From 4c3164401f49c091806cb158c657f2fec98b976e Mon Sep 17 00:00:00 2001 From: Jesse Suen Date: Wed, 9 Aug 2023 02:52:47 -0700 Subject: [PATCH] feat: add argo-cd v2.7.11 (#57) Signed-off-by: Jesse Suen --- charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 26 +- charts/argo-cd/crds/crd-application.yaml | 333 +++++++ charts/argo-cd/crds/crd-applicationset.yaml | 811 ++++++++++++++++++ charts/argo-cd/templates/_helpers.tpl | 43 +- .../metrics-service.yaml | 3 +- .../application-controller/networkpolicy.yaml | 3 +- .../application-controller/rbac.yaml | 3 + .../application-controller/statefulset.yaml | 20 +- .../applicationset-controller/deployment.yaml | 13 +- .../networkpolicy.yaml | 21 + .../applicationset-controller/rbac.yaml | 13 +- .../applicationset-controller/service.yaml | 4 +- .../templates/argocd-server/deployment.yaml | 16 +- .../argocd-server/metrics-service.yaml | 1 + .../argocd-server/networkpolicy.yaml | 1 + .../argo-cd/templates/argocd-server/rbac.yaml | 13 +- .../templates/argocd-server/service.yaml | 3 +- .../templates/config/argocd-cm-params-cm.yaml | 3 +- .../argo-cd/templates/config/argocd-cm.yaml | 3 +- .../templates/config/argocd-gpg-keys-cm.yaml | 3 +- .../templates/config/argocd-rbac-cm.yaml | 3 +- .../templates/config/argocd-secret.yaml | 5 +- .../config/argocd-ssh-known-hosts-cm.yaml | 5 +- .../templates/config/argocd-tls-certs-cm.yaml | 3 +- .../templates/config/repository-secret.yaml | 3 +- charts/argo-cd/templates/dex/deployment.yaml | 9 +- .../argo-cd/templates/dex/networkpolicy.yaml | 39 +- charts/argo-cd/templates/dex/rbac.yaml | 3 + charts/argo-cd/templates/dex/service.yaml | 1 + .../disaster-recovery/argocd-dr-cron.yaml | 53 -- .../disaster-recovery/argocd-dr-rbac.yaml | 57 -- .../notifications-controller/config.yaml | 10 + .../notifications-controller/deployment.yaml | 13 +- .../networkpolicy.yaml | 23 + .../notifications-controller/rbac.yaml | 13 + .../notifications-controller/service.yaml | 3 + .../templates/redis-ha/haproxy-config.yaml | 1 + .../redis-ha/haproxy-networkpolicy.yaml | 1 + .../templates/redis-ha/haproxy-rbac.yaml | 3 + .../templates/redis-ha/haproxy-svc.yaml | 1 + .../argo-cd/templates/redis-ha/haproxy.yaml | 10 +- .../redis-ha/redis-ha-announce-svcs.yaml | 3 + .../templates/redis-ha/redis-ha-config.yaml | 1 + .../redis-ha/redis-ha-networkpolicy.yaml | 1 + .../templates/redis-ha/redis-ha-rbac.yaml | 3 + .../templates/redis-ha/redis-ha-server.yaml | 39 +- .../templates/redis-ha/redis-ha-svc.yaml | 1 + .../templates/repo-server/deployment.yaml | 23 +- .../templates/repo-server/networkpolicy.yaml | 1 + .../argo-cd/templates/repo-server/rbac.yaml | 10 + .../templates/repo-server/service.yaml | 1 + charts/argo-cd/values.yaml | 74 +- hack/compare-cd.sh | 51 +- 54 files changed, 1455 insertions(+), 352 deletions(-) create mode 100644 charts/argo-cd/templates/applicationset-controller/networkpolicy.yaml delete mode 100644 charts/argo-cd/templates/disaster-recovery/argocd-dr-cron.yaml delete mode 100644 charts/argo-cd/templates/disaster-recovery/argocd-dr-rbac.yaml create mode 100644 charts/argo-cd/templates/notifications-controller/networkpolicy.yaml create mode 100644 charts/argo-cd/templates/repo-server/rbac.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 9e0bb16..114a05d 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -version: 2.6.7-ak.0.2 -appVersion: 2.6.7 +version: 2.7.11-ak.0.0 +appVersion: 2.7.11 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd home: https://charts.akuity.io diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index c1a9061..2dc368f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1,6 +1,6 @@ # argo-cd -![Version: 2.6.7-ak.0.0](https://img.shields.io/badge/Version-2.6.7--ak.0.0-informational?style=flat-square) ![AppVersion: 2.6.7](https://img.shields.io/badge/AppVersion-2.6.7-informational?style=flat-square) +![Version: 2.7.11-ak.0.0](https://img.shields.io/badge/Version-2.7.11--ak.0.0-informational?style=flat-square) ![AppVersion: 2.7.11](https://img.shields.io/badge/AppVersion-2.7.11-informational?style=flat-square) A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. @@ -26,10 +26,10 @@ A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kube | Key | Type | Default | Description | |-----|------|---------|-------------| -| applicationsetController | object | `{"enabled":false,"image":{"pullPolicy":null,"repository":null,"tag":null}}` | ApplicationSet Controller | -| applicationsetController.enabled | bool | `false` | Whether to enable ApplicationSet Controller | +| applicationsetController | object | `{"enabled":true,"image":{"pullPolicy":null,"repository":null,"tag":null}}` | ApplicationSet Controller | +| applicationsetController.enabled | bool | `true` | Whether to enable ApplicationSet Controller | | clusterRoles | object | `{"enabled":true}` | Installs necessary ClusterRoles to allow Argo CD to deploy to the same cluster Argo CD is installed in | -| config | object | `{"argocd":{"application.resourceTrackingMethod":"annotation"},"createSecret":true,"gpgKeys":null,"params":null,"rbac":null,"secret":null,"sshKnownHosts":{"additional":"","default":"bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\nssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H\nvs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\n"},"tlsCerts":null}` | Argo Configuration | +| config | object | `{"argocd":{"application.resourceTrackingMethod":"annotation"},"createSecret":true,"gpgKeys":null,"params":{"redis.server":"argocd-redis-ha-haproxy:6379"},"rbac":null,"repositories":{},"secret":null,"sshKnownHosts":{"additional":"","default":"# This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT\n[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\n[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\n[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=\nbitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=\nbitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\nssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H\nvs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H\n"},"tlsCerts":null}` | Argo Configuration | | config.createSecret | bool | `true` | Disable creation of the argocd-secret (e.g. if it managed elsewhere SealedSecret / ExternalSecret) | | config.gpgKeys | string | `nil` | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | | config.rbac | string | `nil` | RBAC config. Reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md | @@ -46,27 +46,21 @@ A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kube | dex.enabled | bool | `true` | Enbable or disables dex. Can be disabled if using native OAuth provider | | dex.image.pullPolicy | string | `nil` | | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | | -| dex.image.tag | string | `"v2.35.3"` | | +| dex.image.tag | string | `"v2.37.0"` | | | dex.resources | string | `nil` | | -| disasterRecovery | object | `{"activeDeadlineSeconds":540,"backupSchedule":"*/10 * * * *","bucketName":"","command":"argocd-backup.sh","enabled":false,"image":{"pullPolicy":null,"repository":null,"tag":null},"instanceName":""}` | Disaster recovery configurations | -| disasterRecovery.activeDeadlineSeconds | int | `540` | Limits the maxium runtime when performing backup. This must be within the backup schedule. For example, we might want to limit this to 9-minutes if we run backups every 10 minutes | -| disasterRecovery.backupSchedule | string | `"*/10 * * * *"` | The cron schedule to perform backup. Recommend no more frequent than 10 minutes | -| disasterRecovery.bucketName | string | `""` | Bucket name to send backup to | -| disasterRecovery.command | string | `"argocd-backup.sh"` | The command to run backup (useful for testing) | -| disasterRecovery.instanceName | string | `""` | Unique name for this argocd instance incorporated to the backup filename | | extensions.enabled | bool | `false` | | | extensions.image.pullPolicy | string | `nil` | | | extensions.image.repository | string | `"ghcr.io/argoproj-labs/argocd-extensions"` | | | extensions.image.tag | string | `"v0.1.0"` | | -| global.image.pullPolicy | string | `nil` | If defined, an image pull policy will be applied to all ArgoCD deployments | +| global.image.pullPolicy | string | `"IfNotPresent"` | If defined, an image pull policy will be applied to all ArgoCD deployments | | global.image.repository | string | `"quay.io/akuity/argocd"` | If defined, a repository applied to all ArgoCD deployments | -| global.image.tag | string | `"v2.6.7-ak.0"` | If defined, a tag applied to all ArgoCD deployments | +| global.image.tag | string | `""` | | | global.serviceMonitor | object | `{"enabled":false}` | Enable service monitor | | imageUpdater | object | `{"enabled":false,"image":{"pullPolicy":null,"repository":"quay.io/argoprojlabs/argocd-image-updater","tag":"v0.12.0"}}` | Image Updater | | imageUpdater.enabled | bool | `false` | Whether to enable image updater | -| notificationsController | object | `{"enabled":false}` | Notifications Controller | -| notificationsController.enabled | bool | `false` | Whether to enable Notifications Controller | -| redis | object | `{"enabled":true,"haProxyImage":{"repository":"haproxy","tag":"2.6.9-alpine"},"image":{"pullPolicy":null,"repository":"redis","tag":"7.0.8-alpine"},"resources":null}` | Redis configurations | +| notificationsController | object | `{"enabled":true}` | Notifications Controller | +| notificationsController.enabled | bool | `true` | Whether to enable Notifications Controller | +| redis | object | `{"enabled":true,"haProxyImage":{"repository":"haproxy","tag":"2.6.14-alpine"},"image":{"pullPolicy":null,"repository":"quay.io/akuity/redis","tag":"7.0.11-alpine"},"resources":null}` | Redis configurations | | repoServer | object | `{"extraArgs":null,"image":{"pullPolicy":null,"repository":null,"tag":null},"replicas":2,"resources":null}` | Repo Server | | repoServer.extraArgs | string | `nil` | Additional command line arguments to pass to argocd-repo-server | | server | object | `{"enabled":true,"extraArgs":null,"image":{"pullPolicy":null,"repository":null,"tag":null},"ingress":{"annotations":{},"className":"","enabled":false,"host":"argocd.example.com","tls":{"enabled":false,"secretName":null}},"insecure":false,"replicas":2,"resources":null,"service":{"type":null}}` | Argo Server configuration | diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml index d19394e..d810e17 100644 --- a/charts/argo-cd/crds/crd-application.yaml +++ b/charts/argo-cd/crds/crd-application.yaml @@ -302,6 +302,10 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -333,6 +337,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -564,6 +591,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -596,6 +628,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -942,6 +997,10 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether to + apply env variables substitution for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -972,6 +1031,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1195,6 +1277,10 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -1226,6 +1312,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1596,6 +1705,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -1628,6 +1742,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -1861,6 +1998,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -1893,6 +2035,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2271,6 +2436,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -2303,6 +2473,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2554,6 +2747,11 @@ spec: additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -2586,6 +2784,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize + Replicas override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -2937,6 +3158,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -2969,6 +3195,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3213,6 +3462,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -3245,6 +3499,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3594,6 +3871,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean commonLabels: additionalProperties: type: string @@ -3626,6 +3908,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests @@ -3870,6 +4175,11 @@ spec: description: CommonAnnotations is a list of additional annotations to add to rendered manifests type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean commonLabels: additionalProperties: type: string @@ -3902,6 +4212,29 @@ spec: description: NameSuffix is a suffix appended to resources for Kustomize apps type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array version: description: Version controls which version of Kustomize to use for rendering manifests diff --git a/charts/argo-cd/crds/crd-applicationset.yaml b/charts/argo-cd/crds/crd-applicationset.yaml index c922317..dc3ce3a 100644 --- a/charts/argo-cd/crds/crd-applicationset.yaml +++ b/charts/argo-cd/crds/crd-applicationset.yaml @@ -233,6 +233,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -249,6 +251,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -391,6 +410,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -407,6 +428,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -708,6 +746,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -724,6 +764,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -866,6 +923,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -882,6 +941,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1187,6 +1263,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1203,6 +1281,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1345,6 +1440,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1361,6 +1458,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1471,6 +1585,8 @@ spec: items: x-kubernetes-preserve-unknown-fields: true type: array + elementsYaml: + type: string template: properties: metadata: @@ -1640,6 +1756,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1656,6 +1774,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -1798,6 +1933,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -1814,6 +1951,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2123,6 +2277,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2139,6 +2295,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2281,6 +2454,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2297,6 +2472,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2598,6 +2790,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2614,6 +2808,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -2756,6 +2967,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -2772,6 +2985,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3077,6 +3307,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3093,6 +3325,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3235,6 +3484,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3251,6 +3502,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3361,6 +3629,8 @@ spec: items: x-kubernetes-preserve-unknown-fields: true type: array + elementsYaml: + type: string template: properties: metadata: @@ -3530,6 +3800,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3546,6 +3818,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -3688,6 +3977,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -3704,6 +3995,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4101,6 +4409,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4117,6 +4427,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4259,6 +4586,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4275,6 +4604,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4719,6 +5065,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4735,6 +5083,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -4877,6 +5242,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -4893,6 +5260,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5188,6 +5572,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5204,6 +5590,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5346,6 +5749,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5362,6 +5767,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5671,6 +6093,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5687,6 +6111,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -5829,6 +6270,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -5845,6 +6288,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6146,6 +6606,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6162,6 +6624,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6304,6 +6783,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6320,6 +6801,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6625,6 +7123,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6641,6 +7141,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6783,6 +7300,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -6799,6 +7318,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -6909,6 +7445,8 @@ spec: items: x-kubernetes-preserve-unknown-fields: true type: array + elementsYaml: + type: string template: properties: metadata: @@ -7078,6 +7616,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7094,6 +7634,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -7236,6 +7793,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7252,6 +7811,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -7649,6 +8225,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7665,6 +8243,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -7807,6 +8402,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -7823,6 +8420,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8267,6 +8881,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8283,6 +8899,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8425,6 +9058,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8441,6 +9076,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8740,6 +9392,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8756,6 +9410,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -8898,6 +9569,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -8914,6 +9587,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -9308,6 +9998,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -9324,6 +10016,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -9466,6 +10175,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -9482,6 +10193,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -9926,6 +10654,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -9942,6 +10672,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10084,6 +10831,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10100,6 +10849,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10228,6 +10994,13 @@ spec: type: array goTemplate: type: boolean + preservedFields: + properties: + annotations: + items: + type: string + type: array + type: object strategy: properties: rollingSync: @@ -10433,6 +11206,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10449,6 +11224,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object @@ -10591,6 +11383,8 @@ spec: additionalProperties: type: string type: object + commonAnnotationsEnvsubst: + type: boolean commonLabels: additionalProperties: type: string @@ -10607,6 +11401,23 @@ spec: type: string nameSuffix: type: string + namespace: + type: string + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array version: type: string type: object diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index ca8bdd9..d5b3678 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -1,39 +1,16 @@ {{/* vim: set filetype=mustache: */}} {{/* -Selector labels +Returns the supplied image tag if defined, then the global tag, then the chart version +@param .root The root scope +@param .image Image structure with .repository and .tag fields */}} -{{- define "argo-cd.selectorLabels" -}} -{{- if .name -}} -app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }} -{{ end -}} -app.kubernetes.io/instance: {{ .context.Release.Name }} -{{- if .component }} -app.kubernetes.io/component: {{ .component }} -{{- end }} -{{- end }} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "argo-cd.kubeVersion" -}} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- define "argo-cd.image" -}} +{{- $repository := default .root.Values.global.image.repository .image.repository }} +{{- if .image.tag -}} + {{- $repository }}:{{- .image.tag -}} +{{- else -}} + {{- $imageFromChartVersion := print "v" (regexReplaceAllLiteral "\\.[0-9]+$" .root.Chart.Version "") }} + {{- $repository }}:{{- default $imageFromChartVersion .root.Values.global.image.tag -}} {{- end -}} - -{{/* -Argo Configuration Preset Values (Incluenced by Values configuration) -*/}} -{{- define "argo-cd.config.presets" -}} - {{- if .Values.configs.styles }} -ui.cssurl: "./custom/custom.styles.css" - {{- end }} {{- end -}} - -{{/* -Merge Argo Configuration with Preset Configuration -*/}} -{{- define "argo-cd.config" -}} - {{- if .Values.server.configEnabled -}} -{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }} - {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/templates/application-controller/metrics-service.yaml b/charts/argo-cd/templates/application-controller/metrics-service.yaml index 58d68fe..1d4cfb2 100644 --- a/charts/argo-cd/templates/application-controller/metrics-service.yaml +++ b/charts/argo-cd/templates/application-controller/metrics-service.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-metrics app.kubernetes.io/part-of: argocd name: argocd-metrics + namespace: {{ .Release.Namespace }} spec: ports: - name: metrics @@ -13,4 +14,4 @@ spec: protocol: TCP targetPort: 8082 selector: - app.kubernetes.io/name: argocd-application-controller \ No newline at end of file + app.kubernetes.io/name: argocd-application-controller diff --git a/charts/argo-cd/templates/application-controller/networkpolicy.yaml b/charts/argo-cd/templates/application-controller/networkpolicy.yaml index 6530347..3fe2c36 100644 --- a/charts/argo-cd/templates/application-controller/networkpolicy.yaml +++ b/charts/argo-cd/templates/application-controller/networkpolicy.yaml @@ -2,6 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-application-controller-network-policy + namespace: {{ .Release.Namespace }} spec: ingress: - from: @@ -12,4 +13,4 @@ spec: matchLabels: app.kubernetes.io/name: argocd-application-controller policyTypes: - - Ingress + - Ingress \ No newline at end of file diff --git a/charts/argo-cd/templates/application-controller/rbac.yaml b/charts/argo-cd/templates/application-controller/rbac.yaml index 7c6f52a..639aabd 100644 --- a/charts/argo-cd/templates/application-controller/rbac.yaml +++ b/charts/argo-cd/templates/application-controller/rbac.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -16,6 +17,7 @@ metadata: app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller + namespace: {{ .Release.Namespace }} rules: - apiGroups: - "" @@ -56,6 +58,7 @@ metadata: app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/argo-cd/templates/application-controller/statefulset.yaml b/charts/argo-cd/templates/application-controller/statefulset.yaml index 7cb540a..86dcdbe 100755 --- a/charts/argo-cd/templates/application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/application-controller/statefulset.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-application-controller app.kubernetes.io/part-of: argocd name: argocd-application-controller + namespace: {{ .Release.Namespace }} spec: replicas: {{ .Values.controller.replicas }} selector: @@ -33,10 +34,8 @@ spec: topologyKey: kubernetes.io/hostname weight: 5 containers: - - command: - - argocd-application-controller - - --redis - - argocd-redis-ha-haproxy:6379 + - args: + - /usr/local/bin/argocd-application-controller {{- with .Values.controller.extraArgs }} {{- . | toYaml | nindent 8 }} {{- end }} @@ -48,6 +47,11 @@ spec: {{- with .Values.controller.env }} {{- toYaml . | nindent 10 }} {{- end }} + - name: ARGOCD_REDIS + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm - name: ARGOCD_CONTROLLER_REPLICAS value: {{ .Values.controller.replicas | quote }} - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -170,7 +174,13 @@ spec: key: application.namespaces name: argocd-cmd-params-cm optional: true - image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: controller.kubectl.parallelism.limit + name: argocd-cmd-params-cm + optional: true + image: {{ include "argo-cd.image" (dict "root" . "image" .Values.controller.image ) }} imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.controller.image.pullPolicy }} name: argocd-application-controller ports: diff --git a/charts/argo-cd/templates/applicationset-controller/deployment.yaml b/charts/argo-cd/templates/applicationset-controller/deployment.yaml index 6aa918a..7b3a6e0 100644 --- a/charts/argo-cd/templates/applicationset-controller/deployment.yaml +++ b/charts/argo-cd/templates/applicationset-controller/deployment.yaml @@ -3,9 +3,9 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - app.kubernetes.io/component: controller + app.kubernetes.io/component: applicationset-controller app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd-applicationset + app.kubernetes.io/part-of: argocd name: argocd-applicationset-controller namespace: {{ .Release.Namespace }} spec: @@ -18,9 +18,8 @@ spec: app.kubernetes.io/name: argocd-applicationset-controller spec: containers: - - command: - - entrypoint.sh - - argocd-applicationset-controller + - args: + - /usr/local/bin/argocd-applicationset-controller env: - name: NAMESPACE valueFrom: @@ -86,7 +85,7 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true - image: {{ default .Values.global.image.repository .Values.applicationsetController.image.repository }}:{{ default .Values.global.image.tag .Values.applicationsetController.image.tag }} + image: {{ include "argo-cd.image" (dict "root" . "image" .Values.applicationsetController.image ) }} imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.applicationsetController.image.pullPolicy }} name: argocd-applicationset-controller ports: @@ -98,7 +97,7 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: diff --git a/charts/argo-cd/templates/applicationset-controller/networkpolicy.yaml b/charts/argo-cd/templates/applicationset-controller/networkpolicy.yaml new file mode 100644 index 0000000..bde1a74 --- /dev/null +++ b/charts/argo-cd/templates/applicationset-controller/networkpolicy.yaml @@ -0,0 +1,21 @@ +{{- if .Values.applicationsetController.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-applicationset-controller-network-policy + namespace: {{ .Release.Namespace }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 7000 + protocol: TCP + - port: 8080 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + policyTypes: + - Ingress +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/applicationset-controller/rbac.yaml b/charts/argo-cd/templates/applicationset-controller/rbac.yaml index d5a34b4..7c2264e 100644 --- a/charts/argo-cd/templates/applicationset-controller/rbac.yaml +++ b/charts/argo-cd/templates/applicationset-controller/rbac.yaml @@ -3,9 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app.kubernetes.io/component: controller + app.kubernetes.io/component: applicationset-controller app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd-applicationset + app.kubernetes.io/part-of: argocd name: argocd-applicationset-controller namespace: {{ .Release.Namespace }} rules: @@ -65,14 +65,15 @@ rules: - get - list - watch + --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app.kubernetes.io/component: controller + app.kubernetes.io/component: applicationset-controller app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd-applicationset + app.kubernetes.io/part-of: argocd name: argocd-applicationset-controller namespace: {{ .Release.Namespace }} roleRef: @@ -88,9 +89,9 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app.kubernetes.io/component: controller + app.kubernetes.io/component: applicationset-controller app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd-applicationset + app.kubernetes.io/part-of: argocd name: argocd-applicationset-controller namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/argo-cd/templates/applicationset-controller/service.yaml b/charts/argo-cd/templates/applicationset-controller/service.yaml index a03eecc..f4f96cf 100644 --- a/charts/argo-cd/templates/applicationset-controller/service.yaml +++ b/charts/argo-cd/templates/applicationset-controller/service.yaml @@ -3,9 +3,9 @@ apiVersion: v1 kind: Service metadata: labels: - app.kubernetes.io/component: controller + app.kubernetes.io/component: applicationset-controller app.kubernetes.io/name: argocd-applicationset-controller - app.kubernetes.io/part-of: argocd-applicationset + app.kubernetes.io/part-of: argocd name: argocd-applicationset-controller namespace: {{ .Release.Namespace }} spec: diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 0183ee7..0f53f5f 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -7,6 +7,7 @@ metadata: app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server + namespace: {{ .Release.Namespace }} spec: replicas: {{ .Values.server.replicas }} selector: @@ -24,7 +25,7 @@ spec: labelSelector: matchLabels: app.kubernetes.io/name: argocd-server - topologyKey: failure-domain.beta.kubernetes.io/zone + topologyKey: topology.kubernetes.io/zone weight: 100 requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: @@ -32,10 +33,8 @@ spec: app.kubernetes.io/name: argocd-server topologyKey: kubernetes.io/hostname containers: - - command: - - argocd-server - - --redis - - argocd-redis-ha-haproxy:6379 + - args: + - /usr/local/bin/argocd-server {{- if .Values.server.insecure}} - --insecure {{- end }} @@ -52,6 +51,11 @@ spec: {{- end }} - name: ARGOCD_API_SERVER_REPLICAS value: {{ .Values.server.replicas | quote }} + - name: ARGOCD_REDIS + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -244,7 +248,7 @@ spec: key: server.enable.proxy.extension name: argocd-cmd-params-cm optional: true - image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }} + image: {{ include "argo-cd.image" (dict "root" . "image" .Values.server.image ) }} imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.server.image.pullPolicy }} livenessProbe: httpGet: diff --git a/charts/argo-cd/templates/argocd-server/metrics-service.yaml b/charts/argo-cd/templates/argocd-server/metrics-service.yaml index 8753a0d..32fe316 100644 --- a/charts/argo-cd/templates/argocd-server/metrics-service.yaml +++ b/charts/argo-cd/templates/argocd-server/metrics-service.yaml @@ -7,6 +7,7 @@ metadata: app.kubernetes.io/name: argocd-server-metrics app.kubernetes.io/part-of: argocd name: argocd-server-metrics + namespace: {{ .Release.Namespace }} spec: ports: - name: metrics diff --git a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml index c94eb3e..6e62675 100644 --- a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml @@ -3,6 +3,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-server-network-policy + namespace: {{ .Release.Namespace }} spec: ingress: - {} diff --git a/charts/argo-cd/templates/argocd-server/rbac.yaml b/charts/argo-cd/templates/argocd-server/rbac.yaml index 8ad3068..1138f6b 100644 --- a/charts/argo-cd/templates/argocd-server/rbac.yaml +++ b/charts/argo-cd/templates/argocd-server/rbac.yaml @@ -7,16 +7,7 @@ metadata: app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: repo-server - app.kubernetes.io/name: argocd-repo-server - app.kubernetes.io/part-of: argocd - name: argocd-repo-server + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -27,6 +18,7 @@ metadata: app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server + namespace: {{ .Release.Namespace }} rules: - apiGroups: - "" @@ -72,6 +64,7 @@ metadata: app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd name: argocd-server + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml index e725c9b..1c81090 100644 --- a/charts/argo-cd/templates/argocd-server/service.yaml +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -1,11 +1,12 @@ apiVersion: v1 kind: Service metadata: - name: argocd-server labels: app.kubernetes.io/component: server app.kubernetes.io/name: argocd-server app.kubernetes.io/part-of: argocd + name: argocd-server + namespace: {{ .Release.Namespace }} spec: {{- if .Values.server.service.type }} type: {{ .Values.server.service.type }} diff --git a/charts/argo-cd/templates/config/argocd-cm-params-cm.yaml b/charts/argo-cd/templates/config/argocd-cm-params-cm.yaml index b5b1821..0ce913e 100644 --- a/charts/argo-cd/templates/config/argocd-cm-params-cm.yaml +++ b/charts/argo-cd/templates/config/argocd-cm-params-cm.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: argocd-cmd-params-cm labels: app.kubernetes.io/name: argocd-cmd-params-cm app.kubernetes.io/part-of: argocd + name: argocd-cmd-params-cm + namespace: {{ .Release.Namespace }} {{- with .Values.config.params }} data: {{- toYaml . | nindent 2}} diff --git a/charts/argo-cd/templates/config/argocd-cm.yaml b/charts/argo-cd/templates/config/argocd-cm.yaml index 4e62ff3..0f3a50d 100644 --- a/charts/argo-cd/templates/config/argocd-cm.yaml +++ b/charts/argo-cd/templates/config/argocd-cm.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: argocd-cm labels: app.kubernetes.io/name: argocd-cm app.kubernetes.io/part-of: argocd + name: argocd-cm + namespace: {{ .Release.Namespace }} {{- with .Values.config.argocd }} data: {{- toYaml . | nindent 2}} diff --git a/charts/argo-cd/templates/config/argocd-gpg-keys-cm.yaml b/charts/argo-cd/templates/config/argocd-gpg-keys-cm.yaml index e716174..173d9bd 100644 --- a/charts/argo-cd/templates/config/argocd-gpg-keys-cm.yaml +++ b/charts/argo-cd/templates/config/argocd-gpg-keys-cm.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: argocd-gpg-keys-cm labels: app.kubernetes.io/name: argocd-gpg-keys-cm app.kubernetes.io/part-of: argocd + name: argocd-gpg-keys-cm + namespace: {{ .Release.Namespace }} {{- with .Values.config.gpgKeys }} data: {{- toYaml . | nindent 2}} diff --git a/charts/argo-cd/templates/config/argocd-rbac-cm.yaml b/charts/argo-cd/templates/config/argocd-rbac-cm.yaml index 41c01bf..52d0953 100644 --- a/charts/argo-cd/templates/config/argocd-rbac-cm.yaml +++ b/charts/argo-cd/templates/config/argocd-rbac-cm.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: argocd-rbac-cm labels: app.kubernetes.io/name: argocd-rbac-cm app.kubernetes.io/part-of: argocd + name: argocd-rbac-cm + namespace: {{ .Release.Namespace }} {{- with .Values.config.rbac }} data: {{- toYaml . | nindent 2}} diff --git a/charts/argo-cd/templates/config/argocd-secret.yaml b/charts/argo-cd/templates/config/argocd-secret.yaml index 0f5b966..f7df7bc 100644 --- a/charts/argo-cd/templates/config/argocd-secret.yaml +++ b/charts/argo-cd/templates/config/argocd-secret.yaml @@ -2,10 +2,11 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-secret labels: app.kubernetes.io/name: argocd-secret app.kubernetes.io/part-of: argocd + name: argocd-secret + namespace: {{ .Release.Namespace }} type: Opaque {{- with .Values.config.secret }} data: @@ -13,4 +14,4 @@ data: {{ $key }}: {{ $value | b64enc }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/argo-cd/templates/config/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/config/argocd-ssh-known-hosts-cm.yaml index f606a7b..9922fb1 100644 --- a/charts/argo-cd/templates/config/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/templates/config/argocd-ssh-known-hosts-cm.yaml @@ -1,11 +1,12 @@ apiVersion: v1 kind: ConfigMap metadata: - name: argocd-ssh-known-hosts-cm labels: app.kubernetes.io/name: argocd-ssh-known-hosts-cm app.kubernetes.io/part-of: argocd + name: argocd-ssh-known-hosts-cm + namespace: {{ .Release.Namespace }} data: - ssh_known_hosts: |- + ssh_known_hosts: | {{- .Values.config.sshKnownHosts.default | nindent 4 }} {{- .Values.config.sshKnownHosts.additional | nindent 4}} diff --git a/charts/argo-cd/templates/config/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/config/argocd-tls-certs-cm.yaml index 3715e1a..86b1127 100644 --- a/charts/argo-cd/templates/config/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/templates/config/argocd-tls-certs-cm.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: argocd-tls-certs-cm labels: app.kubernetes.io/name: argocd-tls-certs-cm app.kubernetes.io/part-of: argocd + name: argocd-tls-certs-cm + namespace: {{ .Release.Namespace }} {{- with .Values.config.tlsCerts }} data: {{- toYaml . | nindent 4}} diff --git a/charts/argo-cd/templates/config/repository-secret.yaml b/charts/argo-cd/templates/config/repository-secret.yaml index ed9554c..cad59df 100644 --- a/charts/argo-cd/templates/config/repository-secret.yaml +++ b/charts/argo-cd/templates/config/repository-secret.yaml @@ -3,9 +3,10 @@ apiVersion: v1 kind: Secret metadata: - name: argocd-repo-{{ $repo_key }} labels: argocd.argoproj.io/secret-type: repository + name: argocd-repo-{{ $repo_key }} + namespace: {{ .Release.Namespace }} data: {{- range $key, $value := $repo_value }} {{ $key }}: {{ $value | b64enc }} diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index fc24ef7..af57e00 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -7,6 +7,7 @@ metadata: app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: @@ -47,7 +48,7 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: @@ -61,18 +62,18 @@ spec: name: argocd-dex-server-tls initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: {{ default .Values.global.image.repository }}:{{ default .Values.global.image.tag }} + image: {{ include "argo-cd.image" (dict "root" . "image" .Values.global.image ) }} imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.dex.image.pullPolicy }} name: copyutil securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: diff --git a/charts/argo-cd/templates/dex/networkpolicy.yaml b/charts/argo-cd/templates/dex/networkpolicy.yaml index 0de0564..5720569 100644 --- a/charts/argo-cd/templates/dex/networkpolicy.yaml +++ b/charts/argo-cd/templates/dex/networkpolicy.yaml @@ -1,28 +1,9 @@ {{- if and .Values.server.enabled .Values.dex.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: argocd-applicationset-controller-network-policy -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 7000 - protocol: TCP - - port: 8080 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-applicationset-controller - policyTypes: - - Ingress ---- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-dex-server-network-policy + namespace: {{ .Release.Namespace }} spec: ingress: - from: @@ -44,22 +25,4 @@ spec: app.kubernetes.io/name: argocd-dex-server policyTypes: - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: argocd-notifications-controller-network-policy -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 9001 - protocol: TCP - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-notifications-controller - policyTypes: - - Ingress ---- {{- end }} diff --git a/charts/argo-cd/templates/dex/rbac.yaml b/charts/argo-cd/templates/dex/rbac.yaml index 0586f78..05c990d 100644 --- a/charts/argo-cd/templates/dex/rbac.yaml +++ b/charts/argo-cd/templates/dex/rbac.yaml @@ -7,6 +7,7 @@ metadata: app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -17,6 +18,7 @@ metadata: app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server + namespace: {{ .Release.Namespace }} rules: - apiGroups: - "" @@ -37,6 +39,7 @@ metadata: app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml index 1d12fc0..9b7b110 100644 --- a/charts/argo-cd/templates/dex/service.yaml +++ b/charts/argo-cd/templates/dex/service.yaml @@ -7,6 +7,7 @@ metadata: app.kubernetes.io/name: argocd-dex-server app.kubernetes.io/part-of: argocd name: argocd-dex-server + namespace: {{ .Release.Namespace }} spec: ports: - name: http diff --git a/charts/argo-cd/templates/disaster-recovery/argocd-dr-cron.yaml b/charts/argo-cd/templates/disaster-recovery/argocd-dr-cron.yaml deleted file mode 100644 index ec1a319..0000000 --- a/charts/argo-cd/templates/disaster-recovery/argocd-dr-cron.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.disasterRecovery.enabled }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: argocd-dr -spec: - schedule: {{ .Values.disasterRecovery.backupSchedule | quote }} - concurrencyPolicy: Replace - jobTemplate: - spec: - activeDeadlineSeconds: {{ .Values.disasterRecovery.activeDeadlineSeconds }} - template: - spec: - serviceAccountName: argocd-dr - restartPolicy: Never - {{- if .Values.disasterRecovery.gcp }} - volumes: - - name: google-cloud-key - secret: - secretName: {{ .Values.disasterRecovery.gcp.ServiceAccountKeyName }} - {{- end }} - containers: - - name: argocd-dr - image: {{ default .Values.global.image.repository .Values.disasterRecovery.image.repository }}:{{ default .Values.global.image.tag .Values.disasterRecovery.image.tag }} - imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.disasterRecovery.image.pullPolicy }} - command: [ "/bin/bash", "-c", "--" ] - {{- if .Values.disasterRecovery.gcp }} - args: - - "gcloud auth activate-service-account --key-file=/var/secrets/google/{{ .Values.disasterRecovery.gcp.serviceAccountKeyFilePath }}; {{ .Values.disasterRecovery.command }}" - volumeMounts: - - name: google-cloud-key - mountPath: /var/secrets/google - {{- end }} - {{- if .Values.disasterRecovery.aws }} - args: - - {{ .Values.disasterRecovery.command | quote}} - {{- end }} - env: - - name: BUCKET_NAME - value: {{ required "disasterRecovery.bucketName is required" .Values.disasterRecovery.bucketName }} - - name: NAMESPACE - value: {{ .Release.Namespace }} - - name: ARGOCD_INSTANCE_NAME - value: {{ required "disasterRecovery.instanceName is required" .Values.disasterRecovery.instanceName }} - {{- if .Values.disasterRecovery.aws }} - - name: AWS_REGION - value: {{ required "disasterRecovery.aws.region is required" .Values.disasterRecovery.aws.region }} - {{- end }} - {{- if .Values.disasterRecovery.gcp }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/secrets/google/{{ .Values.disasterRecovery.gcp.serviceAccountKeyFilePath }} - {{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/disaster-recovery/argocd-dr-rbac.yaml b/charts/argo-cd/templates/disaster-recovery/argocd-dr-rbac.yaml deleted file mode 100644 index b417cc3..0000000 --- a/charts/argo-cd/templates/disaster-recovery/argocd-dr-rbac.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.disasterRecovery.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: argocd-dr - annotations: - {{- if .Values.disasterRecovery.aws }} - eks.amazonaws.com/role-arn: {{ .Values.disasterRecovery.aws.roleARN | quote }} - {{- end }} - {{- if .Values.disasterRecovery.gcp }} - iam.gke.io/gcp-service-account: {{ .Values.disasterRecovery.gcp.serviceAccount | quote }} - {{- end }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argocd-dr -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - create - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - applications - - applicationsets - verbs: - - get - - list - - create - - update - - patch - - delete - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argocd-dr -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-dr -subjects: -- kind: ServiceAccount - name: argocd-dr -{{- end }} diff --git a/charts/argo-cd/templates/notifications-controller/config.yaml b/charts/argo-cd/templates/notifications-controller/config.yaml index de7c549..413e5ba 100644 --- a/charts/argo-cd/templates/notifications-controller/config.yaml +++ b/charts/argo-cd/templates/notifications-controller/config.yaml @@ -2,11 +2,21 @@ apiVersion: v1 kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-cm + namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: Secret metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-secret + namespace: {{ .Release.Namespace }} type: Opaque {{- end }} diff --git a/charts/argo-cd/templates/notifications-controller/deployment.yaml b/charts/argo-cd/templates/notifications-controller/deployment.yaml index 0352be7..077c773 100644 --- a/charts/argo-cd/templates/notifications-controller/deployment.yaml +++ b/charts/argo-cd/templates/notifications-controller/deployment.yaml @@ -2,7 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: @@ -15,9 +20,9 @@ spec: app.kubernetes.io/name: argocd-notifications-controller spec: containers: - - command: - - argocd-notifications - image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} + - args: + - /usr/local/bin/argocd-notifications + image: {{ include "argo-cd.image" (dict "root" . "image" .Values.controller.image ) }} imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.controller.image.pullPolicy }} livenessProbe: tcpSocket: @@ -27,7 +32,7 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /app/config/tls diff --git a/charts/argo-cd/templates/notifications-controller/networkpolicy.yaml b/charts/argo-cd/templates/notifications-controller/networkpolicy.yaml new file mode 100644 index 0000000..d790d0c --- /dev/null +++ b/charts/argo-cd/templates/notifications-controller/networkpolicy.yaml @@ -0,0 +1,23 @@ +{{- if .Values.notificationsController.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-network-policy + namespace: {{ .Release.Namespace }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/notifications-controller/rbac.yaml b/charts/argo-cd/templates/notifications-controller/rbac.yaml index 0a9ae2f..931c3c1 100644 --- a/charts/argo-cd/templates/notifications-controller/rbac.yaml +++ b/charts/argo-cd/templates/notifications-controller/rbac.yaml @@ -2,7 +2,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -10,6 +15,7 @@ roleRef: subjects: - kind: ServiceAccount name: argocd-notifications-controller + --- apiVersion: v1 kind: ServiceAccount @@ -19,11 +25,18 @@ metadata: app.kubernetes.io/name: argocd-notifications-controller app.kubernetes.io/part-of: argocd name: argocd-notifications-controller + namespace: {{ .Release.Namespace }} + --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller + namespace: {{ .Release.Namespace }} rules: - apiGroups: - argoproj.io diff --git a/charts/argo-cd/templates/notifications-controller/service.yaml b/charts/argo-cd/templates/notifications-controller/service.yaml index b4c022a..36b51bc 100644 --- a/charts/argo-cd/templates/notifications-controller/service.yaml +++ b/charts/argo-cd/templates/notifications-controller/service.yaml @@ -3,8 +3,11 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: notifications-controller app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd name: argocd-notifications-controller-metrics + namespace: {{ .Release.Namespace }} spec: ports: - name: metrics diff --git a/charts/argo-cd/templates/redis-ha/haproxy-config.yaml b/charts/argo-cd/templates/redis-ha/haproxy-config.yaml index 226c07b..1870db8 100644 --- a/charts/argo-cd/templates/redis-ha/haproxy-config.yaml +++ b/charts/argo-cd/templates/redis-ha/haproxy-config.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-configmap + namespace: {{ .Release.Namespace }} data: fix-split-brain.sh: | HOSTNAME="$(hostname)" diff --git a/charts/argo-cd/templates/redis-ha/haproxy-networkpolicy.yaml b/charts/argo-cd/templates/redis-ha/haproxy-networkpolicy.yaml index fb1852b..dc5f49a 100644 --- a/charts/argo-cd/templates/redis-ha/haproxy-networkpolicy.yaml +++ b/charts/argo-cd/templates/redis-ha/haproxy-networkpolicy.yaml @@ -2,6 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy + namespace: {{ .Release.Namespace }} spec: egress: - ports: diff --git a/charts/argo-cd/templates/redis-ha/haproxy-rbac.yaml b/charts/argo-cd/templates/redis-ha/haproxy-rbac.yaml index c6667db..fb807ce 100644 --- a/charts/argo-cd/templates/redis-ha/haproxy-rbac.yaml +++ b/charts/argo-cd/templates/redis-ha/haproxy-rbac.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha-haproxy app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -16,6 +17,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy + namespace: {{ .Release.Namespace }} rules: - apiGroups: - "" @@ -33,6 +35,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/argo-cd/templates/redis-ha/haproxy-svc.yaml b/charts/argo-cd/templates/redis-ha/haproxy-svc.yaml index 5683615..9f7095d 100644 --- a/charts/argo-cd/templates/redis-ha/haproxy-svc.yaml +++ b/charts/argo-cd/templates/redis-ha/haproxy-svc.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha-haproxy app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy + namespace: {{ .Release.Namespace }} spec: ports: - name: tcp-haproxy diff --git a/charts/argo-cd/templates/redis-ha/haproxy.yaml b/charts/argo-cd/templates/redis-ha/haproxy.yaml index 8b20256..5bb7338 100644 --- a/charts/argo-cd/templates/redis-ha/haproxy.yaml +++ b/charts/argo-cd/templates/redis-ha/haproxy.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha-haproxy app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy + namespace: {{ .Release.Namespace }} spec: replicas: 3 revisionHistoryLimit: 1 @@ -49,10 +50,13 @@ spec: port: 8888 initialDelaySeconds: 5 periodSeconds: 3 - {{- with .Values.redis.securityContext }} securityContext: - {{- toYaml . | nindent 10 }} - {{- end }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /usr/local/etc/haproxy name: data diff --git a/charts/argo-cd/templates/redis-ha/redis-ha-announce-svcs.yaml b/charts/argo-cd/templates/redis-ha/redis-ha-announce-svcs.yaml index cf820a1..3d6e2c8 100644 --- a/charts/argo-cd/templates/redis-ha/redis-ha-announce-svcs.yaml +++ b/charts/argo-cd/templates/redis-ha/redis-ha-announce-svcs.yaml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-announce-0 + namespace: {{ .Release.Namespace }} spec: ports: - name: tcp-server @@ -34,6 +35,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-announce-1 + namespace: {{ .Release.Namespace }} spec: ports: - name: tcp-server @@ -60,6 +62,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-announce-2 + namespace: {{ .Release.Namespace }} spec: ports: - name: tcp-server diff --git a/charts/argo-cd/templates/redis-ha/redis-ha-config.yaml b/charts/argo-cd/templates/redis-ha/redis-ha-config.yaml index 654b3c3..4600d11 100644 --- a/charts/argo-cd/templates/redis-ha/redis-ha-config.yaml +++ b/charts/argo-cd/templates/redis-ha/redis-ha-config.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-health-configmap + namespace: {{ .Release.Namespace }} data: redis_liveness.sh: | response=$( diff --git a/charts/argo-cd/templates/redis-ha/redis-ha-networkpolicy.yaml b/charts/argo-cd/templates/redis-ha/redis-ha-networkpolicy.yaml index b973b8d..0f2c85c 100644 --- a/charts/argo-cd/templates/redis-ha/redis-ha-networkpolicy.yaml +++ b/charts/argo-cd/templates/redis-ha/redis-ha-networkpolicy.yaml @@ -2,6 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-redis-ha-server-network-policy + namespace: {{ .Release.Namespace }} spec: egress: - ports: diff --git a/charts/argo-cd/templates/redis-ha/redis-ha-rbac.yaml b/charts/argo-cd/templates/redis-ha/redis-ha-rbac.yaml index be2c617..6e1da55 100644 --- a/charts/argo-cd/templates/redis-ha/redis-ha-rbac.yaml +++ b/charts/argo-cd/templates/redis-ha/redis-ha-rbac.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -16,6 +17,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha + namespace: {{ .Release.Namespace }} rules: - apiGroups: - "" @@ -33,6 +35,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/argo-cd/templates/redis-ha/redis-ha-server.yaml b/charts/argo-cd/templates/redis-ha/redis-ha-server.yaml index 8010632..6a334a7 100644 --- a/charts/argo-cd/templates/redis-ha/redis-ha-server.yaml +++ b/charts/argo-cd/templates/redis-ha/redis-ha-server.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha-server + namespace: {{ .Release.Namespace }} spec: podManagementPolicy: OrderedReady replicas: 3 @@ -71,10 +72,13 @@ spec: periodSeconds: 15 successThreshold: 1 timeoutSeconds: 15 - {{- with .Values.redis.securityContext }} securityContext: - {{- toYaml . | nindent 10 }} - {{- end }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /readonly-config name: config @@ -116,10 +120,13 @@ spec: periodSeconds: 15 successThreshold: 3 timeoutSeconds: 15 - {{- with .Values.redis.securityContext }} securityContext: - {{- toYaml . | nindent 10 }} - {{- end }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /data name: data @@ -140,10 +147,13 @@ spec: imagePullPolicy: {{ default .Values.global.image.pullPolicy }} name: split-brain-fix resources: {} - {{- with .Values.redis.securityContext }} securityContext: - {{- toYaml . | nindent 10 }} - {{- end }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /readonly-config name: config @@ -165,10 +175,13 @@ spec: image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} imagePullPolicy: {{ default .Values.global.image.pullPolicy }} name: config-init - {{- with .Values.redis.securityContext }} securityContext: - {{- toYaml . | nindent 10 }} - {{- end }} + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /readonly-config name: config @@ -176,7 +189,9 @@ spec: - mountPath: /data name: data securityContext: + fsGroup: 1000 runAsNonRoot: true + runAsUser: 1000 serviceAccountName: argocd-redis-ha terminationGracePeriodSeconds: 60 volumes: diff --git a/charts/argo-cd/templates/redis-ha/redis-ha-svc.yaml b/charts/argo-cd/templates/redis-ha/redis-ha-svc.yaml index b4c8772..386b245 100644 --- a/charts/argo-cd/templates/redis-ha/redis-ha-svc.yaml +++ b/charts/argo-cd/templates/redis-ha/redis-ha-svc.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha + namespace: {{ .Release.Namespace }} spec: clusterIP: None ports: diff --git a/charts/argo-cd/templates/repo-server/deployment.yaml b/charts/argo-cd/templates/repo-server/deployment.yaml index 40fe1c5..b323ff9 100755 --- a/charts/argo-cd/templates/repo-server/deployment.yaml +++ b/charts/argo-cd/templates/repo-server/deployment.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd name: argocd-repo-server + namespace: {{ .Release.Namespace }} spec: replicas: {{ .Values.repoServer.replicas }} selector: @@ -23,7 +24,7 @@ spec: labelSelector: matchLabels: app.kubernetes.io/name: argocd-repo-server - topologyKey: failure-domain.beta.kubernetes.io/zone + topologyKey: topology.kubernetes.io/zone weight: 100 requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: @@ -32,11 +33,8 @@ spec: topologyKey: kubernetes.io/hostname automountServiceAccountToken: false containers: - - command: - - entrypoint.sh - - argocd-repo-server - - --redis - - argocd-redis-ha-haproxy:6379 + - args: + - /usr/local/bin/argocd-repo-server {{- with .Values.repoServer.extraArgs }} {{- . | toYaml | nindent 8 }} {{- end }} @@ -48,6 +46,11 @@ spec: {{- with .Values.repoServer.env }} {{- toYaml . | nindent 10 }} {{- end }} + - name: ARGOCD_REDIS + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -174,7 +177,7 @@ spec: value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} + image: {{ include "argo-cd.image" (dict "root" . "image" .Values.repoServer.image ) }} imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.repoServer.image.pullPolicy }} livenessProbe: failureThreshold: 3 @@ -225,18 +228,18 @@ spec: name: plugins initContainers: - command: - - cp + - /bin/cp - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} + image: {{ include "argo-cd.image" (dict "root" . "image" .Values.repoServer.image ) }} imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.repoServer.image.pullPolicy }} name: copyutil securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: diff --git a/charts/argo-cd/templates/repo-server/networkpolicy.yaml b/charts/argo-cd/templates/repo-server/networkpolicy.yaml index 3f7db5b..401384c 100644 --- a/charts/argo-cd/templates/repo-server/networkpolicy.yaml +++ b/charts/argo-cd/templates/repo-server/networkpolicy.yaml @@ -2,6 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: argocd-repo-server-network-policy + namespace: {{ .Release.Namespace }} spec: ingress: - from: diff --git a/charts/argo-cd/templates/repo-server/rbac.yaml b/charts/argo-cd/templates/repo-server/rbac.yaml new file mode 100644 index 0000000..f44abe0 --- /dev/null +++ b/charts/argo-cd/templates/repo-server/rbac.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server + namespace: {{ .Release.Namespace }} +--- \ No newline at end of file diff --git a/charts/argo-cd/templates/repo-server/service.yaml b/charts/argo-cd/templates/repo-server/service.yaml index 4df115c..847fdc7 100644 --- a/charts/argo-cd/templates/repo-server/service.yaml +++ b/charts/argo-cd/templates/repo-server/service.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: argocd-repo-server app.kubernetes.io/part-of: argocd name: argocd-repo-server + namespace: {{ .Release.Namespace }} spec: ports: - name: server diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index dc6377d..a877db6 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -5,8 +5,8 @@ global: image: # -- If defined, a repository applied to all ArgoCD deployments repository: quay.io/akuity/argocd - # -- If defined, a tag applied to all ArgoCD deployments - tag: v2.6.7-ak.0 + # Overrides the image tag whose default is the chart version. + tag: "" # -- If defined, an image pull policy will be applied to all ArgoCD deployments pullPolicy: IfNotPresent # -- Enable service monitor @@ -169,12 +169,12 @@ repoServer: # -- Notifications Controller notificationsController: # -- Whether to enable Notifications Controller - enabled: false + enabled: true # -- ApplicationSet Controller applicationsetController: # -- Whether to enable ApplicationSet Controller - enabled: false + enabled: true image: repository: # defaults to global.image.repository tag: # defaults to global.image.tag @@ -219,6 +219,7 @@ config: # Configuration via argocd-cmd-params-cm ConfigMap. Reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: + redis.server: argocd-redis-ha-haproxy:6379 # server.tls.minversion: "1.2" # server.tls.maxversion: "1.3" @@ -266,15 +267,21 @@ config: sshKnownHosts: default: | - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl additional: "" # ssh-server1.company.com ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQB/nAmOjTmezNUDKYvEeIRf2YnwM9/uUG1d0BYsc8/tRtx+RGi7N2lUbp728MXGwdnL9od4cItzky/zVdLZE2cycOa18xBK9cOWmcKS0A8FYBxEQWJ/q9YVUgZbFKfYGaGQxsER+A0w/fX8ALuk78ktP31K69LcQgxIsl7rNzxsoOQKJ/CIxOGMMxczYTiEoLvQhapFQMs3FL96didKr/QbrfB1WT6s3838SEaXfgZvLef1YB2xmfhbT9OXFE3FXvh2UPBfN+ffE7iiayQf/2XR+8j4N4bW30DiPtOQLGUrH1y5X/rpNZNlWW2+jGIxqZtgWg7lTy3mXy5x836Sj/6L # ssh-server2.company.com ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQB/nAmOjTmezNUDKYvEeIRf2YnwM9/uUG1d0BYsc8/tRtx+RGi7N2lUbp728MXGwdnL9od4cItzky/zVdLZE2cycOa18xBK9cOWmcKS0A8FYBxEQWJ/q9YVUgZbFKfYGaGQxsER+A0w/fX8ALuk78ktP31K69LcQgxIsl7rNzxsoOQKJ/CIxOGMMxczYTiEoLvQhapFQMs3FL96didKr/QbrfB1WT6s3838SEaXfgZvLef1YB2xmfhbT9OXFE3FXvh2UPBfN+ffE7iiayQf/2XR+8j4N4bW30DiPtOQLGUrH1y5X/rpNZNlWW2+jGIxqZtgWg7lTy3mXy5x836Sj/6L @@ -324,7 +331,7 @@ dex: image: repository: ghcr.io/dexidp/dex # https://github.com/dexidp/dex/pkgs/container/dex - tag: v2.35.3 + tag: v2.37.0 pullPolicy: # IfNotPresent resources: @@ -342,19 +349,12 @@ redis: image: repository: quay.io/akuity/redis # https://hub.docker.com/_/redis/ - tag: 7.0.9-alpine + tag: 7.0.11-alpine pullPolicy: # IfNotPresent haProxyImage: # https://hub.docker.com/_/haproxy repository: haproxy - tag: 2.6.9-alpine - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault + tag: 2.6.14-alpine resources: # limits: @@ -364,44 +364,6 @@ redis: # cpu: 100m # memory: 64Mi -# -- Disaster recovery configurations -disasterRecovery: - enabled: false - - image: - repository: # defaults to global.image.repository - tag: # defaults to global.image.tag - pullPolicy: # IfNotPresent - - # -- The cron schedule to perform backup. Recommend no more frequent than 10 minutes - backupSchedule: "*/10 * * * *" - - # -- Limits the maxium runtime when performing backup. This must be within the backup schedule. For example, we might want to limit this to 9-minutes if we run backups every 10 minutes - activeDeadlineSeconds: 540 - - # -- The command to run backup (useful for testing) - command: "argocd-backup.sh" - - # -- Unique name for this argocd instance incorporated to the backup filename - instanceName: "" - - # -- Bucket name to send backup to - bucketName: "" - - # aws: - # # -- The AWS region - # region: "" - # # -- The AWS Role ARN that to annotate on the K8s service account running the backup to write to the bucket - # roleARN: "" - - # gcp: - # # -- The GCP service account that annotates the K8s service account running the backup. - # serviceAccount: "" - # # -- The name to the GCP service account key that has access GCP bucket. - # serviceAccountKeyName: "" - # # -- The key file path to the GCP secret to GCP service account that has access GCP bucket. - # serviceAccountKeyFilePath: "privateKey" - extensions: enabled: false diff --git a/hack/compare-cd.sh b/hack/compare-cd.sh index 1d32ad2..036b417 100755 --- a/hack/compare-cd.sh +++ b/hack/compare-cd.sh @@ -5,35 +5,35 @@ set -euo pipefail PROJECT_ROOT="$(cd "$(dirname ${BASH_SOURCE})/.."; pwd)" chart_root="${PROJECT_ROOT}/charts/argo-cd" -upstream_version="v$(grep appVersion "$chart_root/Chart.yaml" | awk '{print $2}')" +upstream_version="$(grep appVersion "$chart_root/Chart.yaml" | awk '{print $2}')" helm_tmpdir="$(mktemp -d 2>/dev/null || mktemp -d -t 'helm')" helm dependency update "$chart_root" 2>&1 >/dev/null helm template \ --include-crds \ --set global.image.repository=quay.io/argoproj/argocd \ - --set global.image.tag="$upstream_version" \ + --set global.image.tag="v$upstream_version" \ --set global.image.pullPolicy=Always \ - --set notificationsController.enabled=true \ - --set applicationsetController.enabled=true \ - --namespace argocd "$chart_root" | grep -v imagePullPolicy > "$helm_tmpdir/helm.yaml" + --namespace foo "$chart_root" | grep -v imagePullPolicy > "$helm_tmpdir/helm.yaml" echo """ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: argocd +# purposely do not use namespace override in helm version. This will detect places where we forgot to set it to {{ .Release.Namespace }} +# namespace: foo + resources: - helm.yaml -# Dropping our data (application.resourceTrackingMethod: annotation) from the argocd-cm ConfigMap before the diff -patchesJson6902: + +patches: +# kustomize namespace override will add the namespace to subjects. mimic this behavior - target: - version: v1 - kind: ConfigMap - name: argocd-cm + kind: RoleBinding patch: |- - - op: replace - path: /data + - op: add + path: /subjects/0/namespace + value: foo """ > "$helm_tmpdir/kustomization.yaml" upstream_tmpdir="$(mktemp -d 2>/dev/null || mktemp -d -t 'upstream')" @@ -41,9 +41,30 @@ echo """ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: argocd +namespace: foo + +images: +- name: redis + newName: quay.io/akuity/redis + resources: -- https://raw.githubusercontent.com/argoproj/argo-cd/${upstream_version}/manifests/ha/install.yaml +- https://raw.githubusercontent.com/argoproj/argo-cd/v${upstream_version}/manifests/ha/install.yaml + +patches: +- patch: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: argocd-cm + data: + application.resourceTrackingMethod: annotation +- target: + kind: ClusterRoleBinding + patch: |- + - op: replace + path: /subjects/0/namespace + value: foo + """ > "$upstream_tmpdir/kustomization.yaml" diff_dir="$(mktemp -d 2>/dev/null || mktemp -d -t 'diff')"