-workflows.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/agent-rb.yaml b/charts/argo-workflows/templates/controller/agent-rb.yaml new file mode 100644 index 00000000..67e49955 --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/agent-role.yaml b/charts/argo-workflows/templates/controller/agent-role.yaml new file mode 100644 index 00000000..577567b2 --- /dev/null +++ b/charts/argo-workflows/templates/controller/agent-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.agentPermissions -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-workflow-agent + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtasksets + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowtasksets/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml new file mode 100644 index 00000000..279b2c50 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc +subjects: + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-gc-role.yaml b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml new file mode 100644 index 00000000..48218b83 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml @@ -0,0 +1,29 @@ +{{- if .Values.workflow.rbac.artifactGC -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} +rules: + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowartifactgctasks/status + verbs: + - patch + {{- end }} + +{{- end }} diff --git a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml new file mode 100644 index 00000000..81c1d0a7 --- /dev/null +++ b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml @@ -0,0 +1,19 @@ +{{- range $cm_name, $cm_val := .Values.artifactRepositoryRef }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $cm_name }} + namespace: {{ include "argo-workflows.namespace" $ | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }} + {{- with $cm_val.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{- range $data_key, $data_val := (omit $cm_val "annotations") }} + {{- $data_key | nindent 2 }}: | + {{- toYaml $data_val | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml index ba1c202d..2a407b1b 100644 --- a/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml @@ -4,6 +4,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.fullname" . }}-view labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: @@ -19,6 +20,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - get - list @@ -29,6 +36,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.fullname" . }}-edit labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-edit: "true" rules: - apiGroups: @@ -44,6 +52,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - create - delete @@ -59,6 +73,7 @@ kind: ClusterRole metadata: name: {{ template "argo-workflows.fullname" . }}-admin labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: - apiGroups: @@ -74,6 +89,12 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + - workflowartifactgctasks + - workflowartifactgctasks/finalizers verbs: - create - delete diff --git a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml index 34340d14..1e8f764c 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml @@ -1,3 +1,4 @@ +{{- if .Values.controller.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 {{- if .Values.singleNamespace }} kind: Role @@ -6,6 +7,9 @@ kind: ClusterRole {{- end }} metadata: name: {{ template "argo-workflows.controller.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: @@ -13,7 +17,6 @@ rules: - "" resources: - pods - - pods/exec verbs: - create - get @@ -22,6 +25,12 @@ rules: - update - patch - delete +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create - apiGroups: - "" resources: @@ -30,18 +39,28 @@ rules: - get - watch - list + {{- if .Values.controller.rbac.writeConfigMaps }} + - create + - update + {{- end}} - apiGroups: - "" resources: - persistentvolumeclaims + - persistentvolumeclaims/finalizers verbs: - create + - update - delete + - get - apiGroups: - argoproj.io resources: - workflows - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowartifactgctasks verbs: - get - list @@ -59,6 +78,15 @@ rules: - get - list - watch +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + - workflowtaskresults/finalizers + verbs: + - list + - watch + - deletecollection - apiGroups: - argoproj.io resources: @@ -121,21 +149,63 @@ rules: resources: - leases resourceNames: + {{- if .Values.controller.instanceID.enabled }} + {{- if .Values.controller.instanceID.useReleaseName }} + - workflow-controller-{{ .Release.Name }} + - workflow-controller-lease-{{ .Release.Name }} + {{- else }} + - workflow-controller-{{ .Values.controller.instanceID.explicitID }} + - workflow-controller-lease-{{ .Values.controller.instanceID.explicitID }} + {{- end }} + {{- else }} - workflow-controller - workflow-controller-lease + {{- end }} verbs: - get - watch - update - patch - delete +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + resourceNames: + {{/* for HTTP templates */}} + - argo-workflows-agent-ca-certificates +{{- with .Values.controller.rbac.secretWhitelist }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + resourceNames: {{- toYaml . | nindent 4 }} +{{- end }} +{{- if and (not .Values.controller.rbac.secretWhitelist) (.Values.controller.rbac.accessAllSecrets) }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +{{- end }} -{{- if .Values.controller.clusterWorkflowTemplates.enabled }} +{{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} rules: - apiGroups: - argoproj.io @@ -147,3 +217,4 @@ rules: - list - watch {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml index afddb194..49616768 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml @@ -1,27 +1,61 @@ +{{- if .Values.controller.configMap.create }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "argo-workflows.controller.fullname" . }}-configmap + name: {{ template "argo-workflows.controller.config-map.name" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }} + {{- with .Values.controller.configMap.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} data: config: | {{- if .Values.controller.instanceID.enabled }} - {{- if .Values.controller.instanceID.useReleaseName }} + {{- if .Values.controller.instanceID.useReleaseName }} instanceID: {{ .Release.Name }} - {{- else }} + {{- else }} instanceID: {{ .Values.controller.instanceID.explicitID }} + {{- end }} {{- end }} - {{- end }} - containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} {{- if .Values.controller.parallelism }} parallelism: {{ .Values.controller.parallelism }} {{- end }} - {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} + {{- if .Values.controller.resourceRateLimit }} + resourceRateLimit: {{- toYaml .Values.controller.resourceRateLimit | nindent 6 }} + {{- end }} + {{- with .Values.controller.namespaceParallelism }} + namespaceParallelism: {{ . }} + {{- end }} + {{- with .Values.controller.initialDelay }} + initialDelay: {{ . }} + {{- end }} + {{- if or .Values.mainContainer.resources .Values.mainContainer.env .Values.mainContainer.envFrom .Values.mainContainer.securityContext}} + mainContainer: + imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.mainContainer.imagePullPolicy }} + {{- with .Values.mainContainer.resources }} + resources: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mainContainer.env }} + env: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mainContainer.envFrom }} + envFrom: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.mainContainer.securityContext }} + securityContext: {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- if or .Values.executor.resources .Values.executor.env .Values.executor.args .Values.executor.securityContext}} executor: + imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.executor.image.pullPolicy }} {{- with .Values.executor.resources }} resources: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.executor.args }} + args: {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.executor.env }} env: {{- toYaml . | nindent 8 }} {{- end }} @@ -29,32 +63,45 @@ data: securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - {{- if .Values.useDefaultArtifactRepo }} + {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }} artifactRepository: {{- if .Values.artifactRepository.archiveLogs }} archiveLogs: {{ .Values.artifactRepository.archiveLogs }} {{- end }} - {{- if .Values.artifactRepository.gcs }} - gcs: -{{ toYaml .Values.artifactRepository.gcs | indent 8}} - {{- else }} + {{- with .Values.artifactRepository.gcs }} + gcs: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.artifactRepository.azure }} + azure: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- if .Values.artifactRepository.s3 }} s3: {{- if .Values.useStaticCredentials }} accessKeySecret: - key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} - name: {{ .Values.artifactRepository.s3.accessKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }} secretKeySecret: - key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} - name: {{ .Values.artifactRepository.s3.secretKeySecret.name }} + key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }} + {{- if .Values.artifactRepository.s3.sessionTokenSecret }} + sessionTokenSecret: + key: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.key . }} + name: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.name . }} {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket }} - endpoint: {{ .Values.artifactRepository.s3.endpoint }} + {{- end }} + bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }} + endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }} insecure: {{ .Values.artifactRepository.s3.insecure }} + {{- if .Values.artifactRepository.s3.caSecret }} + caSecret: + name: {{ tpl .Values.artifactRepository.s3.caSecret.name . }} + key: {{ tpl .Values.artifactRepository.s3.caSecret.key . }} + {{- end }} {{- if .Values.artifactRepository.s3.keyFormat }} keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }} {{- end }} {{- if .Values.artifactRepository.s3.region }} - region: {{ .Values.artifactRepository.s3.region }} + region: {{ tpl .Values.artifactRepository.s3.region $ }} {{- end }} {{- if .Values.artifactRepository.s3.roleARN }} roleARN: {{ .Values.artifactRepository.s3.roleARN }} @@ -62,22 +109,76 @@ data: {{- if .Values.artifactRepository.s3.useSDKCreds }} useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }} {{- end }} + {{- with .Values.artifactRepository.s3.encryptionOptions }} + encryptionOptions: + {{- toYaml . | nindent 10 }} + {{- end }} {{- end }} - {{- end}} + {{- if .Values.customArtifactRepository }} + {{- toYaml .Values.customArtifactRepository | nindent 6 }} + {{- end }} + {{- end }} {{- if .Values.controller.metricsConfig.enabled }} metricsConfig: -{{ toYaml .Values.controller.metricsConfig | indent 6}}{{- end }} + enabled: {{ .Values.controller.metricsConfig.enabled }} + path: {{ .Values.controller.metricsConfig.path }} + port: {{ .Values.controller.metricsConfig.port }} + {{- if .Values.controller.metricsConfig.metricsTTL }} + metricsTTL: {{ .Values.controller.metricsConfig.metricsTTL }} + {{- end }} + ignoreErrors: {{ .Values.controller.metricsConfig.ignoreErrors }} + secure: {{ .Values.controller.metricsConfig.secure }} + {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} telemetryConfig: -{{ toYaml .Values.controller.telemetryConfig | indent 6}}{{- end }} + enabled: {{ .Values.controller.telemetryConfig.enabled }} + path: {{ .Values.controller.telemetryConfig.path }} + port: {{ .Values.controller.telemetryConfig.port }} + {{- if .Values.controller.telemetryConfig.metricsTTL }} + metricsTTL: {{ .Values.controller.telemetryConfig.metricsTTL }} + {{- end }} + ignoreErrors: {{ .Values.controller.telemetryConfig.ignoreErrors }} + secure: {{ .Values.controller.telemetryConfig.secure }} + {{- end }} {{- if .Values.controller.persistence }} persistence: {{ toYaml .Values.controller.persistence | indent 6 }}{{- end }} {{- if .Values.controller.workflowDefaults }} workflowDefaults: {{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }} - {{- with .Values.server.sso }} - sso: {{- toYaml . | nindent 6 }} + {{- if .Values.server.sso.enabled }} + sso: + issuer: {{ .Values.server.sso.issuer }} + clientId: + name: {{ .Values.server.sso.clientId.name }} + key: {{ .Values.server.sso.clientId.key }} + clientSecret: + name: {{ .Values.server.sso.clientSecret.name }} + key: {{ .Values.server.sso.clientSecret.key }} + redirectUrl: {{ .Values.server.sso.redirectUrl | quote }} + rbac: + enabled: {{ .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.scopes }} + scopes: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.sso.issuerAlias }} + issuerAlias: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.sessionExpiry }} + sessionExpiry: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.customGroupClaimName }} + customGroupClaimName: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.userInfoPath }} + userInfoPath: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.insecureSkipVerify }} + insecureSkipVerify: {{ toYaml . }} + {{- end }} + {{- with .Values.server.sso.filterGroupsRegex }} + filterGroupsRegex: {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- with .Values.controller.workflowRestrictions }} workflowRestrictions: {{- toYaml . | nindent 6 }} @@ -85,3 +186,29 @@ data: {{- with .Values.controller.links }} links: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.controller.columns }} + columns: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.navColor }} + navColor: {{ . }} + {{- end }} + {{- with .Values.controller.retentionPolicy }} + retentionPolicy: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.emissary.images }} + images: {{- toYaml . | nindent 6 }} + {{- end }} + nodeEvents: + enabled: {{ .Values.controller.nodeEvents.enabled }} + workflowEvents: + enabled: {{ .Values.controller.workflowEvents.enabled }} + {{- with .Values.controller.kubeConfig }} + kubeConfig: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.controller.podGCGracePeriodSeconds }} + podGCGracePeriodSeconds: {{ . }} + {{- end }} + {{- with .Values.controller.podGCDeleteDelayDuration }} + podGCDeleteDelayDuration: {{ . }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml index 1235e325..93e0557b 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml @@ -1,3 +1,4 @@ +{{- if .Values.controller.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 {{- if .Values.singleNamespace }} kind: RoleBinding @@ -6,6 +7,9 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ template "argo-workflows.controller.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} roleRef: @@ -19,18 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- if .Values.controller.workflowNamespaces }} -{{- $uiServiceAccount := (include "argo-workflows.controllerServiceAccountName" .) }} -{{- $namespace := .Release.Namespace }} -{{- range $key := .Values.controller.workflowNamespaces }} - {{- if not (eq $key $namespace) }} - - kind: ServiceAccount - name: {{ $uiServiceAccount }} - namespace: {{ $key }} - {{- end }} -{{- end }} -{{- end }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.controller.clusterWorkflowTemplates.enabled }} --- @@ -47,5 +40,11 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} +{{- range .Values.controller.clusterWorkflowTemplates.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} +{{- end }} +{{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml index 564ba412..bee7c199 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml @@ -1,8 +1,9 @@ {{- if .Values.controller.pdb.enabled }} -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml index 9f80ea7f..b3db5f4e 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml @@ -2,11 +2,17 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} + {{- with .Values.controller.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} @@ -14,7 +20,7 @@ spec: metadata: labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} {{- with.Values.controller.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -28,20 +34,26 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controller.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} containers: - name: controller - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}" + image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} command: [ "workflow-controller" ] args: - "--configmap" - - "{{ template "argo-workflows.controller.fullname" . }}-configmap" + - "{{ template "argo-workflows.controller.config-map.name" . }}" - "--executor-image" - - "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ .Values.executor.image.tag | default .Chart.AppVersion }}" + - "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}" - "--loglevel" - "{{ .Values.controller.logging.level }}" - "--gloglevel" - "{{ .Values.controller.logging.globallevel }}" + - "--log-format" + - "{{ .Values.controller.logging.format }}" {{- if .Values.singleNamespace }} - "--namespaced" {{- end }} @@ -49,8 +61,16 @@ spec: - "--workflow-workers" - {{ . | quote }} {{- end }} - {{- with .Values.controller.podWorkers }} - - "--pod-workers" + {{- with .Values.controller.workflowTTLWorkers }} + - "--workflow-ttl-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.podCleanupWorkers }} + - "--pod-cleanup-workers" + - {{ . | quote }} + {{- end }} + {{- with .Values.controller.cronWorkflowWorkers }} + - "--cron-workflow-workers" - {{ . | quote }} {{- end }} {{- with .Values.controller.extraArgs }} @@ -69,24 +89,35 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.name + {{- if eq (int .Values.controller.replicas) 1 }} + - name: LEADER_ELECTION_DISABLE + value: "true" + {{- end }} {{- with .Values.controller.extraEnv }} {{- toYaml . | nindent 12 }} {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 12 }} + {{- with .Values.controller.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} ports: - - name: metrics + - name: {{ .Values.controller.metricsConfig.portName }} containerPort: {{ .Values.controller.metricsConfig.port }} - livenessProbe: - httpGet: - port: metrics - path: {{ .Values.controller.metricsConfig.path }} - initialDelaySeconds: 30 - periodSeconds: 30 + - containerPort: 6060 + livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }} + {{- with .Values.controller.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.images.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controller.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.controller.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -99,6 +130,17 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml index e917bb41..fd1db89f 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml @@ -1,8 +1,16 @@ +{{- if .Values.controller.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.controllerServiceAccountName" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{ with .Values.controller.serviceAccount.annotations }} annotations: {{- toYaml .| nindent 4 }} {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml index 5c248f49..4a1290ba 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml @@ -3,9 +3,10 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }} {{- with .Values.controller.serviceLabels }} {{ toYaml . | nindent 4 }} {{- end }} @@ -31,8 +32,16 @@ spec: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.controller.serviceType }} - {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }} + {{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }} + clusterIP: None + {{- end }} + {{- if eq .Values.controller.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- if .Values.controller.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml index 54cf1b31..46fd18dd 100644 --- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml +++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml @@ -1,8 +1,10 @@ -{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 +{{- $apiVersion := include "argo-workflows.apiVersions.monitoring" . }} +{{- if and (.Capabilities.APIVersions.Has $apiVersion) (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }} +apiVersion: {{ $apiVersion }} kind: ServiceMonitor metadata: name: {{ template "argo-workflows.controller.fullname" . }} + namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} {{- with .Values.controller.serviceMonitor.additionalLabels }} @@ -11,18 +13,40 @@ metadata: spec: endpoints: {{- if .Values.controller.metricsConfig.enabled }} - - port: metrics + - port: {{ .Values.controller.metricsConfig.servicePortName }} path: {{ .Values.controller.metricsConfig.path }} - interval: 30s + interval: {{ .Values.controller.metricsConfig.interval }} + {{- with .Values.controller.metricsConfig.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metricsConfig.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} {{- end }} {{- if .Values.controller.telemetryConfig.enabled }} - port: telemetry path: {{ .Values.controller.telemetryConfig.path }} - interval: 30s + interval: {{ .Values.controller.telemetryConfig.interval }} + {{- with .Values.controller.metricsConfig.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metricsConfig.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.controller.metricsConfig.honorLabels }} + {{- end }} + {{- with .Values.controller.metricsConfig.targetLabels }} + targetLabels: + {{- toYaml . | nindent 8 }} {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "argo-workflows.namespace" . | quote }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} diff --git a/charts/argo-workflows/templates/controller/workflow-rb.yaml b/charts/argo-workflows/templates/controller/workflow-rb.yaml index 9b27c045..d1d0e329 100644 --- a/charts/argo-workflows/templates/controller/workflow-rb.yaml +++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml @@ -1,19 +1,29 @@ {{- if .Values.workflow.rbac.create -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "argo-workflows.fullname" . }}-workflow - {{- with .Values.workflow.namespace }} - namespace: {{ . }} - {{- end }} + name: {{ template "argo-workflows.fullname" $ }}-workflow + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "argo-workflows.fullname" . }}-workflow + name: {{ template "argo-workflows.fullname" $ }}-workflow subjects: -- kind: ServiceAccount - name: {{ .Values.workflow.serviceAccount.name }} - {{- with .Values.workflow.namespace }} - namespace: {{ . }} + - kind: ServiceAccount + name: {{ $.Values.workflow.serviceAccount.name }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- range $.Values.workflow.rbac.serviceAccounts }} + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ .namespace | quote }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index bf8b3cff..81c20048 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -1,25 +1,23 @@ {{- if .Values.workflow.rbac.create -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "argo-workflows.fullname" . }}-workflow - {{- with .Values.workflow.namespace }} + name: {{ template "argo-workflows.fullname" $ }}-workflow + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $namespace }} namespace: {{ . }} - {{- end }} + {{- end }} rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch + - apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - create + - patch + {{- end }} + {{- end }} diff --git a/charts/argo-workflows/templates/controller/workflow-sa.yaml b/charts/argo-workflows/templates/controller/workflow-sa.yaml index dc84f2b1..c6fff691 100644 --- a/charts/argo-workflows/templates/controller/workflow-sa.yaml +++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml @@ -1,13 +1,25 @@ {{- if .Values.workflow.serviceAccount.create -}} + {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }} +--- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Values.workflow.serviceAccount.name }} - {{- with .Values.workflow.namespace }} - namespace: {{ . }} - {{- end }} - {{- with .Values.workflow.serviceAccount.annotations }} - annotations: + name: {{ $.Values.workflow.serviceAccount.name }} + labels: + {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }} + {{- with $.Values.workflow.serviceAccount.labels }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with $namespace }} + namespace: {{ . }} + {{- end }} + {{- with $.Values.workflow.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $.Values.workflow.serviceAccount.pullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml similarity index 66% rename from charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml index fa7da83a..9264eaba 100644 --- a/charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -1,7 +1,16 @@ +{{- if .Values.crds.install }} +{{- if or (.Values.server.clusterWorkflowTemplates.enabled) (.Values.controller.clusterWorkflowTemplates.enabled) }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterworkflowtemplates.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -26,6 +35,7 @@ spec: type: object spec: type: object + x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true required: - metadata @@ -33,3 +43,5 @@ spec: type: object served: true storage: true +{{- end }} +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml b/charts/argo-workflows/templates/crds/argoproj.io_cronworkflows.yaml similarity index 72% rename from charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_cronworkflows.yaml index 2878fe9b..7b932d8f 100644 --- a/charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_cronworkflows.yaml @@ -1,7 +1,15 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: cronworkflows.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -26,9 +34,11 @@ spec: type: object spec: type: object + x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true status: type: object + x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true required: - metadata @@ -36,3 +46,4 @@ spec: type: object served: true storage: true +{{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml new file mode 100644 index 00000000..6a474715 --- /dev/null +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml @@ -0,0 +1,1146 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowartifactgctasks.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: WorkflowArtifactGCTask + listKind: WorkflowArtifactGCTaskList + plural: workflowartifactgctasks + shortNames: + - wfat + singular: workflowartifactgctask + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + artifactsByNode: + additionalProperties: + properties: + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + type: object + artifacts: + additionalProperties: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: object + type: object + type: object + type: object + status: + properties: + artifactResultsByNode: + additionalProperties: + properties: + artifactResults: + additionalProperties: + properties: + error: + type: string + name: + type: string + success: + type: boolean + required: + - name + type: object + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml new file mode 100644 index 00000000..f11df956 --- /dev/null +++ b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml @@ -0,0 +1,690 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + event: + properties: + selector: + type: string + required: + - selector + type: object + submit: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + metadata: + type: object + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + required: + - workflowTemplateRef + type: object + required: + - event + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_workflows.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflows.yaml similarity index 68% rename from charts/argo-workflows/crds/argoproj.io_workflows.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_workflows.yaml index f3751e18..85b71f91 100644 --- a/charts/argo-workflows/crds/argoproj.io_workflows.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflows.yaml @@ -1,7 +1,15 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: workflows.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -23,6 +31,11 @@ spec: jsonPath: .status.startedAt name: Age type: date + - description: Human readable message indicating details about why the workflow + is in this condition. + jsonPath: .status.message + name: Message + type: string name: v1alpha1 schema: openAPIV3Schema: @@ -35,9 +48,11 @@ spec: type: object spec: type: object + x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true status: type: object + x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true required: - metadata @@ -46,3 +61,4 @@ spec: served: true storage: true subresources: {} +{{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml new file mode 100644 index 00000000..02f3f08b --- /dev/null +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml @@ -0,0 +1,671 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtaskresults.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: WorkflowTaskResult + listKind: WorkflowTaskResultList + plural: workflowtaskresults + singular: workflowtaskresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + message: + type: string + metadata: + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + insecureSkipTLS: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + dataTransferProtection: + type: string + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbConfigConfigMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbKeytabSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + usernameSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientSecretSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + securityToken: + type: string + useSDKCreds: + type: boolean + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + type: string + caSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + progress: + type: string + required: + - metadata + type: object + served: true + storage: true +{{- end }} diff --git a/charts/argo-workflows/templates/crds/argoproj.io_workflowtasksets.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtasksets.yaml new file mode 100644 index 00000000..74692941 --- /dev/null +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtasksets.yaml @@ -0,0 +1,50 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtasksets.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: WorkflowTaskSet + listKind: WorkflowTaskSetList + plural: workflowtasksets + shortNames: + - wfts + singular: workflowtaskset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml b/charts/argo-workflows/templates/crds/argoproj.io_workflowtemplates.yaml similarity index 73% rename from charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml rename to charts/argo-workflows/templates/crds/argoproj.io_workflowtemplates.yaml index f6fa080a..810e6f51 100644 --- a/charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml +++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtemplates.yaml @@ -1,7 +1,15 @@ +{{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: workflowtemplates.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: group: argoproj.io names: @@ -25,6 +33,7 @@ spec: type: object spec: type: object + x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true required: - metadata @@ -32,3 +41,4 @@ spec: type: object served: true storage: true +{{- end }} diff --git a/charts/argo-workflows/templates/extra-manifests.yaml b/charts/argo-workflows/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/charts/argo-workflows/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argo-workflows/templates/server/gke/backendconfig.yaml b/charts/argo-workflows/templates/server/gke/backendconfig.yaml new file mode 100644 index 00000000..0d439b62 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/backendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEbackendConfig.enabled }} +apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }} +kind: BackendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml new file mode 100644 index 00000000..32cfc3a1 --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml @@ -0,0 +1,11 @@ +{{- if .Values.server.GKEfrontendConfig.enabled }} +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml new file mode 100644 index 00000000..4d1f840e --- /dev/null +++ b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml @@ -0,0 +1,12 @@ +{{- if .Values.server.GKEmanagedCertificate.enabled }} +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} +spec: + domains: + {{- with .Values.server.GKEmanagedCertificate.domains }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-cluster-roles.yaml b/charts/argo-workflows/templates/server/server-cluster-roles.yaml index 6403bf96..f0953099 100644 --- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml +++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml @@ -1,4 +1,4 @@ -{{- if .Values.server.enabled }} +{{- if and .Values.server.enabled .Values.server.rbac.create}} apiVersion: rbac.authorization.k8s.io/v1 {{- if .Values.singleNamespace }} kind: Role @@ -7,6 +7,9 @@ kind: ClusterRole {{- end }} metadata: name: {{ template "argo-workflows.server.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} rules: @@ -23,14 +26,19 @@ rules: - "" resources: - pods - - pods/exec - - pods/log verbs: - get - list - watch - delete - {{- if .Values.server.sso }} +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list +{{- if .Values.server.sso.enabled }} - apiGroups: - "" resources: @@ -39,14 +47,13 @@ rules: - sso verbs: - get - - update - apiGroups: - "" resources: - secrets verbs: - create - {{- if .Values.server.sso.rbac }} + {{- if .Values.server.sso.rbac.enabled }} - apiGroups: - "" resources: @@ -54,19 +61,18 @@ rules: verbs: - get - list - {{- end }} + - watch {{- end }} +{{- end }} - apiGroups: - "" resources: - secrets verbs: - get -{{- if .Values.server.sso }} - {{- if .Values.server.sso.rbac }} - {{- with .Values.server.sso.rbac.secretWhitelist }} +{{- if and .Values.server.sso.enabled .Values.server.sso.rbac.enabled }} + {{- with .Values.server.sso.rbac.secretWhitelist }} resourceNames: {{- toYaml . | nindent 4 }} - {{- end }} {{- end }} {{- end }} - apiGroups: @@ -112,7 +118,7 @@ rules: - patch - delete -{{- if .Values.server.clusterWorkflowTemplates.enabled }} +{{- if and .Values.server.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/argo-workflows/templates/server/server-crb.yaml b/charts/argo-workflows/templates/server/server-crb.yaml index 16d55902..4ffb9107 100644 --- a/charts/argo-workflows/templates/server/server-crb.yaml +++ b/charts/argo-workflows/templates/server/server-crb.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}} +{{- if and .Values.server.enabled .Values.server.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1 {{- if .Values.singleNamespace }} kind: RoleBinding @@ -7,6 +7,9 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ template "argo-workflows.server.fullname" . }} + {{- if .Values.singleNamespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + {{- end }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} roleRef: @@ -20,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- if .Values.server.clusterWorkflowTemplates.enabled }} --- @@ -37,6 +40,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "argo-workflows.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "argo-workflows.namespace" . | quote }} {{- end -}} {{- end -}} diff --git a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml new file mode 100644 index 00000000..142bc31b --- /dev/null +++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.server.enabled .Values.server.autoscaling.enabled }} +apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "argo-workflows.server.fullname" . }} + minReplicas: {{ .Values.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + metrics: + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ . }} + {{- else }} + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }} + targetAverageUtilization: {{ . }} + {{- else }} + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml index aeba6547..47f8394d 100644 --- a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml +++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml @@ -1,8 +1,9 @@ {{- if and .Values.server.enabled .Values.server.pdb.enabled -}} -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: diff --git a/charts/argo-workflows/templates/server/server-deployment.yaml b/charts/argo-workflows/templates/server/server-deployment.yaml index 5effabf6..b9a2541b 100644 --- a/charts/argo-workflows/templates/server/server-deployment.yaml +++ b/charts/argo-workflows/templates/server/server-deployment.yaml @@ -3,11 +3,19 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} + {{- with .Values.server.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: + {{- if not .Values.server.autoscaling.enabled }} replicas: {{ .Values.server.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.server.revisionHistoryLimit }} selector: matchLabels: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} @@ -15,7 +23,7 @@ spec: metadata: labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} {{- with .Values.server.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -29,22 +37,42 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.extraInitContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} containers: - name: argo-server - image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" + image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}" imagePullPolicy: {{ .Values.images.pullPolicy }} securityContext: {{- toYaml .Values.server.securityContext | nindent 12 }} args: - server - - --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap + - --configmap={{ template "argo-workflows.controller.config-map.name" . }} {{- with .Values.server.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} + {{- if .Values.server.authMode }} + - "--auth-mode={{ .Values.server.authMode }}" + {{- end }} + {{- range .Values.server.authModes }} + - "--auth-mode={{ . }}" + {{- end }} - "--secure={{ .Values.server.secure }}" {{- if .Values.singleNamespace }} - "--namespaced" {{- end }} + - "--loglevel" + - "{{ .Values.server.logging.level }}" + - "--gloglevel" + - "{{ .Values.server.logging.globallevel }}" + - "--log-format" + - "{{ .Values.server.logging.format }}" ports: - name: web containerPort: 2746 @@ -67,7 +95,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: BASE_HREF + - name: ARGO_BASE_HREF value: {{ .Values.server.baseHref | quote }} {{- with .Values.server.extraEnv }} {{- toYaml . | nindent 12 }} @@ -80,13 +108,23 @@ spec: {{- with .Values.server.volumeMounts }} {{- toYaml . | nindent 10}} {{- end }} + {{- with .Values.server.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.server.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} {{- with .Values.images.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: tmp - emptyDir: {} + {{- toYaml .Values.server.tmpVolume | nindent 8 }} {{- with .Values.server.volumes }} {{- toYaml . | nindent 6}} {{- end }} @@ -102,6 +140,17 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.server.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} {{- with .Values.server.priorityClassName }} priorityClassName: {{ . }} {{- end }} diff --git a/charts/argo-workflows/templates/server/server-ingress.yaml b/charts/argo-workflows/templates/server/server-ingress.yaml index f0488031..db69b012 100644 --- a/charts/argo-workflows/templates/server/server-ingress.yaml +++ b/charts/argo-workflows/templates/server/server-ingress.yaml @@ -3,6 +3,7 @@ {{- $servicePort := .Values.server.servicePort -}} {{- $paths := .Values.server.ingress.paths -}} {{- $extraPaths := .Values.server.ingress.extraPaths -}} +{{- $pathType := .Values.server.ingress.pathType -}} apiVersion: {{ include "argo-workflows.ingress.apiVersion" . }} kind: Ingress metadata: @@ -13,13 +14,14 @@ metadata: {{- end }} {{- end }} name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- if .Values.server.ingress.labels }} {{- toYaml .Values.server.ingress.labels | nindent 4 }} {{- end }} spec: - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} {{- with .Values.server.ingress.ingressClassName }} ingressClassName: {{ . }} {{- end }} @@ -35,11 +37,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - pathType: Prefix + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: {{ $pathType }} {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: @@ -62,11 +64,11 @@ spec: {{- end }} {{- range $p := $paths }} - path: {{ $p }} - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - pathType: Prefix + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} + pathType: {{ $pathType }} {{- end }} backend: - {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }} + {{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }} service: name: {{ $serviceName }} port: diff --git a/charts/argo-workflows/templates/server/server-sa.yaml b/charts/argo-workflows/templates/server/server-sa.yaml index adcf7b48..d2c9c535 100644 --- a/charts/argo-workflows/templates/server/server-sa.yaml +++ b/charts/argo-workflows/templates/server/server-sa.yaml @@ -3,6 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "argo-workflows.serverServiceAccountName" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} + labels: + {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.server.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/argo-workflows/templates/server/server-service.yaml b/charts/argo-workflows/templates/server/server-service.yaml index 5d161ee8..39c37792 100644 --- a/charts/argo-workflows/templates/server/server-service.yaml +++ b/charts/argo-workflows/templates/server/server-service.yaml @@ -3,9 +3,13 @@ apiVersion: v1 kind: Service metadata: name: {{ template "argo-workflows.server.fullname" . }} + namespace: {{ include "argo-workflows.namespace" . | quote }} labels: {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} - app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }} + app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }} + {{- with .Values.server.serviceLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} {{- with .Values.server.serviceAnnotations }} annotations: {{- toYaml . | nindent 4 }} @@ -17,15 +21,23 @@ spec: name: {{ . }} {{- end }} targetPort: 2746 + {{- if and (eq .Values.server.serviceType "NodePort") .Values.server.serviceNodePort }} + nodePort: {{ .Values.server.serviceNodePort }} + {{- end }} selector: {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} sessionAffinity: None type: {{ .Values.server.serviceType }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }} + {{- if eq .Values.server.serviceType "LoadBalancer" }} + {{- with .Values.controller.loadBalancerClass }} + loadBalancerClass: {{ . }} {{- end }} - {{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }} + {{- with .Values.server.loadBalancerIP }} + loadBalancerIP: {{ . | quote }} + {{- end }} + {{- if .Values.server.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml index 7de0dfea..0c044454 100644 --- a/charts/argo-workflows/values.yaml +++ b/charts/argo-workflows/values.yaml @@ -1,60 +1,167 @@ images: - # imagePullPolicy to apply to all containers + # -- Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. + tag: "" + # -- imagePullPolicy to apply to all containers pullPolicy: Always - # Secrets with credentials to pull images from a private registry + # -- Secrets with credentials to pull images from a private registry pullSecrets: [] # - name: argo-pull-secret -init: - # By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is - # being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info. - serviceAccount: "" +## Custom resource configuration +crds: + # -- Install and upgrade CRDs + install: true + # -- Keep CRDs on chart uninstall + keep: true + # -- Annotations to be added to all CRDs + annotations: {} +# -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles createAggregateRoles: true -## String to partially override "argo-workflows.fullname" template -## +# -- String to partially override "argo-workflows.fullname" template nameOverride: -## String to fully override "argo-workflows.fullname" template -## +# -- String to fully override "argo-workflows.fullname" template fullnameOverride: -# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents, -# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy. +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" + +# -- Labels to set on all resources +commonLabels: {} + +# -- Override the Kubernetes version, which is used to evaluate certain manifests +kubeVersionOverride: "" + +# Override APIVersions +apiVersionOverrides: + # -- String to override apiVersion of autoscaling rendered by this helm chart + autoscaling: "" # autoscaling/v2 + # -- String to override apiVersion of GKE resources rendered by this helm chart + cloudgoogle: "" # cloud.google.com/v1 + # -- String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart + monitoring: "" # monitoring.coreos.com/v1 + +# -- Restrict Argo to operate only in a single namespace (the namespace of the +# Helm release) by apply Roles and RoleBindings instead of the Cluster +# equivalents, and start workflow-controller with the --namespaced flag. Use it +# in clusters with strict access policy. singleNamespace: false workflow: - namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created. + # -- Deprecated; use controller.workflowNamespaces instead. + namespace: serviceAccount: - create: false # Specifies whether a service account should be created + # -- Specifies whether a service account should be created + create: false + # -- Labels applied to created service account + labels: {} + # -- Annotations applied to created service account annotations: {} - name: "argo-workflow" # Service account which is used to run workflows + # -- Service account which is used to run workflows + name: "argo-workflow" + # -- Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` + pullSecrets: [] rbac: - create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows + # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. + # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) + create: true + # -- Allows permissions for the Argo Agent. Only required if using http/plugin templates + agentPermissions: false + # -- Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc + artifactGC: false + # -- Extra service accounts to be added to the RoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace controller: image: + # -- Registry to use for the controller registry: quay.io + # -- Registry to use for the controller repository: argoproj/workflow-controller - # Overrides the image tag whose default is the chart appVersion. + # -- Image tag for the workflow controller. Defaults to `.Values.images.tag`. tag: "" - # parallelism dictates how many workflows can be running at the same time + # -- parallelism dictates how many workflows can be running at the same time parallelism: - # podAnnotations is an optional map of annotations to be applied to the controller Pods + # -- Globally limits the rate at which pods are created. + # This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of + # parallel nodes. + resourceRateLimit: {} + # limit: 10 + # burst: 1 + + rbac: + # -- Adds Role and RoleBinding for the controller. + create: true + # -- Allows controller to get, list, and watch certain k8s secrets + secretWhitelist: [] + # -- Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. + accessAllSecrets: false + # -- Allows controller to create and update ConfigMaps. Enables memoization feature + writeConfigMaps: false + + configMap: + # -- Create a ConfigMap for the controller + create: true + # -- ConfigMap name + name: "" + # -- ConfigMap annotations + annotations: {} + + # -- Limits the maximum number of incomplete workflows in a namespace + namespaceParallelism: + # -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224 + initialDelay: + # -- deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment + deploymentAnnotations: {} + # -- podAnnotations is an optional map of annotations to be applied to the controller Pods podAnnotations: {} - # Optional labels to add to the controller pods + # -- Optional labels to add to the controller pods podLabels: {} - # SecurityContext to set on the controller pods + # -- SecurityContext to set on the controller pods podSecurityContext: {} # podPortName: http metricsConfig: + # -- Enables prometheus metrics server enabled: false + # -- Path is the path where metrics are emitted. Must start with a "/". path: /metrics + # -- Frequency at which prometheus scrapes metrics + interval: 30s + # -- Port is the port where metrics are emitted port: 9090 + # -- How often custom metrics are cleared from memory + metricsTTL: "" + # -- Flag that instructs prometheus to ignore metric emission errors. + ignoreErrors: false + # -- Flag that use a self-signed cert for TLS + secure: false + # -- Container metrics port name + portName: metrics + # -- Service metrics port servicePort: 8080 + # -- Service metrics port name servicePortName: metrics - # the controller container's securityContext + # -- Flag to enable headless service + headlessService: false + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#honorlabels + honorLabels: false + # -- ServiceMonitor relabel configs to apply to samples before scraping + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + relabelings: [] + # -- ServiceMonitor metric relabel configs to apply to samples before ingestion + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint + metricRelabelings: [] + # -- ServiceMonitor will add labels from the service to the Prometheus metric + ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec + targetLabels: [] + # -- the controller container's securityContext securityContext: readOnlyRootFilesystem: true runAsNonRoot: true @@ -62,6 +169,8 @@ controller: capabilities: drop: - ALL + # -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. + ## Ref: https://argo-workflows.readthedocs.io/en/stable/workflow-archive/ persistence: {} # connectionPool: # maxIdleConns: 100 @@ -82,113 +191,304 @@ controller: # passwordSecret: # name: argo-postgres-config # key: password - workflowDefaults: {} # Only valid for 2.7+ - # spec: - # ttlStrategy: - # secondsAfterCompletion: 84600 - # workflowWorkers: 32 - # podWorkers: 32 - workflowRestrictions: {} # Only valid for 2.9+ - # templateReferencing: Strict|Secure + # ssl: true + # # sslMode must be one of: disable, require, verify-ca, verify-full + # # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq + # sslMode: require + # mysql: + # host: localhost + # port: 3306 + # database: argo + # tableName: argo_workflows + # userNameSecret: + # name: argo-mysql-config + # key: username + # passwordSecret: + # name: argo-mysql-config + # key: password + + # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. + # Only valid for 2.7+ + ## See more: https://argo-workflows.readthedocs.io/en/stable/default-workflow-specs/ + workflowDefaults: {} + # spec: + # ttlStrategy: + # secondsAfterCompletion: 86400 + # # Ref: https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/ + # artifactRepositoryRef: + # configMap: my-artifact-repository # default is "artifact-repositories" + # key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map. + + # -- Number of workflow workers + workflowWorkers: # 32 + # -- Number of workflow TTL workers + workflowTTLWorkers: # 4 + # -- Number of pod cleanup workers + podCleanupWorkers: # 4 + # -- Number of cron workflow workers + # Only valid for 3.5+ + cronWorkflowWorkers: # 8 + # -- Restricts the Workflows that the controller will process. + # Only valid for 2.9+ + workflowRestrictions: {} + # templateReferencing: Strict|Secure + + # telemetryConfig controls the path and port for prometheus telemetry. Telemetry is enabled and emitted in the same endpoint + # as metrics by default, but can be overridden using this config. telemetryConfig: + # -- Enables prometheus telemetry server enabled: false + # -- telemetry path path: /telemetry + # -- Frequency at which prometheus scrapes telemetry data + interval: 30s + # -- telemetry container port port: 8081 + # -- How often custom metrics are cleared from memory + metricsTTL: "" + # -- Flag that instructs prometheus to ignore metric emission errors. + ignoreErrors: false + # -- Flag that use a self-signed cert for TLS + secure: false + # -- telemetry service port servicePort: 8081 + # -- telemetry service port name servicePortName: telemetry serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Prometheus ServiceMonitor labels additionalLabels: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" serviceAccount: + # -- Create a service account for the controller create: true + # -- Service account name name: "" - # Annotations applied to created service account + # -- Labels applied to created service account + labels: {} + # -- Annotations applied to created service account annotations: {} + + # -- Workflow controller name string name: workflow-controller + + # -- Specify all namespaces where this workflow controller instance will manage + # workflows. This controls where the service account and RBAC resources will + # be created. Only valid when singleNamespace is false. workflowNamespaces: - default - containerRuntimeExecutor: docker + instanceID: - # `instanceID.enabled` configures the controller to filter workflow submissions + # -- Configures the controller to filter workflow submissions # to only those which have a matching instanceID attribute. + ## NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName` + ## or `instanceID.explicitID` must be defined. enabled: false - # NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName` - # or `instanceID.explicitID` must be defined. + # -- Use ReleaseName as instanceID + useReleaseName: false # useReleaseName: true + + # -- Use a custom instanceID + explicitID: "" # explicitID: unique-argo-controller-identifier + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) level: info + # -- Set the glog logging level globallevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" + + # -- Service type of the controller Service serviceType: ClusterIP - # Annotations to be applied to the controller Service + # -- Annotations to be applied to the controller Service serviceAnnotations: {} - # Optional labels to add to the controller Service + # -- Optional labels to add to the controller Service serviceLabels: {} - # Source ranges to allow access to service from. Only applies to - # service type `LoadBalancer` + # -- The class of the load balancer implementation + loadBalancerClass: "" + # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` loadBalancerSourceRanges: [] + + # -- Resource limits and requests for the controller resources: {} - ## Extra environment variables to provide to the controller container - ## extraEnv: - ## - name: FOO - ## value: "bar" - extraEnv: [] + # -- Configure liveness [probe] for the controller + # @default -- See [values.yaml] + livenessProbe: + httpGet: + port: 6060 + path: /healthz + failureThreshold: 3 + initialDelaySeconds: 90 + periodSeconds: 60 + timeoutSeconds: 30 - # Extra arguments to be added to the controller + # -- Extra environment variables to provide to the controller container + extraEnv: [] + # - name: FOO + # value: "bar" + + # -- Extra arguments to be added to the controller extraArgs: [] + # -- Additional volume mounts to the controller main container + volumeMounts: [] + # -- Additional volumes to the controller pod + volumes: [] + # -- The number of controller pods to run replicas: 1 + # -- The number of revisions to keep. + revisionHistoryLimit: 10 + pdb: + # -- Configure [Pod Disruption Budget] for the controller pods enabled: false # minAvailable: 1 # maxUnavailable: 1 - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## + + # -- [Node selector] nodeSelector: kubernetes.io/os: linux + # -- [Tolerations] for use with node taints tolerations: [] + # -- Assign custom [affinity] rules affinity: {} - # Leverage a PriorityClass to ensure your pods survive resource shortages - # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - # PriorityClass: system-cluster-critical + + # -- Assign custom [TopologySpreadConstraints] rules to the workflow controller + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Leverage a PriorityClass to ensure your pods survive resource shortages. + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ priorityClassName: "" - # https://argoproj.github.io/argo-workflows/links/ + + # -- Configure Argo Server to show custom [links] + ## Ref: https://argo-workflows.readthedocs.io/en/stable/links/ links: [] + # -- Configure Argo Server to show custom [columns] + ## Ref: https://github.com/argoproj/argo-workflows/pull/10693 + columns: [] + # -- Set ui navigation bar background color + navColor: "" clusterWorkflowTemplates: - # Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. + # -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. enabled: true + # -- Extra service accounts to be added to the ClusterRoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace + # -- Extra containers to be added to the controller deployment + extraContainers: [] + + # -- Enables init containers to be added to the controller deployment + extraInitContainers: [] + + # -- Workflow retention by number of workflows + retentionPolicy: {} + # completed: 10 + # failed: 3 + # errored: 3 + + nodeEvents: + # -- Enable to emit events on node completion. + ## This can take up a lot of space in k8s (typically etcd) resulting in errors when trying to create new events: + ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" + enabled: true + + workflowEvents: + # -- Enable to emit events on workflow status changes. + ## This can take up a lot of space in k8s (typically etcd), resulting in errors when trying to create new events: + ## "Unable to create audit event: etcdserver: mvcc: database space exceeded" + enabled: true + + # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads, + # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. + # @default -- `{}` (See [values.yaml]) + kubeConfig: {} + # # name of the kubeconfig secret, may not be empty when kubeConfig specified + # secretName: kubeconfig-secret + # # key of the kubeconfig secret, may not be empty when kubeConfig specified + # secretKey: kubeconfig + # # mounting path of the kubeconfig secret, default to /kube/config + # mountPath: /kubeconfig/mount/path + # # volume name when mounting the secret, default to kubeconfig + # volumeName: kube-config-volume + + # -- Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. + # @default -- `30` seconds (Kubernetes default) + podGCGracePeriodSeconds: + + # -- The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. + # @default -- `5s` (Argo Workflows default) + podGCDeleteDelayDuration: "" + +# mainContainer adds default config for main container that could be overriden in workflows template +mainContainer: + # -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`. + imagePullPolicy: "" + # -- Resource limits and requests for the Workflow main container + resources: {} + # -- Adds environment variables for the Workflow main container + env: [] + # -- Adds reference environment variables for the Workflow main container + envFrom: [] + # -- sets security context for the Workflow main container + securityContext: {} # executor controls how the init and wait container should be customized executor: image: + # -- Registry to use for the Workflow Executors registry: quay.io + # -- Repository to use for the Workflow Executors repository: argoproj/argoexec - # Overrides the image tag whose default is the chart appVersion. + # -- Image tag for the workflow executor. Defaults to `.Values.images.tag`. tag: "" + # -- Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`. + pullPolicy: "" + # -- Resource limits and requests for the Workflow Executors resources: {} - # Adds environment variables for the executor. - env: {} - # sets security context for the executor container + # -- Passes arguments to the executor processes + args: [] + # -- Adds environment variables for the executor. + env: [] + # -- sets security context for the executor container securityContext: {} server: + # -- Deploy the Argo Server enabled: true - # only updates base url of resources on client side, - # it's expected that a proxy server rewrites the request URL and gets rid of this prefix - # https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190 + # -- Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. + ## only updates base url of resources on client side, + ## it's expected that a proxy server rewrites the request URL and gets rid of this prefix + ## https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190 baseHref: / image: + # -- Registry to use for the server registry: quay.io + # -- Repository to use for the server repository: argoproj/argocli - # Overrides the image tag whose default is the chart appVersion. + # -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. tag: "" - # optional map of annotations to be applied to the ui Pods + # -- optional map of annotations to be applied to the ui Deployment + deploymentAnnotations: {} + # -- optional map of annotations to be applied to the ui Pods podAnnotations: {} - # Optional labels to add to the UI pods + # -- Optional labels to add to the UI pods podLabels: {} - # SecurityContext to set on the server pods + # -- SecurityContext to set on the server pods podSecurityContext: {} + rbac: + # -- Adds Role and RoleBinding for the server. + create: true + # -- Servers container-level security context securityContext: readOnlyRootFilesystem: false runAsNonRoot: true @@ -196,81 +496,166 @@ server: capabilities: drop: - ALL + # -- Server name string name: server + # -- Service type for server pods serviceType: ClusterIP + # -- Service port for server servicePort: 2746 - # servicePortName: http + # -- Service node port + serviceNodePort: # 32746 + # -- Service port name + servicePortName: "" # http + + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files + hostAliases: [] + # - ip: 10.20.30.40 + # hostnames: + # - git.myhostname + serviceAccount: + # -- Create a service account for the server create: true + # -- Service account name name: "" + # -- Labels applied to created service account + labels: {} + # -- Annotations applied to created service account annotations: {} - # Annotations to be applied to the UI Service + + # -- Annotations to be applied to the UI Service serviceAnnotations: {} - # Optional labels to add to the UI Service + # -- Optional labels to add to the UI Service serviceLabels: {} - # Static IP address to assign to loadBalancer - # service type `LoadBalancer` + # -- The class of the load balancer implementation + loadBalancerClass: "" + # -- Static IP address to assign to loadBalancer service type `LoadBalancer` loadBalancerIP: "" - # Source ranges to allow access to service from. Only applies to - # service type `LoadBalancer` + # -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer` loadBalancerSourceRanges: [] + # -- Resource limits and requests for the server resources: {} + # -- The number of server pods to run replicas: 1 + # -- The number of revisions to keep. + revisionHistoryLimit: 10 + ## Argo Server Horizontal Pod Autoscaler + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server + enabled: false + # -- Minimum number of replicas for the Argo Server [HPA] + minReplicas: 1 + # -- Maximum number of replicas for the Argo Server [HPA] + maxReplicas: 5 + # -- Average CPU utilization percentage for the Argo Server [HPA] + targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the Argo Server [HPA] + targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + # This is only available on HPA apiVersion `autoscaling/v2beta2` and newer + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 pdb: + # -- Configure [Pod Disruption Budget] for the server pods enabled: false # minAvailable: 1 # maxUnavailable: 1 - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## + + # -- [Node selector] nodeSelector: kubernetes.io/os: linux + + # -- [Tolerations] for use with node taints tolerations: [] + + # -- Assign custom [affinity] rules affinity: {} - # Leverage a PriorityClass to ensure your pods survive resource shortages - # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - # PriorityClass: system-cluster-critical + + # -- Assign custom [TopologySpreadConstraints] rules to the argo server + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Leverage a PriorityClass to ensure your pods survive resource shortages + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ priorityClassName: "" - # Run the argo server in "secure" mode. Configure this value instead of - # "--secure" in extraArgs. See the following documentation for more details - # on secure mode: - # https://argoproj.github.io/argo-workflows/tls/ + # -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. + ## See the following documentation for more details on secure mode: + ## https://argo-workflows.readthedocs.io/en/stable/tls/ secure: false - ## Extra environment variables to provide to the argo-server container - ## extraEnv: - ## - name: FOO - ## value: "bar" + # -- Extra environment variables to provide to the argo-server container extraEnv: [] + # - name: FOO + # value: "bar" - # Extra arguments to provide to the Argo server binary. + # -- Deprecated; use server.authModes instead. + authMode: "" + + # -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. + ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ + authModes: [] + + # -- Extra arguments to provide to the Argo server binary. + ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server/#options extraArgs: [] - ## Additional volumes to the server main container. + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the glog logging level + globallevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" + + # -- Volume to be mounted in Pods for temporary files. + tmpVolume: + emptyDir: {} + # -- Additional volume mounts to the server main container. volumeMounts: [] + # -- Additional volumes to the server pod. volumes: [] ## Ingress configuration. - ## ref: https://kubernetes.io/docs/user-guide/ingress/ - ## + # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: + # -- Enable an ingress resource enabled: false + # -- Additional ingress annotations annotations: {} + # -- Additional ingress labels labels: {} + # -- Defines which ingress controller will implement the resource ingressClassName: "" - ## Argo Workflows Server Ingress. + # -- List of ingress hosts ## Hostnames must be provided if Ingress is enabled. ## Secrets must be manually created in the namespace - ## - hosts: - [] - # - argocd.example.com + hosts: [] + # - argoworkflows.example.com + + # -- List of ingress paths paths: - / - extraPaths: - [] + + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + # -- Additional ingress paths + extraPaths: [] # - path: /* # backend: # serviceName: ssl-redirect @@ -283,80 +668,276 @@ server: # name: ssl-redirect # port: # name: use-annotation - tls: - [] - # - secretName: argocd-example-tls + + # -- Ingress TLS configuration + tls: [] + # - secretName: argoworkflows-example-tls # hosts: - # - argocd.example.com - https: false + # - argoworkflows.example.com + + ## Create a Google Backendconfig for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters + GKEbackendConfig: + # -- Enable BackendConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [BackendConfigSpec] + spec: {} + # spec: + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argoworkflows-secret + + ## Create a Google Managed Certificate for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + GKEmanagedCertificate: + # -- Enable ManagedCertificate custom resource for Google Kubernetes Engine. + enabled: false + # -- Domains for the Google Managed Certificate + domains: + - argoworkflows.example.com + + ## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller + ## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + GKEfrontendConfig: + # -- Enable FrontConfig custom resource for Google Kubernetes Engine + enabled: false + # -- [FrontendConfigSpec] + spec: {} + # spec: + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE clusterWorkflowTemplates: - # Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. + # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. enabled: true - # Give the server permissions to edit ClusterWorkflowTemplates. + # -- Give the server permissions to edit ClusterWorkflowTemplates. enableEditing: true + + # SSO configuration when SSO is specified as a server auth mode. sso: - ## SSO configuration when SSO is specified as a server auth mode. - ## All the values are required. SSO is activated by adding --auth-mode=sso - ## to the server command line. - # - ## The root URL of the OIDC identity provider. - # issuer: https://accounts.google.com - ## Name of a secret and a key in it to retrieve the app OIDC client ID from. - # clientId: - # name: argo-server-sso - # key: client-id - ## Name of a secret and a key in it to retrieve the app OIDC client secret from. - # clientSecret: - # name: argo-server-sso - # key: client-secret - ## The OIDC redirect URL. Should be in the form /oauth2/callback. - # redirectUrl: https://argo/oauth2/callback - # rbac: - # enabled: true + # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authModes` as `sso`. + enabled: false + # -- The root URL of the OIDC identity provider + issuer: https://accounts.google.com + clientId: + # -- Name of secret to retrieve the app OIDC client ID + name: argo-server-sso + # -- Key of secret to retrieve the app OIDC client ID + key: client-id + clientSecret: + # -- Name of a secret to retrieve the app OIDC client secret + name: argo-server-sso + # -- Key of a secret to retrieve the app OIDC client secret + key: client-secret + # -- The OIDC redirect URL. Should be in the form /oauth2/callback. + redirectUrl: "" + rbac: + # -- Adds ServiceAccount Policy to server (Cluster)Role. + enabled: true + # -- Whitelist to allow server to fetch Secrets ## When present, restricts secrets the server can read to a given list. ## You can use it to restrict the server to only be able to access the ## service account token secrets that are associated with service accounts ## used for authorization. - # secretWhitelist: [] - ## Scopes requested from the SSO ID provider. The 'groups' scope requests - ## group membership information, which is usually used for authorization - ## decisions. - # scopes: - # - groups + secretWhitelist: [] + # -- Scopes requested from the SSO ID provider + ## The 'groups' scope requests group membership information, which is usually used for authorization decisions. + scopes: [] + # - groups + # -- Define how long your login is valid for (in hours) + ## If omitted, defaults to 10h. + sessionExpiry: "" + # -- Alternate root URLs that can be included for some OIDC providers + issuerAlias: "" + # -- Override claim name for OIDC groups + customGroupClaimName: "" + # -- Specify the user info endpoint that contains the groups claim + ## Configure this if your OIDC provider provides groups information only using the user-info endpoint (e.g. Okta) + userInfoPath: "" + # -- Skip TLS verification for the HTTP client + insecureSkipVerify: false + # -- Filter the groups returned by the OIDC provider + ## A logical "OR" is used between each regex in the list + filterGroupsRegex: [] + # - ".*argo-wf.*" + # - ".*argo-workflow.*" -# Influences the creation of the ConfigMap for the workflow-controller itself. -useDefaultArtifactRepo: false + # -- Extra containers to be added to the server deployment + extraContainers: [] + + # -- Enables init containers to be added to the server deployment + extraInitContainers: [] + + # -- Specify postStart and preStop lifecycle hooks for server container + lifecycle: {} + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + +# -- Array of extra K8s manifests to deploy +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argo-server-sso + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argo/server/sso" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argo-server-sso-secrets-store + # type: Opaque + +# -- Use static credentials for S3 (eg. when not using AWS IRSA) useStaticCredentials: true artifactRepository: - # archiveLogs will archive the main container logs as an artifact + # -- Archive the main container logs as an artifact archiveLogs: false - s3: - # Note the `key` attribute is not the actual secret, it's the PATH to - # the contents in the associated secret, as defined by the `name` attribute. - accessKeySecret: - # name: -minio - key: accesskey - secretKeySecret: - # name: -minio - key: secretkey - insecure: true + # -- Store artifact in a S3-compliant object store + # @default -- See [values.yaml] + s3: {} + # # Note the `key` attribute is not the actual secret, it's the PATH to + # # the contents in the associated secret, as defined by the `name` attribute. + # accessKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: accesskey + # secretKeySecret: + # name: "{{ .Release.Name }}-minio" + # key: secretkey + # sessionTokenSecret: + # name: "{{ .Release.Name }}-minio" + # key: sessionToken + # # insecure will disable TLS. Primarily used for minio installs not configured with TLS + # insecure: false + # caSecret: + # name: ca-root + # key: cert.pem # bucket: # endpoint: # region: # roleARN: # useSDKCreds: true - # gcs: - # bucket: -argo - # keyFormat: "{{workflow.namespace}}/{{workflow.name}}/" - # serviceAccountKeySecret is a secret selector. - # It references the k8s secret named 'my-gcs-credentials'. - # This secret is expected to have have the key 'serviceAccountKey', - # containing the base64 encoded credentials - # to the bucket. - # - # If it's running on GKE and Workload Identity is used, - # serviceAccountKeySecret is not needed. - # serviceAccountKeySecret: - # name: my-gcs-credentials - # key: serviceAccountKey + # encryptionOptions: + # enableEncryption: true + # -- Store artifact in a GCS object store + # @default -- `{}` (See [values.yaml]) + gcs: {} + # bucket: -argo + # keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}" + # # serviceAccountKeySecret is a secret selector. + # # It references the k8s secret named 'my-gcs-credentials'. + # # This secret is expected to have have the key 'serviceAccountKey', + # # containing the base64 encoded credentials + # # to the bucket. + # # + # # If it's running on GKE and Workload Identity is used, + # # serviceAccountKeySecret is not needed. + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey + # -- Store artifact in Azure Blob Storage + # @default -- `{}` (See [values.yaml]) + azure: {} + # endpoint: https://mystorageaccountname.blob.core.windows.net + # container: my-container-name + # blobNameFormat: path/in/container + # # accountKeySecret is a secret selector. + # # It references the k8s secret named 'my-azure-storage-credentials'. + # # This secret is expected to have have the key 'account-access-key', + # # containing the base64 encoded credentials to the storage account. + # # If a managed identity has been assigned to the machines running the + # # workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity) + # # then accountKeySecret is not needed, and useSDKCreds should be + # # set to true instead: + # useSDKCreds: true + # accountKeySecret: + # name: my-azure-storage-credentials + # key: account-access-key + +# -- The section of custom artifact repository. +# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) +customArtifactRepository: {} +# artifactory: +# repoUrl: https://artifactory.example.com/raw +# usernameSecret: +# name: artifactory-creds +# key: username +# passwordSecret: +# name: artifactory-creds +# key: password + +# -- The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). +# Each map key is the name of configmap +# @default -- `{}` (See [values.yaml]) +artifactRepositoryRef: {} + # # -- 1st ConfigMap + # # If you want to use this config map by default, name it "artifact-repositories". + # # Otherwise, you can provide a reference to a + # # different config map in `artifactRepositoryRef.configMap`. + # artifact-repositories: + # # -- v3.0 and after - if you want to use a specific key, put that key into this annotation. + # annotations: + # workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository + # # 1st data of configmap. See above artifactRepository or customArtifactRepository. + # default-v1-s3-artifact-repository: + # archiveLogs: false + # s3: + # bucket: my-bucket + # endpoint: minio:9000 + # insecure: true + # accessKeySecret: + # name: my-minio-cred + # key: accesskey + # secretKeySecret: + # name: my-minio-cred + # key: secretkey + # # 2nd data + # oss-artifact-repository: + # archiveLogs: false + # oss: + # endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com + # bucket: $mybucket + # # accessKeySecret and secretKeySecret are secret selectors. + # # It references the k8s secret named 'bucket-workflow-artifect-credentials'. + # # This secret is expected to have have the keys 'accessKey' + # # and 'secretKey', containing the base64 encoded credentials + # # to the bucket. + # accessKeySecret: + # name: $mybucket-credentials + # key: accessKey + # secretKeySecret: + # name: $mybucket-credentials + # key: secretKey + # # 2nd ConfigMap + # another-artifact-repositories: + # annotations: + # workflows.argoproj.io/default-artifact-repository: gcs + # gcs: + # bucket: my-bucket + # keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}} + # serviceAccountKeySecret: + # name: my-gcs-credentials + # key: serviceAccountKey + +emissary: + # -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. + ## See more: https://argo-workflows.readthedocs.io/en/stable/workflow-executors/#emissary-emissary + images: [] + # argoproj/argosay:v2: + # cmd: [/argosay] + # docker/whalesay:latest: + # cmd: [/bin/bash] diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml deleted file mode 100644 index 936734b0..00000000 --- a/charts/argocd-applicationset/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v2 -name: argocd-applicationset -description: A Helm chart for installing ArgoCD ApplicationSet -type: application -version: 0.1.5 -appVersion: "v0.1.0" -home: https://github.com/argoproj/argo-helm -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -keywords: - - argoproj - - appset - - gitops -maintainers: - - name: maruina diff --git a/charts/argocd-applicationset/README.md b/charts/argocd-applicationset/README.md deleted file mode 100644 index b200d9cf..00000000 --- a/charts/argocd-applicationset/README.md +++ /dev/null @@ -1,75 +0,0 @@ -# Argo CD ApplicationSet Chart - -A Helm chart for Argo CD ApplicationSet, a controller to programmatically generate Argo CD Application. - -Source code can be found [here](https://github.com/argoproj-labs/applicationset/) - -## Additional Information - -This is a **community maintained** chart. This chart installs the [applicationset](https://github.com/argoproj-labs/applicationset) controller. - -This chart currently installs the non-HA version of Argo CD ApplicationSet. - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add argo https://argoproj.github.io/argo-helm -"argo" has been added to your repositories - -$ helm install --name my-release argo/argocd-applicationset -NAME: my-release -... -``` - -### Helm v3 Compatibility - -Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks. - -### Testing - -Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing). - -```console -kind create cluster -kubectl create namespace argocd -kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml -ct install --namespace argocd -``` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | -| args.metricsAddr | int | `8080` | The default metric address | -| args.probeBindAddr | int | `8081` | The default health check port | -| args.enableLeaderElection | bool | `false` | The default leader election setting | -| args.namespace | string | `argocd` | The default Argo CD repo namespace | -| args.argocdRepoServer | string | `argocd-repo-server:8081` | The default Argo CD repo server address | -| args.policy | string | `sync` | How application is synced between the generator and the cluster | -| args.debug | bool | `false` | Print debug logs | -| args.dryRun | bool | `false` | Enable dry run mode | -| fullnameOverride | string | `""` | Override the default fully qualified app name | -| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | -| image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. | -| installCRDs | bool | `true` | Install Custom Resource Definition | -| mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume | -| mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume | -| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume | -| mountGPGKeyringVolume | bool | `true` | Mount an emptyDir volume for `gpg-keyring` | -| nameOverride | string | `""` | Provide a name in place of `argocd-applicationset` | -| nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | -| podAnnotations | object | `{}` | Annotations for the controller pods | -| podSecurityContext | object | `{}` | Pod Security Context | -| rbac.pspEnabled | bool | `true` | Enable Pod Security Policy | -| replicaCount | int | `1` | The number of controller pods to run | -| resources | object | `{}` | Resource limits and requests for the controller pods. | -| securityContext | object | `{}` | Security Context | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | diff --git a/charts/argocd-applicationset/ci/default-values.yaml b/charts/argocd-applicationset/ci/default-values.yaml deleted file mode 100644 index eb1b7aae..00000000 --- a/charts/argocd-applicationset/ci/default-values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Default values for argo-applicationset. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -installCRDs: false # this needs to be false with ct - -image: - # The image repository - repository: quay.io/argocdapplicationset/argocd-applicationset - # Image pull policy - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -args: - metricsAddr: :8080 - probeBindAddr: :8081 - enableLeaderElection: false - namespace: argocd - argocdRepoServer: argocd-repo-server:8081 - policy: sync - debug: false - dryRun: false - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -rbac: - pspEnabled: true - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -mountSSHKnownHostsVolume: true -mountTLSCertsVolume: true -mountGPGKeysVolume: false -mountGPGKeyringVolume: true diff --git a/charts/argocd-applicationset/ci/leader-election-values.yaml b/charts/argocd-applicationset/ci/leader-election-values.yaml deleted file mode 100644 index e7201ac1..00000000 --- a/charts/argocd-applicationset/ci/leader-election-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -args: - enableLeaderElection: true - -replicaCount: 3 - -installCRDs: false diff --git a/charts/argocd-applicationset/crds/crd-applicationset.yaml b/charts/argocd-applicationset/crds/crd-applicationset.yaml deleted file mode 100644 index 734ce34a..00000000 --- a/charts/argocd-applicationset/crds/crd-applicationset.yaml +++ /dev/null @@ -1,1740 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - name: applicationsets.argoproj.io -spec: - group: argoproj.io - names: - kind: ApplicationSet - listKind: ApplicationSetList - plural: applicationsets - singular: applicationset - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ApplicationSet is a set of Application resources - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ApplicationSetSpec represents a class of application set - state. - properties: - generators: - items: - description: ApplicationSetGenerator include list item info - properties: - clusters: - description: ClusterGenerator defines a generator to match against - clusters registered with ArgoCD. - properties: - selector: - description: Selector defines a label selector to match - against all clusters registered with ArgoCD. Clusters - today are stored as Kubernetes Secrets, thus the Secret - labels will be used for matching the selector. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - template: - description: ApplicationSetTemplate represents argocd ApplicationSpec - properties: - metadata: - description: ApplicationSetTemplateMeta represents the - Argo CD application fields that may be used for Applications - generated from the ApplicationSet (based on metav1.ObjectMeta) - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: ApplicationSpec represents desired application - state. Contains link to repository with application - definition and additional parameters link definition - revision. - properties: - destination: - description: Destination overrides the kubernetes - server and namespace defined in the environment - ksonnet app.yaml - properties: - name: - description: Name of the destination cluster - which can be used instead of server (url) - field - type: string - namespace: - description: Namespace overrides the environment - namespace value in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment - server value in the ksonnet app.yaml - type: string - type: object - ignoreDifferences: - description: IgnoreDifferences controls resources - fields which should be ignored during comparison - items: - description: ResourceIgnoreDifferences contains - resource filter and list of json paths which - should be ignored during comparison with live - state. - properties: - group: - type: string - jsonPointers: - items: - type: string - type: array - kind: - type: string - name: - type: string - namespace: - type: string - required: - - jsonPointers - - kind - type: object - type: array - info: - description: Infos contains a list of useful information - (URLs, email addresses, and plain text) that relates - to the application - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - description: Project is a application project name. - Empty name means that application belongs to 'default' - project. - type: string - revisionHistoryLimit: - description: This limits this number of items kept - in the apps revision history. This should only - be changed in exceptional circumstances. Setting - to zero will store no history. This will reduce - storage used. Increasing will increase the space - used to store the history, so we do not recommend - increasing it. Default is 10. - format: int64 - type: integer - source: - description: Source is a reference to the location - ksonnet application definition - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory - specific options - properties: - exclude: - type: string - jsonnet: - description: ApplicationSourceJsonnet holds - jsonnet specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet - External Variables - items: - description: JsonnetVar is a jsonnet - variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search - dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet - Top-level Arguments - items: - description: JsonnetVar is a jsonnet - variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters - to the helm template - items: - description: HelmFileParameter is a file - parameter to a helm template - properties: - name: - description: Name is the name of the - helm parameter - type: string - path: - description: Path is the path value - for the helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to - the helm template - items: - description: HelmParameter is a parameter - to a helm template - properties: - forceString: - description: ForceString determines - whether to tell Helm to interpret - booleans and numbers as strings - type: boolean - name: - description: Name is the name of the - helm parameter - type: string - value: - description: Value is the value for - the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted - it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm - value files to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically - defined as a block - type: string - version: - description: Version is the Helm version - to use for templating with - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific - options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet - component parameter override values - items: - description: KsonnetParameter is a ksonnet - component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific - options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations adds additional - kustomize commonAnnotations - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional - kustomize commonLabels - type: object - images: - description: Images are kustomize image - overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended - to resources for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended - to resources for kustomize apps - type: string - version: - description: Version contains optional Kustomize - version - type: string - type: object - path: - description: Path is a directory path within - the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config - management plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of - the application manifests - type: string - targetRevision: - description: TargetRevision defines the commit, - tag, or branch in which to sync the application - to. If omitted, will sync to HEAD - type: string - required: - - repoURL - type: object - syncPolicy: - description: SyncPolicy controls when a sync will - be performed - properties: - automated: - description: Automated will keep an application - synced to the target revision - properties: - allowEmpty: - description: 'AllowEmpty allows apps have - zero live resources (default: false)' - type: boolean - prune: - description: 'Prune will prune resources - automatically as part of automated sync - (default: false)' - type: boolean - selfHeal: - description: 'SelfHeal enables auto-syncing - if (default: false)' - type: boolean - type: object - retry: - description: Retry controls failed sync retry - behavior - properties: - backoff: - description: Backoff is a backoff strategy - properties: - duration: - description: Duration is the amount - to back off. Default unit is seconds, - but could also be a duration (e.g. - "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply - the base duration after each failed - retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum - amount of time allowed for the backoff - strategy - type: string - type: object - limit: - description: Limit is the maximum number - of attempts when retrying a container - format: int64 - type: integer - type: object - syncOptions: - description: Options allow you to specify whole - app sync-options - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - values: - additionalProperties: - type: string - description: Values contains key/value pairs which are passed - directly as parameters to the template - type: object - type: object - git: - properties: - directories: - items: - properties: - path: - type: string - required: - - path - type: object - type: array - files: - items: - properties: - path: - type: string - required: - - path - type: object - type: array - repoURL: - type: string - requeueAfterSeconds: - format: int64 - type: integer - revision: - type: string - template: - description: ApplicationSetTemplate represents argocd ApplicationSpec - properties: - metadata: - description: ApplicationSetTemplateMeta represents the - Argo CD application fields that may be used for Applications - generated from the ApplicationSet (based on metav1.ObjectMeta) - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: ApplicationSpec represents desired application - state. Contains link to repository with application - definition and additional parameters link definition - revision. - properties: - destination: - description: Destination overrides the kubernetes - server and namespace defined in the environment - ksonnet app.yaml - properties: - name: - description: Name of the destination cluster - which can be used instead of server (url) - field - type: string - namespace: - description: Namespace overrides the environment - namespace value in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment - server value in the ksonnet app.yaml - type: string - type: object - ignoreDifferences: - description: IgnoreDifferences controls resources - fields which should be ignored during comparison - items: - description: ResourceIgnoreDifferences contains - resource filter and list of json paths which - should be ignored during comparison with live - state. - properties: - group: - type: string - jsonPointers: - items: - type: string - type: array - kind: - type: string - name: - type: string - namespace: - type: string - required: - - jsonPointers - - kind - type: object - type: array - info: - description: Infos contains a list of useful information - (URLs, email addresses, and plain text) that relates - to the application - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - description: Project is a application project name. - Empty name means that application belongs to 'default' - project. - type: string - revisionHistoryLimit: - description: This limits this number of items kept - in the apps revision history. This should only - be changed in exceptional circumstances. Setting - to zero will store no history. This will reduce - storage used. Increasing will increase the space - used to store the history, so we do not recommend - increasing it. Default is 10. - format: int64 - type: integer - source: - description: Source is a reference to the location - ksonnet application definition - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory - specific options - properties: - exclude: - type: string - jsonnet: - description: ApplicationSourceJsonnet holds - jsonnet specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet - External Variables - items: - description: JsonnetVar is a jsonnet - variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search - dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet - Top-level Arguments - items: - description: JsonnetVar is a jsonnet - variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters - to the helm template - items: - description: HelmFileParameter is a file - parameter to a helm template - properties: - name: - description: Name is the name of the - helm parameter - type: string - path: - description: Path is the path value - for the helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to - the helm template - items: - description: HelmParameter is a parameter - to a helm template - properties: - forceString: - description: ForceString determines - whether to tell Helm to interpret - booleans and numbers as strings - type: boolean - name: - description: Name is the name of the - helm parameter - type: string - value: - description: Value is the value for - the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted - it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm - value files to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically - defined as a block - type: string - version: - description: Version is the Helm version - to use for templating with - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific - options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet - component parameter override values - items: - description: KsonnetParameter is a ksonnet - component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific - options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations adds additional - kustomize commonAnnotations - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional - kustomize commonLabels - type: object - images: - description: Images are kustomize image - overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended - to resources for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended - to resources for kustomize apps - type: string - version: - description: Version contains optional Kustomize - version - type: string - type: object - path: - description: Path is a directory path within - the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config - management plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of - the application manifests - type: string - targetRevision: - description: TargetRevision defines the commit, - tag, or branch in which to sync the application - to. If omitted, will sync to HEAD - type: string - required: - - repoURL - type: object - syncPolicy: - description: SyncPolicy controls when a sync will - be performed - properties: - automated: - description: Automated will keep an application - synced to the target revision - properties: - allowEmpty: - description: 'AllowEmpty allows apps have - zero live resources (default: false)' - type: boolean - prune: - description: 'Prune will prune resources - automatically as part of automated sync - (default: false)' - type: boolean - selfHeal: - description: 'SelfHeal enables auto-syncing - if (default: false)' - type: boolean - type: object - retry: - description: Retry controls failed sync retry - behavior - properties: - backoff: - description: Backoff is a backoff strategy - properties: - duration: - description: Duration is the amount - to back off. Default unit is seconds, - but could also be a duration (e.g. - "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply - the base duration after each failed - retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum - amount of time allowed for the backoff - strategy - type: string - type: object - limit: - description: Limit is the maximum number - of attempts when retrying a container - format: int64 - type: integer - type: object - syncOptions: - description: Options allow you to specify whole - app sync-options - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - repoURL - - revision - type: object - list: - description: ListGenerator include items info - properties: - elements: - items: - description: ListGeneratorElement include cluster and - url info - properties: - cluster: - type: string - url: - type: string - values: - additionalProperties: - type: string - description: Values contains key/value pairs which - are passed directly as parameters to the template - type: object - required: - - cluster - - url - type: object - type: array - template: - description: ApplicationSetTemplate represents argocd ApplicationSpec - properties: - metadata: - description: ApplicationSetTemplateMeta represents the - Argo CD application fields that may be used for Applications - generated from the ApplicationSet (based on metav1.ObjectMeta) - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: ApplicationSpec represents desired application - state. Contains link to repository with application - definition and additional parameters link definition - revision. - properties: - destination: - description: Destination overrides the kubernetes - server and namespace defined in the environment - ksonnet app.yaml - properties: - name: - description: Name of the destination cluster - which can be used instead of server (url) - field - type: string - namespace: - description: Namespace overrides the environment - namespace value in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment - server value in the ksonnet app.yaml - type: string - type: object - ignoreDifferences: - description: IgnoreDifferences controls resources - fields which should be ignored during comparison - items: - description: ResourceIgnoreDifferences contains - resource filter and list of json paths which - should be ignored during comparison with live - state. - properties: - group: - type: string - jsonPointers: - items: - type: string - type: array - kind: - type: string - name: - type: string - namespace: - type: string - required: - - jsonPointers - - kind - type: object - type: array - info: - description: Infos contains a list of useful information - (URLs, email addresses, and plain text) that relates - to the application - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - description: Project is a application project name. - Empty name means that application belongs to 'default' - project. - type: string - revisionHistoryLimit: - description: This limits this number of items kept - in the apps revision history. This should only - be changed in exceptional circumstances. Setting - to zero will store no history. This will reduce - storage used. Increasing will increase the space - used to store the history, so we do not recommend - increasing it. Default is 10. - format: int64 - type: integer - source: - description: Source is a reference to the location - ksonnet application definition - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory - specific options - properties: - exclude: - type: string - jsonnet: - description: ApplicationSourceJsonnet holds - jsonnet specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet - External Variables - items: - description: JsonnetVar is a jsonnet - variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search - dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet - Top-level Arguments - items: - description: JsonnetVar is a jsonnet - variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters - to the helm template - items: - description: HelmFileParameter is a file - parameter to a helm template - properties: - name: - description: Name is the name of the - helm parameter - type: string - path: - description: Path is the path value - for the helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to - the helm template - items: - description: HelmParameter is a parameter - to a helm template - properties: - forceString: - description: ForceString determines - whether to tell Helm to interpret - booleans and numbers as strings - type: boolean - name: - description: Name is the name of the - helm parameter - type: string - value: - description: Value is the value for - the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted - it will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm - value files to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically - defined as a block - type: string - version: - description: Version is the Helm version - to use for templating with - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific - options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet - component parameter override values - items: - description: KsonnetParameter is a ksonnet - component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific - options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations adds additional - kustomize commonAnnotations - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional - kustomize commonLabels - type: object - images: - description: Images are kustomize image - overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended - to resources for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended - to resources for kustomize apps - type: string - version: - description: Version contains optional Kustomize - version - type: string - type: object - path: - description: Path is a directory path within - the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config - management plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of - the application manifests - type: string - targetRevision: - description: TargetRevision defines the commit, - tag, or branch in which to sync the application - to. If omitted, will sync to HEAD - type: string - required: - - repoURL - type: object - syncPolicy: - description: SyncPolicy controls when a sync will - be performed - properties: - automated: - description: Automated will keep an application - synced to the target revision - properties: - allowEmpty: - description: 'AllowEmpty allows apps have - zero live resources (default: false)' - type: boolean - prune: - description: 'Prune will prune resources - automatically as part of automated sync - (default: false)' - type: boolean - selfHeal: - description: 'SelfHeal enables auto-syncing - if (default: false)' - type: boolean - type: object - retry: - description: Retry controls failed sync retry - behavior - properties: - backoff: - description: Backoff is a backoff strategy - properties: - duration: - description: Duration is the amount - to back off. Default unit is seconds, - but could also be a duration (e.g. - "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply - the base duration after each failed - retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum - amount of time allowed for the backoff - strategy - type: string - type: object - limit: - description: Limit is the maximum number - of attempts when retrying a container - format: int64 - type: integer - type: object - syncOptions: - description: Options allow you to specify whole - app sync-options - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - elements - type: object - type: object - type: array - syncPolicy: - description: ApplicationSetSyncPolicy configures how generated Applications - will relate to their ApplicationSet. - properties: - skipPrune: - description: SkipPrune will disable the default behavior which - will delete Applications that are no longer being generated - for the ApplicationSet which created them, or the ApplicationSet - itself is deleted. If SkipPrune is set to true, these Applications - will be orphaned but continue to exist. - type: boolean - type: object - template: - description: ApplicationSetTemplate represents argocd ApplicationSpec - properties: - metadata: - description: ApplicationSetTemplateMeta represents the Argo CD - application fields that may be used for Applications generated - from the ApplicationSet (based on metav1.ObjectMeta) - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: ApplicationSpec represents desired application state. - Contains link to repository with application definition and - additional parameters link definition revision. - properties: - destination: - description: Destination overrides the kubernetes server and - namespace defined in the environment ksonnet app.yaml - properties: - name: - description: Name of the destination cluster which can - be used instead of server (url) field - type: string - namespace: - description: Namespace overrides the environment namespace - value in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment server value - in the ksonnet app.yaml - type: string - type: object - ignoreDifferences: - description: IgnoreDifferences controls resources fields which - should be ignored during comparison - items: - description: ResourceIgnoreDifferences contains resource - filter and list of json paths which should be ignored - during comparison with live state. - properties: - group: - type: string - jsonPointers: - items: - type: string - type: array - kind: - type: string - name: - type: string - namespace: - type: string - required: - - jsonPointers - - kind - type: object - type: array - info: - description: Infos contains a list of useful information (URLs, - email addresses, and plain text) that relates to the application - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - description: Project is a application project name. Empty - name means that application belongs to 'default' project. - type: string - revisionHistoryLimit: - description: This limits this number of items kept in the - apps revision history. This should only be changed in exceptional - circumstances. Setting to zero will store no history. This - will reduce storage used. Increasing will increase the space - used to store the history, so we do not recommend increasing - it. Default is 10. - format: int64 - type: integer - source: - description: Source is a reference to the location ksonnet - application definition - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - type: string - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet - specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet External - Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level - Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to - the helm template - items: - description: HelmFileParameter is a file parameter - to a helm template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the - helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm - template - items: - description: HelmParameter is a parameter to a helm - template - properties: - forceString: - description: ForceString determines whether - to tell Helm to interpret booleans and numbers - as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm - parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it - will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files - to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined - as a block - type: string - version: - description: Version is the Helm version to use for - templating with - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations adds additional kustomize - commonAnnotations - type: object - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize - commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for kustomize apps - type: string - version: - description: Version contains optional Kustomize version - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application - manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, or - branch in which to sync the application to. If omitted, - will sync to HEAD - type: string - required: - - repoURL - type: object - syncPolicy: - description: SyncPolicy controls when a sync will be performed - properties: - automated: - description: Automated will keep an application synced - to the target revision - properties: - allowEmpty: - description: 'AllowEmpty allows apps have zero live - resources (default: false)' - type: boolean - prune: - description: 'Prune will prune resources automatically - as part of automated sync (default: false)' - type: boolean - selfHeal: - description: 'SelfHeal enables auto-syncing if (default: - false)' - type: boolean - type: object - retry: - description: Retry controls failed sync retry behavior - properties: - backoff: - description: Backoff is a backoff strategy - properties: - duration: - description: Duration is the amount to back off. - Default unit is seconds, but could also be a - duration (e.g. "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply the - base duration after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount - of time allowed for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts - when retrying a container - format: int64 - type: integer - type: object - syncOptions: - description: Options allow you to specify whole app sync-options - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - required: - - metadata - - spec - type: object - required: - - generators - - template - type: object - status: - description: ApplicationSetStatus defines the observed state of ApplicationSet - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/argocd-applicationset/templates/crds.yaml b/charts/argocd-applicationset/templates/crds.yaml deleted file mode 100644 index 45ab72d4..00000000 --- a/charts/argocd-applicationset/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.installCRDs }} -{{- range $path, $_ := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/argocd-applicationset/templates/deployment.yaml b/charts/argocd-applicationset/templates/deployment.yaml deleted file mode 100644 index d2cd345c..00000000 --- a/charts/argocd-applicationset/templates/deployment.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "argo-applicationset.fullname" . }} - labels: - {{- include "argo-applicationset.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "argo-applicationset.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "argo-applicationset.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "argo-applicationset.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - command: - - applicationset-controller - - --metrics-addr={{ .Values.args.metricsAddr }} - - --probe-addr={{ .Values.args.probeBindAddr }} - {{- if or (gt ( .Values.replicaCount | int64) 1) .Values.args.enableLeaderElection }} - - --enable-leader-election=true - {{- end }} - - --namespace={{ .Values.args.namespace }} - - --argocd-repo-server={{ .Values.args.argocdRepoServer }} - - --policy={{ .Values.args.policy }} - - --debug={{ .Values.args.debug }} - - --dry-run={{ .Values.args.dryRun }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ (split ":" .Values.args.probeBindAddr)._1 }} - protocol: TCP - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - {{- if .Values.mountSSHKnownHostsVolume }} - - mountPath: /app/config/ssh - name: ssh-known-hosts - {{- end }} - {{- if .Values.mountTLSCertsVolume }} - - mountPath: /app/config/tls - name: tls-certs - {{- end }} - {{- if .Values.mountGPGKeysVolume }} - - mountPath: /app/config/gpg/source - name: gpg-keys - {{- end }} - {{- if .Values.mountGPGKeyringVolume }} - - mountPath: /app/config/gpg/keys - name: gpg-keyring - {{- end }} - volumes: - {{- if .Values.mountSSHKnownHostsVolume }} - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - {{- end }} - {{- if .Values.mountTLSCertsVolume }} - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - {{- end }} - {{- if .Values.mountGPGKeysVolume }} - - configMap: - name: argocd-gpg-keys-cm - name: gpg-keys - {{- end }} - {{- if .Values.mountGPGKeyringVolume }} - - emptyDir: {} - name: gpg-keyring - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/argocd-applicationset/templates/psp.yaml b/charts/argocd-applicationset/templates/psp.yaml deleted file mode 100644 index dbb75854..00000000 --- a/charts/argocd-applicationset/templates/psp.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "argo-applicationset.fullname" . }} - labels: - {{- include "argo-applicationset.labels" . | nindent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - hostIPC: false - hostNetwork: false - hostPID: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "argo-applicationset.fullname" . }}-psp - labels: - {{- include "argo-applicationset.labels" . | nindent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "argo-applicationset.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "argo-applicationset.fullname" . }}-psp - labels: - {{- include "argo-applicationset.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "argo-applicationset.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "argo-applicationset.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/argocd-applicationset/templates/serviceaccount.yaml b/charts/argocd-applicationset/templates/serviceaccount.yaml deleted file mode 100644 index 1e3c2eaa..00000000 --- a/charts/argocd-applicationset/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "argo-applicationset.serviceAccountName" . }} - labels: - {{- include "argo-applicationset.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/argocd-applicationset/values.yaml b/charts/argocd-applicationset/values.yaml deleted file mode 100644 index f7be897d..00000000 --- a/charts/argocd-applicationset/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Default values for argo-applicationset. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -installCRDs: true - -image: - # The image repository - repository: quay.io/argocdapplicationset/argocd-applicationset - # Image pull policy - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -args: - metricsAddr: :8080 - probeBindAddr: :8081 - enableLeaderElection: false - namespace: argocd - argocdRepoServer: argocd-repo-server:8081 - policy: sync - debug: false - dryRun: false - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -rbac: - pspEnabled: true - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -mountSSHKnownHostsVolume: true -mountTLSCertsVolume: true -mountGPGKeysVolume: false -mountGPGKeyringVolume: true diff --git a/charts/argocd-apps/Chart.yaml b/charts/argocd-apps/Chart.yaml new file mode 100644 index 00000000..c4433fa4 --- /dev/null +++ b/charts/argocd-apps/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: argocd-apps +description: A Helm chart for managing additional Argo CD Applications and Projects +type: application +version: 2.0.2 +home: https://github.com/argoproj/argo-helm +icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png +keywords: + - argoproj + - argocd + - gitops +maintainers: + - name: argoproj + url: https://argoproj.github.io/ +annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + artifacthub.io/changes: | + - kind: added + description: allow setting applicationset finalizers diff --git a/charts/argocd-apps/README.md b/charts/argocd-apps/README.md new file mode 100644 index 00000000..447df733 --- /dev/null +++ b/charts/argocd-apps/README.md @@ -0,0 +1,40 @@ +# argocd-apps + +A Helm chart for managing additional Argo CD Applications and Projects + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Prerequisites + +- Helm v3.0.0+ +- CRDs (Application and AppProject) + - You need to install them via [argo-cd Helm chart](../argo-cd) or upstream. + +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. + +## Installation + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +$ helm install my-release argo/argocd-apps +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| applications | object | `{}` (See [values.yaml]) | Deploy Argo CD Applications within this helm release | +| applicationsets | object | `{}` (See [values.yaml]) | Deploy Argo CD ApplicationSets within this helm release | +| extensions | object | `{}` (See [values.yaml]) | DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. | +| itemTemplates | list | `[]` (See [values.yaml]) | Deploy Argo CD Applications/ApplicationSets/Projects within this helm release | +| projects | object | `{}` (See [values.yaml]) | Deploy Argo CD Projects within this helm release | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[changelog]: https://artifacthub.io/packages/helm/argo/argocd-apps?modal=changelog diff --git a/charts/argocd-apps/README.md.gotmpl b/charts/argocd-apps/README.md.gotmpl new file mode 100644 index 00000000..e8cb1c17 --- /dev/null +++ b/charts/argocd-apps/README.md.gotmpl @@ -0,0 +1,32 @@ +{{ template "chart.header" . }} + +{{ template "chart.description" . }} + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Prerequisites + +- Helm v3.0.0+ +- CRDs (Application and AppProject) + - You need to install them via [argo-cd Helm chart](../argo-cd) or upstream. + +## Changelog + +For full list of changes, please check ArtifactHub [changelog]. + +## Installation + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +$ helm install my-release argo/argocd-apps +``` + +{{ template "chart.valuesSection" . }} + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[changelog]: https://artifacthub.io/packages/helm/argo/argocd-apps?modal=changelog diff --git a/charts/argocd-apps/ci/applications-multiple-sources-values.yaml b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml new file mode 100644 index 00000000..f1023424 --- /dev/null +++ b/charts/argocd-apps/ci/applications-multiple-sources-values.yaml @@ -0,0 +1,28 @@ +# Test with multi-source applications + +applications: + argocd-application-multiple-sources: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas diff --git a/charts/argocd-apps/ci/applications-values.yaml b/charts/argocd-apps/ci/applications-values.yaml new file mode 100644 index 00000000..4f742748 --- /dev/null +++ b/charts/argocd-apps/ci/applications-values.yaml @@ -0,0 +1,33 @@ +# Test with applications + +applications: + argocd-application: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + syncOptions: + - ApplyOutOfSyncOnly=true + revisionHistoryLimit: null + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ diff --git a/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml new file mode 100644 index 00000000..d8fe500c --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-multiple-sources-values.yaml @@ -0,0 +1,24 @@ +# Test with multi-source applicationsets + +applicationsets: + applicationset-multiple-sources: + generators: + - list: + elements: + - cluster: default-cluster + url: https://kubernetes.default.svc + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: default + sources: + - chart: elasticsearch + repoURL: https://helm.elastic.co + targetRevision: 8.5.1 + - repoURL: https://github.com/argoproj/argocd-example-apps.git + path: guestbook + targetRevision: HEAD + destination: + server: '{{url}}' + namespace: default diff --git a/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml new file mode 100644 index 00000000..a225e7c5 --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-progressive-syncs-values.yaml @@ -0,0 +1,41 @@ +# Test applicationsets with Progressive Syncs + +applicationsets: + applicationset-progressive-syncs: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + env: env-dev + - cluster: engineering-prod + url: https://9.8.7.6/ + env: env-prod + strategy: + type: RollingSync + rollingSync: + steps: + - matchExpressions: + - key: envLabel + operator: In + values: + - env-dev + - matchExpressions: + - key: envLabel + operator: In + values: + - env-prod + template: + metadata: + name: '{{.cluster}}-guestbook' + labels: + envLabel: '{{.env}}' + spec: + project: my-project + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook/{{.cluster}} + destination: + server: '{{.url}}' + namespace: guestbook diff --git a/charts/argocd-apps/ci/applicationsets-values.yaml b/charts/argocd-apps/ci/applicationsets-values.yaml new file mode 100644 index 00000000..394e2c88 --- /dev/null +++ b/charts/argocd-apps/ci/applicationsets-values.yaml @@ -0,0 +1,92 @@ +# Test with applicationsets + +applicationsets: + applicationset: + additionalLabels: {} + additionalAnnotations: {} + finalizers: + - resources-finalizer.argocd.argoproj.io + # See PR #10026 (ArgoCD v2.5 or later) + # goTemplate: false + generators: + - git: + repoURL: https://github.com/argoproj/argocd-example-apps.git + revision: HEAD + directories: + - path: guestbook + - path: kustomize-* + # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync + ignoreApplicationDifferences: + - jsonPointers: + - /spec/syncPolicy + template: + metadata: + name: '{{path.basename}}' + labels: {} + annotations: {} + spec: + project: default + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: '{{path}}' + destination: + server: https://kubernetes.default.svc + namespace: default + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ + syncPolicy: + # Set Application finalizer + preserveResourcesOnDeletion: false + templatePatch: | + spec: + source: + helm: + valueFiles: + {{- range $valueFile := .valueFiles }} + - {{ $valueFile }} + {{- end }} + {{- if .autoSync }} + syncPolicy: + automated: + prune: {{ .prune }} + {{- end }} + applicationset-list-generator: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + template: + metadata: {} + spec: + project: '{{cluster}}' + source: + targetRevision: HEAD + repoURL: https://github.com/argoproj/argo-cd.git + # New path value is generated here: + path: 'applicationset/examples/template-override/{{cluster}}-override' + destination: {} + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: '{{cluster}}' + source: + repoURL: https://github.com/argoproj/argo-cd.git + targetRevision: HEAD + # This 'default' value is not used: it is is replaced by the generator's template path, above + path: applicationset/examples/template-override/default + destination: + server: '{{url}}' + namespace: guestbook diff --git a/charts/argocd-apps/ci/default-values.yaml b/charts/argocd-apps/ci/default-values.yaml new file mode 100644 index 00000000..507f1e54 --- /dev/null +++ b/charts/argocd-apps/ci/default-values.yaml @@ -0,0 +1 @@ +# Test with default values diff --git a/charts/argocd-apps/ci/item-templates.yaml b/charts/argocd-apps/ci/item-templates.yaml new file mode 100644 index 00000000..8a08c684 --- /dev/null +++ b/charts/argocd-apps/ci/item-templates.yaml @@ -0,0 +1,61 @@ +itemTemplates: + - items: + - name: my-appset + generators: &generators + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: "{{ .name }}" + spec: + generators: *generators + template: + metadata: + name: "{{`{{cluster}}`}}-guestbook" + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: "{{`{{cluster}}`}}" + namespace: guestbook + - items: + - name: my-appset + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + - cluster: finance-preprod + url: https://9.8.7.6 + template: |- + apiVersion: argoproj.io/v1alpha1 + kind: ApplicationSet + metadata: + name: {{ .name }} + spec: + generators: {{ toYaml .generators | nindent 4 }} + template: + metadata: + name: '{{`{{cluster}}`}}-guestbook' + spec: + project: my-project + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{`{{cluster}}`}} + destination: + server: '{{`{{cluster}}`}}' + namespace: guestbook diff --git a/charts/argocd-apps/templates/applications.yaml b/charts/argocd-apps/templates/applications.yaml new file mode 100644 index 00000000..b26b6684 --- /dev/null +++ b/charts/argocd-apps/templates/applications.yaml @@ -0,0 +1,51 @@ +{{- range $appName, $appData:= .Values.applications }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + {{- with $appData.additionalAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with $appData.additionalLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ $appName }} + {{- with $appData.namespace }} + namespace: {{ . }} + {{- end }} + {{- with $appData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + project: {{ tpl $appData.project $ }} + {{- with $appData.source }} + source: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appData.sources }} + sources: + {{- toYaml . | nindent 4 }} + {{- end }} + destination: + {{- toYaml $appData.destination | nindent 4 }} + {{- with $appData.syncPolicy }} + syncPolicy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appData.revisionHistoryLimit }} + revisionHistoryLimit: {{ . }} + {{- end }} + {{- with $appData.ignoreDifferences }} + ignoreDifferences: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appData.info }} + info: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argocd-apps/templates/applicationsets.yaml b/charts/argocd-apps/templates/applicationsets.yaml new file mode 100644 index 00000000..606d6078 --- /dev/null +++ b/charts/argocd-apps/templates/applicationsets.yaml @@ -0,0 +1,94 @@ +{{- range $appSetName, $appSetData:= .Values.applicationsets }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + {{- with $appSetData.additionalAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with $appSetData.additionalLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ $appSetName }} + {{- with $appSetData.namespace }} + namespace: {{ . }} + {{- end }} + {{- with $appSetData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if hasKey $appSetData "goTemplate" }} + goTemplate: {{ $appSetData.goTemplate }} + {{- end }} + {{- with $appSetData.generators }} + generators: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appSetData.ignoreApplicationDifferences }} + ignoreApplicationDifferences: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appSetData.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appSetData.syncPolicy }} + syncPolicy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $appSetData.template }} + template: + {{- with .metadata }} + metadata: + {{- with .annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | squote }} + {{- end }} + {{- end }} + {{- with .labels }} + labels: + {{- toYaml . | nindent 8 }} + {{- end }} + name: {{ .name | squote }} + {{- with .namespace }} + namespace: {{ . | squote }} + {{- end }} + {{- end }} + {{- with .spec }} + spec: + project: {{ .project | squote }} + {{- with .source }} + source: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .sources }} + sources: + {{- toYaml . | nindent 8 }} + {{- end }} + destination: + {{- toYaml .destination | nindent 8 }} + {{- with .syncPolicy }} + syncPolicy: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .ignoreDifferences }} + ignoreDifferences: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .info }} + info: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end -}} + {{- end }} + {{- with $appSetData.templatePatch }} + templatePatch: | + {{- . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argocd-apps/templates/extensions.yaml b/charts/argocd-apps/templates/extensions.yaml new file mode 100644 index 00000000..8a19e3a5 --- /dev/null +++ b/charts/argocd-apps/templates/extensions.yaml @@ -0,0 +1,27 @@ +{{- range $extensionName, $extensionData:= .Values.extensions }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: ArgoCDExtension +metadata: + name: {{ $extensionName }} + {{- with $extensionData.namespace }} + namespace: {{ . }} + {{- end }} + finalizers: + - extensions-finalizer.argocd.argoproj.io + {{- with $extensionData.additionalLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $extensionData.additionalAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- with $extensionData.sources }} +spec: + sources: + {{- toYaml . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/argocd-apps/templates/item-templates.yaml b/charts/argocd-apps/templates/item-templates.yaml new file mode 100644 index 00000000..a209cc2a --- /dev/null +++ b/charts/argocd-apps/templates/item-templates.yaml @@ -0,0 +1,15 @@ +{{- range .Values.itemTemplates }} +{{- if kindIs "string" .template }} +{{- $template := .template -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- else }} +{{- $template := .template | toYaml -}} +{{- range .items }} +--- +{{ tpl $template (set . "Template" $.Template) }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argocd-apps/templates/projects.yaml b/charts/argocd-apps/templates/projects.yaml new file mode 100644 index 00000000..d6032636 --- /dev/null +++ b/charts/argocd-apps/templates/projects.yaml @@ -0,0 +1,75 @@ +{{- range $projectName, $projectData := .Values.projects }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + {{- with $projectData.additionalAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with $projectData.additionalLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ $projectName }} + {{- with $projectData.namespace }} + namespace: {{ . }} + {{- end }} + {{- with $projectData.finalizers }} + finalizers: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with $projectData.permitOnlyProjectScopedClusters }} + permitOnlyProjectScopedClusters: {{ . }} + {{- end }} + {{- with $projectData.description }} + description: {{ . }} + {{- end }} + {{- with $projectData.sourceRepos }} + sourceRepos: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.destinations }} + destinations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.clusterResourceWhitelist }} + clusterResourceWhitelist: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.clusterResourceBlacklist }} + clusterResourceBlacklist: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.namespaceResourceBlacklist }} + namespaceResourceBlacklist: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.namespaceResourceWhitelist }} + namespaceResourceWhitelist: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.orphanedResources }} + orphanedResources: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.roles }} + roles: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.syncWindows }} + syncWindows: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.signatureKeys }} + signatureKeys: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $projectData.sourceNamespaces }} + sourceNamespaces: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argocd-apps/values.yaml b/charts/argocd-apps/values.yaml new file mode 100644 index 00000000..127dc6a9 --- /dev/null +++ b/charts/argocd-apps/values.yaml @@ -0,0 +1,255 @@ +# -- Deploy Argo CD Applications within this helm release +# @default -- `{}` (See [values.yaml]) +## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ +applications: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# project: guestbook +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: guestbook +# directory: +# recurse: true +# # ArgoCD v2.6 or later +# sources: +# - chart: elasticsearch +# repoURL: https://helm.elastic.co +# targetRevision: 8.5.1 +# - repoURL: https://github.com/argoproj/argocd-example-apps.git +# path: guestbook +# targetRevision: HEAD +# destination: +# server: https://kubernetes.default.svc +# namespace: guestbook +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# syncOptions: +# - CreateNamespace=true +# revisionHistoryLimit: null +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ + +# -- Deploy Argo CD Projects within this helm release +# @default -- `{}` (See [values.yaml]) +## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ +projects: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# permitOnlyProjectScopedClusters: false +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# description: Example Project +# sourceRepos: +# - '*' +# destinations: +# - namespace: guestbook +# server: https://kubernetes.default.svc +# clusterResourceWhitelist: [] +# clusterResourceBlacklist: [] +# namespaceResourceBlacklist: +# - group: '' +# kind: ResourceQuota +# - group: '' +# kind: LimitRange +# - group: '' +# kind: NetworkPolicy +# orphanedResources: {} +# roles: [] +# namespaceResourceWhitelist: +# - group: 'apps' +# kind: Deployment +# - group: 'apps' +# kind: StatefulSet +# orphanedResources: {} +# roles: [] +# syncWindows: +# - kind: allow +# schedule: '10 1 * * *' +# duration: 1h +# applications: +# - '*-prod' +# manualSync: true +# signatureKeys: +# - keyID: ABCDEF1234567890 +# sourceNamespaces: +# - argocd + +# -- Deploy Argo CD ApplicationSets within this helm release +# @default -- `{}` (See [values.yaml]) +## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ +applicationsets: {} +# guestbook: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# finalizers: +# - resources-finalizer.argocd.argoproj.io +# # See PR #10026 (ArgoCD v2.5 or later) +# # goTemplate: false +# generators: +# - git: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# revision: HEAD +# directories: +# - path: guestbook +# - path: kustomize-* +# # Ref https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#allow-temporarily-toggling-auto-sync +# ignoreApplicationDifferences: +# - jsonPointers: +# - /spec/syncPolicy +# # Progressive Syncs is an experimental feature and it must be explicitly enabled +# # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/#enabling-progressive-syncs +# strategy: +# type: RollingSync +# rollingSync: +# steps: +# - matchExpressions: +# - key: project +# operator: In +# values: +# - guestbook +# - matchExpressions: +# - key: project +# operator: In +# values: +# - kustomize-foo +# - kustomize-bar +# template: +# metadata: +# name: '{{path.basename}}' +# labels: +# project: '{{path.basename}}' +# annotations: {} +# spec: +# project: default +# source: +# repoURL: https://github.com/argoproj/argocd-example-apps.git +# targetRevision: HEAD +# path: '{{path}}' +# destination: +# server: https://kubernetes.default.svc +# namespace: default +# syncPolicy: +# automated: +# prune: false +# selfHeal: false +# ignoreDifferences: +# - group: apps +# kind: Deployment +# jsonPointers: +# - /spec/replicas +# info: +# - name: url +# value: https://argoproj.github.io/ +# syncPolicy: +# # Set Application finalizer +# preserveResourcesOnDeletion: false +# # Templating is only available on string type +# templatePatch: | +# spec: +# source: +# helm: +# valueFiles: +# {{- range $valueFile := .valueFiles }} +# - {{ $valueFile }} +# {{- end }} +# {{- if .autoSync }} +# syncPolicy: +# automated: +# prune: {{ .prune }} +# {{- end }} + +# -- Deploy Argo CD Applications/ApplicationSets/Projects within this helm release +# @default -- `[]` (See [values.yaml]) +## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/ +itemTemplates: [] +# - items: +# - name: my-appset +# generators: &generators +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: "{{ .name }}" +# spec: +# generators: *generators +# template: +# metadata: +# name: "{{`{{cluster}}`}}-guestbook" +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: "{{`{{cluster}}`}}" +# namespace: guestbook +# - items: +# - name: my-appset +# generators: +# - list: +# elements: +# - cluster: engineering-dev +# url: https://1.2.3.4 +# - cluster: engineering-prod +# url: https://2.4.6.8 +# - cluster: finance-preprod +# url: https://9.8.7.6 +# template: |- +# apiVersion: argoproj.io/v1alpha1 +# kind: ApplicationSet +# metadata: +# name: {{ .name }} +# spec: +# generators: {{ toYaml .generators | nindent 4 }} +# template: +# metadata: +# name: '{{`{{cluster}}`}}-guestbook' +# spec: +# project: my-project +# source: +# repoURL: https://github.com/infra-team/cluster-deployments.git +# targetRevision: HEAD +# path: guestbook/{{`{{cluster}}`}} +# destination: +# server: '{{`{{cluster}}`}}' +# namespace: guestbook + +# -- DEPRECATED - Please refer [Deprecation Notice](https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice) for more info. +# @default -- `{}` (See [values.yaml]) +## This function in tech preview stage, do expect unstability or breaking changes in newer versions. Bump image.tag if necessary. +## Ref: https://github.com/argoproj-labs/argocd-extensions +extensions: {} +# example: +# namespace: argocd +# additionalLabels: {} +# additionalAnnotations: {} +# sources: +# - git: +# url: https://github.com/argoproj-labs/argocd-example-extension.git +# - web: +# url: https://github.com/argoproj-labs/argocd-example-extension/releases/download/v0.1.0/extension.tar diff --git a/charts/argocd-applicationset/.helmignore b/charts/argocd-image-updater/.helmignore similarity index 96% rename from charts/argocd-applicationset/.helmignore rename to charts/argocd-image-updater/.helmignore index 0e8a0eb3..ee9c40f0 100644 --- a/charts/argocd-applicationset/.helmignore +++ b/charts/argocd-image-updater/.helmignore @@ -21,3 +21,5 @@ .idea/ *.tmproj .vscode/ +ci/ +*.gotmpl diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml new file mode 100644 index 00000000..02438363 --- /dev/null +++ b/charts/argocd-image-updater/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: argocd-image-updater +description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD +type: application +version: 0.12.0 +appVersion: v0.15.2 +home: https://github.com/argoproj-labs/argocd-image-updater +icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png +keywords: + - argoproj + - argocd + - gitops +maintainers: + - name: argoproj + url: https://argoproj.github.io/ +annotations: + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + artifacthub.io/changes: | + - kind: changed + description: ConfigMap and Secret names are now configurable diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md new file mode 100644 index 00000000..d77ee710 --- /dev/null +++ b/charts/argocd-image-updater/README.md @@ -0,0 +1,143 @@ +# argocd-image-updater + +A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Installation + +```console +helm repo add argo https://argoproj.github.io/argo-helm +helm install argocd-image-updater argo/argocd-image-updater +``` + +You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart). + +## Prerequisites + +* Helm v3.0.0+ + +## Configuration options + +In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page]. + +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance: + +```yaml +config: + argocd: + grpcWeb: false + serverAddress: "http://argocd.argo" + insecure: true + plaintext: true +``` + +Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so. + +### Argo CD API key + +If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation. +Please also read [Configuration of Container Registries]. + +```yaml +config: + argocd: + token: +``` + +If you specify a token value the secret will be created. + +### Registries + +Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]): + +- Docker Hub +- Google Container Registry +- RedHat Quay +- GitHub Container Registry +- GitHub Docker Packages + +If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. + +The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Kubernetes affinity settings for the deployment | +| authScripts.enabled | bool | `false` | Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` | +| authScripts.name | string | `"argocd-image-updater-authscripts"` | Name of the authentication scripts ConfigMap | +| authScripts.scripts | object | `{}` | Map of key-value pairs where the key consists of the name of the script and the value the contents | +| config.applicationsAPIKind | string | `""` | API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) | +| config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | +| config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. | +| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. | +| config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address | +| config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. | +| config.argocd.tokenSecretName | string | `"argocd-image-updater-secret"` | Name of the Secret containing the token | +| config.disableKubeEvents | bool | `false` | Disable kubernetes events | +| config.gitCommitMail | string | `""` | E-Mail address to use for Git commits | +| config.gitCommitSignOff | bool | `false` | Enables sign off on commits | +| config.gitCommitSigningKey | string | `""` | Path to public SSH key mounted in container, or GPG key ID used to sign commits | +| config.gitCommitSigningMethod | string | `""` | Method used to sign Git commits. `openpgp` or `ssh` | +| config.gitCommitTemplate | string | `""` | Changing the Git commit message | +| config.gitCommitUser | string | `""` | Username to use for Git commits | +| config.logLevel | string | `"info"` | Argo CD Image Update log level | +| config.name | string | `"argocd-image-updater-config"` | Name of the ConfigMap | +| config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | +| config.sshConfig.config | string | `""` | Argo CD Image Updater ssh client parameter configuration. | +| config.sshConfig.name | string | `"argocd-image-updater-ssh-config"` | Name of the sshConfig ConfigMap | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | +| extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | +| extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | +| extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | +| extraObjects | list | `[]` | Extra K8s manifests to deploy for argocd-image-updater | +| fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | +| image.pullPolicy | string | `"Always"` | Default image pull policy | +| image.repository | string | `"quay.io/argoprojlabs/argocd-image-updater"` | Default image repository | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | +| imagePullSecrets | list | `[]` | ImagePullSecrets for the image updater deployment | +| initContainers | list | `[]` | Init containers to add to the image updater pod | +| metrics.enabled | bool | `false` | Deploy metrics service | +| metrics.service.annotations | object | `{}` | Metrics service annotations | +| metrics.service.labels | object | `{}` | Metrics service labels | +| metrics.service.servicePort | int | `8081` | Metrics service port | +| metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override | +| namespaceOverride | string | `""` | Global namespace (argocd-image-updater.namespace in _helpers.tpl) override | +| nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment | +| podAnnotations | object | `{}` | Pod Annotations for the deployment | +| podLabels | object | `{}` | Pod Labels for the deployment | +| podSecurityContext | object | `{}` | Pod security context settings for the deployment | +| rbac.enabled | bool | `true` | Enable RBAC creation | +| replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. | +| resources | object | `{}` | Pod memory and cpu resource settings for the deployment | +| securityContext | object | See [values.yaml] | Security context settings for the deployment | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.labels | object | `{}` | Labels to add to the service account | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| tolerations | list | `[]` | Kubernetes toleration settings for the deployment | +| updateStrategy | object | `{"type":"Recreate"}` | The deployment strategy to use to replace existing pods with new ones | +| volumeMounts | list | `[]` | Additional volumeMounts to the image updater main container | +| volumes | list | `[]` | Additional volumes to the image updater pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server +[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags +[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/ +[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112 diff --git a/charts/argocd-image-updater/README.md.gotmpl b/charts/argocd-image-updater/README.md.gotmpl new file mode 100644 index 00000000..68ddd814 --- /dev/null +++ b/charts/argocd-image-updater/README.md.gotmpl @@ -0,0 +1,77 @@ +{{ template "chart.header" . }} + +{{ template "chart.description" . }} + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Installation + +```console +helm repo add argo https://argoproj.github.io/argo-helm +helm install argocd-image-updater argo/argocd-image-updater +``` + +You will also need to run through the [secret setup documentation] so Argo CD Image Updater can talk to the Argo CD API (until its automated in this chart). + +## Prerequisites + +* Helm v3.0.0+ + +## Configuration options + +In order for your deployment of Argo CD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page]. + +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your Argo CD instance is setup, are set in the `config.argocd` values block. For instance: + +```yaml +config: + argocd: + grpcWeb: false + serverAddress: "http://argocd.argo" + insecure: true + plaintext: true +``` + +Any additional arguments mentioned on the [argocd-image-updater flags page] can be configured using the `extraArgs` value, like so. + +### Argo CD API key + +If you are unable to install Argo CD Image Updater into the same Kubernetes cluster you might configure it to use API of your Argo CD installation. +Please also read [Configuration of Container Registries]. + +```yaml +config: + argocd: + token: +``` + +If you specify a token value the secret will be created. + +### Registries + +Argo CD Image Updater natively supports the following registries (as mentioned in [Configuration of Container Registries]): + +- Docker Hub +- Google Container Registry +- RedHat Quay +- GitHub Container Registry +- GitHub Docker Packages + +If you need support for ECR, you can reference this issue, [Support ECR authentication], for configuration. You can use the `authScripts` values to configure the scripts that are needed to authenticate with ECR. + +The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. + +{{ template "chart.valuesSection" . }} + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[secret setup documentation]: https://argocd-image-updater.readthedocs.io/en/stable/install/installation/#method-2-connect-using-argo-cd-api-server +[argocd-image-updater flags page]: https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags +[Configuration of Container Registries]: https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/ +[Support ECR authentication]: https://github.com/argoproj-labs/argocd-image-updater/issues/112 diff --git a/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml b/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml new file mode 100644 index 00000000..8d18ecd3 --- /dev/null +++ b/charts/argocd-image-updater/ci/enable-extra-objects-values.yaml @@ -0,0 +1,14 @@ +# Test with extraObjects enabled +# Do not deploy the CRDs as they are already present from the previous test +installCRDs: false + +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: datadog + type: Opaque + data: + address: aHR0cHM6Ly9hcGkuZGF0YWRvZ2hxLmNvbQo= # https://api.datadoghq.com + api-key: dGVzdC1hcGkta2V5Cg== # test-api-key + app-key: dGVzdC1hcHAta2V5Cg== # test-app-key diff --git a/charts/argocd-applicationset/templates/_helpers.tpl b/charts/argocd-image-updater/templates/_helpers.tpl similarity index 61% rename from charts/argocd-applicationset/templates/_helpers.tpl rename to charts/argocd-image-updater/templates/_helpers.tpl index e86139e1..abfba11e 100644 --- a/charts/argocd-applicationset/templates/_helpers.tpl +++ b/charts/argocd-image-updater/templates/_helpers.tpl @@ -1,7 +1,8 @@ +{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} -{{- define "argo-applicationset.name" -}} +{{- define "argocd-image-updater.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "argo-applicationset.fullname" -}} +{{- define "argocd-image-updater.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -23,41 +24,46 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* +Override .Release.Namespace +*/}} +{{- define "argocd-image-updater.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} -{{- define "argo-applicationset.chart" -}} +{{- define "argocd-image-updater.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "argo-applicationset.labels" -}} -helm.sh/chart: {{ include "argo-applicationset.chart" . }} -{{ include "argo-applicationset.selectorLabels" . }} +{{- define "argocd-image-updater.labels" -}} +helm.sh/chart: {{ include "argocd-image-updater.chart" . }} +{{ include "argocd-image-updater.selectorLabels" . }} {{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Chart.AppVersion | trunc 63 | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/part-of: argo-cd-applicationset -app.kubernetes.io/component: controller {{- end }} {{/* Selector labels */}} -{{- define "argo-applicationset.selectorLabels" -}} -app.kubernetes.io/name: {{ include "argo-applicationset.name" . }} +{{- define "argocd-image-updater.selectorLabels" -}} +app.kubernetes.io/name: {{ include "argocd-image-updater.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "argo-applicationset.serviceAccountName" -}} +{{- define "argocd-image-updater.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "argo-applicationset.fullname" .) .Values.serviceAccount.name }} +{{- default (include "argocd-image-updater.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/charts/argocd-image-updater/templates/configmap-authscripts.yaml b/charts/argocd-image-updater/templates/configmap-authscripts.yaml new file mode 100644 index 00000000..259054f6 --- /dev/null +++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml @@ -0,0 +1,11 @@ +{{- if .Values.authScripts.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ .Values.authScripts.name }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +data: + {{- toYaml .Values.authScripts.scripts | nindent 2}} +{{- end }} diff --git a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml new file mode 100644 index 00000000..9ff9ba61 --- /dev/null +++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml @@ -0,0 +1,17 @@ +{{- $sshConfig := omit .Values.config.sshConfig "name" }} +{{- range $key, $val := $sshConfig }} + {{- if not $val }} + {{ $_ := unset $sshConfig $key }} + {{- end }} +{{- end }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ .Values.config.sshConfig.name }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- with $sshConfig }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml new file mode 100644 index 00000000..8eb0e704 --- /dev/null +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -0,0 +1,48 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ .Values.config.name }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +data: + {{- with .Values.config.applicationsAPIKind }} + applications_api: {{ . | quote }} + {{- if eq . "argocd" }} + argocd.grpc_web: {{ $.Values.config.argocd.grpcWeb | quote }} + {{- with $.Values.config.argocd.serverAddress }} + argocd.server_addr: {{ . | quote }} + {{- end }} + argocd.insecure: {{ $.Values.config.argocd.insecure | quote }} + argocd.plaintext: {{ $.Values.config.argocd.plaintext | quote }} + {{- end -}} + {{- end }} + {{- with .Values.config.logLevel }} + log.level: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitUser }} + git.user: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitMail }} + git.email: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitTemplate }} + git.commit-message-template: | + {{- nindent 4 . }} + {{- end }} + {{- with .Values.config.gitCommitSigningKey }} + git.commit-signing-key: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitSignOff }} + git.commit-sign-off: {{ . | quote }} + {{- end }} + {{- with .Values.config.gitCommitSigningMethod }} + git.commit-signing-method: {{ . | quote }} + {{- end }} + kube.events: {{ .Values.config.disableKubeEvents | quote }} + {{- with .Values.config.registries }} + registries.conf: | + registries: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml new file mode 100644 index 00000000..87f1fbf4 --- /dev/null +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -0,0 +1,221 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }} + strategy: + {{- .Values.updateStrategy | toYaml | nindent 4 }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "argocd-image-updater.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argocd-image-updater.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + args: + - run + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: APPLICATIONS_API + valueFrom: + configMapKeyRef: + key: applications_api + name: {{ .Values.config.name }} + optional: true + - name: ARGOCD_GRPC_WEB + valueFrom: + configMapKeyRef: + key: argocd.grpc_web + name: {{ .Values.config.name }} + optional: true + - name: ARGOCD_SERVER + valueFrom: + configMapKeyRef: + key: argocd.server_addr + name: {{ .Values.config.name }} + optional: true + - name: ARGOCD_INSECURE + valueFrom: + configMapKeyRef: + key: argocd.insecure + name: {{ .Values.config.name }} + optional: true + - name: ARGOCD_PLAINTEXT + valueFrom: + configMapKeyRef: + key: argocd.plaintext + name: {{ .Values.config.name }} + optional: true + - name: ARGOCD_TOKEN + valueFrom: + secretKeyRef: + key: argocd.token + name: {{ .Values.config.argocd.tokenSecretName }} + optional: true + - name: IMAGE_UPDATER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: log.level + name: {{ .Values.config.name }} + optional: true + - name: GIT_COMMIT_USER + valueFrom: + configMapKeyRef: + key: git.user + name: {{ .Values.config.name }} + optional: true + - name: GIT_COMMIT_EMAIL + valueFrom: + configMapKeyRef: + key: git.email + name: {{ .Values.config.name }} + optional: true + - name: IMAGE_UPDATER_KUBE_EVENTS + valueFrom: + configMapKeyRef: + key: kube.events + name: {{ .Values.config.name }} + optional: true + - name: GIT_COMMIT_SIGNING_KEY + valueFrom: + configMapKeyRef: + key: git.commit-signing-key + name: {{ .Values.config.name }} + optional: true + - name: GIT_COMMIT_SIGNING_METHOD + valueFrom: + configMapKeyRef: + key: git.commit-signing-method + name: {{ .Values.config.name }} + optional: true + - name: GIT_COMMIT_SIGN_OFF + valueFrom: + configMapKeyRef: + key: git.commit-sign-off + name: {{ .Values.config.name }} + optional: true + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 8080 + {{ if .Values.metrics.enabled }} + - name: metrics + containerPort: 8081 + protocol: TCP + {{- end }} + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - mountPath: /app/config + name: image-updater-conf + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/.ssh + name: ssh-config + - mountPath: /tmp + name: tmp + - name: ssh-signing-key + mountPath: /app/ssh-keys/id_rsa + readOnly: true + subPath: sshPrivateKey + {{- if .Values.authScripts.enabled }} + - mountPath: /scripts + name: authscripts + {{- end }} + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 10}} + {{- end }} + volumes: + - configMap: + items: + - key: registries.conf + path: registries.conf + - key: git.commit-message-template + path: commit.template + name: {{ .Values.config.name }} + optional: true + name: image-updater-conf + {{- if .Values.authScripts.enabled }} + - configMap: + defaultMode: 0777 + name: {{ .Values.authScripts.name }} + name: authscripts + {{- end }} + - configMap: + name: argocd-ssh-known-hosts-cm + optional: true + name: ssh-known-hosts + - configMap: + name: {{ .Values.config.sshConfig.name }} + optional: true + name: ssh-config + - name: ssh-signing-key + secret: + secretName: ssh-git-creds + optional: true + - emptyDir: {} + name: tmp + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/extra-manifests.yaml b/charts/argocd-image-updater/templates/extra-manifests.yaml new file mode 100644 index 00000000..fc9a76b8 --- /dev/null +++ b/charts/argocd-image-updater/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/argocd-image-updater/templates/metrics-service.yaml b/charts/argocd-image-updater/templates/metrics-service.yaml new file mode 100644 index 00000000..8ca83b53 --- /dev/null +++ b/charts/argocd-image-updater/templates/metrics-service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- if .Values.metrics.service.annotations }} + annotations: + {{- range $key, $value := .Values.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + {{- with .Values.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "argocd-image-updater.fullname" . }}-metrics + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argocd-image-updater.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml new file mode 100644 index 00000000..867d5b59 --- /dev/null +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -0,0 +1,95 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +rules: + - apiGroups: + - '' + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch + {{- if not .Values.createClusterRoles }} + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- end }} +--- +{{- if and .Values.rbac.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/secret.yaml b/charts/argocd-image-updater/templates/secret.yaml new file mode 100644 index 00000000..171add82 --- /dev/null +++ b/charts/argocd-image-updater/templates/secret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.config.argocd.token }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.config.argocd.tokenSecretName }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} +type: Opaque +data: + argocd.token: {{ .Values.config.argocd.token | b64enc }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml new file mode 100644 index 00000000..a676f6fb --- /dev/null +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/servicemonitor.yaml b/charts/argocd-image-updater/templates/servicemonitor.yaml new file mode 100644 index 00000000..de9bcd52 --- /dev/null +++ b/charts/argocd-image-updater/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "argocd-image-updater.fullname" . }}-metrics + namespace: {{ default (include "argocd-image-updater.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + {{- with .Values.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argocd-image-updater.namespace" . | quote }} + selector: + matchLabels: + {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml new file mode 100644 index 00000000..15832520 --- /dev/null +++ b/charts/argocd-image-updater/values.yaml @@ -0,0 +1,284 @@ +# -- Replica count for the deployment. It is not advised to run more than one replica. +replicaCount: 1 +image: + # -- Default image repository + repository: quay.io/argoprojlabs/argocd-image-updater + # -- Default image pull policy + pullPolicy: Always + # -- Overrides the image tag whose default is the chart appVersion + tag: "" + +# -- The deployment strategy to use to replace existing pods with new ones +updateStrategy: + type: Recreate +# -- ImagePullSecrets for the image updater deployment +imagePullSecrets: [] +# -- Global name (argocd-image-updater.name in _helpers.tpl) override +nameOverride: "" +# -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override +fullnameOverride: "" +# -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override +namespaceOverride: "" + +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD Image Updater runs. +## If you want to use this, please set `.Values.rbac.enabled` true as well. +createClusterRoles: true + +# -- Extra arguments for argocd-image-updater not defined in `config.argocd`. +# If a flag contains both key and value, they need to be split to a new entry +extraArgs: [] + # - --disable-kubernetes + # - --dry-run + # - --health-port + # - 8080 + # - --interval + # - 2m + # - --kubeconfig + # - ~/.kube/config + # - --match-application-name + # - staging-* + # - --max-concurrency + # - 5 + # - --once + # - --registries-conf-path + # - /app/config/registries.conf + +# -- Extra environment variables for argocd-image-updater +extraEnv: [] + # - name: AWS_REGION + # value: "us-west-1" + +# -- Extra envFrom to pass to argocd-image-updater +extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + +# -- Extra K8s manifests to deploy for argocd-image-updater +## Note: Supports use of custom Helm templates +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argocd-image-updater-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argocd-image-updater" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argocd-image-updater-secrets-store + # type: Opaque + # labels: + # app.kubernetes.io/part-of: argocd + +# -- Init containers to add to the image updater pod +initContainers: [] + # - name: download-tools + # image: alpine:3.8 + # command: [sh, -c] + # args: + # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && + # mv linux-amd64/helm /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + +# -- Additional volumeMounts to the image updater main container +volumeMounts: [] + +# -- Additional volumes to the image updater pod +volumes: [] + ## Use init containers to configure custom tooling + ## https://argo-cd.readthedocs.io/en/stable/operator-manual/custom_tools/ + ## When using the volumes & volumeMounts section bellow, please comment out those above. + # - name: custom-tools + # emptyDir: {} + +config: + # -- Name of the ConfigMap + name: argocd-image-updater-config + # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`) + applicationsAPIKind: "" + + # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags + # Note: this is only relevant if config.applicationsAPIKind == 'argocd' + argocd: + # -- Use the gRPC-web protocol to connect to the Argo CD API + grpcWeb: true + # -- Connect to the Argo CD API server at server address + serverAddress: "" + # -- If specified, the certificate of the Argo CD API server is not verified. + insecure: false + # -- If specified, use an unencrypted HTTP connection to the Argo CD API instead of TLS. + plaintext: false + # -- If specified, the secret with Argo CD API key will be created. + token: "" + # -- Name of the Secret containing the token + tokenSecretName: "argocd-image-updater-secret" + + # -- Disable kubernetes events + disableKubeEvents: false + + # -- Username to use for Git commits + gitCommitUser: "" + + # -- E-Mail address to use for Git commits + gitCommitMail: "" + + # -- Changing the Git commit message + gitCommitTemplate: "" + + # -- Path to public SSH key mounted in container, or GPG key ID used to sign commits + gitCommitSigningKey: "" + + # -- Enables sign off on commits + gitCommitSignOff: false + + # -- Method used to sign Git commits. `openpgp` or `ssh` + gitCommitSigningMethod: "" + + # -- Argo CD Image Update log level + logLevel: "info" + + # -- Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) + registries: [] + # - name: Docker Hub + # api_url: https://registry-1.docker.io + # ping: yes + # credentials: secret:foo/bar#creds + # defaultns: library + # - name: Google Container Registry + # api_url: https://gcr.io + # prefix: gcr.io + # ping: no + # credentials: pullsecret:foo/bar + # - name: RedHat Quay + # api_url: https://quay.io + # ping: no + # prefix: quay.io + # credentials: env:REGISTRY_SECRET + # - name: ECR + # api_url: https://123456789.dkr.ecr.eu-west-1.amazonaws.com + # prefix: 123456789.dkr.ecr.eu-west-1.amazonaws.com + # ping: yes + # insecure: no + # credentials: ext:/scripts/auth1.sh + # credsexpire: 10h + + sshConfig: + # -- Name of the sshConfig ConfigMap + name: argocd-image-updater-ssh-config + # -- Argo CD Image Updater ssh client parameter configuration. + config: "" + # config: | + # Host * + # PubkeyAcceptedAlgorithms +ssh-rsa + # HostkeyAlgorithms +ssh-rsa + +# whether to mount authentication scripts, if enabled, the authentication scripts will be mounted on /scripts that can be used to authenticate with registries (ECR) +# refer to https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#specifying-credentials-for-accessing-container-registries for more info +authScripts: + # -- Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts` + enabled: false + # -- Name of the authentication scripts ConfigMap + name: argocd-image-updater-authscripts + # -- Map of key-value pairs where the key consists of the name of the script and the value the contents + scripts: {} + # auth1.sh: | + # #!/bin/sh + # echo "auth script 1 here" + # auth2.sh: | + # #!/bin/sh + # echo "auth script 2 here" + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- Labels to add to the service account + labels: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- Pod Annotations for the deployment +podAnnotations: {} + +# -- Pod Labels for the deployment +podLabels: {} + +# -- Pod security context settings for the deployment +podSecurityContext: {} + # fsGroup: 2000 + +# -- Security context settings for the deployment +# @default -- See [values.yaml] +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +rbac: + # -- Enable RBAC creation + enabled: true + +# -- Pod memory and cpu resource settings for the deployment +resources: {} + +# -- Kubernetes nodeSelector settings for the deployment +nodeSelector: {} + +# -- Kubernetes toleration settings for the deployment +tolerations: [] + +# -- Kubernetes affinity settings for the deployment +affinity: {} + +# Metrics configuration +metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8081 + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # promtheus: kube-prometheus + + # -- Prometheus ServiceMonitor namespace + namespace: "" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} diff --git a/charts/argocd-notifications/.helmignore b/charts/argocd-notifications/.helmignore deleted file mode 100644 index 50af0317..00000000 --- a/charts/argocd-notifications/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml deleted file mode 100644 index cf33a5d9..00000000 --- a/charts/argocd-notifications/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v2 -appVersion: 1.1.1 -description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. -name: argocd-notifications -type: application -version: 1.4.0 -home: https://github.com/argoproj/argo-helm -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -keywords: - - argoproj - - argocd - - argocd-notifications -maintainers: - - name: alexmt - - name: andyfeller diff --git a/charts/argocd-notifications/README.md b/charts/argocd-notifications/README.md deleted file mode 100644 index 61e1d363..00000000 --- a/charts/argocd-notifications/README.md +++ /dev/null @@ -1,9 +0,0 @@ -## ArgoCD Notifications Chart - -This is a **community maintained** chart. It installs the [argocd-notifications](https://github.com/argoproj-labs/argocd-notifications) application. This application comes packaged with: -- Notifications Controller Deployment -- Notifications Controller ConfigMap -- Notifications Controller Secret -- Service Account -- Roles -- Role Bindings diff --git a/charts/argocd-notifications/templates/_helpers.tpl b/charts/argocd-notifications/templates/_helpers.tpl deleted file mode 100644 index 373c5495..00000000 --- a/charts/argocd-notifications/templates/_helpers.tpl +++ /dev/null @@ -1,115 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "argocd-notifications.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "argocd-notifications.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "argocd-notifications.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "argocd-notifications.labels" -}} -helm.sh/chart: {{ include "argocd-notifications.chart" . }} -{{ include "argocd-notifications.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Common metrics labels -*/}} -{{- define "argocd-notifications.metrics.labels" -}} -helm.sh/chart: {{ include "argocd-notifications.chart" . }} -{{ include "argocd-notifications.metrics.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - - -{{/* -Common slack bot labels -*/}} -{{- define "argocd-notifications.bots.slack.labels" -}} -helm.sh/chart: {{ include "argocd-notifications.chart" . }} -{{ include "argocd-notifications.bots.slack.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "argocd-notifications.selectorLabels" -}} -app.kubernetes.io/name: {{ include "argocd-notifications.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Selector metrics labels -*/}} -{{- define "argocd-notifications.metrics.selectorLabels" -}} -app.kubernetes.io/name: {{ include "argocd-notifications.name" . }}-metrics -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Selector slack bot labels -*/}} -{{- define "argocd-notifications.bots.slack.selectorLabels" -}} -app.kubernetes.io/name: {{ include "argocd-notifications.name" . }}-bot -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "argocd-notifications.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "argocd-notifications.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the bot service account to use -*/}} -{{- define "argocd-notifications.bots.slack.serviceAccountName" -}} -{{- if .Values.bots.slack.serviceAccount.create -}} - {{ default (printf "%s-bot" (include "argocd-notifications.fullname" .)) .Values.bots.slack.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.bots.slack.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/argocd-notifications/templates/bots/slack/deployment.yaml b/charts/argocd-notifications/templates/bots/slack/deployment.yaml deleted file mode 100644 index 112266ed..00000000 --- a/charts/argocd-notifications/templates/bots/slack/deployment.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{ if .Values.bots.slack.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "argocd-notifications.name" . }}-bot - labels: - {{- include "argocd-notifications.bots.slack.labels" . | nindent 4 }} -spec: - strategy: - {{- .Values.bots.slack.updateStrategy | toYaml | nindent 4 }} - selector: - matchLabels: - {{- include "argocd-notifications.bots.slack.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "argocd-notifications.bots.slack.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.bots.slack.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "argocd-notifications.bots.slack.serviceAccountName" . }} - containers: - - name: {{ include "argocd-notifications.name" . }}-bot - image: "{{ .Values.bots.slack.image.repository }}:{{ .Values.bots.slack.image.tag }}" - imagePullPolicy: {{ .Values.bots.slack.image.pullPolicy }} - resources: - {{- toYaml .Values.bots.slack.resources | nindent 12 }} - command: - - /app/argocd-notifications-backend - - bot - workingDir: /app - ports: - - containerPort: 8080 - name: http - {{- with .Values.bots.slack.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bots.slack.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bots.slack.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{ end }} diff --git a/charts/argocd-notifications/templates/bots/slack/role.yaml b/charts/argocd-notifications/templates/bots/slack/role.yaml deleted file mode 100644 index 5193a109..00000000 --- a/charts/argocd-notifications/templates/bots/slack/role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.bots.slack.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "argocd-notifications.name" . }}-bot -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - get - - list - - watch - - update - - patch -{{ end }} diff --git a/charts/argocd-notifications/templates/bots/slack/rolebinding.yaml b/charts/argocd-notifications/templates/bots/slack/rolebinding.yaml deleted file mode 100644 index 6a87bb49..00000000 --- a/charts/argocd-notifications/templates/bots/slack/rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.bots.slack.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "argocd-notifications.name" . }}-bot -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "argocd-notifications.name" . }}-bot -subjects: -- kind: ServiceAccount - name: {{ include "argocd-notifications.bots.slack.serviceAccountName" . }} -{{ end }} diff --git a/charts/argocd-notifications/templates/bots/slack/service.yaml b/charts/argocd-notifications/templates/bots/slack/service.yaml deleted file mode 100644 index c31ad935..00000000 --- a/charts/argocd-notifications/templates/bots/slack/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if .Values.bots.slack.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "argocd-notifications.name" . }}-bot - {{- if .Values.bots.slack.service.annotations }} - annotations: - {{- toYaml .Values.bots.slack.service.annotations | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: {{ .Values.bots.slack.service.port }} - protocol: TCP - targetPort: http - selector: - {{- include "argocd-notifications.bots.slack.selectorLabels" . | nindent 4 }} - type: {{ .Values.bots.slack.service.type }} -{{ end }} diff --git a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml b/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml deleted file mode 100644 index f888811c..00000000 --- a/charts/argocd-notifications/templates/bots/slack/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.bots.slack.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "argocd-notifications.bots.slack.serviceAccountName" . }} - labels: - {{- include "argocd-notifications.bots.slack.labels" . | nindent 4 }} - {{- with .Values.bots.slack.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{ end }} -{{ end }} diff --git a/charts/argocd-notifications/templates/configmap.yaml b/charts/argocd-notifications/templates/configmap.yaml deleted file mode 100644 index 37f95b53..00000000 --- a/charts/argocd-notifications/templates/configmap.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if .Values.cm.create }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "argocd-notifications.name" . }}-cm - labels: - {{- include "argocd-notifications.labels" . | nindent 4 }} -data: - context: | - argocdUrl: {{ .Values.argocdUrl | quote }} - {{- with .Values.context }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.notifiers }} - {{- toYaml . | nindent 2 }} - {{- end }} - {{- with .Values.subscriptions }} - subscriptions: | - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.templates }} - {{- toYaml . | nindent 2 }} - {{- end }} - {{- with .Values.triggers }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/charts/argocd-notifications/templates/deployment.yaml b/charts/argocd-notifications/templates/deployment.yaml deleted file mode 100644 index 0e18f698..00000000 --- a/charts/argocd-notifications/templates/deployment.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "argocd-notifications.name" . }}-controller - labels: - {{- include "argocd-notifications.labels" . | nindent 4 }} -spec: - strategy: - {{- .Values.updateStrategy | toYaml | nindent 4 }} - selector: - matchLabels: - {{- include "argocd-notifications.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- if .Values.podAnnotations }} - annotations: - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - {{- include "argocd-notifications.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "argocd-notifications.serviceAccountName" . }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} - containers: - - name: {{ include "argocd-notifications.name" . }}-controller - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - command: - - /app/argocd-notifications-backend - - controller - - --loglevel={{ .Values.logLevel }} - {{- if .Values.metrics.enabled }} - - --metrics-port={{ .Values.metrics.port }} - {{- end }} - {{- range .Values.extraArgs }} - - {{ . | squote }} - {{- end }} - workingDir: /app - ports: - {{- if .Values.metrics.enabled }} - - containerPort: {{ .Values.metrics.port }} - name: metrics - protocol: TCP - {{- end }} - {{- if .Values.containerSecurityContext }} - securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- end }} - {{- with .Values.extraEnv }} - env: {{ toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/argocd-notifications/templates/rolebinding.yaml b/charts/argocd-notifications/templates/rolebinding.yaml deleted file mode 100644 index d3be3f9d..00000000 --- a/charts/argocd-notifications/templates/rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "argocd-notifications.name" . }}-controller - labels: - {{- include "argocd-notifications.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "argocd-notifications.name" . }}-controller -subjects: -- kind: ServiceAccount - name: {{ include "argocd-notifications.serviceAccountName" . }} diff --git a/charts/argocd-notifications/templates/secret.yaml b/charts/argocd-notifications/templates/secret.yaml deleted file mode 100644 index 11cf4c78..00000000 --- a/charts/argocd-notifications/templates/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.secret.create }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "argocd-notifications.name" . }}-secret - labels: - {{- include "argocd-notifications.labels" . | nindent 4 }} -type: Opaque -stringData: - {{- with .Values.secret.items }} - {{ toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/charts/argocd-notifications/templates/service-metrics.yaml b/charts/argocd-notifications/templates/service-metrics.yaml deleted file mode 100644 index aea5d90e..00000000 --- a/charts/argocd-notifications/templates/service-metrics.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "argocd-notifications.name" . }}-metrics - labels: - {{- include "argocd-notifications.metrics.labels" . | nindent 4 }} - {{- with .Values.metrics.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.metrics.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - {{- include "argocd-notifications.selectorLabels" . | nindent 4 }} - ports: - - name: metrics - port: {{ .Values.metrics.port }} - targetPort: {{ .Values.metrics.port }} -{{- end }} diff --git a/charts/argocd-notifications/templates/serviceaccount.yaml b/charts/argocd-notifications/templates/serviceaccount.yaml deleted file mode 100644 index 418b6800..00000000 --- a/charts/argocd-notifications/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "argocd-notifications.serviceAccountName" . }} - labels: - {{- include "argocd-notifications.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/argocd-notifications/templates/servicemonitor.yaml b/charts/argocd-notifications/templates/servicemonitor.yaml deleted file mode 100644 index b04851f3..00000000 --- a/charts/argocd-notifications/templates/servicemonitor.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "argocd-notifications.name" . }}-metrics - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - {{- include "argocd-notifications.metrics.labels" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - path: /metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "argocd-notifications.metrics.selectorLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml deleted file mode 100644 index ff5ca14d..00000000 --- a/charts/argocd-notifications/values.yaml +++ /dev/null @@ -1,393 +0,0 @@ -affinity: {} - -# ArgoCD dashboard url; used in place of {{.context.argocdUrl}} in templates -argocdUrl: - -fullnameOverride: "" - -image: - repository: argoprojlabs/argocd-notifications - tag: v1.1.1 - pullPolicy: IfNotPresent - -imagePullSecrets: [] - -nameOverride: "argocd-notifications" - -nodeSelector: {} - -updateStrategy: - type: Recreate - -context: - # Add custom values into context - # region: east - # environmentName: staging - -secret: - # Whether helm chart creates controller secret - create: true - - items: - # Generic key:value pairs to be inserted into the secret - # Can be used for templates, notification services etc. Some examples given below. - # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ - - # slack-token: - # # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/slack/ - - # grafana-apiKey: - # # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/grafana/ - - # webhooks-github-token: - - # email-username: - # email-password: - # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/email/ - -logLevel: info - -extraArgs: [] - -metrics: - enabled: false - port: 9001 - service: - annotations: {} - labels: {} - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - -# Additional container environment variables -extraEnv: [] - -notifiers: -# For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/ - - service.slack: | - token: $slack-token - -podAnnotations: {} - -## Pod Security Context -securityContext: - runAsNonRoot: true - -## Container Security Context -containerSecurityContext: {} - -resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -serviceAccount: - # Specifies whether a service account should be created - create: true - - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: argocd-notifications-controller - - annotations: {} - -cm: - # Whether helm chart creates controller config map - create: true - -subscriptions: - # For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/ - - # # subscription for on-sync-status-unknown trigger notifications - # - recipients: - # - slack:test2 - # - email:test@gmail.com - # triggers: - # - on-sync-status-unknown - # # subscription restricted to applications with matching labels only - # - recipients: - # - slack:test3 - # selector: test=true - # triggers: - # - on-sync-status-unknown - -templates: - # For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/ - - # template.app-deployed: | - # email: - # subject: New version of an application {{.app.metadata.name}} is up and running. - # message: | - # {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests. - # slack: - # attachments: | - # [{ - # "title": "{{ .app.metadata.name}}", - # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - # "color": "#18be52", - # "fields": [ - # { - # "title": "Sync Status", - # "value": "{{.app.status.sync.status}}", - # "short": true - # }, - # { - # "title": "Repository", - # "value": "{{.app.spec.source.repoURL}}", - # "short": true - # }, - # { - # "title": "Revision", - # "value": "{{.app.status.sync.revision}}", - # "short": true - # } - # {{range $index, $c := .app.status.conditions}} - # {{if not $index}},{{end}} - # {{if $index}},{{end}} - # { - # "title": "{{$c.type}}", - # "value": "{{$c.message}}", - # "short": true - # } - # {{end}} - # ] - # }] - # template.app-health-degraded: | - # email: - # subject: Application {{.app.metadata.name}} has degraded. - # message: | - # {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. - # Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. - # slack: - # attachments: |- - # [{ - # "title": "{{ .app.metadata.name}}", - # "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - # "color": "#f4c030", - # "fields": [ - # { - # "title": "Sync Status", - # "value": "{{.app.status.sync.status}}", - # "short": true - # }, - # { - # "title": "Repository", - # "value": "{{.app.spec.source.repoURL}}", - # "short": true - # } - # {{range $index, $c := .app.status.conditions}} - # {{if not $index}},{{end}} - # {{if $index}},{{end}} - # { - # "title": "{{$c.type}}", - # "value": "{{$c.message}}", - # "short": true - # } - # {{end}} - # ] - # }] - # template.app-sync-failed: | - # email: - # subject: Failed to sync application {{.app.metadata.name}}. - # message: | - # {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} - # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . - # slack: - # attachments: |- - # [{ - # "title": "{{ .app.metadata.name}}", - # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - # "color": "#E96D76", - # "fields": [ - # { - # "title": "Sync Status", - # "value": "{{.app.status.sync.status}}", - # "short": true - # }, - # { - # "title": "Repository", - # "value": "{{.app.spec.source.repoURL}}", - # "short": true - # } - # {{range $index, $c := .app.status.conditions}} - # {{if not $index}},{{end}} - # {{if $index}},{{end}} - # { - # "title": "{{$c.type}}", - # "value": "{{$c.message}}", - # "short": true - # } - # {{end}} - # ] - # }] - # template.app-sync-running: | - # email: - # subject: Start syncing application {{.app.metadata.name}}. - # message: | - # The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. - # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . - # slack: - # attachments: |- - # [{ - # "title": "{{ .app.metadata.name}}", - # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - # "color": "#0DADEA", - # "fields": [ - # { - # "title": "Sync Status", - # "value": "{{.app.status.sync.status}}", - # "short": true - # }, - # { - # "title": "Repository", - # "value": "{{.app.spec.source.repoURL}}", - # "short": true - # } - # {{range $index, $c := .app.status.conditions}} - # {{if not $index}},{{end}} - # {{if $index}},{{end}} - # { - # "title": "{{$c.type}}", - # "value": "{{$c.message}}", - # "short": true - # } - # {{end}} - # ] - # }] - # template.app-sync-status-unknown: | - # email: - # subject: Application {{.app.metadata.name}} sync status is 'Unknown' - # message: | - # {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. - # Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. - # {{if ne .serviceType "slack"}} - # {{range $c := .app.status.conditions}} - # * {{$c.message}} - # {{end}} - # {{end}} - # slack: - # attachments: |- - # [{ - # "title": "{{ .app.metadata.name}}", - # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", - # "color": "#E96D76", - # "fields": [ - # { - # "title": "Sync Status", - # "value": "{{.app.status.sync.status}}", - # "short": true - # }, - # { - # "title": "Repository", - # "value": "{{.app.spec.source.repoURL}}", - # "short": true - # } - # {{range $index, $c := .app.status.conditions}} - # {{if not $index}},{{end}} - # {{if $index}},{{end}} - # { - # "title": "{{$c.type}}", - # "value": "{{$c.message}}", - # "short": true - # } - # {{end}} - # ] - # }] - # template.app-sync-succeeded: | - # email: - # subject: Application {{.app.metadata.name}} has been successfully synced. - # message: | - # {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. - # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . - # slack: - # attachments: "[{\n \"title\": \"{{ .app.metadata.name}}\",\n \"title_link\":\"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}\",\n \"color\": \"#18be52\",\n \"fields\": [\n {\n \"title\": \"Sync Status\",\n \"value\": \"{{.app.status.sync.status}}\",\n \"short\": true\n },\n {\n \"title\": \"Repository\",\n \"value\": \"{{.app.spec.source.repoURL}}\",\n \"short\": true\n }\n {{range $index, $c := .app.status.conditions}}\n {{if not $index}},{{end}}\n {{if $index}},{{end}}\n {\n \"title\": \"{{$c.type}}\",\n \"value\": \"{{$c.message}}\",\n \"short\": true\n }\n {{end}}\n ]\n}] " - - -tolerations: [] - -triggers: - # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/ - - # trigger.on-deployed: | - # - description: Application is synced and healthy. Triggered once per commit. - # oncePer: app.status.sync.revision - # send: - # - app-deployed - # when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' - # trigger.on-health-degraded: | - # - description: Application has degraded - # send: - # - app-health-degraded - # when: app.status.health.status == 'Degraded' - # trigger.on-sync-failed: | - # - description: Application syncing has failed - # send: - # - app-sync-failed - # when: app.status.operationState.phase in ['Error', 'Failed'] - # trigger.on-sync-running: | - # - description: Application is being synced - # send: - # - app-sync-running - # when: app.status.operationState.phase in ['Running'] - # trigger.on-sync-status-unknown: | - # - description: Application status is 'Unknown' - # send: - # - app-sync-status-unknown - # when: app.status.sync.status == 'Unknown' - # trigger.on-sync-succeeded: | - # - description: Application syncing has succeeded - # send: - # - app-sync-succeeded - # when: app.status.operationState.phase in ['Succeeded'] - -bots: - # For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/ - slack: - # You have to set secret.notifiers.slack.signingSecret - enabled: false - - updateStrategy: - type: Recreate - - image: - repository: argoprojlabs/argocd-notifications - tag: v1.1.1 - pullPolicy: IfNotPresent - - imagePullSecrets: [] - - service: - annotations: {} - port: 80 - type: LoadBalancer - - serviceAccount: - # Specifies whether a service account should be created - create: true - - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: argocd-notifications-bot - - annotations: {} - - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - affinity: {} - - tolerations: [] - - nodeSelector: {} diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..1ee051f5 --- /dev/null +++ b/renovate.json @@ -0,0 +1,109 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "kubernetes": { + "fileMatch": ["\\.yaml$", "\\.yml$"] + }, + "extends": [ + "config:recommended", + "docker:enableMajor", + ":gitSignOff" + ], + "labels": ["renovate"], + "includePaths": [ + "**/charts/argo-workflows/Chart.yaml", + "**/charts/argo-cd/Chart.yaml", + "**/charts/argo-cd/values.yaml", + "**/charts/argo-events/Chart.yaml", + "**/charts/argo-rollouts/Chart.yaml", + "**/charts/argocd-image-updater/Chart.yaml", + "**/.github/workflows/renovate.yaml" + ], + "customManagers": [ + { + "customType": "regex", + "fileMatch": ["charts/argo-workflows/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-workflows", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["charts/argo-cd/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-cd", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["charts/argo-events/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-events", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["charts/argo-rollouts/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj/argo-rollouts", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["charts/argocd-image-updater/Chart.yaml$"], + "matchStrings": [ + "\\sappVersion: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", + "depNameTemplate": "argoproj-labs/argocd-image-updater", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)\\s+.+version: (?.*)" + ] + } + ], + "packageRules": [ + { + "matchPackagePatterns": [ + "argoproj/argo-workflows", + "argoproj/argo-cd", + "argoproj/argo-events", + "argoproj/argo-rollouts", + "argoproj-labs/argocd-image-updater", + "argoprojlabs/argocd-extension-installer", + "public.ecr.aws/bitnami/redis-exporter", + "public.ecr.aws/docker/library/redis" + ], + "commitMessagePrefix": "chore({{parentDir}}):", + "postUpgradeTasks": { + "commands": [ + "./scripts/renovate-bump-version.sh -c {{parentDir}} -d {{depName}} -v {{newVersion}}", + "./scripts/helm-docs.sh" + ] + } + }, + { + "matchPackagePatterns": ["redis-ha"], + "enabled": false + }, + { + "matchPackageNames": ["ghcr.io/renovatebot/renovate"], + "extends": ["schedule:monthly"] + } + ] +} diff --git a/scripts/helm-docs.sh b/scripts/helm-docs.sh new file mode 100755 index 00000000..5669f91c --- /dev/null +++ b/scripts/helm-docs.sh @@ -0,0 +1,11 @@ +#!/bin/bash +## Reference: https://github.com/norwoodj/helm-docs +set -eux +REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" +echo "$REPO_ROOT" + +echo "Running Helm-Docs" +docker run \ + -v "$REPO_ROOT:/helm-docs" \ + -u $(id -u) \ + jnorwood/helm-docs:v1.9.1 diff --git a/scripts/lint.sh b/scripts/lint.sh index 1f0e9104..6061adb5 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -9,8 +9,8 @@ echo -e "\n-- Linting all Helm Charts --\n" docker run \ -v "$SRCROOT:/workdir" \ --entrypoint /bin/sh \ - quay.io/helmpack/chart-testing:v3.3.1 \ - -c cd /workdir \ + quay.io/helmpack/chart-testing:v3.10.0 \ + -c cd /workdir \ ct lint \ --config .github/configs/ct-lint.yaml \ --lint-conf .github/configs/lintconf.yaml \ diff --git a/scripts/release-analysis/.mega-linter.yaml b/scripts/release-analysis/.mega-linter.yaml new file mode 100644 index 00000000..024abb2b --- /dev/null +++ b/scripts/release-analysis/.mega-linter.yaml @@ -0,0 +1,21 @@ +# Configuration file for MegaLinter +# Run megalinter locally with: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v8` +ENABLE: + - DOCKERFILE + - PYTHON + +DISABLE_LINTERS: + - PYTHON_FLAKE8 + - PYTHON_PYRIGHT + - PYTHON_RUFF + - PYTHON_BANDIT + +CLEAR_REPORT_FOLDER: true +PYTHON_PYLINT_PRE_COMMANDS: + - command: pip install -r /tmp/lint/requirements.txt + venv: pylint +REPORT_OUTPUT_FOLDER: none + + +# You might want to enable this locally to fix some stuff without guessing what you need to change. Check before committing to git. +#APPLY_FIXES: all diff --git a/scripts/release-analysis/Dockerfile b/scripts/release-analysis/Dockerfile new file mode 100644 index 00000000..17674252 --- /dev/null +++ b/scripts/release-analysis/Dockerfile @@ -0,0 +1,8 @@ +FROM python:3.13-slim +WORKDIR /app +COPY requirements.txt ./ +RUN pip install --no-cache-dir -r requirements.txt + +COPY main.py fetch_releases.py fetch_helmet_releases.py merge_csvs.py plot_graph.py ./ +RUN chmod +x main.py fetch_releases.py fetch_helmet_releases.py merge_csvs.py plot_graph.py +CMD [ "python", "-u", "./main.py" ] diff --git a/scripts/release-analysis/README.md b/scripts/release-analysis/README.md new file mode 100644 index 00000000..ab746cee --- /dev/null +++ b/scripts/release-analysis/README.md @@ -0,0 +1,27 @@ +# argo-helm release analysis + +Compare the time of the upstream release to the time of the equivalent Helm Chart release to determine the time it takes for a new release to be available in argo-helm. + + +## How to run +This is quite github-api-intensive, so you'll need a github PAT + +```bash +# Build the container +docker build . -t team-helm-analysis + +# Delete any existing data +rm -f argo_helm_releases.csv argo_releases.csv merged_releases.csv time_difference_plot_argo*.png + +# Run the container +GITHUB_TOKEN=your_token_here +docker run --rm -e GITHUB_TOKEN=$GITHUB_TOKEN -v ${PWD}:/app team-helm-analysis +``` + +You should get 3 csvs and 4 graphs once this completes. It takes around 5 mins to run. + + +## Linting +I ran megalinter against this just to give some confidence that it's not completely broken. It's not perfect, but it's something. + +Run megalinter locally against this directory with: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw oxsecurity/megalinter:v8` diff --git a/scripts/release-analysis/argo_helm_releases.csv b/scripts/release-analysis/argo_helm_releases.csv new file mode 100644 index 00000000..58046fc1 --- /dev/null +++ b/scripts/release-analysis/argo_helm_releases.csv @@ -0,0 +1,1019 @@ +Release Name,Release Date,Release Time,App Version +argo-cd-7.7.16,2025-01-14,10:17:50,v2.13.3 +argo-events-2.4.13,2025-01-11,10:22:47,v1.9.5 +argo-workflows-0.45.4,2025-01-10,10:23:52,v3.6.2 +argo-cd-7.7.15,2025-01-10,07:18:13,v2.13.3 +argo-events-2.4.12,2025-01-08,08:37:01,v1.9.4 +argocd-image-updater-0.11.4,2025-01-07,07:04:30,v0.15.2 +argo-cd-7.7.14,2025-01-07,12:02:49,v2.13.3 +argo-events-2.4.11,2025-01-04,14:02:19,v1.9.3 +argo-cd-7.7.13,2025-01-04,00:07:55,v2.13.3 +argo-workflows-0.45.3,2025-01-03,15:16:16,v3.6.2 +argo-rollouts-2.38.2,2025-01-03,14:07:45,v1.7.2 +argo-cd-7.7.12,2025-01-02,06:18:17,v2.13.2 +argo-events-2.4.10,2024-12-31,12:18:02,v1.9.3 +argo-rollouts-2.38.1,2024-12-30,17:19:34,v1.7.2 +argo-cd-7.7.11,2024-12-21,12:06:50,v2.13.2 +argo-workflows-0.45.2,2024-12-16,21:31:29,v3.6.2 +argocd-image-updater-0.11.3,2024-12-13,11:27:43,v0.15.1 +argo-cd-7.7.10,2024-12-12,05:33:28,v2.13.2 +argo-cd-7.7.9,2024-12-11,15:36:30,v2.13.1 +argo-cd-7.7.8,2024-12-09,09:17:31,v2.13.1 +argo-workflows-0.45.1,2024-12-02,17:39:46,v3.6.2 +argo-cd-7.7.7,2024-12-02,14:20:02,v2.13.1 +argo-cd-7.7.6,2024-11-28,00:42:14,v2.13.1 +argo-events-2.4.9,2024-11-27,20:44:06,v1.9.3 +argo-workflows-0.45.0,2024-11-22,15:20:08,v3.6.0 +argo-workflows-0.44.1,2024-11-22,11:40:45,v3.6.0 +argo-workflows-0.44.0,2024-11-21,08:59:15,v3.6.0 +argo-workflows-0.43.0,2024-11-21,08:27:21,v3.6.0 +argo-rollouts-2.38.0,2024-11-21,13:03:08,v1.7.2 +argo-cd-7.7.5,2024-11-21,12:43:12,v2.13.1 +argo-cd-7.7.4,2024-11-20,20:48:11,v2.13.1 +argo-cd-7.7.3,2024-11-13,10:57:32,v2.13.0 +argo-cd-7.7.2,2024-11-12,16:28:52,v2.13.0 +argo-cd-7.7.1,2024-11-10,01:42:21,v2.13.0 +argocd-image-updater-0.11.2,2024-11-09,03:44:12,v0.15.1 +argo-rollouts-2.37.8,2024-11-07,23:17:48,v1.7.2 +argo-cd-7.7.0,2024-11-05,00:00:06,v2.13.0 +argo-workflows-0.42.7,2024-11-01,23:24:01,v3.5.12 +argocd-image-updater-0.11.1,2024-10-30,10:40:35,v0.15.0 +argo-workflows-0.42.6,2024-10-30,13:24:53,v3.5.12 +argo-cd-7.6.12,2024-10-18,19:27:20,v2.12.6 +argo-cd-7.6.11,2024-10-18,07:16:30,v2.12.5 +argo-cd-7.6.10,2024-10-16,12:00:46,v2.12.4 +argo-cd-7.6.9,2024-10-15,20:16:09,v2.12.4 +argo-cd-7.6.8,2024-10-03,13:53:23,v2.12.4 +argo-workflows-0.42.5,2024-10-02,00:47:02,v3.5.11 +argocd-apps-2.0.2,2024-10-01,06:03:45, +argo-cd-7.6.7,2024-09-30,18:24:52,v2.12.4 +argo-cd-7.6.6,2024-09-30,12:25:12,v2.12.4 +argo-workflows-0.42.4,2024-09-27,09:57:14,v3.5.11 +argo-cd-7.6.5,2024-09-26,07:42:42,v2.12.4 +argo-cd-7.6.4,2024-09-25,22:05:12,v2.12.3 +argo-cd-7.6.3,2024-09-25,15:18:12,v2.12.3 +argo-cd-7.6.2,2024-09-23,17:27:28,v2.12.3 +argo-workflows-0.42.3,2024-09-20,15:08:40,v3.5.11 +argo-events-2.4.8,2024-09-20,00:10:14,v1.9.2 +argo-cd-7.6.1,2024-09-20,11:24:11,v2.12.3 +argo-cd-7.6.0,2024-09-20,07:59:20,v2.12.3 +argo-rollouts-2.37.7,2024-09-16,13:38:21,v1.7.2 +argo-workflows-0.42.2,2024-09-13,14:02:16,v3.5.10 +argocd-apps-2.0.1,2024-09-10,21:55:59, +argo-cd-7.5.2,2024-09-02,15:33:28,v2.12.3 +argo-cd-7.5.1,2024-09-02,08:59:12,v2.12.3 +argo-workflows-0.42.1,2024-09-01,15:06:01,v3.5.10 +argo-rollouts-2.37.6,2024-08-31,10:13:12,v1.7.2 +argo-cd-7.5.0,2024-08-28,15:27:35,v2.12.3 +argo-cd-7.4.7,2024-08-27,13:30:34,v2.12.3 +argo-cd-7.4.6,2024-08-27,08:49:06,v2.12.2 +argo-cd-7.4.5,2024-08-23,08:51:19,v2.12.2 +argo-workflows-0.42.0,2024-08-20,19:07:24,v3.5.10 +argo-cd-7.4.4,2024-08-16,21:36:53,v2.12.1 +argo-rollouts-2.37.5,2024-08-14,08:31:31,v1.7.2 +argo-rollouts-2.37.4,2024-08-12,09:08:55,v1.7.1 +argo-cd-7.4.3,2024-08-12,15:29:49,v2.12.0 +argo-cd-7.4.2,2024-08-08,15:02:24,v2.12.0 +argo-cd-7.4.1,2024-08-06,10:14:35,v2.12.0 +argo-cd-7.4.0,2024-08-05,15:22:06,v2.12.0 +argo-workflows-0.41.14,2024-08-02,10:42:56,v3.5.10 +argo-workflows-0.41.13,2024-08-01,07:19:01,v3.5.10 +argo-workflows-0.41.12,2024-07-30,07:39:23,v3.5.9 +argo-rollouts-2.37.3,2024-07-29,07:25:40,v1.7.1 +argo-cd-7.3.11,2024-07-24,11:44:52,v2.11.7 +argo-cd-7.3.10,2024-07-22,17:14:41,v2.11.6 +argo-cd-7.3.9,2024-07-19,10:23:10,v2.11.5 +argo-cd-7.3.8,2024-07-17,23:52:54,v2.11.5 +argo-cd-7.3.7,2024-07-16,01:17:05,v2.11.5 +argo-cd-7.3.6,2024-07-11,23:05:06,v2.11.4 +argo-cd-7.3.5,2024-07-10,21:01:22,v2.11.4 +argocd-image-updater-0.11.0,2024-07-09,21:31:56,v0.14.0 +argo-cd-7.3.4,2024-07-02,20:43:46,v2.11.4 +argo-rollouts-2.37.2,2024-07-01,10:02:31,v1.7.1 +argo-cd-7.3.3,2024-06-28,21:52:33,v2.11.3 +argo-rollouts-2.37.1,2024-06-26,10:39:20,v1.7.1 +argo-rollouts-2.37.0,2024-06-26,09:10:19,v1.7.1 +argo-events-2.4.7,2024-06-26,05:28:07,v1.9.2 +argo-cd-7.3.2,2024-06-26,11:29:01,v2.11.3 +argo-rollouts-2.36.2,2024-06-25,13:04:55,v1.7.0 +argo-cd-7.3.1,2024-06-25,12:26:06,v2.11.3 +argo-cd-7.3.0,2024-06-25,03:48:21,v2.11.3 +argo-rollouts-2.36.1,2024-06-22,10:11:43,v1.7.0 +argo-cd-7.2.1,2024-06-21,21:01:50,v2.11.3 +argo-cd-7.2.0,2024-06-20,10:25:45,v2.11.3 +argo-workflows-0.41.11,2024-06-19,07:01:05,v3.5.8 +argo-cd-7.1.5,2024-06-19,14:04:21,v2.11.3 +argo-workflows-0.41.10,2024-06-18,07:47:04,v3.5.8 +argo-cd-7.1.4,2024-06-18,01:13:46,v2.11.3 +argo-workflows-0.41.9,2024-06-17,18:59:46,v3.5.7 +argocd-image-updater-0.10.2,2024-06-14,07:54:15,v0.13.1 +argo-rollouts-2.36.0,2024-06-14,09:00:46,v1.7.0 +argo-events-2.4.6,2024-06-14,05:09:08,v1.9.2 +argo-workflows-0.41.8,2024-06-09,22:18:37,v3.5.7 +argo-cd-7.1.3,2024-06-09,05:23:01,v2.11.3 +argo-cd-7.1.2,2024-06-06,10:51:51,v2.11.3 +argo-cd-7.1.1,2024-06-01,23:45:19,v2.11.2 +argo-cd-7.1.0,2024-05-31,12:05:08,v2.11.2 +argocd-image-updater-0.10.1,2024-05-28,05:32:50,v0.13.1 +argo-cd-7.0.0,2024-05-28,13:38:40,v2.11.2 +argo-workflows-0.41.7,2024-05-27,08:09:42,v3.5.7 +argo-events-2.4.5,2024-05-24,03:05:11,v1.9.1 +argo-rollouts-2.35.3,2024-05-23,07:30:12,v1.6.6 +argo-cd-6.11.1,2024-05-23,15:37:21,v2.11.2 +argo-cd-6.11.0,2024-05-23,12:37:05,v2.11.1 +argo-cd-6.10.2,2024-05-22,11:21:15,v2.11.1 +argo-cd-6.10.1,2024-05-22,07:17:23,v2.11.1 +argo-cd-6.10.0,2024-05-21,16:36:49,v2.11.1 +argo-workflows-0.41.6,2024-05-19,10:22:36,v3.5.6 +argo-workflows-0.41.5,2024-05-19,07:34:43,v3.5.6 +argo-cd-6.9.3,2024-05-17,15:18:31,v2.11.0 +argocd-image-updater-0.10.0,2024-05-16,11:07:10,v0.13.0 +argo-cd-6.9.2,2024-05-14,15:17:50,v2.11.0 +argo-cd-6.9.1,2024-05-13,22:59:29,v2.11.0 +argo-cd-6.9.0,2024-05-13,04:32:05,v2.11.0 +argo-cd-6.8.1,2024-05-10,08:32:52,v2.11.0 +argo-cd-6.8.0,2024-05-08,06:21:31,v2.11.0 +argo-rollouts-2.35.2,2024-05-06,00:24:30,v1.6.6 +argo-workflows-0.41.4,2024-05-01,13:37:43,v3.5.6 +argo-cd-6.7.18,2024-04-30,17:14:22,v2.10.9 +argo-workflows-0.41.3,2024-04-29,20:30:08,v3.5.6 +argo-cd-6.7.17,2024-04-26,19:36:10,v2.10.8 +argo-cd-6.7.16,2024-04-26,14:21:35,v2.10.8 +argo-cd-6.7.15,2024-04-24,07:08:13,v2.10.7 +argo-cd-6.7.14,2024-04-21,20:54:29,v2.10.7 +argo-workflows-0.41.2,2024-04-20,04:55:21,v3.5.6 +argo-cd-6.7.13,2024-04-19,14:07:44,v2.10.7 +argocd-image-updater-0.9.7,2024-04-18,21:41:42,v0.12.2 +argo-cd-6.7.12,2024-04-15,10:43:13,v2.10.7 +argo-cd-6.7.11,2024-04-10,20:06:04,v2.10.6 +argo-cd-6.7.10,2024-04-05,05:00:08,v2.10.6 +argo-cd-6.7.9,2024-04-04,18:47:39,v2.10.5 +argo-workflows-0.41.1,2024-04-02,17:26:26,v3.5.5 +argo-cd-6.7.8,2024-04-02,13:36:54,v2.10.5 +argo-cd-6.7.7,2024-04-02,05:03:54,v2.10.5 +argo-cd-6.7.6,2024-03-29,16:13:47,v2.10.5 +argo-cd-6.7.5,2024-03-29,08:13:55,v2.10.5 +argo-cd-6.7.4,2024-03-28,17:30:11,v2.10.5 +argo-rollouts-2.35.1,2024-03-26,08:36:07,v1.6.6 +argo-workflows-0.41.0,2024-03-24,20:27:11,v3.5.5 +argocd-apps-2.0.0,2024-03-23,15:39:16, +argo-rollouts-2.35.0,2024-03-23,20:47:25,v1.6.6 +argo-events-2.4.4,2024-03-23,11:07:16,v1.9.1 +argo-rollouts-2.34.4,2024-03-22,16:10:10,v1.6.6 +argocd-image-updater-0.9.6,2024-03-20,23:53:18,v0.12.2 +argo-cd-6.7.3,2024-03-18,09:36:58,v2.10.4 +argo-cd-6.7.2,2024-03-13,20:46:14,v2.10.3 +argo-cd-6.7.1,2024-03-11,23:08:40,v2.10.2 +argo-cd-6.7.0,2024-03-11,18:26:24,v2.10.2 +argo-workflows-0.40.14,2024-03-03,19:13:02,v3.5.5 +argo-cd-6.6.0,2024-03-02,11:20:32,v2.10.2 +argocd-image-updater-0.9.5,2024-03-01,08:41:39,v0.12.2 +argo-workflows-0.40.13,2024-03-01,17:17:28,v3.5.5 +argo-workflows-0.40.12,2024-03-01,00:03:01,v3.5.5 +argo-cd-6.5.1,2024-03-01,22:33:17,v2.10.2 +argo-cd-6.5.0,2024-02-29,19:46:25,v2.10.1 +argo-cd-6.4.1,2024-02-28,06:28:55,v2.10.1 +argocd-apps-1.6.2,2024-02-25,13:11:58, +argo-cd-6.4.0,2024-02-25,12:47:16,v2.10.1 +argo-cd-6.3.1,2024-02-23,18:05:37,v2.10.1 +argo-cd-6.3.0,2024-02-23,14:18:18,v2.10.1 +argo-cd-6.2.5,2024-02-23,13:58:38,v2.10.1 +argo-cd-6.2.4,2024-02-23,12:16:07,v2.10.1 +argo-cd-6.2.3,2024-02-20,12:05:21,v2.10.1 +argo-cd-6.2.2,2024-02-20,11:41:51,v2.10.1 +argo-cd-6.2.1,2024-02-19,08:37:59,v2.10.1 +argocd-image-updater-0.9.4,2024-02-18,18:44:43,v0.12.2 +argo-cd-6.2.0,2024-02-18,22:06:45,v2.10.1 +argo-workflows-0.40.11,2024-02-17,09:14:52,v3.5.4 +argo-cd-6.1.0,2024-02-16,14:45:12,v2.10.1 +argo-rollouts-2.34.3,2024-02-14,08:50:21,v1.6.6 +argo-events-2.4.3,2024-02-14,08:53:00,v1.9.1 +argo-cd-6.0.14,2024-02-14,21:04:43,v2.10.1 +argo-cd-6.0.13,2024-02-14,10:52:49,v2.10.0 +argo-cd-6.0.9,2024-02-13,11:14:02,v2.10.0 +argo-cd-6.0.8,2024-02-13,08:23:55,v2.10.0 +argo-cd-6.0.12,2024-02-13,15:26:57,v2.10.0 +argo-cd-6.0.11,2024-02-13,11:42:46,v2.10.0 +argo-cd-6.0.10,2024-02-13,11:27:29,v2.10.0 +argo-cd-6.0.7,2024-02-12,18:36:55,v2.10.0 +argo-cd-6.0.6,2024-02-11,14:52:39,v2.10.0 +argo-cd-6.0.5,2024-02-09,12:14:21,v2.10.0 +argo-cd-6.0.4,2024-02-09,11:46:10,v2.10.0 +argo-cd-6.0.3,2024-02-08,17:47:08,v2.10.0 +argo-cd-6.0.2,2024-02-08,14:26:38,v2.10.0 +argo-cd-6.0.1,2024-02-08,10:59:10,v2.10.0 +argo-cd-6.0.0,2024-02-07,21:40:22,v2.10.0 +argo-cd-5.55.0,2024-02-07,07:10:30,v2.10.0 +argo-cd-5.54.0,2024-02-06,13:11:44,v2.9.6 +argo-cd-5.53.14,2024-02-05,06:25:59,v2.9.6 +argo-workflows-0.40.10,2024-02-03,00:45:13,v3.5.4 +argocd-apps-1.6.1,2024-02-02,09:37:44, +argo-cd-5.53.13,2024-02-02,22:50:34,v2.9.6 +argocd-apps-1.6.0,2024-01-30,00:34:21, +argo-cd-5.53.12,2024-01-30,16:58:22,v2.9.5 +argo-cd-5.53.11,2024-01-30,10:46:50,v2.9.5 +argo-cd-5.53.10,2024-01-29,13:58:51,v2.9.5 +argo-workflows-0.40.9,2024-01-26,21:35:38,v3.5.4 +argo-rollouts-2.34.2,2024-01-26,06:31:27,v1.6.5 +argo-cd-5.53.9,2024-01-26,07:36:02,v2.9.5 +argocd-apps-1.5.0,2024-01-25,07:07:46, +argo-workflows-0.40.8,2024-01-24,23:58:13,v3.5.4 +argo-cd-5.53.8,2024-01-23,01:07:46,v2.9.5 +argo-cd-5.53.7,2024-01-22,23:55:07,v2.9.5 +argo-cd-5.53.6,2024-01-22,13:09:31,v2.9.5 +argo-cd-5.53.5,2024-01-22,10:14:54,v2.9.5 +argo-cd-5.53.4,2024-01-21,13:36:02,v2.9.5 +argo-cd-5.53.3,2024-01-20,12:21:38,v2.9.5 +argo-cd-5.53.2,2024-01-19,20:20:14,v2.9.5 +argo-cd-5.53.1,2024-01-19,05:48:47,v2.9.4 +argocd-image-updater-0.9.3,2024-01-18,06:21:59,v0.12.2 +argo-cd-5.53.0,2024-01-18,13:56:51,v2.9.3 +argo-workflows-0.40.7,2024-01-17,07:56:36,v3.5.4 +argo-cd-5.52.2,2024-01-15,09:13:02,v2.9.3 +argo-workflows-0.40.6,2024-01-14,08:11:19,v3.5.4 +argo-workflows-0.40.5,2024-01-11,07:20:47,v3.5.3 +argo-events-2.4.2,2024-01-09,10:14:30,v1.9.0 +argo-rollouts-2.34.1,2024-01-07,04:31:05,v1.6.4 +argo-workflows-0.40.4,2024-01-06,04:17:52,v3.5.2 +argocd-image-updater-0.9.2,2024-01-05,15:29:00,v0.12.2 +argo-cd-5.52.1,2024-01-05,12:57:15,v2.9.3 +argo-cd-5.52.0,2023-12-30,17:02:29,v2.9.3 +argo-workflows-0.40.3,2023-12-24,06:14:14,v3.5.2 +argo-workflows-0.40.2,2023-12-24,00:29:03,v3.5.2 +argo-rollouts-2.34.0,2023-12-22,12:07:26,v1.6.4 +argo-workflows-0.40.1,2023-12-15,07:45:38,v3.5.2 +argo-workflows-0.40.0,2023-12-14,07:56:49,v3.5.2 +argo-rollouts-2.33.0,2023-12-14,08:39:41,v1.6.4 +argo-rollouts-2.32.8,2023-12-13,06:59:39,v1.6.4 +argo-workflows-0.39.9,2023-12-12,06:27:57,v3.5.2 +argo-workflows-0.39.8,2023-12-08,22:45:23,v3.5.2 +argo-rollouts-2.32.7,2023-12-08,15:06:58,v1.6.3 +argo-workflows-0.39.7,2023-12-07,07:23:32,v3.5.2 +argo-rollouts-2.32.6,2023-12-07,17:50:17,v1.6.2 +argo-workflows-0.39.6,2023-12-05,05:55:41,v3.5.2 +argo-cd-5.51.6,2023-12-02,11:03:49,v2.9.3 +argo-rollouts-2.32.5,2023-11-29,13:34:59,v1.6.2 +argo-cd-5.51.5,2023-11-29,18:40:17,v2.9.2 +argo-workflows-0.39.5,2023-11-27,21:13:09,v3.5.2 +argo-workflows-0.39.4,2023-11-27,17:45:21,v3.5.1 +argo-cd-5.51.4,2023-11-20,18:50:04,v2.9.2 +argo-cd-5.51.3,2023-11-19,22:19:14,v2.9.1 +argo-workflows-0.39.3,2023-11-16,12:32:11,v3.5.1 +argo-workflows-0.39.2,2023-11-15,13:33:12,v3.5.1 +argo-workflows-0.39.1,2023-11-15,13:17:27,v3.5.1 +argo-rollouts-2.32.4,2023-11-15,13:09:53,v1.6.2 +argo-rollouts-2.32.3,2023-11-15,10:00:45,v1.6.1 +argo-cd-5.51.2,2023-11-15,05:59:33,v2.9.1 +argo-cd-5.51.1,2023-11-10,12:41:27,v2.9.0 +argo-workflows-0.39.0,2023-11-08,16:05:21,v3.5.1 +argo-cd-5.51.0,2023-11-06,12:54:52,v2.9.0 +argo-workflows-0.38.0,2023-11-04,05:58:06,v3.5.1 +argo-workflows-0.37.1,2023-11-03,20:39:25,v3.5.0 +argo-cd-5.50.1,2023-11-02,09:44:09,v2.8.6 +argo-cd-5.50.0,2023-10-31,18:12:30,v2.8.6 +argo-rollouts-2.32.2,2023-10-30,17:43:02,v1.6.0 +argo-cd-5.49.0,2023-10-30,14:42:51,v2.8.5 +argo-cd-5.48.1,2023-10-30,08:52:14,v2.8.5 +argo-cd-5.48.0,2023-10-28,07:29:05,v2.8.5 +argo-cd-5.47.0,2023-10-27,09:44:15,v2.8.4 +argo-workflows-0.37.0,2023-10-24,12:35:14,v3.5.0 +argo-workflows-0.36.2,2023-10-24,10:06:53,v3.5.0 +argo-rollouts-2.32.1,2023-10-24,12:40:04,v1.6.0 +argo-workflows-0.36.1,2023-10-17,23:53:35,v3.5.0 +argo-workflows-0.36.0,2023-10-17,15:41:00,v3.5.0 +argo-workflows-0.35.0,2023-10-13,22:07:38,v3.5.0 +argo-workflows-0.34.0,2023-10-12,14:15:08,v3.4.11 +argo-cd-5.46.8,2023-10-12,09:51:17,v2.8.4 +argo-cd-5.46.7,2023-09-22,15:50:57,v2.8.4 +argo-cd-5.46.6,2023-09-19,09:02:08,v2.8.4 +argo-cd-5.46.5,2023-09-18,13:26:16,v2.8.4 +argo-cd-5.46.4,2023-09-15,10:48:20,v2.8.4 +argo-cd-5.46.3,2023-09-14,04:56:22,v2.8.4 +argo-cd-5.46.2,2023-09-11,23:33:17,v2.8.3 +argo-cd-5.46.1,2023-09-11,13:24:46,v2.8.3 +argo-workflows-0.33.3,2023-09-10,01:57:47,v3.4.11 +argo-cd-5.46.0,2023-09-09,08:59:25,v2.8.3 +argo-workflows-0.33.2,2023-09-08,04:20:30,v3.4.11 +argo-cd-5.45.5,2023-09-08,14:58:30,v2.8.3 +argo-cd-5.45.4,2023-09-08,14:02:48,v2.8.3 +argo-cd-5.45.3,2023-09-08,00:13:52,v2.8.3 +argo-rollouts-2.32.0,2023-09-07,12:23:50,v1.6.0 +argo-cd-5.45.2,2023-09-07,14:01:34,v2.8.2 +argo-events-2.4.1,2023-09-04,01:15:35,v1.8.1 +argo-cd-5.45.1,2023-09-04,11:01:56,v2.8.2 +argo-cd-5.45.0,2023-08-28,08:12:52,v2.8.2 +argo-cd-5.44.0,2023-08-27,19:07:41,v2.8.2 +argo-cd-5.43.8,2023-08-27,02:21:03,v2.8.2 +argo-cd-5.43.7,2023-08-25,10:52:23,v2.8.2 +argo-cd-5.43.6,2023-08-25,08:46:11,v2.8.2 +argo-cd-5.43.5,2023-08-23,03:57:35,v2.8.1 +argo-workflows-0.33.1,2023-08-19,06:00:08,v3.4.10 +argo-workflows-0.33.0,2023-08-17,12:08:23,v3.4.10 +argo-workflows-0.32.3,2023-08-16,11:00:55,v3.4.10 +argo-rollouts-2.31.6,2023-08-16,07:02:05,v1.5.1 +argo-cd-5.43.4,2023-08-15,08:58:54,v2.8.0 +argo-workflows-0.32.2,2023-08-11,01:15:12,v3.4.9 +argo-rollouts-2.31.5,2023-08-09,00:04:20,v1.5.1 +argo-cd-5.43.3,2023-08-09,22:18:57,v2.8.0 +argo-cd-5.43.2,2023-08-09,08:36:10,v2.8.0 +argo-cd-5.43.1,2023-08-09,08:20:17,v2.8.0 +argo-cd-5.43.0,2023-08-08,14:36:04,v2.8.0 +argo-cd-5.42.3,2023-08-08,06:11:54,v2.7.11 +argo-rollouts-2.31.4,2023-08-05,10:27:42,v1.5.1 +argo-cd-5.42.2,2023-08-05,10:18:36,v2.7.10 +argo-rollouts-2.31.3,2023-08-01,09:07:36,v1.5.1 +argo-cd-5.42.1,2023-08-01,05:57:37,v2.7.10 +argo-workflows-0.32.1,2023-07-27,13:58:12,v3.4.9 +argo-cd-5.42.0,2023-07-27,22:05:30,v2.7.9 +argo-rollouts-2.31.2,2023-07-25,00:23:11,v1.5.1 +argo-cd-5.41.2,2023-07-25,02:10:03,v2.7.9 +argocd-apps-1.4.1,2023-07-23,04:26:08, +argocd-apps-1.4.0,2023-07-22,13:46:54, +argo-workflows-0.32.0,2023-07-20,23:20:17,v3.4.9 +argo-rollouts-2.31.1,2023-07-20,17:26:45,v1.5.1 +argo-cd-5.41.1,2023-07-19,22:26:30,v2.7.8 +argo-cd-5.41.0,2023-07-18,06:51:38,v2.7.7 +argo-cd-5.40.0,2023-07-17,12:21:05,v2.7.7 +argo-cd-5.39.1,2023-07-17,09:56:36,v2.7.7 +argo-cd-5.39.0,2023-07-13,14:07:28,v2.7.7 +argocd-apps-1.3.0,2023-07-11,16:16:56, +argo-workflows-0.31.0,2023-07-11,12:07:29,v3.4.8 +argo-cd-5.38.1,2023-07-11,13:01:22,v2.7.7 +argo-cd-5.38.0,2023-07-10,08:14:40,v2.7.7 +argo-cd-5.37.1,2023-07-06,08:26:09,v2.7.7 +argo-cd-5.37.0,2023-07-04,14:07:24,v2.7.6 +argo-cd-5.36.15,2023-07-04,09:22:40,v2.7.6 +argo-cd-5.36.14,2023-07-03,17:55:22,v2.7.6 +argo-cd-5.36.13,2023-07-02,08:07:38,v2.7.6 +argo-cd-5.36.12,2023-07-02,03:16:49,v2.7.6 +argo-cd-5.36.11,2023-06-29,16:02:41,v2.7.6 +argo-cd-5.36.9,2023-06-26,14:41:11,v2.7.6 +argo-cd-5.36.10,2023-06-26,14:55:27,v2.7.6 +argo-workflows-0.30.0,2023-06-24,22:29:03,v3.4.8 +argo-workflows-0.29.3,2023-06-23,16:35:23,v3.4.8 +argo-cd-5.36.7,2023-06-23,13:59:34,v2.7.6 +argo-events-2.4.0,2023-06-21,12:41:55,v1.8.0 +argo-cd-5.36.6,2023-06-21,14:54:37,v2.7.6 +argo-cd-5.36.5,2023-06-21,04:27:57,v2.7.6 +argo-cd-5.36.4,2023-06-20,13:07:45,v2.7.5 +argo-cd-5.36.3,2023-06-20,00:05:45,v2.7.5 +argo-cd-5.36.2,2023-06-17,04:55:38,v2.7.5 +argo-workflows-0.29.2,2023-06-08,03:48:28,v3.4.8 +argo-cd-5.36.1,2023-06-08,22:52:40,v2.7.4 +argo-cd-5.36.0,2023-06-07,08:52:24,v2.7.4 +argo-cd-5.35.1,2023-06-06,04:53:38,v2.7.4 +argo-workflows-0.29.1,2023-06-05,14:15:25,v3.4.8 +argo-cd-5.35.0,2023-06-05,14:31:31,v2.7.3 +argo-rollouts-2.31.0,2023-06-04,11:08:02,v1.5.0 +argo-workflows-0.29.0,2023-06-03,14:41:13,v3.4.8 +argo-cd-5.34.6,2023-05-29,04:32:37,v2.7.3 +argo-rollouts-2.30.1,2023-05-27,14:52:04,v1.5.0 +argo-workflows-0.28.2,2023-05-26,04:19:27,v3.4.8 +argo-workflows-0.28.1,2023-05-25,12:31:09,v3.4.7 +argo-cd-5.34.5,2023-05-24,23:23:36,v2.7.3 +argo-rollouts-2.30.0,2023-05-23,07:07:55,v1.5.0 +argo-cd-5.34.4,2023-05-23,20:29:47,v2.7.2 +argo-cd-5.34.3,2023-05-23,02:47:12,v2.7.2 +argo-cd-5.34.2,2023-05-22,17:07:33,v2.7.2 +argocd-apps-1.2.0,2023-05-21,07:19:50, +argo-rollouts-2.29.0,2023-05-20,15:39:35,v1.5.0 +argocd-apps-1.1.0,2023-05-19,09:35:18, +argo-workflows-0.28.0,2023-05-19,10:35:50,v3.4.7 +argo-cd-5.34.1,2023-05-17,14:25:05,v2.7.2 +argo-cd-5.34.0,2023-05-17,13:40:41,v2.7.2 +argo-cd-5.33.4,2023-05-16,09:24:22,v2.7.2 +argo-cd-5.33.3,2023-05-13,11:01:42,v2.7.2 +argo-cd-5.33.2,2023-05-12,15:19:23,v2.7.2 +argo-workflows-0.27.0,2023-05-11,06:39:40,v3.4.7 +argo-workflows-0.26.6,2023-05-11,00:09:56,v3.4.7 +argo-cd-5.33.1,2023-05-11,14:07:07,v2.7.1 +argo-cd-5.33.0,2023-05-11,00:40:17,v2.7.1 +argocd-image-updater-0.9.1,2023-05-10,16:46:54,v0.12.2 +argocd-apps-1.0.1,2023-05-10,16:59:38, +argo-workflows-0.26.5,2023-05-10,14:21:35,v3.4.7 +argo-workflows-0.26.4,2023-05-10,10:16:35,v3.4.7 +argo-rollouts-2.28.0,2023-05-10,15:37:42,v1.5.0 +argo-events-2.3.3,2023-05-10,15:49:04,v1.7.6 +argo-cd-5.32.2,2023-05-10,13:50:04,v2.7.1 +argo-workflows-0.26.3,2023-05-09,03:42:14,v3.4.7 +argo-events-2.3.2,2023-05-09,00:38:41,v1.7.6 +argo-workflows-0.26.2,2023-05-08,20:03:24,v3.4.7 +argo-cd-5.32.1,2023-05-08,11:23:13,v2.7.1 +argo-events-2.3.1,2023-05-07,14:18:59,v1.7.6 +argo-workflows-0.26.1,2023-05-06,16:20:35,v3.4.7 +argo-rollouts-2.27.0,2023-05-06,11:32:12,v1.4.1 +argo-events-2.3.0,2023-05-06,11:18:40,v1.7.6 +argo-workflows-0.26.0,2023-05-05,14:31:11,v3.4.7 +argo-workflows-0.25.2,2023-05-05,14:14:01,v3.4.7 +argo-cd-5.32.0,2023-05-05,20:19:39,v2.7.1 +argo-cd-5.31.1,2023-05-03,09:48:25,v2.7.1 +argo-cd-5.31.0,2023-05-02,12:29:53,v2.7.0 +argo-cd-5.30.1,2023-05-02,10:28:37,v2.7.0 +argo-cd-5.30.0,2023-05-02,07:29:11,v2.7.0 +argo-rollouts-2.26.1,2023-04-28,07:54:50,v1.4.1 +argocd-apps-1.0.0,2023-04-27,12:49:28, +argo-workflows-0.25.1,2023-04-24,16:57:53,v3.4.7 +argo-workflows-0.25.0,2023-04-24,05:47:37,v3.4.7 +argo-rollouts-2.26.0,2023-04-24,14:41:03,v1.4.1 +argocd-image-updater-0.9.0,2023-04-16,08:13:22,v0.12.2 +argo-workflows-0.24.1,2023-04-14,13:55:07,v3.4.7 +argo-workflows-0.24.0,2023-04-13,09:25:33,v3.4.7 +argo-rollouts-2.25.0,2023-04-13,23:59:09,v1.4.1 +argo-rollouts-2.24.0,2023-04-13,18:16:41,v1.4.1 +argo-events-2.2.0,2023-04-13,18:38:28,v1.7.6 +argo-cd-5.29.1,2023-04-13,23:44:42,v2.6.7 +argo-cd-5.29.0,2023-04-13,14:09:40,v2.6.7 +argo-workflows-0.23.2,2023-04-12,04:52:48,v3.4.7 +argo-workflows-0.23.1,2023-04-11,13:50:51,v3.4.6 +argo-cd-5.28.2,2023-04-11,13:34:12,v2.6.7 +argo-events-2.1.6,2023-04-07,12:46:03,v1.7.6 +argocd-image-updater-0.8.5,2023-04-06,13:52:44,v0.12.2 +argo-workflows-0.23.0,2023-04-06,23:43:19,v3.4.6 +argo-cd-5.28.1,2023-04-06,16:17:02,v2.6.7 +argo-workflows-0.22.16,2023-04-04,11:10:35,v3.4.6 +argo-cd-5.28.0,2023-04-03,09:59:17,v2.6.7 +argo-events-2.1.5,2023-04-01,20:40:27,v1.7.6 +argo-cd-5.27.5,2023-03-30,16:33:34,v2.6.7 +argo-rollouts-2.23.0,2023-03-29,09:16:56,v1.4.1 +argo-cd-5.27.4,2023-03-28,13:49:13,v2.6.7 +argo-cd-5.27.3,2023-03-24,09:57:20,v2.6.7 +argo-cd-5.27.2,2023-03-24,00:09:05,v2.6.7 +argo-workflows-0.22.15,2023-03-23,07:09:27,v3.4.5 +argo-cd-5.27.1,2023-03-17,08:25:05,v2.6.6 +argo-workflows-0.22.14,2023-03-16,11:05:16,v3.4.5 +argo-cd-5.27.0,2023-03-16,00:09:12,v2.6.5 +argo-events-2.1.4,2023-03-15,17:34:46,v1.7.6 +argo-cd-5.26.3,2023-03-15,19:28:01,v2.6.5 +argo-cd-5.26.2,2023-03-15,14:00:41,v2.6.5 +argo-cd-5.26.1,2023-03-14,18:42:39,v2.6.5 +argo-cd-5.26.0,2023-03-12,14:00:47,v2.6.4 +argo-cd-5.25.0,2023-03-09,12:05:22,v2.6.4 +argo-cd-5.24.4,2023-03-09,10:48:48,v2.6.4 +argo-cd-5.24.3,2023-03-08,07:46:54,v2.6.4 +argo-cd-5.24.2,2023-03-08,07:13:22,v2.6.4 +argo-cd-5.24.1,2023-03-03,17:53:36,v2.6.3 +argocd-apps-0.0.9,2023-03-02,14:59:22, +argo-rollouts-2.22.3,2023-03-02,15:08:16,v1.4.1 +argo-cd-5.24.0,2023-03-02,14:29:29,v2.6.3 +argo-cd-5.23.5,2023-02-28,23:30:25,v2.6.3 +argo-cd-5.23.4,2023-02-28,21:53:42,v2.6.3 +argo-cd-5.23.3,2023-02-28,08:32:15,v2.6.3 +argo-cd-5.23.2,2023-02-26,16:34:21,v2.6.2 +argo-workflows-0.22.13,2023-02-24,21:57:04,v3.4.5 +argo-workflows-0.22.12,2023-02-23,17:44:23,v3.4.5 +argo-cd-5.23.1,2023-02-23,18:12:14,v2.6.2 +argo-cd-5.23.0,2023-02-23,16:57:40,v2.6.2 +argo-events-2.1.3,2023-02-21,01:14:54,v1.7.6 +argo-cd-5.22.1,2023-02-19,12:38:23,v2.6.2 +argo-cd-5.22.0,2023-02-17,16:38:41,v2.6.2 +argo-cd-5.21.1,2023-02-17,08:23:54,v2.6.2 +argo-cd-5.21.0,2023-02-15,00:11:41,v2.6.1 +argo-cd-5.20.5,2023-02-14,12:21:52,v2.6.1 +argo-cd-5.20.4,2023-02-13,11:22:38,v2.6.1 +argo-workflows-0.22.11,2023-02-10,05:32:10,v3.4.5 +argocd-apps-0.0.8,2023-02-09,22:44:40, +argo-cd-5.20.3,2023-02-08,20:15:43,v2.6.1 +argo-cd-5.20.2,2023-02-08,16:42:35,v2.6.0 +argo-cd-5.20.1,2023-02-08,01:10:02,v2.6.0 +argo-workflows-0.22.10,2023-02-07,15:11:29,v3.4.5 +argo-cd-5.20.0,2023-02-07,15:02:47,v2.6.0 +argo-cd-5.19.15,2023-02-06,04:40:38,v2.5.10 +argo-cd-5.19.14,2023-02-02,21:56:38,v2.5.10 +argo-cd-5.19.13,2023-02-02,04:11:31,v2.5.9 +argocd-image-updater-0.8.4,2023-02-01,21:07:41,v0.12.2 +argocd-image-updater-0.8.3,2023-01-29,18:59:51,v0.12.0 +argocd-apps-0.0.7,2023-01-29,19:17:57, +argo-workflows-0.22.9,2023-01-29,18:48:45,v3.4.4 +argo-rollouts-2.22.2,2023-01-29,19:14:29,v1.4.0 +argo-events-2.1.2,2023-01-29,19:07:55,v1.7.5 +argo-events-2.1.1,2023-01-29,12:16:37,v1.7.5 +argo-cd-5.19.12,2023-01-29,15:23:26,v2.5.9 +argo-cd-5.19.11,2023-01-28,13:41:15,v2.5.9 +argo-cd-5.19.9,2023-01-27,14:47:36,v2.5.8 +argo-cd-5.19.10,2023-01-27,23:20:39,v2.5.8 +argo-cd-5.19.8,2023-01-26,12:06:45,v2.5.8 +argo-cd-5.19.7,2023-01-26,08:23:02,v2.5.8 +argo-events-2.1.0,2023-01-25,21:46:36,v1.7.4 +argo-cd-5.19.6,2023-01-24,00:18:44,v2.5.7 +argo-cd-5.19.5,2023-01-22,19:22:59,v2.5.7 +argo-cd-5.19.4,2023-01-22,17:20:54,v2.5.7 +argocd-image-updater-0.8.2,2023-01-21,11:38:12,v0.12.0 +argo-cd-5.19.3,2023-01-21,19:11:20,v2.5.7 +argo-cd-5.19.2,2023-01-21,12:19:10,v2.5.7 +argo-cd-5.19.1,2023-01-21,12:08:16,v2.5.7 +argo-cd-5.19.0,2023-01-21,09:25:14,v2.5.7 +argo-rollouts-2.22.1,2023-01-20,16:42:17,v1.4.0 +argo-cd-5.18.1,2023-01-20,14:34:15,v2.5.7 +argo-rollouts-2.22.0,2023-01-19,21:14:27,v1.4.0 +argo-rollouts-2.21.3,2023-01-19,10:37:43,v1.3.1 +argo-cd-5.18.0,2023-01-19,22:15:14,v2.5.7 +argo-rollouts-2.21.2,2023-01-18,02:39:11,v1.3.1 +argo-cd-5.17.4,2023-01-18,13:01:18,v2.5.7 +argo-cd-5.17.2,2023-01-18,06:44:45,v2.5.7 +argo-cd-5.17.1,2023-01-11,06:33:59,v2.5.6 +argo-workflows-0.22.8,2023-01-10,00:03:48,v3.4.4 +argo-cd-5.17.0,2023-01-10,12:32:17,v2.5.5 +argo-cd-5.16.15,2023-01-10,08:59:08,v2.5.5 +argo-cd-5.16.14,2023-01-04,09:49:57,v2.5.5 +argo-workflows-0.22.7,2023-01-03,01:46:24,v3.4.4 +argo-workflows-0.22.6,2022-12-30,05:21:07,v3.4.4 +argo-workflows-0.22.5,2022-12-29,16:31:57,v3.4.4 +argo-events-2.0.11,2022-12-29,17:55:54,v1.7.4 +argo-cd-5.16.13,2022-12-29,16:26:56,v2.5.5 +argo-cd-5.16.12,2022-12-29,15:47:53,v2.5.5 +argo-cd-5.16.11,2022-12-29,11:49:31,v2.5.5 +argo-cd-5.16.10,2022-12-27,12:12:26,v2.5.5 +argocd-apps-0.0.6,2022-12-25,13:56:50, +argo-events-2.0.10,2022-12-24,19:41:24,v1.7.4 +argo-workflows-0.22.4,2022-12-22,13:00:59,v3.4.4 +argo-cd-5.16.9,2022-12-20,13:18:36,v2.5.5 +argo-cd-5.16.8,2022-12-20,11:54:14,v2.5.5 +argo-workflows-0.22.3,2022-12-19,09:08:04,v3.4.4 +argo-workflows-0.22.2,2022-12-18,23:42:17,v3.4.4 +argo-events-2.0.9,2022-12-17,00:45:45,v1.7.3 +argo-cd-5.16.7,2022-12-17,11:36:17,v2.5.5 +argo-events-2.0.8,2022-12-15,08:33:57,v1.7.3 +argo-cd-5.16.6,2022-12-15,06:03:36,v2.5.4 +argo-cd-5.16.5,2022-12-14,21:13:18,v2.5.4 +argo-cd-5.16.4,2022-12-13,21:31:30,v2.5.4 +argo-cd-5.16.3,2022-12-13,06:19:38,v2.5.4 +argocd-apps-0.0.5,2022-12-10,14:50:54, +argo-workflows-0.22.1,2022-12-09,06:50:29,v3.4.4 +argo-events-2.0.7,2022-12-09,13:08:09,v1.7.3 +argo-cd-5.16.2,2022-12-07,07:41:56,v2.5.4 +argocd-apps-0.0.4,2022-12-02,13:26:38, +argo-workflows-0.22.0,2022-12-02,13:51:34,v3.4.4 +argo-workflows-0.21.0,2022-12-02,10:29:52,v3.4.4 +argo-cd-5.16.1,2022-12-02,14:48:40,v2.5.3 +argo-workflows-0.20.12,2022-11-30,15:26:09,v3.4.4 +argo-cd-5.16.0,2022-11-30,23:28:36,v2.5.3 +argo-cd-5.15.2,2022-11-30,21:58:12,v2.5.3 +argo-cd-5.15.1,2022-11-30,21:38:35,v2.5.3 +argo-cd-5.15.0,2022-11-29,21:15:00,v2.5.3 +argo-cd-5.14.3,2022-11-28,22:10:18,v2.5.3 +argo-workflows-0.20.11,2022-11-26,01:08:34,v3.4.3 +argo-workflows-0.20.10,2022-11-25,00:36:01,v3.4.3 +argo-cd-5.14.2,2022-11-25,17:40:10,v2.5.2 +argo-workflows-0.20.9,2022-11-23,07:18:21,v3.4.3 +argo-cd-5.14.1,2022-11-21,10:39:57,v2.5.2 +argo-cd-5.14.0,2022-11-20,13:30:05,v2.5.2 +argo-cd-5.13.9,2022-11-17,15:26:43,v2.5.2 +argo-workflows-0.20.8,2022-11-14,11:20:39,v3.4.3 +argo-cd-5.13.8,2022-11-11,02:11:52,v2.5.2 +argo-workflows-0.20.7,2022-11-10,00:36:36,v3.4.3 +argo-cd-5.13.7,2022-11-10,01:56:07,v2.5.2 +argo-cd-5.13.6,2022-11-08,16:04:52,v2.5.2 +argo-cd-5.13.5,2022-11-07,21:55:16,v2.5.1 +argo-cd-5.13.4,2022-11-06,21:13:41,v2.5.1 +argo-cd-5.13.3,2022-11-06,04:19:47,v2.5.1 +argo-cd-5.13.2,2022-11-03,08:37:01,v2.5.1 +argo-cd-5.13.1,2022-11-02,07:31:33,v2.5.1 +argo-workflows-0.20.6,2022-11-01,09:26:43,v3.4.3 +argo-cd-5.13.0,2022-11-01,19:27:19,v2.5.0 +argo-cd-5.12.3,2022-11-01,14:57:44,v2.5.0 +argo-cd-5.12.2,2022-10-31,17:38:56,v2.5.0 +argo-cd-5.9.1,2022-10-30,17:48:16,v2.5.0 +argo-cd-5.9.0,2022-10-30,15:38:31,v2.5.0 +argo-cd-5.12.1,2022-10-30,23:48:29,v2.5.0 +argo-cd-5.12.0,2022-10-30,22:03:51,v2.5.0 +argo-cd-5.11.0,2022-10-30,20:44:31,v2.5.0 +argo-cd-5.10.0,2022-10-30,19:13:05,v2.5.0 +argo-cd-5.8.7,2022-10-29,19:08:37,v2.5.0 +argo-cd-5.8.6,2022-10-29,09:24:01,v2.5.0 +argo-cd-5.8.5,2022-10-28,10:18:33,v2.5.0 +argo-cd-5.8.4,2022-10-28,08:50:11,v2.5.0 +argo-workflows-0.20.5,2022-10-27,01:05:01,v3.4.2 +argo-cd-5.8.3,2022-10-27,12:18:27,v2.5.0 +argo-cd-5.8.2,2022-10-26,13:19:29,v2.5.0 +argo-cd-5.8.1,2022-10-26,11:11:40,v2.5.0 +argo-workflows-0.20.4,2022-10-25,06:19:19,v3.4.2 +argo-cd-5.8.0,2022-10-25,21:22:42,v2.5.0 +argo-cd-5.7.0,2022-10-25,17:05:58,v2.4.15 +argo-cd-5.6.8,2022-10-25,14:09:11,v2.4.15 +argo-cd-5.6.7,2022-10-25,13:30:20,v2.4.15 +argo-cd-5.6.6,2022-10-25,06:42:17,v2.4.15 +argo-workflows-0.20.3,2022-10-24,05:53:54,v3.4.2 +argo-cd-5.6.5,2022-10-24,21:48:21,v2.4.15 +argo-cd-5.6.4,2022-10-24,17:06:09,v2.4.15 +argo-workflows-0.20.2,2022-10-22,07:37:48,v3.4.1 +argo-cd-5.6.3,2022-10-22,12:59:43,v2.4.15 +argo-cd-5.6.2,2022-10-21,08:11:20,v2.4.15 +argo-cd-5.6.1,2022-10-20,11:23:48,v2.4.15 +argocd-apps-0.0.3,2022-10-13,22:07:34, +argo-cd-5.6.0,2022-10-13,22:30:23,v2.4.14 +argo-cd-5.5.25,2022-10-13,16:17:41,v2.4.14 +argocd-apps-0.0.2,2022-10-12,08:34:02, +argo-cd-5.5.24,2022-10-12,12:55:54,v2.4.14 +argo-cd-5.5.23,2022-10-12,11:46:40,v2.4.14 +argo-cd-5.5.22,2022-10-12,08:04:42,v2.4.14 +argocd-image-updater-0.8.1,2022-10-11,22:21:29,v0.12.0 +argo-cd-5.5.21,2022-10-11,14:12:05,v2.4.14 +argo-cd-5.5.20,2022-10-11,14:00:11,v2.4.14 +argo-cd-5.5.19,2022-10-11,12:29:07,v2.4.14 +argo-cd-5.5.18,2022-10-10,20:46:29,v2.4.14 +argo-cd-5.5.17,2022-10-10,19:09:27,v2.4.14 +argo-cd-5.5.16,2022-10-09,13:23:27,v2.4.14 +argo-cd-5.5.15,2022-10-09,08:34:22,v2.4.14 +argo-cd-5.5.14,2022-10-08,22:23:13,v2.4.14 +argo-cd-5.5.13,2022-10-08,11:28:42,v2.4.14 +argo-cd-5.5.12,2022-10-07,10:52:38,v2.4.14 +argo-cd-5.5.9,2022-10-06,14:32:23,v2.4.13 +argo-cd-5.5.11,2022-10-06,22:23:50,v2.4.14 +argo-cd-5.5.10,2022-10-06,21:05:05,v2.4.14 +argo-cd-5.5.8,2022-10-04,00:58:31,v2.4.13 +argo-workflows-0.20.1,2022-10-02,09:28:15,v3.4.1 +argo-rollouts-2.21.1,2022-09-30,22:29:28,v1.3.1 +argo-cd-5.5.7,2022-09-30,13:26:36,v2.4.12 +argo-rollouts-2.21.0,2022-09-29,06:43:50,v1.3.0 +argo-events-2.0.6,2022-09-29,15:55:01,v1.7.3 +argo-workflows-0.20.0,2022-09-28,13:51:07,v3.4.0 +argo-cd-5.5.6,2022-09-28,11:06:18,v2.4.12 +argo-workflows-0.19.6,2022-09-27,12:44:09,v3.4.0 +argo-workflows-0.19.5,2022-09-27,09:53:23,v3.4.0 +argo-workflows-0.19.4,2022-09-26,04:11:17,v3.4.0 +argo-workflows-0.19.3,2022-09-26,01:49:55,v3.4.0 +argo-cd-5.5.5,2022-09-25,17:03:01,v2.4.12 +argo-workflows-0.19.2,2022-09-24,00:03:59,v3.4.0 +argo-cd-5.5.4,2022-09-22,17:20:47,v2.4.12 +argo-cd-5.5.3,2022-09-22,08:53:07,v2.4.12 +argo-workflows-0.19.1,2022-09-21,12:51:22,v3.4.0 +argo-workflows-0.19.0,2022-09-21,10:35:00,v3.4.0 +argo-cd-5.5.2,2022-09-21,19:06:26,v2.4.12 +argo-cd-5.5.1,2022-09-21,18:21:31,v2.4.12 +argo-cd-5.5.0,2022-09-21,11:48:56,v2.4.12 +argo-cd-5.4.8,2022-09-21,07:32:29,v2.4.12 +argo-events-2.0.5,2022-09-20,11:55:01,v1.7.2 +argo-workflows-0.18.0,2022-09-19,16:10:42,v3.4.0 +argo-cd-5.4.7,2022-09-19,21:37:54,v2.4.12 +argo-cd-5.4.6,2022-09-19,12:57:09,v2.4.12 +argo-cd-5.4.5,2022-09-19,11:44:57,v2.4.12 +argo-cd-5.4.4,2022-09-16,08:58:43,v2.4.12 +argo-cd-5.4.3,2022-09-08,17:00:01,v2.4.11 +argo-cd-5.4.2,2022-09-06,10:13:54,v2.4.11 +argo-cd-5.4.1,2022-09-04,08:48:29,v2.4.11 +argo-cd-5.4.0,2022-08-30,15:30:53,v2.4.11 +argo-workflows-0.17.1,2022-08-26,09:03:18,v3.3.9 +argo-rollouts-2.20.0,2022-08-26,16:40:20,v1.2.2 +argo-rollouts-2.19.2,2022-08-26,09:03:17,v1.2.2 +argo-events-2.0.4,2022-08-26,09:03:16,v1.7.1 +argo-cd-5.3.6,2022-08-26,16:15:52,v2.4.11 +argo-cd-5.3.5,2022-08-26,13:38:01,v2.4.11 +argo-cd-5.3.4,2022-08-26,09:03:15,v2.4.11 +argo-cd-5.3.3,2022-08-25,22:09:36,v2.4.11 +argo-cd-5.3.2,2022-08-25,21:39:21,v2.4.11 +argo-cd-5.3.1,2022-08-25,11:35:35,v2.4.11 +argo-cd-5.3.0,2022-08-25,10:42:01,v2.4.11 +argo-cd-5.2.2,2022-08-25,10:13:10,v2.4.11 +argo-cd-5.2.1,2022-08-25,09:08:04,v2.4.11 +argo-cd-5.2.0,2022-08-25,08:43:06,v2.4.11 +argo-cd-5.1.0,2022-08-25,06:41:11,v2.4.11 +argo-cd-5.0.0,2022-08-24,15:12:21,v2.4.11 +argo-rollouts-2.19.0,2022-08-23,02:43:29,v1.2.0 +argocd-apps-0.0.1,2022-08-22,12:32:28, +argo-cd-4.10.9,2022-08-22,14:04:30,v2.4.11 +argo-cd-4.10.8,2022-08-19,19:37:44,v2.4.10 +argo-cd-4.10.7,2022-08-18,00:28:21,v2.4.10 +argo-workflows-0.17.0,2022-08-17,00:07:26,v3.3.9 +argo-cd-4.10.6,2022-08-11,20:43:51,v2.4.9 +argo-workflows-0.16.9,2022-08-10,11:43:41,v3.3.9 +argo-cd-4.10.5,2022-08-02,10:02:11,v2.4.8 +argo-cd-4.10.4,2022-08-01,13:49:17,v2.4.8 +argo-cd-4.10.3,2022-07-31,12:20:12,v2.4.7 +argo-cd-4.10.2,2022-07-29,18:15:36,v2.4.7 +argo-cd-4.10.1,2022-07-29,14:40:58,v2.4.7 +argo-workflows-0.16.8,2022-07-27,00:51:07,v3.3.8 +argo-cd-4.10.0,2022-07-21,09:53:44,v2.4.7 +argo-cd-4.9.16,2022-07-19,12:48:08,v2.4.7 +argo-cd-4.9.15,2022-07-19,06:25:53,v2.4.7 +argo-rollouts-2.18.0,2022-07-15,11:43:33,v1.2.0 +argo-cd-4.9.14,2022-07-14,13:03:20,v2.4.6 +argo-workflows-0.16.7,2022-07-13,00:10:56,v3.3.8 +argo-cd-4.9.13,2022-07-13,20:43:07,v2.4.6 +argo-cd-4.9.12,2022-07-07,16:46:25,v2.4.4 +argo-events-2.0.3,2022-07-06,12:39:16,v1.7.1 +argo-events-2.0.2,2022-07-04,09:50:24,v1.7.1 +argo-cd-4.9.11,2022-06-29,13:10:22,v2.4.3 +argo-cd-4.9.9,2022-06-28,13:20:49,v2.4.3 +argo-cd-4.9.10,2022-06-28,15:14:22,v2.4.3 +argo-events-2.0.1,2022-06-27,21:35:46,v1.7.0 +argo-cd-4.9.8,2022-06-27,17:45:36,v2.4.2 +argo-workflows-0.16.6,2022-06-24,05:47:50,v3.3.8 +argo-workflows-0.16.5,2022-06-23,16:01:09,v3.3.7 +argo-workflows-0.16.4,2022-06-23,09:30:17,v3.3.6 +argo-cd-4.9.7,2022-06-23,14:43:59,v2.4.2 +argo-cd-4.9.6,2022-06-23,06:34:16,v2.4.2 +argo-cd-4.9.5,2022-06-23,05:50:20,v2.4.2 +argo-rollouts-2.17.0,2022-06-17,08:13:21,v1.2.0 +argo-cd-4.9.4,2022-06-17,07:01:22,v2.4.0 +argo-cd-4.9.3,2022-06-16,11:24:09,v2.4.0 +argo-cd-4.9.2,2022-06-15,13:16:32,v2.4.0 +argo-events-2.0.0,2022-06-14,15:38:27,v1.7.0 +argo-cd-4.9.1,2022-06-14,12:32:16,v2.4.0 +argo-cd-4.9.0,2022-06-14,10:10:37,v2.4.0 +argo-workflows-0.16.3,2022-06-10,16:50:21,v3.3.6 +argo-cd-4.8.3,2022-06-08,06:04:29,v2.3.4 +argo-cd-4.8.2,2022-06-02,12:26:38,v2.3.4 +argo-cd-4.8.1,2022-06-02,12:06:47,v2.3.4 +argo-workflows-0.16.2,2022-06-01,17:56:41,v3.3.6 +argo-rollouts-2.16.0,2022-06-01,17:10:16,v1.2.0 +argo-cd-4.8.0,2022-05-30,16:20:13,v2.3.4 +argo-workflows-0.16.1,2022-05-26,11:20:50,v3.3.6 +argo-rollouts-2.15.0,2022-05-26,12:00:18,v1.2.0 +argo-workflows-0.16.0,2022-05-25,09:30:37,v3.3.5 +argo-workflows-0.15.4,2022-05-25,08:52:21,v3.3.5 +argo-cd-4.7.0,2022-05-25,11:07:09,v2.3.4 +argo-rollouts-2.14.1,2022-05-23,05:05:29,v1.2.0 +argo-cd-4.6.5,2022-05-23,04:47:27,v2.3.4 +argo-workflows-0.15.3,2022-05-22,07:43:33,v3.3.5 +argo-cd-4.6.4,2022-05-22,11:52:08,v2.3.4 +argo-workflows-0.15.2,2022-05-20,21:14:27,v3.3.5 +argo-workflows-0.15.1,2022-05-20,19:19:26,v3.3.2 +argo-cd-4.6.3,2022-05-20,18:11:16,v2.3.4 +argo-cd-4.6.2,2022-05-19,17:54:21,v2.3.4 +argo-cd-4.6.1,2022-05-19,11:51:31,v2.3.3 +argo-cd-4.6.0,2022-05-10,07:41:16,v2.3.3 +argo-workflows-0.15.0,2022-05-09,20:45:52,v3.3.2 +argo-workflows-0.14.5,2022-05-09,20:36:39,v3.3.2 +argo-workflows-0.14.4,2022-05-09,20:24:35,v3.3.2 +argo-workflows-0.14.3,2022-05-09,19:51:22,v3.3.2 +argo-workflows-0.14.2,2022-05-09,19:37:38,v3.3.2 +argo-cd-4.5.12,2022-05-09,19:18:36,v2.3.3 +argo-cd-4.5.11,2022-05-07,20:58:56,v2.3.3 +argo-cd-4.5.10,2022-05-05,21:59:44,v2.3.3 +argo-cd-4.5.9,2022-05-04,16:40:52,v2.3.3 +argo-workflows-0.14.1,2022-05-01,11:44:50,v3.3.2 +argo-cd-4.5.8,2022-04-30,12:31:18,v2.3.3 +argo-events-1.13.0,2022-04-23,07:25:52,v1.6.0 +argocd-notifications-1.8.1,2022-04-22,09:42:54,v1.2.1 +argocd-applicationset-1.12.1,2022-04-22,09:42:52,v0.4.1 +argocd-applicationset-1.12.0,2022-04-22,07:23:43,v0.4.1 +argo-workflows-0.14.0,2022-04-22,07:09:42,v3.3.2 +argo-cd-4.5.7,2022-04-22,09:55:26,v2.3.3 +argo-cd-4.5.6,2022-04-22,08:34:16,v2.3.3 +argo-cd-4.5.5,2022-04-21,22:02:41,v2.3.3 +argo-cd-4.5.4,2022-04-19,11:02:10,v2.3.3 +argo-cd-4.5.3,2022-04-12,14:28:36,v2.3.3 +argo-cd-4.5.2,2022-04-12,12:32:08,v2.3.3 +argo-cd-4.5.1,2022-04-11,14:33:48,v2.3.3 +argo-rollouts-2.14.0,2022-04-05,11:38:27,v1.2.0 +argo-cd-4.5.0,2022-04-03,09:14:25,v2.3.3 +argo-cd-4.4.1,2022-04-02,18:45:18,v2.3.3 +argo-rollouts-2.13.0,2022-03-31,17:32:03,v1.2.0 +argo-cd-4.4.0,2022-03-31,12:20:18,v2.3.3 +argo-cd-4.3.2,2022-03-31,11:59:31,v2.3.3 +argo-cd-4.3.1,2022-03-30,13:40:17,v2.3.3 +argo-cd-4.3.0,2022-03-29,11:24:34,v2.3.2 +argo-cd-4.2.4,2022-03-28,21:02:42,v2.3.2 +argo-cd-4.2.3,2022-03-28,13:18:14,v2.3.2 +argo-workflows-0.13.1,2022-03-23,13:18:49,v3.2.9 +argo-rollouts-2.12.0,2022-03-23,21:12:12,v1.2.0 +argo-cd-4.2.2,2022-03-23,09:53:45,v2.3.2 +argo-cd-4.2.1,2022-03-18,21:25:50,v2.3.1 +argo-cd-4.2.0,2022-03-18,16:42:44,v2.3.1 +argocd-image-updater-0.8.0,2022-03-17,19:34:59,v0.12.0 +argo-cd-4.1.0,2022-03-17,17:16:25,v2.3.1 +argo-cd-4.0.1,2022-03-17,12:54:21,v2.3.1 +argo-cd-4.0.0,2022-03-16,21:02:33,v2.3.1 +argo-rollouts-2.11.0,2022-03-14,21:13:07,v1.1.1 +argo-workflows-0.13.0,2022-03-12,17:55:49,v3.2.9 +argo-workflows-0.12.0,2022-03-12,17:14:00,v3.2.9 +argo-cd-3.35.4,2022-03-12,18:59:29,v2.2.5 +argo-cd-3.35.3,2022-03-10,10:45:45,v2.2.5 +argo-cd-3.35.2,2022-03-06,15:54:11,v2.2.5 +argo-cd-3.35.1,2022-03-06,12:08:36,v2.2.5 +argo-workflows-0.11.2,2022-03-05,08:51:50,v3.2.9 +argo-workflows-0.11.1,2022-03-03,14:02:23,v3.2.7 +argocd-image-updater-0.7.0,2022-03-01,10:26:52,v0.11.3 +argo-workflows-0.11.0,2022-03-01,09:53:15,v3.2.7 +argo-cd-3.35.0,2022-03-01,21:58:21,v2.2.5 +argo-cd-3.34.0,2022-03-01,17:37:13,v2.2.5 +argo-cd-3.33.8,2022-02-26,20:07:35,v2.2.5 +argo-cd-3.33.7,2022-02-23,11:02:53,v2.2.5 +argocd-image-updater-0.6.3,2022-02-20,17:56:33,v0.11.3 +argo-rollouts-2.10.0,2022-02-20,23:01:55,v1.1.1 +argo-events-1.12.0,2022-02-20,20:57:50,v1.6.0 +argo-events-1.11.0,2022-02-20,18:31:57,v1.6.0 +argocd-applicationset-1.11.0,2022-02-17,08:19:49,v0.3.0 +argo-cd-3.33.6,2022-02-17,11:37:47,v2.2.5 +argocd-applicationset-1.10.0,2022-02-16,18:44:07,v0.3.0 +argo-workflows-0.10.1,2022-02-09,23:06:55,v3.2.7 +argo-cd-3.33.5,2022-02-05,16:32:53,v2.2.5 +argo-cd-3.33.4,2022-02-05,12:55:15,v2.2.5 +argo-cd-3.33.3,2022-02-04,09:19:44,v2.2.4 +argo-cd-3.33.2,2022-02-03,09:36:59,v2.2.3 +argocd-notifications-1.8.0,2022-02-01,21:49:11,v1.2.1 +argo-cd-3.33.1,2022-01-31,19:26:33,v2.2.3 +argo-cd-3.33.0,2022-01-31,15:37:35,v2.2.3 +argo-workflows-0.10.0,2022-01-28,13:45:09,v3.2.6 +argo-cd-3.32.1,2022-01-27,10:15:36,v2.2.3 +argo-cd-3.32.0,2022-01-26,15:14:35,v2.2.3 +argo-rollouts-2.9.3,2022-01-25,12:43:34,v1.1.1 +argocd-notifications-1.7.1,2022-01-24,19:19:34,v1.2.1 +argocd-image-updater-0.6.2,2022-01-24,19:19:33,v0.11.2 +argocd-applicationset-1.9.1,2022-01-24,19:19:32,v0.3.0 +argo-workflows-0.9.5,2022-01-24,19:19:30,v3.2.6 +argo-rollouts-2.9.2,2022-01-24,19:19:29,v1.1.1 +argo-events-1.10.2,2022-01-24,19:19:28,v1.5.6 +argo-cd-3.31.1,2022-01-24,19:19:26,v2.2.2 +argo-cd-3.31.0,2022-01-20,10:52:27,v2.2.2 +argo-cd-3.30.1,2022-01-19,19:26:25,v2.2.2 +argo-events-1.10.1,2022-01-18,22:20:08,v1.5.6 +argo-events-1.10.0,2022-01-17,14:02:09,v1.5.0 +argo-cd-3.30.0,2022-01-16,05:24:18,v2.2.2 +argocd-image-updater-0.6.1,2022-01-11,22:07:52,v0.11.2 +argo-rollouts-2.9.1,2022-01-11,22:35:51,v1.1.1 +argo-rollouts-2.9.0,2022-01-10,20:46:21,v1.1.1 +argo-rollouts-2.8.1,2022-01-10,18:21:14,v1.1.1 +argo-events-1.9.0,2022-01-10,19:56:43,v1.5.0 +argocd-applicationset-1.9.0,2022-01-09,18:08:02,v0.3.0 +argocd-applicationset-1.8.0,2022-01-06,18:36:05,v0.3.0 +argo-rollouts-2.8.0,2022-01-05,12:32:16,v1.1.0 +argo-cd-3.29.5,2022-01-04,10:16:28,v2.2.2 +argocd-notifications-1.7.0,2021-12-20,18:18:19,v1.2.1 +argo-workflows-0.9.4,2021-12-20,11:00:00,v3.2.6 +argo-rollouts-2.7.0,2021-12-20,19:13:47,v1.1.0 +argo-cd-3.29.4,2021-12-20,17:27:35,v2.2.1 +argo-cd-3.29.3,2021-12-18,22:09:23,v2.2.1 +argo-cd-3.29.2,2021-12-17,18:39:32,v2.2.1 +argo-cd-3.29.1,2021-12-17,10:06:18,v2.2.1 +argocd-notifications-1.6.1,2021-12-16,09:58:40,v1.2.1 +argo-cd-3.29.0,2021-12-15,10:15:30,v2.2.0 +argo-cd-3.28.1,2021-12-11,19:32:10,v2.1.7 +argo-cd-3.28.0,2021-12-10,15:23:06,v2.1.7 +argocd-applicationset-1.7.0,2021-12-09,14:56:54,v0.2.0 +argo-rollouts-2.6.0,2021-12-09,15:13:24,v1.1.0 +argocd-image-updater-0.6.0,2021-12-07,06:40:34,v0.11.0 +argo-workflows-0.9.3,2021-12-06,10:02:15,v3.2.4 +argo-cd-3.27.1,2021-12-03,22:41:42,v2.1.7 +argo-cd-3.27.0,2021-12-03,22:19:58,v2.1.7 +argo-cd-3.26.12,2021-11-29,10:51:49,v2.1.7 +argocd-notifications-1.6.0,2021-11-25,17:39:42,v1.2.0 +argocd-image-updater-0.5.0,2021-11-24,20:47:21,v0.11.0 +argo-cd-3.26.11,2021-11-24,16:30:38,v2.1.7 +argo-workflows-0.9.2,2021-11-23,10:12:37,v3.2.4 +argocd-image-updater-0.4.2,2021-11-22,07:18:47,v0.10.3 +argo-workflows-0.9.1,2021-11-22,09:41:06,v3.2.4 +argo-workflows-0.9.0,2021-11-22,09:33:03,v3.2.4 +argo-workflows-0.8.3,2021-11-21,18:59:21,v3.2.4 +argo-cd-3.26.10,2021-11-21,12:48:45,v2.1.7 +argo-workflows-0.8.2,2021-11-19,21:36:02,v3.2.0 +argocd-image-updater-0.4.1,2021-11-17,09:50:53,v0.10.3 +argo-cd-3.26.9,2021-11-17,07:43:03,v2.1.6 +argocd-image-updater-0.4.0,2021-11-15,23:19:27,v0.10.1 +argo-rollouts-2.5.0,2021-11-15,07:02:31,v1.1.0 +argocd-notifications-1.5.2,2021-11-12,09:25:30,v1.1.1 +argo-cd-3.26.8,2021-11-11,15:00:04,v2.1.6 +argo-cd-3.26.7,2021-11-10,17:18:47,v2.1.6 +argocd-image-updater-0.3.0,2021-11-09,21:14:43,v0.10.1 +argo-rollouts-2.4.0,2021-11-09,20:50:12,v1.1.0 +argo-cd-3.26.6,2021-11-06,08:23:57,v2.1.6 +argo-workflows-0.8.1,2021-11-01,18:13:26,v3.2.0 +argo-cd-3.26.5,2021-10-31,19:32:18,v2.1.6 +argo-cd-3.26.4,2021-10-31,11:57:25,v2.1.6 +argo-events-1.8.0,2021-10-27,15:13:58,v1.5.0 +argo-cd-3.26.3,2021-10-21,20:56:35,v2.1.5 +argo-cd-3.26.2,2021-10-21,11:34:14,2.1.4 +argo-cd-3.26.1,2021-10-20,06:32:59,2.1.4 +argo-workflows-0.8.0,2021-10-19,15:37:06,v3.2.0 +argo-cd-3.26.0,2021-10-19,17:02:52,2.1.3 +argo-cd-3.25.3,2021-10-19,15:51:33,2.1.3 +argo-rollouts-2.3.0,2021-10-18,12:29:40,v1.1.0 +argocd-applicationset-1.6.0,2021-10-17,18:30:56,v0.2.0 +argo-rollouts-2.2.1,2021-10-17,12:08:48,v1.1.0 +argo-cd-3.25.2,2021-10-17,10:33:22,2.1.3 +argo-workflows-0.7.3,2021-10-15,10:22:13,v3.2.0 +argo-workflows-0.7.2,2021-10-15,09:42:17,v3.1.8 +argo-rollouts-2.2.0,2021-10-14,14:58:28,v1.1.0 +argo-cd-3.25.1,2021-10-14,12:40:36,2.1.3 +argo-cd-3.25.0,2021-10-12,18:49:49,2.1.3 +argo-cd-3.24.0,2021-10-06,22:13:09,2.1.3 +argo-cd-3.23.1,2021-10-06,15:28:20,2.1.3 +argo-cd-3.23.0,2021-10-04,22:20:00,2.1.2 +argocd-notifications-1.5.1,2021-09-29,15:15:42,1.1.1 +argo-cd-3.22.1,2021-09-29,09:07:29,2.1.2 +argocd-applicationset-1.5.1,2021-09-27,13:58:05,v0.2.0 +argocd-applicationset-1.5.0,2021-09-27,12:06:48,v0.2.0 +argo-workflows-0.7.1,2021-09-27,15:18:14,v3.1.8 +argo-workflows-0.7.0,2021-09-27,07:14:58,v3.1.8 +argo-rollouts-2.1.1,2021-09-27,15:10:06,v1.0.2 +argo-cd-3.22.0,2021-09-27,19:32:54,2.1.2 +argo-cd-3.21.1,2021-09-27,10:04:46,2.1.2 +argocd-image-updater-0.2.1,2021-09-20,14:43:20,v0.10.1 +argo-workflows-0.6.0,2021-09-17,19:51:33,v3.1.8 +argo-rollouts-2.1.0,2021-09-17,16:39:27,v1.0.2 +argo-cd-3.21.0,2021-09-17,20:14:56,2.1.2 +argo-cd-3.20.0,2021-09-17,17:47:39,2.1.2 +argo-cd-3.19.0,2021-09-17,13:57:58,2.1.2 +argocd-image-updater-0.2.0,2021-09-16,18:59:58,v0.10.1 +argocd-image-updater-0.1.1,2021-09-16,17:30:59,v0.10.1 +argo-rollouts-2.0.2,2021-09-16,19:06:11,v1.0.2 +argo-cd-3.18.0,2021-09-16,17:59:45,2.1.2 +argo-workflows-0.5.2,2021-09-15,22:27:25,v3.1.8 +argo-cd-3.17.7,2021-09-15,10:31:26,2.1.2 +argo-workflows-0.5.1,2021-09-13,16:21:35,v3.1.8 +argo-cd-3.17.6,2021-09-02,21:59:12,2.1.2 +argo-rollouts-2.0.1,2021-08-30,06:46:48,v1.0.2 +argocd-notifications-1.5.0,2021-08-27,13:12:54,1.1.1 +argocd-applicationset-1.4.0,2021-08-27,12:33:43,v0.2.0 +argo-workflows-0.5.0,2021-08-27,12:59:50,v3.1.8 +argo-cd-3.17.5,2021-08-27,13:47:25,2.1.1 +argo-cd-3.17.4,2021-08-27,10:06:21,2.1.1 +argo-cd-3.17.3,2021-08-26,15:11:19,2.1.1 +argo-cd-3.17.2,2021-08-26,14:22:27,2.1.1 +argo-cd-3.17.1,2021-08-26,13:55:36,2.1.0 +argo-cd-3.17.0,2021-08-26,13:43:13,2.1.0 +argocd-notifications-1.4.4,2021-08-25,12:14:37,1.1.1 +argocd-applicationset-1.3.1,2021-08-25,07:05:41,v0.2.0 +argo-cd-3.16.0,2021-08-25,15:05:03,2.1.0 +argo-cd-3.15.0,2021-08-24,12:48:33,2.1.0 +argo-cd-3.14.0,2021-08-24,12:38:02,2.1.0 +argocd-applicationset-1.3.0,2021-08-23,13:05:32,v0.2.0 +argocd-applicationset-1.2.0,2021-08-23,12:23:43,v0.2.0 +argo-workflows-0.4.2,2021-08-23,11:13:42,v3.1.8 +argo-cd-3.13.2,2021-08-23,17:23:36,2.1.0 +argo-cd-3.13.1,2021-08-23,13:01:57,2.1.0 +argo-cd-3.13.0,2021-08-23,12:14:11,2.1.0 +argo-workflows-0.4.1,2021-08-20,16:24:43,v3.1.5 +argocd-notifications-1.4.3,2021-08-18,10:02:11,1.1.1 +argocd-notifications-1.4.2,2021-08-17,09:13:14,1.1.1 +argo-workflows-0.4.0,2021-08-17,07:31:04,v3.1.5 +argocd-image-updater-0.1.0,2021-08-16,15:23:23,v0.10.1 +argo-rollouts-2.0.0,2021-08-16,15:27:43,v1.0.2 +argo-cd-3.12.1,2021-08-14,11:03:56,2.0.5 +argocd-applicationset-1.1.0,2021-08-13,16:37:25,v0.1.0 +argo-cd-3.12.0,2021-08-13,20:15:28,2.0.5 +argo-workflows-0.3.0,2021-08-11,07:32:31,v3.0.7 +argo-cd-3.11.5,2021-08-11,15:44:45,2.0.5 +argo-cd-3.11.4,2021-08-11,07:14:57,2.0.5 +argo-workflows-0.2.13,2021-08-10,13:45:31,v3.0.7 +argo-rollouts-1.0.4,2021-08-10,06:39:57,v1.0.2 +argo-cd-3.11.3,2021-08-09,08:58:30,2.0.5 +argo-events-1.7.0,2021-08-07,22:43:47,1.3.1 +argo-cd-3.11.2,2021-08-07,13:08:09,2.0.5 +argo-cd-3.11.1,2021-07-28,15:42:38,2.0.5 +argo-cd-3.11.0,2021-07-28,14:37:27,2.0.5 +argo-cd-3.10.2,2021-07-27,11:07:30,2.0.5 +argo-cd-3.10.1,2021-07-27,01:33:24,2.0.5 +argo-workflows-0.2.12,2021-07-21,16:02:29,v3.0.7 +argo-workflows-0.2.9,2021-07-20,18:18:54,v3.0.7 +argo-workflows-0.2.8,2021-07-20,18:10:55,v3.0.7 +argo-workflows-0.2.11,2021-07-20,21:51:21,v3.0.7 +argo-workflows-0.2.10,2021-07-20,18:25:05,v3.0.7 +argo-cd-3.10.0,2021-07-20,11:41:23,2.0.4 +argo-cd-3.9.0,2021-07-13,06:35:52,2.0.4 +argo-cd-3.8.2,2021-07-13,06:26:07,2.0.4 +argocd-applicationset-1.0.0,2021-07-12,10:54:40,v0.1.0 +argo-cd-3.8.1,2021-07-12,11:07:21,2.0.4 +argocd-notifications-1.4.1,2021-07-09,11:09:14,1.1.1 +argocd-applicationset-0.1.7,2021-07-09,11:09:13,v0.1.0 +argo-workflows-0.2.7,2021-07-09,11:09:12,v3.0.7 +argo-rollouts-1.0.3,2021-07-09,11:09:12,v1.0.2 +argo-events-1.6.4,2021-07-09,11:09:11,1.3.1 +argo-cd-3.8.0,2021-07-09,12:34:38,2.0.4 +argo-cd-3.7.2,2021-07-09,11:09:10,2.0.4 +argo-rollouts-1.0.2,2021-07-07,15:18:22,v1.0.2 +argo-cd-3.7.1,2021-07-05,09:53:30,2.0.4 +argo-cd-3.7.0,2021-07-05,09:42:21,2.0.4 +argo-cd-3.6.11,2021-06-29,08:49:22,2.0.4 +argo-cd-3.6.10,2021-06-26,15:05:26,2.0.3 +argo-workflows-0.2.6,2021-06-25,06:16:05,v3.0.7 +argo-cd-3.6.9,2021-06-25,06:07:25,2.0.3 +argo-workflows-0.2.5,2021-06-08,13:15:23,v3.0.2 +argo-events-1.6.2,2021-06-07,08:36:00,1.3.1 +argo-cd-3.6.8,2021-06-07,09:40:13,2.0.3 +argo-cd-3.6.7,2021-06-07,08:52:24,2.0.3 +argocd-notifications-1.4.0,2021-06-03,10:08:10,1.1.1 +argocd-applicationset-0.1.6,2021-06-03,17:50:44,v0.1.0 +argo-workflows-0.2.4,2021-06-03,17:11:17,v3.0.2 +argo-workflows-0.2.3,2021-06-03,11:08:38,v3.0.2 +argo-cd-3.6.6,2021-06-02,17:55:17,2.0.3 +argo-workflows-0.2.2,2021-05-31,20:15:38,v3.0.2 +argo-workflows-0.2.1,2021-05-31,16:32:09,v3.0.2 +argo-workflows-0.2.0,2021-05-31,16:18:32,v3.0.2 +argo-rollouts-1.0.1,2021-05-31,21:23:24,v1.0.1 +argo-rollouts-1.0.0,2021-05-31,16:06:49,v1.0.1 +argo-events-1.6.1,2021-05-31,16:09:51,1.3.1 +argo-cd-3.6.5,2021-05-31,20:15:37,2.0.3 +argo-events-1.6.0,2021-05-29,10:30:24,1.3.1 +argo-cd-3.6.4,2021-05-29,14:37:41,2.0.3 +argo-cd-3.6.3,2021-05-29,08:42:00,2.0.3 +argo-workflows-0.1.5,2021-05-27,16:33:49,v3.0.2 +argocd-notifications-1.3.2,2021-05-26,21:41:54,1.1.1 +argo-workflows-0.1.4,2021-05-26,10:00:42,v3.0.2 +argo-rollouts-0.5.5,2021-05-26,09:44:42,0.10.2 +argo-events-1.5.0,2021-05-26,21:27:33,1.3.1 +argo-events-1.4.3,2021-05-26,21:13:44,1.3.1 +argo-cd-3.6.2,2021-05-26,10:35:46,2.0.1 +argo-workflows-0.1.3,2021-05-25,06:06:50,v3.0.2 +argo-rollouts-0.5.4,2021-05-24,21:34:19,0.10.2 +argo-cd-3.6.1,2021-05-24,19:21:16,2.0.1 +argo-cd-3.6.0,2021-05-23,12:25:54,2.0.1 +argocd-notifications-1.3.1,2021-05-21,16:00:09,1.1.1 +argocd-applicationset-0.1.5,2021-05-21,16:00:08,v0.1.0 +argo-workflows-0.1.2,2021-05-21,16:50:29,v3.0.2 +argo-workflows-0.1.1,2021-05-21,16:00:07,v3.0.2 +argo-rollouts-0.5.3,2021-05-21,16:00:06,0.10.2 +argo-events-1.4.2,2021-05-21,16:00:05,1.3.1 +argo-cd-3.5.0,2021-05-21,16:43:57,2.0.1 +argo-cd-3.4.1,2021-05-21,16:00:04,2.0.1 +argo-1.0.0,2021-05-21,16:00:03,v2.12.5 diff --git a/scripts/release-analysis/argo_releases.csv b/scripts/release-analysis/argo_releases.csv new file mode 100644 index 00000000..f630abe7 --- /dev/null +++ b/scripts/release-analysis/argo_releases.csv @@ -0,0 +1,877 @@ +Repository,Release Tag,Release Date,Release Time +argo-cd,v2.14.0-rc6,2025-01-21,21:40:31 +argo-cd,v2.14.0-rc5,2025-01-08,20:16:38 +argo-cd,v2.13.3,2025-01-03,19:23:42 +argo-cd,v2.12.9,2025-01-03,19:21:15 +argo-cd,v2.14.0-rc4,2025-01-02,22:36:35 +argo-cd,v2.14.0-rc3,2024-12-18,19:22:51 +argo-cd,v2.14.0-rc2,2024-12-17,18:43:53 +argo-cd,v2.13.2,2024-12-11,19:18:46 +argo-cd,v2.12.8,2024-12-11,19:17:57 +argo-cd,v2.13.1,2024-11-20,17:11:22 +argo-cd,v2.12.7,2024-11-05,16:08:15 +argo-cd,v2.11.12,2024-11-05,16:09:52 +argo-cd,v2.13.0,2024-11-04,12:46:49 +argo-cd,v2.13.0-rc5,2024-10-18,21:56:52 +argo-cd,v2.12.6,2024-10-18,19:07:18 +argo-cd,v2.11.11,2024-10-18,19:10:03 +argo-cd,v2.13.0-rc4,2024-10-17,22:20:25 +argo-cd,v2.12.5,2024-10-17,22:03:45 +argo-cd,v2.11.10,2024-10-17,22:04:22 +argo-cd,v2.10.18,2024-10-17,22:02:48 +argo-cd,v2.13.0-rc3,2024-10-07,14:11:10 +argo-cd,v2.12.4,2024-09-26,07:14:39 +argo-cd,v2.11.9,2024-09-26,07:39:46 +argo-cd,v2.10.17,2024-09-26,07:39:53 +argo-cd,v2.13.0-rc2,2024-09-20,12:16:17 +argo-cd,v2.13.0-rc1,2024-09-16,09:07:32 +argo-cd,v2.11.8,2024-09-11,07:18:22 +argo-cd,v2.12.3,2024-08-27,12:33:34 +argo-cd,v2.12.2,2024-08-23,04:05:09 +argo-cd,v2.9.22,2024-08-22,18:09:07 +argo-cd,v2.8.21,2024-08-22,00:15:46 +argo-cd,v2.12.1,2024-08-16,17:16:36 +argo-cd,v2.12.0,2024-08-05,14:02:15 +argo-cd,v2.12.0-rc5,2024-08-02,00:02:42 +argo-cd,v2.11.7,2024-07-24,10:27:18 +argo-cd,v2.10.16,2024-07-24,10:27:30 +argo-cd,v2.9.21,2024-07-24,10:27:35 +argo-cd,v2.11.6,2024-07-22,15:19:04 +argo-cd,v2.10.15,2024-07-22,15:28:11 +argo-cd,v2.9.20,2024-07-22,15:26:01 +argo-cd,v2.12.0-rc4,2024-07-15,18:31:03 +argo-cd,v2.11.5,2024-07-15,18:32:15 +argo-cd,v2.10.14,2024-07-15,18:43:13 +argo-cd,v2.9.19,2024-07-15,19:10:33 +argo-cd,v2.12.0-rc3,2024-07-02,19:11:39 +argo-cd,v2.11.4,2024-07-02,19:52:42 +argo-cd,v2.10.13,2024-07-02,19:16:33 +argo-cd,v2.9.18,2024-07-02,20:06:18 +argo-cd,v2.12.0-rc2,2024-06-24,21:07:03 +argo-cd,v2.12.0-rc1,2024-06-18,13:46:04 +argo-cd,v2.11.3,2024-06-06,09:43:29 +argo-cd,v2.10.12,2024-06-06,09:44:03 +argo-cd,v2.9.17,2024-06-06,09:47:39 +argo-cd,v2.11.2,2024-05-23,14:14:51 +argo-cd,v2.10.11,2024-05-23,14:20:08 +argo-cd,v2.9.16,2024-05-23,14:28:35 +argo-cd,v2.8.20,2024-05-23,14:22:46 +argo-cd,v2.11.1,2024-05-21,15:03:58 +argo-cd,v2.10.10,2024-05-21,15:04:04 +argo-cd,v2.9.15,2024-05-21,15:03:15 +argo-cd,v2.8.19,2024-05-21,15:02:42 +argo-cd,v2.11.0,2024-05-07,16:37:25 +argo-cd,v2.10.9,2024-04-30,16:55:10 +argo-cd,v2.9.14,2024-04-30,17:52:42 +argo-cd,v2.8.18,2024-04-30,18:11:05 +argo-cd,v2.11.0-rc3,2024-04-29,20:34:30 +argo-cd,v2.10.8,2024-04-26,14:04:02 +argo-cd,v2.9.13,2024-04-26,13:54:31 +argo-cd,v2.8.17,2024-04-26,13:32:45 +argo-cd,v2.11.0-rc2,2024-04-15,20:21:25 +argo-cd,v2.10.7,2024-04-15,09:21:23 +argo-cd,v2.9.12,2024-04-15,09:23:39 +argo-cd,v2.8.16,2024-04-15,09:24:55 +argo-cd,v2.11.0-rc1,2024-04-05,12:48:47 +argo-cd,v2.10.6,2024-04-05,01:04:01 +argo-cd,v2.9.11,2024-04-05,00:33:21 +argo-cd,v2.8.15,2024-04-05,00:08:33 +argo-cd,v2.7.18,2024-04-04,23:10:16 +argo-cd,v2.10.5,2024-03-28,16:29:02 +argo-cd,v2.9.10,2024-03-28,17:14:04 +argo-cd,v2.8.14,2024-03-28,17:14:13 +argo-cd,v2.10.4,2024-03-18,08:44:51 +argo-cd,v2.9.9,2024-03-18,08:44:29 +argo-cd,v2.8.13,2024-03-18,08:43:03 +argo-cd,v2.10.3,2024-03-13,19:53:05 +argo-cd,v2.9.8,2024-03-13,19:50:14 +argo-cd,v2.8.12,2024-03-13,19:49:30 +argo-cd,v2.8.11,2024-03-08,15:35:57 +argo-cd,v2.10.2,2024-03-01,22:03:43 +argo-cd,v2.9.7,2024-03-01,23:28:36 +argo-cd,v2.10.1,2024-02-14,18:12:43 +argo-cd,v2.10.0,2024-02-06,15:03:51 +argo-cd,v2.9.6,2024-02-02,19:51:46 +argo-cd,v2.8.10,2024-02-02,19:01:36 +argo-cd,v2.7.17,2024-02-02,19:00:32 +argo-cd,v2.10.0-rc4,2024-01-25,21:50:37 +argo-cd,v2.10.0-rc3,2024-01-19,18:33:17 +argo-cd,v2.9.5,2024-01-19,18:32:02 +argo-cd,v2.8.9,2024-01-19,18:47:44 +argo-cd,v2.8.8,2024-01-19,15:17:36 +argo-cd,v2.7.16,2024-01-19,19:38:49 +argo-cd,v2.10.0-rc2,2024-01-18,21:14:40 +argo-cd,v2.9.4,2024-01-18,21:24:02 +argo-cd,v2.10.0-rc1,2023-12-18,21:20:13 +argo-cd,v2.7.15,2023-12-06,15:59:27 +argo-cd,v2.9.3,2023-12-01,23:39:19 +argo-cd,v2.9.2,2023-11-20,17:52:41 +argo-cd,v2.8.7,2023-11-20,17:52:04 +argo-cd,v2.9.1,2023-11-14,15:55:51 +argo-cd,v2.9.0,2023-11-06,05:27:12 +argo-cd,v2.8.6,2023-11-01,17:29:59 +argo-cd,v2.9.0-rc4,2023-10-31,22:28:01 +argo-cd,v2.8.5,2023-10-31,19:30:03 +argo-cd,v2.9.0-rc3,2023-10-25,19:54:22 +argo-cd,v2.9.0-rc2,2023-10-03,16:24:24 +argo-cd,v2.9.0-rc1,2023-09-27,01:06:19 +argo-cd,v2.8.4,2023-09-13,20:08:07 +argo-cd,v2.8.3,2023-09-07,18:06:07 +argo-cd,v2.7.14,2023-09-07,18:05:20 +argo-cd,v2.6.15,2023-09-07,18:32:42 +argo-cd,v2.5.22,2023-08-25,15:21:48 +argo-cd,v2.8.2,2023-08-24,21:05:33 +argo-cd,v2.7.13,2023-08-24,20:58:11 +argo-cd,v2.6.14,2023-08-24,22:01:58 +argo-cd,v2.8.1,2023-08-22,21:19:28 +argo-cd,v2.7.12,2023-08-23,15:02:27 +argo-cd,v2.8.0,2023-08-07,20:03:46 +argo-cd,v2.7.11,2023-08-07,20:07:16 +argo-cd,v2.8.0-rc7,2023-08-03,16:20:46 +argo-cd,v2.7.10,2023-07-31,22:51:19 +argo-cd,v2.8.0-rc6,2023-07-28,14:47:33 +argo-cd,v2.7.9,2023-07-24,18:50:30 +argo-cd,v2.8.0-rc5,2023-07-19,18:28:18 +argo-cd,v2.7.8,2023-07-19,15:58:13 +argo-cd,v2.6.13,2023-07-19,18:32:25 +argo-cd,v2.5.21,2023-07-19,16:18:16 +argo-cd,v2.8.0-rc4,2023-07-19,01:04:24 +argo-cd,v2.8.0-rc3,2023-07-12,21:02:10 +argo-cd,v2.8.0-rc2,2023-07-05,20:16:20 +argo-cd,v2.7.7,2023-07-05,20:25:54 +argo-cd,v2.6.12,2023-07-05,20:26:58 +argo-cd,v2.5.20,2023-07-05,20:21:44 +argo-cd,v2.8.0-rc1,2023-06-27,14:35:51 +argo-cd,v2.7.6,2023-06-20,21:46:46 +argo-cd,v2.6.11,2023-06-20,21:40:36 +argo-cd,v2.7.5,2023-06-16,15:24:00 +argo-cd,v2.6.10,2023-06-16,15:30:18 +argo-cd,v2.5.19,2023-06-16,15:14:25 +argo-cd,v2.7.4,2023-06-05,19:40:08 +argo-cd,v2.6.9,2023-06-05,20:00:21 +argo-cd,v2.5.18,2023-06-05,19:37:35 +argo-cd,v2.6.8,2023-05-25,16:35:40 +argo-cd,v2.5.17,2023-05-25,16:37:48 +argo-cd,v2.7.3,2023-05-24,16:14:02 +argo-cd,v2.7.2,2023-05-12,14:41:07 +argo-cd,v2.7.1,2023-05-02,17:24:44 +argo-cd,v2.7.0,2023-05-02,00:51:25 +argo-cd,v2.7.0-rc2,2023-04-11,16:29:33 +argo-cd,v2.7.0-rc1,2023-03-27,14:42:25 +argo-cd,v2.6.7,2023-03-23,15:45:09 +argo-cd,v2.5.16,2023-03-23,15:34:49 +argo-cd,v2.4.28,2023-03-23,15:35:38 +argo-cd,v2.6.6,2023-03-16,23:07:31 +argo-cd,v2.5.15,2023-03-16,23:35:35 +argo-cd,v2.4.27,2023-03-16,23:05:14 +argo-cd,v2.6.5,2023-03-14,14:59:49 +argo-cd,v2.5.14,2023-03-14,15:03:12 +argo-cd,v2.4.26,2023-03-14,15:01:43 +argo-cd,v2.6.4,2023-03-07,23:29:08 +argo-cd,v2.5.13,2023-03-07,23:28:04 +argo-cd,v2.4.25,2023-03-07,22:29:10 +argo-cd,v2.6.3,2023-02-27,15:20:04 +argo-cd,v2.5.12,2023-02-27,15:21:29 +argo-cd,v2.4.24,2023-02-27,15:22:21 +argo-cd,v2.6.2,2023-02-16,15:43:42 +argo-cd,v2.5.11,2023-02-16,15:46:31 +argo-cd,v2.4.23,2023-02-16,15:41:44 +argo-cd,v2.3.17,2023-02-16,16:01:23 +argo-cd,v2.6.1,2023-02-08,19:39:04 +argo-cd,v2.6.0,2023-02-06,22:04:33 +argo-cd,v2.6.0-rc7,2023-02-02,16:04:58 +argo-cd,v2.5.10,2023-02-02,15:48:00 +argo-cd,v2.4.22,2023-02-02,16:06:04 +argo-cd,v2.3.16,2023-02-02,16:20:13 +argo-cd,v2.6.0-rc6,2023-01-28,00:07:50 +argo-cd,v2.5.9,2023-01-28,00:04:28 +argo-cd,v2.4.21,2023-01-28,00:07:25 +argo-cd,v2.3.15,2023-01-28,01:20:18 +argo-cd,v2.6.0-rc5,2023-01-25,18:35:37 +argo-cd,v2.5.8,2023-01-25,17:05:03 +argo-cd,v2.4.20,2023-01-25,16:19:24 +argo-cd,v2.3.14,2023-01-25,17:07:36 +argo-cd,v2.6.0-rc4,2023-01-18,03:00:03 +argo-cd,v2.5.7,2023-01-18,03:00:02 +argo-cd,v2.4.19,2023-01-18,02:59:01 +argo-cd,v2.3.13,2023-01-18,04:02:17 +argo-cd,v2.6.0-rc3,2023-01-13,20:36:52 +argo-cd,v2.5.6,2023-01-10,20:14:18 +argo-cd,v2.6.0-rc2,2023-01-05,16:02:06 +argo-cd,v2.6.0-rc1,2022-12-19,17:27:17 +argo-cd,v2.5.5,2022-12-16,16:53:08 +argo-cd,v2.4.18,2022-12-16,16:47:09 +argo-cd,v2.3.12,2022-12-16,17:40:00 +argo-cd,v2.5.4,2022-12-06,20:26:51 +argo-cd,v2.5.3,2022-11-28,17:28:00 +argo-cd,v2.5.2,2022-11-07,17:23:44 +argo-cd,v2.4.17,2022-11-07,17:05:27 +argo-cd,v2.5.1,2022-11-01,21:53:59 +argo-cd,v2.4.16,2022-11-01,22:03:02 +argo-cd,v2.3.11,2022-11-01,22:39:18 +argo-cd,v2.2.16,2022-11-01,20:44:20 +argo-cd,v2.5.0,2022-10-25,15:32:28 +argo-cd,v2.2.15,2022-10-18,22:08:59 +argo-cd,v2.5.0-rc3,2022-10-17,18:39:09 +argo-cd,v2.4.15,2022-10-17,21:17:43 +argo-cd,v2.3.10,2022-10-18,01:09:30 +argo-cd,v2.5.0-rc2,2022-10-11,19:55:49 +argo-cd,v2.5.0-rc1,2022-10-05,18:00:34 +argo-cd,v2.4.14,2022-10-05,17:53:31 +argo-cd,v2.3.9,2022-10-05,18:24:18 +argo-cd,v2.2.14,2022-10-05,17:17:02 +argo-cd,v2.4.13,2022-10-03,21:38:39 +argo-cd,v2.3.8,2022-10-03,22:36:32 +argo-cd,v2.2.13,2022-10-03,21:05:16 +argo-cd,v2.4.12,2022-09-16,01:33:23 +argo-cd,v2.4.11,2022-08-22,09:52:10 +argo-cd,v2.4.10,2022-08-17,21:44:09 +argo-cd,v2.4.9,2022-08-11,15:59:47 +argo-cd,v2.4.8,2022-07-29,17:38:38 +argo-cd,v2.3.7,2022-07-29,16:11:01 +argo-cd,v2.2.12,2022-07-29,14:58:00 +argo-cd,v2.4.7,2022-07-18,21:54:21 +argo-cd,v2.4.6,2022-07-12,23:14:34 +argo-cd,v2.4.5,2022-07-12,17:05:35 +argo-cd,v2.3.6,2022-07-12,17:56:53 +argo-cd,v2.2.11,2022-07-12,16:23:51 +argo-cd,v2.4.4,2022-07-07,07:59:34 +argo-cd,v2.4.3,2022-06-27,21:39:15 +argo-cd,v2.4.2,2022-06-21,21:19:40 +argo-cd,v2.4.1,2022-06-21,17:18:01 +argo-cd,v2.3.5,2022-06-21,18:28:28 +argo-cd,v2.2.10,2022-06-21,16:42:53 +argo-cd,v2.1.16,2022-06-21,16:34:29 +argo-cd,v2.4.0,2022-06-10,17:59:33 +argo-cd,v2.4.0-rc5,2022-06-06,19:57:45 +argo-cd,v2.4.0-rc4,2022-06-01,23:51:49 +argo-cd,v2.4.0-rc3,2022-05-31,20:14:43 +argo-cd,v2.4.0-rc2,2022-05-18,13:20:52 +argo-cd,v2.3.4,2022-05-18,13:14:17 +argo-cd,v2.2.9,2022-05-18,12:11:30 +argo-cd,v2.1.15,2022-05-18,12:48:12 +argo-cd,v2.4.0-rc1,2022-05-06,23:59:23 +argo-cd,v2.3.3,2022-03-30,01:55:37 +argo-cd,v2.3.2,2022-03-23,02:12:12 +argo-cd,v2.2.8,2022-03-23,00:38:55 +argo-cd,v2.1.14,2022-03-23,00:25:37 +argo-cd,v2.3.1,2022-03-11,00:07:41 +argo-cd,v2.2.7,2022-03-09,01:16:04 +argo-cd,v2.1.12,2022-03-09,01:06:39 +argo-cd,v2.3.0,2022-03-06,07:59:28 +argo-cd,v2.2.6,2022-03-06,06:08:26 +argo-cd,v2.1.11,2022-03-06,05:44:19 +argo-cd,v2.2.5,2022-02-05,01:42:13 +argo-cd,v2.1.10,2022-02-05,01:27:00 +argo-cd,v2.3.0-rc5,2022-02-05,00:52:33 +argo-cd,v2.3.0-rc4,2022-02-03,23:22:13 +argo-cd,v2.2.4,2022-02-03,20:50:43 +argo-cd,v2.1.9,2022-02-03,20:38:47 +argo-cd,v2.3.0-rc2,2022-02-02,23:59:42 +argo-cd,v2.3.0-rc1,2022-01-30,23:19:12 +argo-cd,v2.2.3,2022-01-18,18:03:37 +argo-cd,v2.2.2,2022-01-01,06:38:42 +argo-cd,v2.2.1,2021-12-17,01:41:25 +argo-cd,v2.2.0,2021-12-14,18:19:23 +argo-cd,v2.1.8,2021-12-13,23:26:15 +argo-cd,v2.1.7,2021-11-17,22:18:58 +argo-cd,v2.2.0-rc1,2021-11-12,16:44:39 +argo-cd,v2.1.6,2021-10-28,20:08:23 +argo-cd,v2.1.5,2021-10-20,15:25:12 +argo-cd,v2.1.4,2021-10-20,00:47:38 +argo-cd,v2.1.3,2021-09-29,21:59:28 +argo-cd,v2.1.2,2021-09-02,18:13:57 +argo-cd,v2.1.1,2021-08-25,15:20:05 +argo-cd,v2.1.0,2021-08-20,05:40:42 +argo-cd,v2.1.0-rc3,2021-08-11,19:54:48 +argo-cd,v2.1.0-rc2,2021-08-03,17:17:22 +argo-cd,v2.1.0-rc1,2021-07-28,22:39:33 +argo-cd,v2.0.5,2021-07-22,21:00:58 +argo-cd,v2.0.4,2021-06-23,01:36:22 +argo-cd,v2.0.3,2021-05-27,17:47:33 +argo-cd,v2.0.2,2021-05-20,19:38:10 +argo-cd,v2.0.1,2021-04-15,22:40:37 +argo-cd,v2.0.0,2021-04-07,06:07:51 +argo-cd,v2.0.0-rc4,2021-04-05,23:22:38 +argo-cd,v2.0.0-rc3,2021-04-02,17:59:51 +argo-cd,v2.0.0-rc2,2021-03-29,21:39:06 +argo-cd,v2.0.0-rc1,2021-03-19,21:37:41 +argo-cd,v1.8.7,2021-03-03,07:20:14 +argo-cd,v1.7.14,2021-03-03,18:45:51 +argo-cd,v1.8.6,2021-02-26,21:29:08 +argo-cd,v1.7.13,2021-02-26,17:29:32 +argo-cd,v1.8.5,2021-02-20,05:47:09 +argo-cd,v1.8.4,2021-02-05,18:02:18 +argo-cd,v1.7.12,2021-02-05,20:29:49 +argo-cd,v1.8.3,2021-01-21,22:26:34 +argo-cd,v1.8.2,2021-01-10,05:47:08 +argo-cd,v1.8.1,2020-12-10,03:05:37 +argo-cd,v1.7.11,2020-12-10,02:47:15 +argo-cd,v1.8.0,2020-12-09,18:35:24 +argo-cd,v1.8.0-rc2,2020-12-03,05:15:48 +argo-cd,v1.8.0-rc1,2020-11-25,18:21:18 +argo-cd,v1.7.10,2020-11-20,19:57:30 +argo-cd,v1.7.9,2020-11-17,23:26:31 +argo-cd,v1.7.8,2020-10-15,22:39:54 +argo-cd,v1.7.7,2020-09-29,05:02:51 +argo-cd,v1.7.6,2020-09-19,00:58:10 +argo-cd,v1.7.5,2020-09-15,23:10:12 +argo-cd,v1.7.4,2020-09-05,02:51:36 +argo-cd,v1.7.3,2020-09-01,23:25:39 +argo-cd,v1.7.2,2020-08-27,23:40:37 +argo-cd,v1.7.1,2020-08-26,21:17:44 +argo-cd,v1.7.0,2020-08-25,19:05:00 +argo-cd,v1.7.0-rc1,2020-08-15,19:37:04 +argo-cd,v1.6.2,2020-07-31,23:51:10 +argo-cd,v1.6.1,2020-06-19,00:47:03 +argo-cd,v1.6.0,2020-06-16,22:46:48 +argo-cd,v1.5.8,2020-06-16,20:05:59 +argo-cd,v1.6.0-rc2,2020-06-09,22:29:03 +argo-cd,v1.5.7,2020-06-09,18:46:23 +argo-cd,v1.6.0-rc1,2020-06-03,04:11:50 +argo-cd,v1.5.6,2020-06-02,19:13:17 +argo-cd,v1.5.5,2020-05-16,15:22:14 +argo-cd,v1.5.4,2020-05-05,19:25:30 +argo-cd,v1.5.3,2020-05-02,04:58:47 +argo-cd,v1.5.2,2020-04-15,19:05:41 +argo-cd,v1.4.3,2020-04-15,19:09:30 +argo-cd,v1.5.1,2020-04-06,16:35:44 +argo-cd,v1.5.0,2020-04-02,18:49:53 +argo-cd,v1.5.0-rc3,2020-03-30,22:42:52 +argo-cd,v1.5.0-rc2,2020-03-26,06:12:25 +argo-cd,v1.5.0-rc1,2020-03-20,23:02:28 +argo-cd,v1.4.2,2020-01-24,01:18:02 +argo-cd,v1.4.1,2020-01-22,23:10:57 +argo-cd,v1.4.0,2020-01-18,06:12:51 +argo-cd,v1.4.0-rc1,2020-01-13,20:48:09 +argo-cd,v1.3.6,2019-12-10,22:54:07 +argo-cd,v1.3.5,2019-12-09,21:25:22 +argo-cd,v1.3.4,2019-12-05,23:31:46 +argo-cd,v1.3.3,2019-12-05,22:55:32 +argo-cd,v1.3.2,2019-12-03,21:40:15 +argo-cd,v1.3.1,2019-12-02,22:35:57 +argo-cd,v1.3.0,2019-11-13,02:17:35 +argo-cd,v1.3.0-rc5,2019-11-11,21:34:47 +argo-cd,v1.3.0-rc4,2019-11-04,06:53:16 +argo-cd,v1.3.0-rc3,2019-10-29,20:19:18 +argo-cd,v1.2.5,2019-10-29,00:14:59 +argo-cd,v1.3.0-rc2,2019-10-23,01:36:08 +argo-cd,v1.2.4,2019-10-23,20:11:59 +argo-cd,v1.3.0-rc1,2019-10-16,21:46:33 +argo-cd,v1.2.3,2019-10-01,21:10:16 +argo-cd,v1.2.2,2019-09-24,19:34:55 +argo-cd,v1.2.1,2019-09-12,17:31:17 +argo-cd,v1.2.0,2019-09-04,21:39:00 +argo-cd,v1.2.0-rc2,2019-08-21,16:04:14 +argo-cd,v1.2.0-rc1,2019-08-06,20:26:20 +argo-cd,v1.1.2,2019-07-30,18:02:46 +argo-cd,v1.1.1,2019-07-24,17:44:23 +argo-cd,v1.1.0,2019-07-24,17:22:37 +argo-cd,v1.1.0-rc8,2019-07-19,22:33:59 +argo-cd,v1.1.0-rc7,2019-07-17,23:30:42 +argo-cd,v1.1.0-rc6,2019-07-16,16:43:32 +argo-cd,v1.1.0-rc5,2019-07-09,21:43:03 +argo-cd,v1.1.0-rc4,2019-07-03,21:23:36 +argo-cd,v1.1.0-rc3,2019-06-28,21:09:41 +argo-cd,v1.1.0-rc2,2019-06-21,23:41:40 +argo-cd,v1.1.0-rc1,2019-06-14,18:42:47 +argo-cd,v1.0.2,2019-06-14,17:23:08 +argo-cd,v1.0.1,2019-05-28,17:32:09 +argo-cd,v1.0.0,2019-05-16,22:13:10 +argo-cd,v1.0.0-rc3,2019-05-09,17:28:45 +argo-cd,v1.0.0-rc2,2019-04-30,21:30:50 +argo-cd,v0.12.3,2019-04-30,06:17:03 +argo-cd,v1.0.0-rc1,2019-04-24,18:21:02 +argo-cd,v0.12.2,2019-04-22,21:50:44 +argo-cd,v0.12.1,2019-04-09,21:28:28 +argo-cd,v0.12.0,2019-03-23,01:35:42 +argo-cd,v0.12.0-rc6,2019-03-20,22:50:14 +argo-cd,v0.12.0-rc5,2019-03-19,08:07:36 +argo-cd,v0.12.0-rc4,2019-03-12,21:55:07 +argo-cd,v0.12.0-rc3,2019-03-07,02:51:44 +argo-cd,v0.12.0-rc2,2019-03-06,11:20:06 +argo-cd,v0.12.0-rc1,2019-03-06,03:04:20 +argo-cd,v0.11.2,2019-02-19,18:00:25 +argo-cd,v0.11.1,2019-01-18,21:14:24 +argo-cd,v0.11.0,2019-01-11,02:13:53 +argo-cd,v0.11.0-rc6,2019-01-10,00:42:34 +argo-cd,v0.11.0-rc5,2019-01-09,00:13:56 +argo-cd,v0.11.0-rc4,2019-01-04,21:48:23 +argo-cd,v0.11.0-rc3,2019-01-03,23:58:08 +argo-cd,v0.11.0-rc2,2018-12-28,01:33:08 +argo-cd,v0.11.0-rc1,2018-12-10,17:50:56 +argo-cd,v0.10.6,2018-11-15,03:01:53 +argo-cd,v0.10.5,2018-11-14,02:40:13 +argo-cd,v0.10.4,2018-11-08,02:06:57 +argo-cd,v0.10.3,2018-10-29,07:03:10 +argo-cd,v0.10.2,2018-10-25,20:12:36 +argo-cd,v0.10.1,2018-10-24,20:28:59 +argo-cd,v0.10.0,2018-10-19,22:01:34 +argo-cd,v0.9.2,2018-09-28,16:59:16 +argo-cd,v0.9.1,2018-09-24,21:46:35 +argo-cd,v0.9.0,2018-09-24,20:41:50 +argo-cd,v0.8.2,2018-09-12,08:55:44 +argo-cd,v0.8.1,2018-09-11,01:34:30 +argo-cd,v0.8.0,2018-09-05,01:10:25 +argo-cd,v0.7.2,2018-08-21,08:22:07 +argo-cd,v0.7.1,2018-08-03,20:45:14 +argo-cd,v0.7.0,2018-07-28,01:30:19 +argo-cd,v0.6.2,2018-07-24,10:04:03 +argo-cd,v0.6.1,2018-07-18,07:44:11 +argo-cd,v0.6.0,2018-07-17,09:42:25 +argo-cd,v0.5.4,2018-06-27,23:25:33 +argo-cd,v0.5.3,2018-06-21,00:09:10 +argo-cd,v0.5.2,2018-06-14,20:19:39 +argo-cd,v0.5.1,2018-06-13,21:46:40 +argo-cd,v0.5.0,2018-06-12,20:39:05 +argo-cd,v0.4.7,2018-06-07,18:37:20 +argo-cd,v0.4.6,2018-06-06,18:12:48 +argo-cd,v0.4.5,2018-05-31,10:29:26 +argo-cd,v0.4.4,2018-05-30,23:40:52 +argo-cd,v0.4.3,2018-05-21,22:38:11 +argo-cd,v0.4.2,2018-05-21,08:25:50 +argo-cd,v0.4.1,2018-05-18,20:40:11 +argo-cd,v0.4.0,2018-05-17,09:55:08 +argo-cd,v0.4.0-alpha1,2018-05-11,23:59:31 +argo-cd,v0.3.2,2018-05-03,18:25:30 +argo-cd,v0.3.1,2018-04-24,23:32:12 +argo-cd,v0.3.0,2018-04-23,08:29:14 +argo-cd,v0.2.0,2018-04-03,18:19:24 +argo-cd,v0.1.0,2018-03-13,00:38:20 +argo-workflows,v3.6.2,2024-12-02,14:12:44 +argo-workflows,v3.5.13,2024-12-02,13:09:39 +argo-workflows,v3.6.0,2024-11-14,19:02:01 +argo-workflows,v3.6.0-rc4,2024-10-31,11:56:16 +argo-workflows,v3.5.12,2024-10-30,11:49:27 +argo-workflows,v3.6.0-rc3,2024-10-24,10:51:47 +argo-workflows,v3.4.18,2024-12-16,09:03:37 +argo-workflows,v3.6.0-rc2,2024-10-03,07:48:59 +argo-workflows,v3.5.11,2024-09-20,14:08:00 +argo-workflows,v3.6.0-rc1,2024-09-18,10:03:03 +argo-workflows,v3.5.10,2024-08-01,06:03:16 +argo-workflows,v3.5.9,2024-07-30,06:58:49 +argo-workflows,v3.5.8,2024-06-18,04:52:31 +argo-workflows,v3.5.7,2024-05-27,07:13:30 +argo-workflows,v3.4.17,2024-05-13,02:47:39 +argo-workflows,v3.5.6,2024-04-19,21:43:07 +argo-workflows,v3.5.5,2024-02-29,21:47:50 +argo-workflows,v3.5.4,2024-01-14,06:19:09 +argo-workflows,v3.4.16,2024-01-14,06:17:57 +argo-workflows,v3.4.15,2024-01-13,23:29:40 +argo-workflows,v3.5.3,2024-01-11,03:12:46 +argo-workflows,v3.5.2,2023-11-27,19:16:42 +argo-workflows,v3.4.14,2023-11-27,18:56:22 +argo-workflows,v3.5.1,2023-11-03,19:57:45 +argo-workflows,v3.4.13,2023-11-03,21:07:31 +argo-workflows,v3.4.12,2023-10-20,13:00:24 +argo-workflows,v3.5.0,2023-10-13,15:00:44 +argo-workflows,v3.5.0-rc2,2023-09-20,19:20:10 +argo-workflows,v3.4.11,2023-09-08,01:14:16 +argo-workflows,v3.5.0-rc1,2023-08-15,20:01:35 +argo-workflows,v3.4.10,2023-08-15,18:59:38 +argo-workflows,v3.4.9,2023-07-20,15:28:41 +argo-workflows,v3.4.8,2023-05-25,23:37:40 +argo-workflows,v3.4.7,2023-04-11,17:26:32 +argo-workflows,v3.4.6,2023-03-31,20:16:18 +argo-workflows,v3.4.5,2023-02-07,13:26:29 +argo-workflows,v3.4.4,2022-11-29,21:15:21 +argo-workflows,v3.3.10,2022-11-29,21:24:54 +argo-workflows,v3.4.3,2022-10-31,09:17:41 +argo-workflows,v3.4.2,2022-10-23,07:36:55 +argo-workflows,v3.4.1,2022-10-01,16:09:34 +argo-workflows,v3.4.0,2022-09-19,05:23:46 +argo-workflows,v3.4.0-rc4,2022-09-10,19:34:15 +argo-workflows,v3.4.0-rc3,2022-09-01,01:28:29 +argo-workflows,v3.4.0-rc2,2022-08-19,14:51:26 +argo-workflows,v3.4.0-rc1,2022-08-10,07:13:17 +argo-workflows,v3.3.9,2022-08-10,01:08:09 +argo-workflows,v3.3.8,2022-06-24,01:18:03 +argo-workflows,v3.3.7,2022-06-21,00:41:49 +argo-workflows,v3.3.6,2022-05-26,01:22:39 +argo-workflows,v3.3.5,2022-05-04,01:13:34 +argo-workflows,v3.2.11,2022-05-03,22:59:55 +argo-workflows,v3.3.4,2022-04-29,19:54:39 +argo-workflows,v3.3.3,2022-04-25,23:19:39 +argo-workflows,v3.3.2,2022-04-20,23:16:10 +argo-workflows,v3.3.1,2022-03-18,19:45:27 +argo-workflows,v3.3.0,2022-03-14,23:06:47 +argo-workflows,v3.3.0-rc10,2022-03-07,23:50:34 +argo-workflows,v3.3.0-rc9,2022-03-05,19:01:28 +argo-workflows,v3.2.9,2022-03-02,23:04:35 +argo-workflows,v3.3.0-rc8,2022-03-01,02:52:15 +argo-workflows,v3.3.0-rc7,2022-02-25,21:14:31 +argo-workflows,v3.3.0-rc6,2022-02-21,20:27:19 +argo-workflows,v3.3.0-rc5,2022-02-21,20:07:56 +argo-workflows,v3.3.0-rc4,2022-02-08,20:05:39 +argo-workflows,v3.2.8,2022-02-04,20:19:52 +argo-workflows,v3.3.0-rc3,2022-02-03,20:31:05 +argo-workflows,v0.0.0-dev-bom-1,2022-02-02,21:21:47 +argo-workflows,v3.3.0-rc2,2022-01-30,01:45:04 +argo-workflows,v3.3.0-rc1,2022-01-29,01:08:13 +argo-workflows,v3.2.7,2022-01-28,02:28:31 +argo-workflows,v3.2.6,2021-12-17,21:12:28 +argo-workflows,v3.2.5,2021-12-16,00:34:48 +argo-workflows,v0.0.0-dev-kc-7,2021-11-19,01:36:27 +argo-workflows,v3.2.4,2021-11-18,00:41:27 +argo-workflows,v3.1.15,2021-11-17,18:46:01 +argo-workflows,v0.0.0-dev-kc-6,2021-11-18,00:10:06 +argo-workflows,v0.0.0-dev-kc-5,2021-11-16,20:03:24 +argo-workflows,v0.0.0-dev-kc-4,2021-11-16,18:38:30 +argo-workflows,v0.0.0-dev-kc-3,2021-11-15,21:54:04 +argo-workflows,v0.0.0-dev-kc-2,2021-11-15,21:36:23 +argo-workflows,v0.0.0-dev-kc-1,2021-11-09,21:24:30 +argo-workflows,v0.0.0-dev-kc-0,2021-11-09,17:10:14 +argo-workflows,v3.2.3,2021-10-27,02:22:57 +argo-workflows,v3.2.2,2021-10-21,18:24:56 +argo-workflows,v3.1.14,2021-10-20,02:52:43 +argo-workflows,v3.2.1,2021-10-19,22:11:39 +argo-workflows,v3.2.0,2021-10-12,16:28:36 +argo-workflows,v3.2.0-rc6,2021-10-06,02:26:30 +argo-workflows,v3.2.0-rc5,2021-09-29,18:09:20 +argo-workflows,v3.1.13,2021-09-28,20:07:21 +argo-workflows,v3.2.0-rc4,2021-09-21,21:03:56 +argo-workflows,v3.1.12,2021-09-16,14:12:07 +argo-workflows,v3.2.0-rc3,2021-09-14,19:40:01 +argo-workflows,v3.1.11,2021-09-14,07:41:28 +argo-workflows,v3.1.10,2021-09-10,18:58:55 +argo-workflows,v3.1.9,2021-09-03,22:39:13 +argo-workflows,v3.2.0-rc2,2021-09-01,23:45:48 +argo-workflows,v0.0.0-dev-mc-4,2021-08-31,18:10:35 +argo-workflows,v0.0.0-dev-mc-3,2021-08-30,17:45:10 +argo-workflows,v0.0.0-dev-mc-2,2021-08-30,17:40:57 +argo-workflows,v0.0.0-dev-mc-1,2021-08-30,00:26:16 +argo-workflows,v0.0.0-dev-mc-0,2021-08-28,02:06:29 +argo-workflows,v3.2.0-rc1,2021-08-20,02:49:34 +argo-workflows,v3.1.8,2021-08-19,00:19:56 +argo-workflows,v3.1.7,2021-08-18,18:21:43 +argo-workflows,v3.0.10,2021-08-18,23:53:38 +argo-workflows,v3.0.9,2021-08-18,17:03:34 +argo-workflows,v2.12.13,2021-08-18,23:42:45 +argo-workflows,v2.12.12,2021-08-18,17:57:06 +argo-workflows,v3.1.6,2021-08-13,00:39:51 +argo-workflows,v0.0.0-dev-dataflow-41,2021-08-11,04:28:21 +argo-workflows,v3.1.5,2021-08-04,07:14:30 +argo-workflows,v0.0.0-dev-dataflow-40,2021-08-04,02:06:40 +argo-workflows,v3.1.4,2021-08-04,01:06:06 +argo-workflows,v0.0.0-dev-dataflow-39,2021-07-30,20:53:39 +argo-workflows,v3.1.3,2021-07-28,05:38:36 +argo-workflows,v0.0.0-dev-dataflow-37,2021-07-23,23:23:18 +argo-workflows,v0.0.0-dev-dataflow-36,2021-07-22,01:29:29 +argo-workflows,v0.0.0-dev-dataflow-34,2021-07-20,18:17:04 +argo-workflows,v0.0.0-dev-dataflow-33,2021-07-16,23:18:16 +argo-workflows,v3.1.2,2021-07-15,22:04:54 +argo-workflows,v0.0.0-dev-dataflow-31,2021-07-14,16:55:52 +argo-workflows,v0.0.0-dev-dataflow-30,2021-07-12,18:40:24 +argo-workflows,v3.1.1,2021-06-28,21:31:33 +argo-workflows,v0.0.0-dev-dataflow-29,2021-06-28,18:51:44 +argo-workflows,v0.0.0-dev-dataflow-28,2021-06-25,03:44:24 +argo-workflows,v3.1.0,2021-06-21,23:35:00 +argo-workflows,v3.0.8,2021-06-21,23:52:48 +argo-workflows,v0.0.0-dev-dataflow-27,2021-06-21,23:00:03 +argo-workflows,v0.0.0-dev-dataflow-26,2021-06-16,00:01:26 +argo-workflows,v0.0.0-dev-dataflow-25,2021-06-16,00:01:43 +argo-workflows,v3.1.0-rc14,2021-06-10,19:18:50 +argo-workflows,v0.0.0-dev-dataflow-24,2021-06-10,17:34:10 +argo-workflows,v0.0.0-dev-dataflow-23,2021-06-10,02:31:42 +argo-workflows,v3.1.0-rc13,2021-06-08,16:45:35 +argo-workflows,v0.0.0-dev-dataflow-22,2021-06-09,20:38:24 +argo-workflows,v0.0.0-dev-dataflow-20,2021-06-08,02:42:49 +argo-workflows,v0.0.0-dev-dataflow-19,2021-06-06,20:41:36 +argo-workflows,v0.0.0-dev-docker-0,2021-06-06,19:00:54 +argo-workflows,v0.0.0-dev-dataflow-18,2021-06-05,00:59:50 +argo-workflows,v0.0.0-dev-dataflow-17,2021-06-04,01:23:11 +argo-workflows,v0.0.0-dev-dataflow-16,2021-06-04,01:03:00 +argo-workflows,v3.1.0-rc12,2021-06-03,01:40:44 +argo-workflows,v3.1.0-rc11,2021-06-01,19:02:58 +argo-workflows,v0.0.0-dev-dataflow-15,2021-06-01,22:31:59 +argo-workflows,v0.0.0-dev-dataflow-14,2021-06-01,20:34:22 +argo-workflows,v0.0.0-dev-dataflow-13,2021-06-01,19:06:07 +argo-workflows,v3.1.0-rc10,2021-05-28,00:00:15 +argo-workflows,v0.0.0-dev-dataflow-11,2021-05-27,02:01:59 +argo-workflows,v3.1.0-rc8,2021-05-25,18:06:14 +argo-workflows,v3.0.7,2021-05-25,19:08:55 +argo-workflows,v0.0.0-dev-dataflow-10,2021-05-25,18:22:42 +argo-workflows,v3.1.0-rc7,2021-05-24,20:15:18 +argo-workflows,v3.0.6,2021-05-24,22:03:27 +argo-workflows,v3.0.5,2021-05-24,20:16:47 +argo-workflows,v3.1.0-rc6,2021-05-21,16:46:01 +argo-workflows,v0.0.0-dev-dataflow-9,2021-05-21,20:56:00 +argo-workflows,v0.0.0-dev-dataflow-8,2021-05-21,06:32:47 +argo-workflows,v0.0.0-dev-dataflow-7,2021-05-21,03:02:41 +argo-workflows,v0.0.0-dev-dataflow-6,2021-05-20,23:34:42 +argo-workflows,v0.0.0-dev-dataflow-5,2021-05-19,23:23:04 +argo-workflows,v0.0.0-dev-dataflow-4,2021-05-19,00:02:40 +argo-workflows,v3.1.0-rc5,2021-05-17,22:42:30 +argo-workflows,v3.1.0-rc4,2021-05-14,21:20:57 +argo-workflows,v3.0.4,2021-05-14,06:52:02 +argo-workflows,v3.1.0-rc3,2021-05-13,21:46:01 +argo-workflows,v3.1.0-rc2,2021-05-13,00:17:44 +argo-workflows,v3.1.0-rc1,2021-05-12,21:19:04 +argo-workflows,v3.0.3,2021-05-11,22:31:06 +argo-workflows,v3.0.2,2021-04-20,15:37:15 +argo-workflows,v2.12.11,2021-04-06,18:10:38 +argo-workflows,v3.0.1,2021-04-01,19:52:20 +argo-workflows,v3.0.0,2021-03-30,20:25:33 +argo-workflows,v3.0.0-rc9,2021-03-23,19:04:46 +argo-workflows,v3.0.0-rc8,2021-03-17,19:30:33 +argo-workflows,v3.0.0-rc7,2021-03-16,23:25:22 +argo-workflows,v3.0.0-rc6,2021-03-10,01:08:31 +argo-workflows,v3.0.0-rc5,2021-03-09,19:50:05 +argo-workflows,v2.12.10,2021-03-08,22:57:52 +argo-workflows,v3.0.0-rc4,2021-03-02,22:26:56 +argo-workflows,v3.0.0-rc3,2021-02-23,21:38:38 +argo-workflows,v3.0.0-rc2,2021-02-16,18:09:12 +argo-workflows,v2.12.9,2021-02-17,01:28:49 +argo-workflows,v3.0.0-rc1,2021-02-09,00:36:27 +argo-workflows,v2.12.8,2021-02-09,00:36:17 +argo-workflows,v2.12.7,2021-02-01,22:21:36 +argo-workflows,v2.12.6,2021-01-25,20:24:13 +argo-workflows,v2.12.5,2021-01-19,22:49:21 +argo-workflows,v2.12.4,2021-01-12,20:53:35 +argo-workflows,v2.12.3,2021-01-05,02:00:00 +argo-workflows,v2.12.2,2020-12-18,18:17:19 +argo-workflows,v2.12.1,2020-12-18,01:11:16 +argo-workflows,v2.12.0,2020-12-17,19:35:41 +argo-workflows,v2.12.0-rc6,2020-12-15,19:00:45 +argo-workflows,v2.12.0-rc5,2020-12-10,13:50:01 +argo-workflows,v2.12.0-rc4,2020-12-03,00:55:16 +argo-workflows,v2.12.0-rc3,2020-11-23,13:35:50 +argo-workflows,v2.11.8,2020-11-21,16:36:24 +argo-workflows,v2.12.0-rc2,2020-11-12,16:23:14 +argo-workflows,v2.12.0-rc1,2020-11-06,19:14:19 +argo-workflows,v2.11.7,2020-11-02,21:50:13 +argo-workflows,v2.11.6,2020-10-19,20:51:22 +argo-workflows,v2.11.5,2020-10-15,23:14:34 +argo-workflows,v2.11.4,2020-10-14,22:30:23 +argo-workflows,v2.11.3,2020-10-07,23:20:10 +argo-workflows,v2.11.2,2020-10-06,00:19:46 +argo-workflows,v2.11.1,2020-09-29,17:55:55 +argo-workflows,v2.11.0,2020-09-17,23:09:05 +argo-workflows,v2.11.0-rc3,2020-09-15,16:50:33 +argo-workflows,v2.10.2,2020-09-14,17:45:20 +argo-workflows,v2.11.0-rc2,2020-09-09,17:43:25 +argo-workflows,v2.10.1,2020-09-03,00:02:01 +argo-workflows,v2.11.0-rc1,2020-09-01,20:17:41 +argo-workflows,v2.10.0,2020-08-18,23:15:58 +argo-workflows,v2.10.0-rc7,2020-08-14,15:48:45 +argo-workflows,v2.10.0-rc6,2020-08-06,23:31:38 +argo-workflows,v2.9.5,2020-08-06,22:45:49 +argo-workflows,v2.10.0-rc5,2020-08-03,23:21:27 +argo-workflows,v2.10.0-rc4,2020-07-29,00:15:54 +argo-workflows,v2.9.4,2020-07-24,21:59:33 +argo-workflows,v2.10.0-rc3,2020-07-23,23:04:45 +argo-workflows,v2.10.0-rc1,2020-07-17,20:10:06 +argo-workflows,v2.9.3,2020-07-15,01:33:15 +argo-workflows,v2.9.2,2020-07-09,00:21:41 +argo-workflows,v2.9.1,2020-07-03,15:28:51 +argo-workflows,v2.9.0,2020-07-02,01:43:01 +argo-workflows,v2.9.0-rc4,2020-06-26,23:05:54 +argo-workflows,v2.9.0-rc3,2020-06-23,19:15:20 +argo-workflows,v2.8.2,2020-06-22,22:28:02 +argo-workflows,v2.9.0-rc2,2020-06-17,04:36:44 +argo-workflows,v2.9.0-rc1,2020-06-11,00:19:33 +argo-workflows,v2.8.1,2020-05-29,00:31:04 +argo-workflows,v2.8.0,2020-05-11,23:50:27 +argo-workflows,v2.8.0-rc4,2020-05-06,23:58:00 +argo-workflows,v2.7.7,2020-05-06,23:32:46 +argo-workflows,v2.8.0-rc3,2020-04-28,16:46:57 +argo-workflows,v2.7.6,2020-04-28,17:31:48 +argo-workflows,v2.8.0-rc2,2020-04-23,23:29:50 +argo-workflows,v2.8.0-rc1,2020-04-21,15:36:43 +argo-workflows,v2.7.5,2020-04-21,01:35:36 +argo-workflows,v2.7.4,2020-04-16,18:20:58 +argo-workflows,v2.6.4,2020-04-16,03:02:24 +argo-workflows,v2.7.3,2020-04-16,02:03:38 +argo-workflows,v2.7.2,2020-04-10,20:29:17 +argo-workflows,v2.7.1,2020-04-07,17:16:19 +argo-workflows,v2.7.0,2020-04-01,03:13:14 +argo-workflows,v2.7.0-rc4,2020-03-30,22:13:50 +argo-workflows,v2.7.0-rc3,2020-03-25,20:18:44 +argo-workflows,v2.7.0-rc2,2020-03-23,18:38:05 +argo-workflows,v2.7.0-rc1,2020-03-19,02:11:45 +argo-workflows,v2.6.3,2020-03-16,18:24:24 +argo-workflows,v2.6.2,2020-03-12,16:23:45 +argo-workflows,v2.6.1,2020-03-04,21:33:38 +argo-workflows,v2.6.0,2020-02-28,23:39:10 +argo-workflows,v2.6.0-rc3,2020-02-25,17:32:04 +argo-workflows,v2.5.2,2020-02-24,23:10:36 +argo-workflows,v2.6.0-rc2,2020-02-22,00:36:29 +argo-workflows,v2.5.1,2020-02-20,18:30:07 +argo-workflows,v2.6.0-rc1,2020-02-19,18:48:23 +argo-workflows,v2.5.0,2020-02-19,02:54:07 +argo-workflows,v2.5.0-rc12,2020-02-14,00:08:36 +argo-workflows,v2.5.0-rc11,2020-02-11,22:25:57 +argo-workflows,v2.5.0-rc10,2020-02-08,00:23:39 +argo-workflows,v2.5.0-rc9,2020-02-07,00:40:24 +argo-workflows,v2.5.0-rc8,2020-02-04,01:25:11 +argo-workflows,v2.5.0-rc7,2020-01-31,22:43:09 +argo-workflows,v2.5.0-rc6,2020-01-30,22:14:51 +argo-workflows,v2.5.0-rc5,2020-01-30,03:13:49 +argo-workflows,v2.5.0-rc4,2020-01-27,21:08:05 +argo-workflows,v2.5.0-rc3,2020-01-27,19:37:31 +argo-workflows,v2.5.0-rc2,2020-01-24,21:43:45 +argo-workflows,v2.5.0-rc1,2020-01-24,20:59:49 +argo-workflows,v2.4.3,2019-12-06,05:53:42 +argo-workflows,v2.4.2,2019-10-21,19:06:52 +argo-workflows,v2.4.1,2019-10-09,00:01:23 +argo-workflows,v2.4.0,2019-10-07,20:35:32 +argo-workflows,v2.4.0-rc1,2019-08-08,22:12:22 +argo-workflows,v2.3.0,2019-05-20,22:34:35 +argo-workflows,v2.3.0-rc3,2019-05-08,00:11:00 +argo-workflows,v2.3.0-rc2,2019-04-21,08:32:04 +argo-workflows,v2.3.0-rc1,2019-04-10,16:08:39 +argo-workflows,v2.2.1,2018-10-11,16:44:01 +argo-workflows,v2.2.0,2018-08-30,09:00:24 +argo-workflows,v2.1.1,2018-05-29,20:52:07 +argo-workflows,v2.1.0,2018-05-01,20:33:03 +argo-workflows,v2.1.0-beta2,2018-03-29,20:55:26 +argo-workflows,v2.1.0-beta1,2018-03-29,15:35:56 +argo-workflows,v2.1.0-alpha1,2018-02-21,22:54:53 +argo-workflows,v2.0.0,2018-02-06,21:55:25 +argo-workflows,v2.0.0-beta1,2018-01-18,22:58:14 +argo-workflows,v2.0.0-alpha3,2018-01-02,21:32:11 +argo-workflows,v2.0.0-alpha2,2017-12-05,05:13:12 +argo-workflows,v2.0.0-alpha1,2017-11-16,22:10:07 +argo-events,v1.9.5,2025-01-10,18:11:20 +argo-events,v1.9.4,2025-01-08,07:48:18 +argo-events,v1.9.3,2024-11-27,06:51:10 +argo-events,v1.9.2,2024-06-14,00:38:39 +argo-events,v1.9.1,2024-02-13,21:21:44 +argo-events,v1.9.0,2024-01-09,08:31:10 +argo-events,v1.8.1,2023-08-31,23:49:47 +argo-events,v1.8.0,2023-05-08,05:54:59 +argo-events,v1.7.6,2023-02-10,07:30:54 +argo-events,v1.7.5,2023-01-23,08:23:36 +argo-events,v1.7.4,2022-12-12,07:45:11 +argo-events,v1.7.3,2022-09-28,22:10:34 +argo-events,v1.7.2,2022-09-12,23:46:11 +argo-events,v1.7.1,2022-06-09,06:27:31 +argo-events,v1.7.0,2022-05-04,22:47:01 +argo-events,v1.7.0-rc1,2022-04-23,07:22:52 +argo-events,v1.6.3,2022-03-03,20:56:12 +argo-events,v1.6.2,2022-03-02,05:39:57 +argo-events,v1.6.1,2022-02-27,08:51:59 +argo-events,v1.6.0,2022-02-13,06:42:27 +argo-events,v1.5.6,2022-01-12,05:18:08 +argo-events,v1.5.5,2021-12-19,03:32:55 +argo-events,v1.5.4,2021-12-10,08:49:46 +argo-events,v1.5.3,2021-11-22,18:36:36 +argo-events,v1.5.2,2021-11-09,20:01:58 +argo-events,v1.5.1,2021-11-08,07:35:38 +argo-events,v1.5.0,2021-10-12,18:48:33 +argo-events,v1.4.3,2021-09-30,15:49:41 +argo-events,v1.4.2,2021-09-21,18:29:51 +argo-events,v1.4.1,2021-09-01,00:37:05 +argo-events,v1.4.0,2021-07-12,16:33:29 +argo-events,v1.3.1,2021-05-04,17:40:52 +argo-events,v1.3.0,2021-04-12,18:14:51 +argo-events,v1.3.0-rc4,2021-04-08,06:37:06 +argo-events,v1.3.0-rc3,2021-04-05,20:42:52 +argo-events,v1.3.0-rc2,2021-03-31,21:34:56 +argo-events,v1.3.0-rc1,2021-03-23,18:05:01 +argo-events,v1.2.3,2021-02-18,17:52:54 +argo-events,v1.2.2,2021-01-27,17:40:28 +argo-events,v1.2.1,2021-01-26,08:22:50 +argo-events,v1.2.0,2021-01-08,08:30:04 +argo-events,v1.1.0,2020-11-16,20:07:55 +argo-events,v1.1.0-rc1,2020-11-05,06:36:21 +argo-events,v1.0.0,2020-09-04,20:57:04 +argo-events,v1.0.0-rc3,2020-08-26,04:36:48 +argo-events,v1.0.0-rc2,2020-08-16,21:20:09 +argo-events,v1.0.0-rc1,2020-08-10,18:25:28 +argo-events,v0.17.0,2020-07-24,12:40:33 +argo-events,v0.16.0,2020-06-14,23:52:44 +argo-events,v0.15.0,2020-05-08,13:42:18 +argo-events,v0.14.0,2020-04-12,23:34:58 +argo-events,v0.13.0,2020-03-21,01:21:15 +argo-events,v0.13.0-rc,2020-02-26,01:33:31 +argo-events,v0.12,2020-01-17,04:51:55 +argo-events,v0.12-rc,2019-12-12,04:52:49 +argo-events,v0.11,2019-11-11,17:11:35 +argo-events,v0.10,2019-10-07,12:51:38 +argo-events,v0.9.3,2019-07-15,12:16:22 +argo-events,v0.9.2,2019-04-26,01:11:53 +argo-events,v0.9.1,2019-04-26,00:33:03 +argo-events,v.0.9,2019-03-30,13:07:25 +argo-events,v0.8.3,2019-03-18,21:09:05 +argo-events,v0.8.2,2019-03-14,10:32:46 +argo-events,v0.8.1,2019-03-11,13:42:08 +argo-events,v0.8,2019-02-27,18:08:21 +argo-events,v0.7,2019-01-30,04:12:58 +argo-events,v0.6,2018-11-27,11:46:02 +argo-events,v0.5,2018-10-18,19:51:19 +argo-events,v0.5-beta1,2018-07-27,15:00:03 +argo-events,v0.5-alpha1,2018-06-20,19:23:36 +argo-rollouts,v1.8.0-rc2,2025-01-16,19:43:44 +argo-rollouts,v1.8.0-rc1,2024-12-09,14:28:35 +argo-rollouts,v1.7.2,2024-08-13,18:42:47 +argo-rollouts,v1.7.1,2024-06-25,01:38:31 +argo-rollouts,v1.7.0,2024-06-13,20:23:14 +argo-rollouts,v1.7.0-rc1,2024-04-05,18:24:00 +argo-rollouts,v1.6.6,2024-02-13,15:56:59 +argo-rollouts,v1.6.5,2024-01-25,20:19:53 +argo-rollouts,v1.6.4,2023-12-11,21:54:30 +argo-rollouts,v1.6.3,2023-12-05,14:36:31 +argo-rollouts,v1.6.2,2023-11-02,19:58:08 +argo-rollouts,v1.6.1,2023-11-01,21:19:43 +argo-rollouts,v1.6.0,2023-09-06,19:00:06 +argo-rollouts,v1.6.0-rc1,2023-08-11,14:22:24 +argo-rollouts,v1.5.1,2023-05-24,19:26:51 +argo-rollouts,v1.5.0,2023-05-08,15:34:06 +argo-rollouts,v1.5.0-rc1,2023-03-27,20:09:25 +argo-rollouts,v1.4.1,2023-02-25,15:23:34 +argo-rollouts,v1.3.3,2023-02-25,04:38:57 +argo-rollouts,v1.4.0,2023-01-09,21:43:34 +argo-rollouts,v1.4.0-rc1,2022-12-20,02:07:55 +argo-rollouts,v1.3.2,2022-12-15,17:05:26 +argo-rollouts,v1.3.1,2022-09-29,17:43:19 +argo-rollouts,v1.3.0,2022-09-19,03:29:00 +argo-rollouts,v1.3.0-rc3,2022-09-15,16:00:07 +argo-rollouts,v1.3.0-rc2,2022-08-25,20:49:49 +argo-rollouts,v1.3.0-rc1,2022-07-29,19:54:34 +argo-rollouts,v1.2.2,2022-07-26,17:49:31 +argo-rollouts,v1.2.1,2022-05-13,20:57:34 +argo-rollouts,v1.2.0,2022-03-22,17:16:13 +argo-rollouts,v1.2.0-rc2,2022-02-25,16:54:46 +argo-rollouts,v1.2.0-rc1,2022-02-07,20:00:22 +argo-rollouts,v1.1.1,2021-11-29,21:44:13 +argo-rollouts,v1.1.0,2021-10-12,17:02:30 +argo-rollouts,v1.1.0-rc2,2021-10-05,23:41:25 +argo-rollouts,v1.0.7,2021-09-29,18:02:01 +argo-rollouts,v1.1.0-rc1,2021-09-21,23:23:21 +argo-rollouts,v1.0.6,2021-08-26,18:13:19 +argo-rollouts,v1.0.4,2021-08-03,04:38:07 +argo-rollouts,v1.0.3,2021-08-03,04:36:59 +argo-rollouts,v1.0.2,2021-06-15,22:33:04 +argo-rollouts,v1.0.1,2021-05-26,08:43:12 +argo-rollouts,v1.0.0,2021-05-20,04:11:28 +argo-rollouts,v1.0.0-rc1,2021-04-29,20:29:41 +argo-rollouts,v0.10.2,2020-12-17,21:20:44 +argo-rollouts,v0.10.1,2020-12-05,01:23:44 +argo-rollouts,v0.10.0,2020-11-14,00:21:31 +argo-rollouts,v0.9.3,2020-11-05,23:24:15 +argo-rollouts,v0.9.2,2020-10-17,04:41:56 +argo-rollouts,v0.9.1,2020-09-28,22:52:01 +argo-rollouts,v0.9.0,2020-08-17,22:17:04 +argo-rollouts,v0.8.3,2020-06-04,00:49:11 +argo-rollouts,v0.8.2,2020-05-06,20:40:16 +argo-rollouts,v0.8.1,2020-04-20,23:55:07 +argo-rollouts,v0.8.0,2020-04-13,16:40:32 +argo-rollouts,v0.7.2,2020-02-25,19:46:06 +argo-rollouts,v0.7.1,2020-02-10,18:01:08 +argo-rollouts,v0.7.0,2020-01-22,05:09:28 +argo-rollouts,v0.6.3,2020-01-22,04:40:30 +argo-rollouts,v0.6.2,2019-12-16,17:14:42 +argo-rollouts,v0.6.1,2019-12-06,00:25:57 +argo-rollouts,v0.6.0,2019-11-17,21:16:29 +argo-rollouts,v0.5.0,2019-09-23,17:59:31 +argo-rollouts,v0.4.2,2019-08-19,20:21:15 +argo-rollouts,v0.4.1,2019-06-26,16:07:32 +argo-rollouts,v0.4.0,2019-06-21,17:48:41 +argo-rollouts,v0.3.2,2019-06-13,17:58:53 +argo-rollouts,v0.3.1,2019-05-18,21:27:51 +argo-rollouts,v0.3.0,2019-05-01,06:36:28 +argo-rollouts,v0.2.2,2019-04-16,23:10:01 +argo-rollouts,v0.2.1,2019-04-04,21:43:44 +argo-rollouts,v0.2.0,2019-03-04,22:30:55 +argo-rollouts,v0.1.0,2019-02-01,19:03:49 diff --git a/scripts/release-analysis/fetch_helmet_releases.py b/scripts/release-analysis/fetch_helmet_releases.py new file mode 100644 index 00000000..77e2fcb3 --- /dev/null +++ b/scripts/release-analysis/fetch_helmet_releases.py @@ -0,0 +1,90 @@ +import csv +import os +from datetime import datetime + +import requests + +# GitHub repository URL +repo_url = "https://api.github.com/repos/argoproj/argo-helm/releases" + +# Get the GitHub token from environment variables +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + + +# Function to fetch all releases with pagination +def fetch_all_releases(url): + releases = [] + headers = {"Authorization": f"token {github_token}"} + while url: + response = requests.get(url, headers=headers) + response.raise_for_status() + releases.extend(response.json()) + url = response.links.get("next", {}).get("url") + return releases + + +# Function to get the content of Chart.yaml in a release +def get_chart_yaml(repo, tag, chart_path): + url = f"https://raw.githubusercontent.com/{repo}/refs/tags/{tag}/charts/{chart_path}/Chart.yaml" + headers = {"Authorization": f"token {github_token}"} + response = requests.get(url, headers=headers) + if response.status_code == 200: + return response.text + return None + + +# Function to extract appVersion from Chart.yaml content +def extract_app_version(chart_yaml): + for line in chart_yaml.splitlines(): + if line.startswith("appVersion:"): + return line.split(":")[1].strip() + return None + + +# Function to fetch releases and write to a CSV file +def fetch_and_write_helmet_releases(csv_file): + # Fetch all releases + releases = fetch_all_releases(repo_url) + + # Write the release data to the CSV file + with open(csv_file, mode="w", newline="") as file: + writer = csv.writer(file, quoting=csv.QUOTE_NONE, escapechar="\\") + writer.writerow(["Release Name", "Release Date", "Release Time", "App Version"]) + + for release in releases: + tag_name = release["tag_name"] + published_at = release["published_at"] + release_date = datetime.strptime(published_at, "%Y-%m-%dT%H:%M:%SZ").date() + release_time = datetime.strptime(published_at, "%Y-%m-%dT%H:%M:%SZ").time() + + # Extract chart path from the release name + chart_path = "-".join(tag_name.split("-")[:-1]) + current_chart_yaml = get_chart_yaml( + "argoproj/argo-helm", tag_name, chart_path + ) + + if current_chart_yaml: + current_app_version = extract_app_version(current_chart_yaml) + writer.writerow( + [tag_name, release_date, release_time, current_app_version] + ) + + # Read the CSV file, remove any instances of `\"`, and write back the cleaned content + with open(csv_file, mode="r") as file: + content = file.read() + + cleaned_content = content.replace('\\"', "") + + with open(csv_file, mode="w", newline="") as file: + file.write(cleaned_content) + + print( + f'Release data has been written to {csv_file} and cleaned of any instances of \\"' + ) + + +# Example usage +if __name__ == "__main__": + fetch_and_write_helmet_releases("argo_helm_releases.csv") diff --git a/scripts/release-analysis/fetch_releases.py b/scripts/release-analysis/fetch_releases.py new file mode 100644 index 00000000..6d27faee --- /dev/null +++ b/scripts/release-analysis/fetch_releases.py @@ -0,0 +1,57 @@ +import csv +import os +from datetime import datetime + +import requests + +# List of GitHub repository URLs we care about +repos = [ + ("argo-cd", "https://api.github.com/repos/argoproj/argo-cd/releases"), + ("argo-workflows", "https://api.github.com/repos/argoproj/argo-workflows/releases"), + ("argo-events", "https://api.github.com/repos/argoproj/argo-events/releases"), + ("argo-rollouts", "https://api.github.com/repos/argoproj/argo-rollouts/releases"), +] + +# Get the GitHub token from environment variables +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + + +# Fetch all releases with pagination +def fetch_all_releases(url): + releases = [] + headers = {"Authorization": f"token {github_token}"} + while url: + response = requests.get(url, headers=headers) + response.raise_for_status() + releases.extend(response.json()) + url = response.links.get("next", {}).get("url") + return releases + + +# Fetch releases and write to a CSV file +def fetch_and_write_releases(csv_file): + with open(csv_file, mode="w", newline="") as file: + writer = csv.writer(file) + writer.writerow(["Repository", "Release Tag", "Release Date", "Release Time"]) + + for repo_name, repo_url in repos: + releases = fetch_all_releases(repo_url) + for release in releases: + tag_name = release["tag_name"] + published_at = release["published_at"] + release_date = datetime.strptime( + published_at, "%Y-%m-%dT%H:%M:%SZ" + ).date() + release_time = datetime.strptime( + published_at, "%Y-%m-%dT%H:%M:%SZ" + ).time() + writer.writerow([repo_name, tag_name, release_date, release_time]) + + print(f"Release data has been written to {csv_file}") + + +# Example usage +if __name__ == "__main__": + fetch_and_write_releases("argo_releases.csv") diff --git a/scripts/release-analysis/main.py b/scripts/release-analysis/main.py new file mode 100644 index 00000000..3fcf21ed --- /dev/null +++ b/scripts/release-analysis/main.py @@ -0,0 +1,31 @@ +import os + +from fetch_helmet_releases import fetch_and_write_helmet_releases +from fetch_releases import fetch_and_write_releases +from merge_csvs import merge_csv_files +from plot_graph import plot_time_difference + +# Check there is a github token +github_token = os.getenv("GITHUB_TOKEN") +if not github_token: + raise ValueError("GITHUB_TOKEN environment variable is not set") + +# Do the thing +print("Fetching releases...") +fetch_and_write_releases("argo_releases.csv") +print("Done") + +print("Fetching Team Helmet releases...") +fetch_and_write_helmet_releases("argo_helm_releases.csv") +print("Done") + +print("Merging release info...") +merge_csv_files("argo_releases.csv", "argo_helm_releases.csv", "merged_releases.csv") +print("Done") + +print("Plotting time difference graphs...") +plot_time_difference("merged_releases.csv") +print("Done") + +# Delete __pycache__ directories +os.system("rm -rf __pycache__") diff --git a/scripts/release-analysis/merge_csvs.py b/scripts/release-analysis/merge_csvs.py new file mode 100644 index 00000000..72b6917b --- /dev/null +++ b/scripts/release-analysis/merge_csvs.py @@ -0,0 +1,108 @@ +import csv +from datetime import datetime + + +def merge_csv_files(csv_file_1, csv_file_2, output_csv_file): + # Read the first CSV file into a dictionary + releases_1 = {} + with open(csv_file_1, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + key = (row["Repository"], row["Release Tag"]) + releases_1[key] = row + + # Read the second CSV file and find the oldest release for each appVersion + oldest_releases = {} + valid_repos = {"argo-cd", "argo-events", "argo-workflows", "argo-rollouts"} + with open(csv_file_2, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + release_name = row["Release Name"] + repo_name = "-".join(release_name.split("-")[:-1]) + if repo_name in valid_repos: + app_version = row["App Version"] + release_datetime = datetime.strptime( + f"{row['Release Date']} {row['Release Time']}", "%Y-%m-%d %H:%M:%S" + ) + if ( + repo_name, + app_version, + ) not in oldest_releases or release_datetime < oldest_releases[ + (repo_name, app_version) + ][ + "datetime" + ]: + oldest_releases[(repo_name, app_version)] = { + "row": row, + "datetime": release_datetime, + } + + # Merge the oldest releases with the first CSV file + merged_releases = [] + for (repo_name, app_version), data in oldest_releases.items(): + row = data["row"] + for key, release in releases_1.items(): + if ( + repo_name == release["Repository"] + and app_version == release["Release Tag"] + ): + time_difference = data["datetime"] - datetime.strptime( + f"{release['Release Date']} {release['Release Time']}", + "%Y-%m-%d %H:%M:%S", + ) + time_difference_hours = ( + time_difference.total_seconds() / 3600 + ) # Convert to hours + merged_row = { + "Repository": release["Repository"], + "Release Tag": release["Release Tag"], + "Release Date": release["Release Date"], + "Release Time": release["Release Time"], + "App Version": app_version, + "Release Name": row["Release Name"], + "Release Date 2": row["Release Date"], + "Release Time 2": row["Release Time"], + "Time Difference": time_difference_hours, + } + merged_releases.append(merged_row) + break + else: + merged_row = { + "Repository": repo_name, + "Release Tag": "", + "Release Date": "", + "Release Time": "", + "App Version": app_version, + "Release Name": row["Release Name"], + "Release Date 2": row["Release Date"], + "Release Time 2": row["Release Time"], + "Time Difference": "", + } + merged_releases.append(merged_row) + + # Write the merged data to a new CSV file + with open(output_csv_file, mode="w", newline="") as file: + fieldnames = [ + "Repository", + "Release Tag", + "Release Date", + "Release Time", + "App Version", + "Release Name", + "Release Date 2", + "Release Time 2", + "Time Difference", + ] + writer = csv.DictWriter(file, fieldnames=fieldnames) + writer.writeheader() + for row in merged_releases: + writer.writerow(row) + + print(f"Merged data has been written to {output_csv_file}") + + +# Example usage +if __name__ == "__main__": + merge_csv_files( + "argo_releases.csv", "argo_helm_releases.csv", "merged_releases.csv" + ) diff --git a/scripts/release-analysis/merged_releases.csv b/scripts/release-analysis/merged_releases.csv new file mode 100644 index 00000000..a4c13445 --- /dev/null +++ b/scripts/release-analysis/merged_releases.csv @@ -0,0 +1,195 @@ +Repository,Release Tag,Release Date,Release Time,App Version,Release Name,Release Date 2,Release Time 2,Time Difference +argo-cd,v2.13.3,2025-01-03,19:23:42,v2.13.3,argo-cd-7.7.13,2025-01-04,00:07:55,4.736944444444444 +argo-events,v1.9.5,2025-01-10,18:11:20,v1.9.5,argo-events-2.4.13,2025-01-11,10:22:47,16.190833333333334 +argo-workflows,v3.6.2,2024-12-02,14:12:44,v3.6.2,argo-workflows-0.45.1,2024-12-02,17:39:46,3.4505555555555554 +argo-events,v1.9.4,2025-01-08,07:48:18,v1.9.4,argo-events-2.4.12,2025-01-08,08:37:01,0.8119444444444445 +argo-events,v1.9.3,2024-11-27,06:51:10,v1.9.3,argo-events-2.4.9,2024-11-27,20:44:06,13.882222222222222 +argo-rollouts,v1.7.2,2024-08-13,18:42:47,v1.7.2,argo-rollouts-2.37.5,2024-08-14,08:31:31,13.812222222222223 +argo-cd,v2.13.2,2024-12-11,19:18:46,v2.13.2,argo-cd-7.7.10,2024-12-12,05:33:28,10.245 +argo-cd,v2.13.1,2024-11-20,17:11:22,v2.13.1,argo-cd-7.7.4,2024-11-20,20:48:11,3.613611111111111 +argo-workflows,v3.6.0,2024-11-14,19:02:01,v3.6.0,argo-workflows-0.43.0,2024-11-21,08:27:21,157.42222222222222 +argo-cd,v2.13.0,2024-11-04,12:46:49,v2.13.0,argo-cd-7.7.0,2024-11-05,00:00:06,11.221388888888889 +argo-workflows,v3.5.12,2024-10-30,11:49:27,v3.5.12,argo-workflows-0.42.6,2024-10-30,13:24:53,1.5905555555555555 +argo-cd,v2.12.6,2024-10-18,19:07:18,v2.12.6,argo-cd-7.6.12,2024-10-18,19:27:20,0.3338888888888889 +argo-cd,v2.12.5,2024-10-17,22:03:45,v2.12.5,argo-cd-7.6.11,2024-10-18,07:16:30,9.2125 +argo-cd,v2.12.4,2024-09-26,07:14:39,v2.12.4,argo-cd-7.6.5,2024-09-26,07:42:42,0.4675 +argo-workflows,v3.5.11,2024-09-20,14:08:00,v3.5.11,argo-workflows-0.42.3,2024-09-20,15:08:40,1.011111111111111 +argo-cd,v2.12.3,2024-08-27,12:33:34,v2.12.3,argo-cd-7.4.7,2024-08-27,13:30:34,0.95 +argo-events,v1.9.2,2024-06-14,00:38:39,v1.9.2,argo-events-2.4.6,2024-06-14,05:09:08,4.508055555555556 +argo-workflows,v3.5.10,2024-08-01,06:03:16,v3.5.10,argo-workflows-0.41.13,2024-08-01,07:19:01,1.2625 +argo-cd,v2.12.2,2024-08-23,04:05:09,v2.12.2,argo-cd-7.4.5,2024-08-23,08:51:19,4.769444444444445 +argo-cd,v2.12.1,2024-08-16,17:16:36,v2.12.1,argo-cd-7.4.4,2024-08-16,21:36:53,4.338055555555556 +argo-rollouts,v1.7.1,2024-06-25,01:38:31,v1.7.1,argo-rollouts-2.37.0,2024-06-26,09:10:19,31.53 +argo-cd,v2.12.0,2024-08-05,14:02:15,v2.12.0,argo-cd-7.4.0,2024-08-05,15:22:06,1.3308333333333333 +argo-workflows,v3.5.9,2024-07-30,06:58:49,v3.5.9,argo-workflows-0.41.12,2024-07-30,07:39:23,0.6761111111111111 +argo-cd,v2.11.7,2024-07-24,10:27:18,v2.11.7,argo-cd-7.3.11,2024-07-24,11:44:52,1.2927777777777778 +argo-cd,v2.11.6,2024-07-22,15:19:04,v2.11.6,argo-cd-7.3.10,2024-07-22,17:14:41,1.9269444444444443 +argo-cd,v2.11.5,2024-07-15,18:32:15,v2.11.5,argo-cd-7.3.7,2024-07-16,01:17:05,6.747222222222222 +argo-cd,v2.11.4,2024-07-02,19:52:42,v2.11.4,argo-cd-7.3.4,2024-07-02,20:43:46,0.8511111111111112 +argo-cd,v2.11.3,2024-06-06,09:43:29,v2.11.3,argo-cd-7.1.2,2024-06-06,10:51:51,1.1394444444444445 +argo-rollouts,v1.7.0,2024-06-13,20:23:14,v1.7.0,argo-rollouts-2.36.0,2024-06-14,09:00:46,12.625555555555556 +argo-workflows,v3.5.8,2024-06-18,04:52:31,v3.5.8,argo-workflows-0.41.10,2024-06-18,07:47:04,2.9091666666666667 +argo-workflows,v3.5.7,2024-05-27,07:13:30,v3.5.7,argo-workflows-0.41.7,2024-05-27,08:09:42,0.9366666666666666 +argo-cd,v2.11.2,2024-05-23,14:14:51,v2.11.2,argo-cd-6.11.1,2024-05-23,15:37:21,1.375 +argo-events,v1.9.1,2024-02-13,21:21:44,v1.9.1,argo-events-2.4.3,2024-02-14,08:53:00,11.52111111111111 +argo-rollouts,v1.6.6,2024-02-13,15:56:59,v1.6.6,argo-rollouts-2.34.3,2024-02-14,08:50:21,16.889444444444443 +argo-cd,v2.11.1,2024-05-21,15:03:58,v2.11.1,argo-cd-6.10.0,2024-05-21,16:36:49,1.5475 +argo-workflows,v3.5.6,2024-04-19,21:43:07,v3.5.6,argo-workflows-0.41.2,2024-04-20,04:55:21,7.203888888888889 +argo-cd,v2.11.0,2024-05-07,16:37:25,v2.11.0,argo-cd-6.8.0,2024-05-08,06:21:31,13.735 +argo-cd,v2.10.9,2024-04-30,16:55:10,v2.10.9,argo-cd-6.7.18,2024-04-30,17:14:22,0.32 +argo-cd,v2.10.8,2024-04-26,14:04:02,v2.10.8,argo-cd-6.7.16,2024-04-26,14:21:35,0.2925 +argo-cd,v2.10.7,2024-04-15,09:21:23,v2.10.7,argo-cd-6.7.12,2024-04-15,10:43:13,1.363888888888889 +argo-cd,v2.10.6,2024-04-05,01:04:01,v2.10.6,argo-cd-6.7.10,2024-04-05,05:00:08,3.935277777777778 +argo-cd,v2.10.5,2024-03-28,16:29:02,v2.10.5,argo-cd-6.7.4,2024-03-28,17:30:11,1.0191666666666668 +argo-workflows,v3.5.5,2024-02-29,21:47:50,v3.5.5,argo-workflows-0.40.12,2024-03-01,00:03:01,2.2530555555555556 +argo-cd,v2.10.4,2024-03-18,08:44:51,v2.10.4,argo-cd-6.7.3,2024-03-18,09:36:58,0.8686111111111111 +argo-cd,v2.10.3,2024-03-13,19:53:05,v2.10.3,argo-cd-6.7.2,2024-03-13,20:46:14,0.8858333333333334 +argo-cd,v2.10.2,2024-03-01,22:03:43,v2.10.2,argo-cd-6.5.1,2024-03-01,22:33:17,0.49277777777777776 +argo-cd,v2.10.1,2024-02-14,18:12:43,v2.10.1,argo-cd-6.0.14,2024-02-14,21:04:43,2.8666666666666667 +argo-workflows,v3.5.4,2024-01-14,06:19:09,v3.5.4,argo-workflows-0.40.6,2024-01-14,08:11:19,1.8694444444444445 +argo-cd,v2.10.0,2024-02-06,15:03:51,v2.10.0,argo-cd-5.55.0,2024-02-07,07:10:30,16.110833333333332 +argo-cd,v2.9.6,2024-02-02,19:51:46,v2.9.6,argo-cd-5.53.13,2024-02-02,22:50:34,2.98 +argo-cd,v2.9.5,2024-01-19,18:32:02,v2.9.5,argo-cd-5.53.2,2024-01-19,20:20:14,1.8033333333333332 +argo-rollouts,v1.6.5,2024-01-25,20:19:53,v1.6.5,argo-rollouts-2.34.2,2024-01-26,06:31:27,10.192777777777778 +argo-cd,v2.9.4,2024-01-18,21:24:02,v2.9.4,argo-cd-5.53.1,2024-01-19,05:48:47,8.4125 +argo-cd,v2.9.3,2023-12-01,23:39:19,v2.9.3,argo-cd-5.51.6,2023-12-02,11:03:49,11.408333333333333 +argo-workflows,v3.5.3,2024-01-11,03:12:46,v3.5.3,argo-workflows-0.40.5,2024-01-11,07:20:47,4.133611111111111 +argo-events,v1.9.0,2024-01-09,08:31:10,v1.9.0,argo-events-2.4.2,2024-01-09,10:14:30,1.7222222222222223 +argo-rollouts,v1.6.4,2023-12-11,21:54:30,v1.6.4,argo-rollouts-2.32.8,2023-12-13,06:59:39,33.08583333333333 +argo-workflows,v3.5.2,2023-11-27,19:16:42,v3.5.2,argo-workflows-0.39.5,2023-11-27,21:13:09,1.9408333333333334 +argo-rollouts,v1.6.3,2023-12-05,14:36:31,v1.6.3,argo-rollouts-2.32.7,2023-12-08,15:06:58,72.5075 +argo-rollouts,v1.6.2,2023-11-02,19:58:08,v1.6.2,argo-rollouts-2.32.4,2023-11-15,13:09:53,305.1958333333333 +argo-cd,v2.9.2,2023-11-20,17:52:41,v2.9.2,argo-cd-5.51.4,2023-11-20,18:50:04,0.9563888888888888 +argo-workflows,v3.5.1,2023-11-03,19:57:45,v3.5.1,argo-workflows-0.38.0,2023-11-04,05:58:06,10.005833333333333 +argo-cd,v2.9.1,2023-11-14,15:55:51,v2.9.1,argo-cd-5.51.2,2023-11-15,05:59:33,14.061666666666667 +argo-rollouts,v1.6.1,2023-11-01,21:19:43,v1.6.1,argo-rollouts-2.32.3,2023-11-15,10:00:45,324.6838888888889 +argo-cd,v2.9.0,2023-11-06,05:27:12,v2.9.0,argo-cd-5.51.0,2023-11-06,12:54:52,7.461111111111111 +argo-workflows,v3.5.0,2023-10-13,15:00:44,v3.5.0,argo-workflows-0.35.0,2023-10-13,22:07:38,7.115 +argo-cd,v2.8.6,2023-11-01,17:29:59,v2.8.6,argo-cd-5.50.0,2023-10-31,18:12:30,-23.29138888888889 +argo-rollouts,v1.6.0,2023-09-06,19:00:06,v1.6.0,argo-rollouts-2.32.0,2023-09-07,12:23:50,17.395555555555557 +argo-cd,v2.8.5,2023-10-31,19:30:03,v2.8.5,argo-cd-5.48.0,2023-10-28,07:29:05,-84.01611111111112 +argo-cd,v2.8.4,2023-09-13,20:08:07,v2.8.4,argo-cd-5.46.3,2023-09-14,04:56:22,8.804166666666667 +argo-workflows,v3.4.11,2023-09-08,01:14:16,v3.4.11,argo-workflows-0.33.2,2023-09-08,04:20:30,3.1038888888888887 +argo-cd,v2.8.3,2023-09-07,18:06:07,v2.8.3,argo-cd-5.45.3,2023-09-08,00:13:52,6.129166666666666 +argo-cd,v2.8.2,2023-08-24,21:05:33,v2.8.2,argo-cd-5.43.6,2023-08-25,08:46:11,11.677222222222222 +argo-events,v1.8.1,2023-08-31,23:49:47,v1.8.1,argo-events-2.4.1,2023-09-04,01:15:35,73.43 +argo-cd,v2.8.1,2023-08-22,21:19:28,v2.8.1,argo-cd-5.43.5,2023-08-23,03:57:35,6.635277777777778 +argo-workflows,v3.4.10,2023-08-15,18:59:38,v3.4.10,argo-workflows-0.32.3,2023-08-16,11:00:55,16.02138888888889 +argo-rollouts,v1.5.1,2023-05-24,19:26:51,v1.5.1,argo-rollouts-2.31.1,2023-07-20,17:26:45,1365.9983333333332 +argo-cd,v2.8.0,2023-08-07,20:03:46,v2.8.0,argo-cd-5.43.0,2023-08-08,14:36:04,18.538333333333334 +argo-workflows,v3.4.9,2023-07-20,15:28:41,v3.4.9,argo-workflows-0.32.0,2023-07-20,23:20:17,7.86 +argo-cd,v2.7.11,2023-08-07,20:07:16,v2.7.11,argo-cd-5.42.3,2023-08-08,06:11:54,10.077222222222222 +argo-cd,v2.7.10,2023-07-31,22:51:19,v2.7.10,argo-cd-5.42.1,2023-08-01,05:57:37,7.105 +argo-cd,v2.7.9,2023-07-24,18:50:30,v2.7.9,argo-cd-5.41.2,2023-07-25,02:10:03,7.325833333333334 +argo-cd,v2.7.8,2023-07-19,15:58:13,v2.7.8,argo-cd-5.41.1,2023-07-19,22:26:30,6.471388888888889 +argo-cd,v2.7.7,2023-07-05,20:25:54,v2.7.7,argo-cd-5.37.1,2023-07-06,08:26:09,12.004166666666666 +argo-workflows,v3.4.8,2023-05-25,23:37:40,v3.4.8,argo-workflows-0.28.2,2023-05-26,04:19:27,4.6963888888888885 +argo-cd,v2.7.6,2023-06-20,21:46:46,v2.7.6,argo-cd-5.36.5,2023-06-21,04:27:57,6.686388888888889 +argo-events,v1.8.0,2023-05-08,05:54:59,v1.8.0,argo-events-2.4.0,2023-06-21,12:41:55,1062.7822222222221 +argo-cd,v2.7.5,2023-06-16,15:24:00,v2.7.5,argo-cd-5.36.2,2023-06-17,04:55:38,13.527222222222223 +argo-cd,v2.7.4,2023-06-05,19:40:08,v2.7.4,argo-cd-5.35.1,2023-06-06,04:53:38,9.225 +argo-cd,v2.7.3,2023-05-24,16:14:02,v2.7.3,argo-cd-5.34.5,2023-05-24,23:23:36,7.1594444444444445 +argo-rollouts,v1.5.0,2023-05-08,15:34:06,v1.5.0,argo-rollouts-2.28.0,2023-05-10,15:37:42,48.06 +argo-workflows,v3.4.7,2023-04-11,17:26:32,v3.4.7,argo-workflows-0.23.2,2023-04-12,04:52:48,11.437777777777777 +argo-cd,v2.7.2,2023-05-12,14:41:07,v2.7.2,argo-cd-5.33.2,2023-05-12,15:19:23,0.6377777777777778 +argo-cd,v2.7.1,2023-05-02,17:24:44,v2.7.1,argo-cd-5.31.1,2023-05-03,09:48:25,16.39472222222222 +argo-events,v1.7.6,2023-02-10,07:30:54,v1.7.6,argo-events-2.1.3,2023-02-21,01:14:54,257.73333333333335 +argo-rollouts,v1.4.1,2023-02-25,15:23:34,v1.4.1,argo-rollouts-2.22.3,2023-03-02,15:08:16,119.745 +argo-cd,v2.7.0,2023-05-02,00:51:25,v2.7.0,argo-cd-5.30.0,2023-05-02,07:29:11,6.629444444444444 +argo-cd,v2.6.7,2023-03-23,15:45:09,v2.6.7,argo-cd-5.27.2,2023-03-24,00:09:05,8.398888888888889 +argo-workflows,v3.4.6,2023-03-31,20:16:18,v3.4.6,argo-workflows-0.22.16,2023-04-04,11:10:35,86.90472222222222 +argo-workflows,v3.4.5,2023-02-07,13:26:29,v3.4.5,argo-workflows-0.22.10,2023-02-07,15:11:29,1.75 +argo-cd,v2.6.6,2023-03-16,23:07:31,v2.6.6,argo-cd-5.27.1,2023-03-17,08:25:05,9.292777777777777 +argo-cd,v2.6.5,2023-03-14,14:59:49,v2.6.5,argo-cd-5.26.1,2023-03-14,18:42:39,3.713888888888889 +argo-cd,v2.6.4,2023-03-07,23:29:08,v2.6.4,argo-cd-5.24.2,2023-03-08,07:13:22,7.737222222222222 +argo-cd,v2.6.3,2023-02-27,15:20:04,v2.6.3,argo-cd-5.23.3,2023-02-28,08:32:15,17.203055555555554 +argo-cd,v2.6.2,2023-02-16,15:43:42,v2.6.2,argo-cd-5.21.1,2023-02-17,08:23:54,16.67 +argo-cd,v2.6.1,2023-02-08,19:39:04,v2.6.1,argo-cd-5.20.3,2023-02-08,20:15:43,0.6108333333333333 +argo-cd,v2.6.0,2023-02-06,22:04:33,v2.6.0,argo-cd-5.20.0,2023-02-07,15:02:47,16.970555555555556 +argo-cd,v2.5.10,2023-02-02,15:48:00,v2.5.10,argo-cd-5.19.14,2023-02-02,21:56:38,6.143888888888889 +argo-cd,v2.5.9,2023-01-28,00:04:28,v2.5.9,argo-cd-5.19.11,2023-01-28,13:41:15,13.613055555555556 +argo-workflows,v3.4.4,2022-11-29,21:15:21,v3.4.4,argo-workflows-0.20.12,2022-11-30,15:26:09,18.18 +argo-rollouts,v1.4.0,2023-01-09,21:43:34,v1.4.0,argo-rollouts-2.22.0,2023-01-19,21:14:27,239.51472222222222 +argo-events,v1.7.5,2023-01-23,08:23:36,v1.7.5,argo-events-2.1.1,2023-01-29,12:16:37,147.88361111111112 +argo-cd,v2.5.8,2023-01-25,17:05:03,v2.5.8,argo-cd-5.19.7,2023-01-26,08:23:02,15.299722222222222 +argo-events,v1.7.4,2022-12-12,07:45:11,v1.7.4,argo-events-2.0.10,2022-12-24,19:41:24,299.93694444444446 +argo-cd,v2.5.7,2023-01-18,03:00:02,v2.5.7,argo-cd-5.17.2,2023-01-18,06:44:45,3.745277777777778 +argo-rollouts,v1.3.1,2022-09-29,17:43:19,v1.3.1,argo-rollouts-2.21.1,2022-09-30,22:29:28,28.769166666666667 +argo-cd,v2.5.6,2023-01-10,20:14:18,v2.5.6,argo-cd-5.17.1,2023-01-11,06:33:59,10.328055555555556 +argo-cd,v2.5.5,2022-12-16,16:53:08,v2.5.5,argo-cd-5.16.7,2022-12-17,11:36:17,18.719166666666666 +argo-events,v1.7.3,2022-09-28,22:10:34,v1.7.3,argo-events-2.0.6,2022-09-29,15:55:01,17.740833333333335 +argo-cd,v2.5.4,2022-12-06,20:26:51,v2.5.4,argo-cd-5.16.2,2022-12-07,07:41:56,11.251388888888888 +argo-cd,v2.5.3,2022-11-28,17:28:00,v2.5.3,argo-cd-5.14.3,2022-11-28,22:10:18,4.705 +argo-workflows,v3.4.3,2022-10-31,09:17:41,v3.4.3,argo-workflows-0.20.6,2022-11-01,09:26:43,24.150555555555556 +argo-cd,v2.5.2,2022-11-07,17:23:44,v2.5.2,argo-cd-5.13.6,2022-11-08,16:04:52,22.685555555555556 +argo-cd,v2.5.1,2022-11-01,21:53:59,v2.5.1,argo-cd-5.13.1,2022-11-02,07:31:33,9.626111111111111 +argo-cd,v2.5.0,2022-10-25,15:32:28,v2.5.0,argo-cd-5.8.0,2022-10-25,21:22:42,5.8372222222222225 +argo-workflows,v3.4.2,2022-10-23,07:36:55,v3.4.2,argo-workflows-0.20.3,2022-10-24,05:53:54,22.283055555555556 +argo-cd,v2.4.15,2022-10-17,21:17:43,v2.4.15,argo-cd-5.6.1,2022-10-20,11:23:48,62.10138888888889 +argo-workflows,v3.4.1,2022-10-01,16:09:34,v3.4.1,argo-workflows-0.20.1,2022-10-02,09:28:15,17.31138888888889 +argo-cd,v2.4.14,2022-10-05,17:53:31,v2.4.14,argo-cd-5.5.10,2022-10-06,21:05:05,27.192777777777778 +argo-cd,v2.4.13,2022-10-03,21:38:39,v2.4.13,argo-cd-5.5.8,2022-10-04,00:58:31,3.331111111111111 +argo-cd,v2.4.12,2022-09-16,01:33:23,v2.4.12,argo-cd-5.4.4,2022-09-16,08:58:43,7.4222222222222225 +argo-rollouts,v1.3.0,2022-09-19,03:29:00,v1.3.0,argo-rollouts-2.21.0,2022-09-29,06:43:50,243.24722222222223 +argo-workflows,v3.4.0,2022-09-19,05:23:46,v3.4.0,argo-workflows-0.18.0,2022-09-19,16:10:42,10.782222222222222 +argo-events,v1.7.2,2022-09-12,23:46:11,v1.7.2,argo-events-2.0.5,2022-09-20,11:55:01,180.1472222222222 +argo-cd,v2.4.11,2022-08-22,09:52:10,v2.4.11,argo-cd-4.10.9,2022-08-22,14:04:30,4.205555555555556 +argo-workflows,v3.3.9,2022-08-10,01:08:09,v3.3.9,argo-workflows-0.16.9,2022-08-10,11:43:41,10.592222222222222 +argo-rollouts,v1.2.2,2022-07-26,17:49:31,v1.2.2,argo-rollouts-2.19.2,2022-08-26,09:03:17,735.2294444444444 +argo-events,v1.7.1,2022-06-09,06:27:31,v1.7.1,argo-events-2.0.2,2022-07-04,09:50:24,603.3813888888889 +argo-rollouts,v1.2.0,2022-03-22,17:16:13,v1.2.0,argo-rollouts-2.12.0,2022-03-23,21:12:12,27.933055555555555 +argo-cd,v2.4.10,2022-08-17,21:44:09,v2.4.10,argo-cd-4.10.7,2022-08-18,00:28:21,2.736666666666667 +argo-cd,v2.4.9,2022-08-11,15:59:47,v2.4.9,argo-cd-4.10.6,2022-08-11,20:43:51,4.734444444444445 +argo-cd,v2.4.8,2022-07-29,17:38:38,v2.4.8,argo-cd-4.10.4,2022-08-01,13:49:17,68.1775 +argo-cd,v2.4.7,2022-07-18,21:54:21,v2.4.7,argo-cd-4.9.15,2022-07-19,06:25:53,8.525555555555556 +argo-workflows,v3.3.8,2022-06-24,01:18:03,v3.3.8,argo-workflows-0.16.6,2022-06-24,05:47:50,4.496388888888889 +argo-cd,v2.4.6,2022-07-12,23:14:34,v2.4.6,argo-cd-4.9.13,2022-07-13,20:43:07,21.475833333333334 +argo-cd,v2.4.4,2022-07-07,07:59:34,v2.4.4,argo-cd-4.9.12,2022-07-07,16:46:25,8.780833333333334 +argo-cd,v2.4.3,2022-06-27,21:39:15,v2.4.3,argo-cd-4.9.9,2022-06-28,13:20:49,15.692777777777778 +argo-events,v1.7.0,2022-05-04,22:47:01,v1.7.0,argo-events-2.0.0,2022-06-14,15:38:27,976.8572222222223 +argo-cd,v2.4.2,2022-06-21,21:19:40,v2.4.2,argo-cd-4.9.5,2022-06-23,05:50:20,32.51111111111111 +argo-workflows,v3.3.7,2022-06-21,00:41:49,v3.3.7,argo-workflows-0.16.5,2022-06-23,16:01:09,63.32222222222222 +argo-workflows,v3.3.6,2022-05-26,01:22:39,v3.3.6,argo-workflows-0.16.1,2022-05-26,11:20:50,9.969722222222222 +argo-cd,v2.4.0,2022-06-10,17:59:33,v2.4.0,argo-cd-4.9.0,2022-06-14,10:10:37,88.18444444444444 +argo-cd,v2.3.4,2022-05-18,13:14:17,v2.3.4,argo-cd-4.6.2,2022-05-19,17:54:21,28.66777777777778 +argo-workflows,v3.3.5,2022-05-04,01:13:34,v3.3.5,argo-workflows-0.15.2,2022-05-20,21:14:27,404.01472222222225 +argo-workflows,v3.3.2,2022-04-20,23:16:10,v3.3.2,argo-workflows-0.14.0,2022-04-22,07:09:42,31.892222222222223 +argo-cd,v2.3.3,2022-03-30,01:55:37,v2.3.3,argo-cd-4.3.1,2022-03-30,13:40:17,11.744444444444444 +argo-events,v1.6.0,2022-02-13,06:42:27,v1.6.0,argo-events-1.11.0,2022-02-20,18:31:57,179.825 +argo-cd,v2.3.2,2022-03-23,02:12:12,v2.3.2,argo-cd-4.2.2,2022-03-23,09:53:45,7.6925 +argo-workflows,v3.2.9,2022-03-02,23:04:35,v3.2.9,argo-workflows-0.11.2,2022-03-05,08:51:50,57.7875 +argo-cd,v2.3.1,2022-03-11,00:07:41,v2.3.1,argo-cd-4.0.0,2022-03-16,21:02:33,140.91444444444446 +argo-rollouts,v1.1.1,2021-11-29,21:44:13,v1.1.1,argo-rollouts-2.8.1,2022-01-10,18:21:14,1004.6169444444445 +argo-cd,v2.2.5,2022-02-05,01:42:13,v2.2.5,argo-cd-3.33.4,2022-02-05,12:55:15,11.217222222222222 +argo-workflows,v3.2.7,2022-01-28,02:28:31,v3.2.7,argo-workflows-0.10.1,2022-02-09,23:06:55,308.64 +argo-cd,v2.2.4,2022-02-03,20:50:43,v2.2.4,argo-cd-3.33.3,2022-02-04,09:19:44,12.483611111111111 +argo-cd,v2.2.3,2022-01-18,18:03:37,v2.2.3,argo-cd-3.32.0,2022-01-26,15:14:35,189.18277777777777 +argo-workflows,v3.2.6,2021-12-17,21:12:28,v3.2.6,argo-workflows-0.9.4,2021-12-20,11:00:00,61.79222222222222 +argo-events,v1.5.6,2022-01-12,05:18:08,v1.5.6,argo-events-1.10.1,2022-01-18,22:20:08,161.03333333333333 +argo-cd,v2.2.2,2022-01-01,06:38:42,v2.2.2,argo-cd-3.29.5,2022-01-04,10:16:28,75.62944444444445 +argo-events,v1.5.0,2021-10-12,18:48:33,v1.5.0,argo-events-1.8.0,2021-10-27,15:13:58,356.4236111111111 +argo-rollouts,v1.1.0,2021-10-12,17:02:30,v1.1.0,argo-rollouts-2.2.0,2021-10-14,14:58:28,45.93277777777778 +argo-cd,v2.2.1,2021-12-17,01:41:25,v2.2.1,argo-cd-3.29.1,2021-12-17,10:06:18,8.414722222222222 +argo-cd,v2.2.0,2021-12-14,18:19:23,v2.2.0,argo-cd-3.29.0,2021-12-15,10:15:30,15.935277777777777 +argo-cd,v2.1.7,2021-11-17,22:18:58,v2.1.7,argo-cd-3.26.10,2021-11-21,12:48:45,86.49638888888889 +argo-workflows,v3.2.4,2021-11-18,00:41:27,v3.2.4,argo-workflows-0.8.3,2021-11-21,18:59:21,90.29833333333333 +argo-workflows,v3.2.0,2021-10-12,16:28:36,v3.2.0,argo-workflows-0.7.3,2021-10-15,10:22:13,65.89361111111111 +argo-cd,v2.1.6,2021-10-28,20:08:23,v2.1.6,argo-cd-3.26.4,2021-10-31,11:57:25,63.81722222222222 +argo-cd,v2.1.5,2021-10-20,15:25:12,v2.1.5,argo-cd-3.26.3,2021-10-21,20:56:35,29.523055555555555 +argo-cd,,,,2.1.4,argo-cd-3.26.1,2021-10-20,06:32:59, +argo-cd,,,,2.1.3,argo-cd-3.23.1,2021-10-06,15:28:20, +argo-workflows,v3.1.8,2021-08-19,00:19:56,v3.1.8,argo-workflows-0.4.2,2021-08-23,11:13:42,106.89611111111111 +argo-cd,,,,2.1.2,argo-cd-3.17.6,2021-09-02,21:59:12, +argo-rollouts,v1.0.2,2021-06-15,22:33:04,v1.0.2,argo-rollouts-1.0.2,2021-07-07,15:18:22,520.755 +argo-cd,,,,2.1.1,argo-cd-3.17.2,2021-08-26,14:22:27, +argo-cd,,,,2.1.0,argo-cd-3.13.0,2021-08-23,12:14:11, +argo-workflows,v3.1.5,2021-08-04,07:14:30,v3.1.5,argo-workflows-0.4.0,2021-08-17,07:31:04,312.2761111111111 +argo-cd,,,,2.0.5,argo-cd-3.10.1,2021-07-27,01:33:24, +argo-workflows,v3.0.7,2021-05-25,19:08:55,v3.0.7,argo-workflows-0.2.6,2021-06-25,06:16:05,731.1194444444444 +argo-events,,,,1.3.1,argo-events-1.4.2,2021-05-21,16:00:05, +argo-cd,,,,2.0.4,argo-cd-3.6.11,2021-06-29,08:49:22, +argo-cd,,,,2.0.3,argo-cd-3.6.3,2021-05-29,08:42:00, +argo-workflows,v3.0.2,2021-04-20,15:37:15,v3.0.2,argo-workflows-0.1.1,2021-05-21,16:00:07,744.3811111111111 +argo-rollouts,v1.0.1,2021-05-26,08:43:12,v1.0.1,argo-rollouts-1.0.0,2021-05-31,16:06:49,127.39361111111111 +argo-rollouts,,,,0.10.2,argo-rollouts-0.5.3,2021-05-21,16:00:06, +argo-cd,,,,2.0.1,argo-cd-3.4.1,2021-05-21,16:00:04, diff --git a/scripts/release-analysis/plot_graph.py b/scripts/release-analysis/plot_graph.py new file mode 100644 index 00000000..8657fe20 --- /dev/null +++ b/scripts/release-analysis/plot_graph.py @@ -0,0 +1,58 @@ +import csv + +import matplotlib.pyplot as plt +from packaging import version + + +def plot_time_difference(csv_file): + # Read the CSV file and process the data + data = {"argo-cd": [], "argo-events": [], "argo-workflows": [], "argo-rollouts": []} + release_tags = { + "argo-cd": [], + "argo-events": [], + "argo-workflows": [], + "argo-rollouts": [], + } + with open(csv_file, mode="r") as file: + reader = csv.DictReader(file) + for row in reader: + repo = row["Repository"] + time_diff_str = row["Time Difference"] + release_tag = row["Release Tag"] + if repo in data and time_diff_str: + time_diff = float(time_diff_str) + data[repo].append(time_diff) + release_tags[repo].append(release_tag) + + # Sort the release tags based on semantic versioning + for repo in release_tags: + sorted_indices = sorted( + range(len(release_tags[repo])), + key=lambda i: version.parse(release_tags[repo][i]), + ) + release_tags[repo] = [release_tags[repo][i] for i in sorted_indices] + data[repo] = [data[repo][i] for i in sorted_indices] + + # Plot the data + for repo, time_diffs in data.items(): + plt.figure(figsize=(10, 6)) + plt.plot(release_tags[repo], time_diffs, marker="o", label=repo) + plt.axhline(y=72, color="r", linestyle="--", label="SLA (72 hours)") + plt.xlabel("Upstream Release Tag") + plt.ylabel( + "Time difference between upstream release and Helm Chart release (hours)" + ) + plt.title(f"Time to Release Helm Chart for {repo}") + plt.legend() + plt.grid(True) + plt.xticks(rotation=45) + plt.tight_layout() + plt.savefig(f"time_difference_plot_{repo}.png") + plt.close() + + print("The plots have been saved as 'time_difference_plot_.png'") + + +# Example usage +if __name__ == "__main__": + plot_time_difference("merged_releases.csv") diff --git a/scripts/release-analysis/requirements.txt b/scripts/release-analysis/requirements.txt new file mode 100644 index 00000000..1c1b383e --- /dev/null +++ b/scripts/release-analysis/requirements.txt @@ -0,0 +1,2 @@ +requests +matplotlib diff --git a/scripts/release-analysis/time_difference_plot_argo-cd.png b/scripts/release-analysis/time_difference_plot_argo-cd.png new file mode 100644 index 00000000..738c0b98 Binary files /dev/null and b/scripts/release-analysis/time_difference_plot_argo-cd.png differ diff --git a/scripts/release-analysis/time_difference_plot_argo-events.png b/scripts/release-analysis/time_difference_plot_argo-events.png new file mode 100644 index 00000000..7e6c6431 Binary files /dev/null and b/scripts/release-analysis/time_difference_plot_argo-events.png differ diff --git a/scripts/release-analysis/time_difference_plot_argo-rollouts.png b/scripts/release-analysis/time_difference_plot_argo-rollouts.png new file mode 100644 index 00000000..4a24f491 Binary files /dev/null and b/scripts/release-analysis/time_difference_plot_argo-rollouts.png differ diff --git a/scripts/release-analysis/time_difference_plot_argo-workflows.png b/scripts/release-analysis/time_difference_plot_argo-workflows.png new file mode 100644 index 00000000..eb0dcf25 Binary files /dev/null and b/scripts/release-analysis/time_difference_plot_argo-workflows.png differ diff --git a/scripts/renovate-bump-version.sh b/scripts/renovate-bump-version.sh new file mode 100755 index 00000000..80f1ae11 --- /dev/null +++ b/scripts/renovate-bump-version.sh @@ -0,0 +1,41 @@ +#!/bin/bash +while getopts c:d:v: opt; do + case ${opt} in + c) chart=${OPTARG} ;; + d) dependency_name=${OPTARG} ;; + v) dependency_version=${OPTARG} ;; + *) + echo 'Usage:' >&2 + echo '-c: chart Related Helm chart name' >&2 + echo '-d dependency Name of the updated dependency' >&2 + echo '-v version New version of the updated dependency' >&2 + exit 1 + esac +done + +if [ -z "${dependency_name}" ] || [ -z "${dependency_version}" ] || [ -z "${chart}" ] ; then + echo 'Missing relevant CLI flag(s).' >&2 + exit 1 +fi + +chart_yaml_path="charts/${chart}/Chart.yaml" +# Split dependency by '/' and only use last element +# This way we can drop prefixes like "argoproj/..." , "argoproj-labs/..." , "quay.io/foo/..." +dependency_name="${dependency_name##*/}" + +# Bump the chart version by one patch version +version=$(grep '^version:' "${chart_yaml_path}" | awk '{print $2}') +major=$(echo "${version}" | cut -d. -f1) +minor=$(echo "${version}" | cut -d. -f2) +patch=$(echo "${version}" | cut -d. -f3) +patch=$((patch + 1)) +sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${chart_yaml_path}" + +# Add a changelog entry +sed -i -e '/^ artifacthub.io\/changes: |/,$ d' "${chart_yaml_path}" +{ + echo " artifacthub.io/changes: |" + echo " - kind: changed" + echo " description: Bump ${dependency_name} to ${dependency_version}" +} >> "${chart_yaml_path}" +cat "${chart_yaml_path}"