diff --git a/apps.yaml b/apps.yaml index f882bbe80f..626fad2b52 100644 --- a/apps.yaml +++ b/apps.yaml @@ -12,7 +12,7 @@ appsInfo: integration: Alertmanager can be activated to send alerts to configured receivers. It is configured by APL to use the global values found under settings/alerts. A team can override global settings to send alerts to their own endpoints. argocd: title: Argo CD - appVersion: 3.0.3 + appVersion: 3.1.0 repo: https://github.com/argoproj/argo-helm maintainers: Argo Project relatedLinks: diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index 65ded4bb6e..ab8edc6941 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -6,7 +6,7 @@ version: 0.1.0 dependencies: - name: argo-cd alias: argocd - version: 8.0.9 + version: 8.3.0 repository: https://argoproj.github.io/argo-helm - name: cert-manager version: v1.18.2 diff --git a/charts/argocd/Chart.lock b/charts/argocd/Chart.lock index 0e96099e7d..21d9303d8b 100644 --- a/charts/argocd/Chart.lock +++ b/charts/argocd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.33.2 -digest: sha256:1ce334c23fe53427c771277cc7cecd4143226aba04c8a6c52513042a96e7ff5d -generated: "2025-03-27T09:46:27.113833-07:00" + version: 4.33.7 +digest: sha256:a3eba6bba484e9fbfaca33e7f1ea3e6daed74014df7e7b077c496c2201b01996 +generated: "2025-05-25T11:18:29.356017-05:00" diff --git a/charts/argocd/Chart.yaml b/charts/argocd/Chart.yaml index e9a0549986..621b72efcf 100644 --- a/charts/argocd/Chart.yaml +++ b/charts/argocd/Chart.yaml @@ -1,17 +1,17 @@ annotations: artifacthub.io/changes: | - kind: changed - description: Bump dex to v2.43.1 + description: Update Argo CD v3.1.0 artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc apiVersion: v2 -appVersion: v3.0.3 +appVersion: v3.1.0 dependencies: - condition: redis-ha.enabled name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.33.2 + version: 4.33.7 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. home: https://github.com/argoproj/argo-helm @@ -28,4 +28,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 8.0.9 +version: 8.3.0 diff --git a/charts/argocd/README.md b/charts/argocd/README.md index 91824a72eb..d13158e8d6 100644 --- a/charts/argocd/README.md +++ b/charts/argocd/README.md @@ -237,6 +237,31 @@ server: enabled: true ``` +## Setting the initial admin password via Argo CD Application CR + +> **Note:** When deploying the `argo-cd` chart via an Argo CD `Application` CR, define your bcrypt-hashed admin password under `helm.values`—not `helm.parameters`—because Argo CD performs variable substitution on `parameters`, which will mangle any `$…` in your hash. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd-testing +spec: + destination: + namespace: testing + server: https://kubernetes.default.svc + project: default + source: + chart: argo-cd + repoURL: https://argoproj.github.io/argo-helm + targetRevision: 3.21.0 + helm: + values: | + configs: + secret: + argocdServerAdminPassword: $2a$10$H1a30nMr9v2QE2nkyz0BoOD2J0I6FQFMtHS0csEg12RBWzfRuuoE6 +``` + ## Synchronizing Changes from Original Repository In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). @@ -706,7 +731,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| | apiVersionOverrides | object | `{}` | | -| crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | +| crds.additionalLabels | object | `{}` | Additional labels to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | @@ -732,6 +757,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | | global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | +| global.deploymentLabels | object | `{}` | Labels for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | global.domain | string | `"argocd.example.com"` | Default domain used by all components | | global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | @@ -798,6 +824,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | | configs.params."controller.status.processors" | int | `20` | Number of application status processors | | configs.params."controller.sync.timeout.seconds" | int | `0` | Specifies the timeout after which a sync would be terminated. 0 means no timeout | +| configs.params."hydrator.enabled" | bool | `false` | Enable the hydrator feature (hydrator is in Alpha phase) | | configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") | | configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | @@ -851,6 +878,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | controller.containerPorts.metrics | int | `8082` | Metrics container port | | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment | +| controller.deploymentLabels | object | `{}` | Labels for the application controller Deployment | | controller.dnsConfig | object | `{}` | [DNS configuration] | | controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | | controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution | @@ -894,6 +922,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | controller.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | controller.name | string | `"application-controller"` | Application controller name string | +| controller.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by application controller | | controller.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb | | controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller | @@ -949,6 +978,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | repoServer.containerPorts.server | int | `8081` | Repo server container port | | repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | | repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| repoServer.deploymentLabels | object | `{}` | Labels for the repo server Deployment | | repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | | repoServer.dnsConfig | object | `{}` | [DNS configuration] | | repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | @@ -990,6 +1020,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | repoServer.name | string | `"repo-server"` | Repo server name | +| repoServer.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by repo server | | repoServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb | | repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server | @@ -1012,6 +1043,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | | repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name | +| repoServer.service.trafficDistribution | string | `""` | Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy. | | repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | repoServer.serviceAccount.create | bool | `true` | Create repo server service account | @@ -1063,6 +1095,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| server.deploymentLabels | object | `{}` | Labels for the server Deployment | | server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | | server.dnsConfig | object | `{}` | [DNS configuration] | | server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | @@ -1141,6 +1174,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | server.name | string | `"server"` | Argo CD server name | +| server.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by ArgoCD Server | | server.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb | | server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server | @@ -1207,6 +1241,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | dex.containerPorts.metrics | int | `5558` | Metrics container port | | dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context | | dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment | +| dex.deploymentLabels | object | `{}` | Labels for the Dex server Deployment | | dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | | dex.dnsConfig | object | `{}` | [DNS configuration] | | dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | @@ -1250,6 +1285,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | dex.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | dex.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | dex.name | string | `"dex-server"` | Dex name | +| dex.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by Dex server | | dex.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | dex.pdb.annotations | object | `{}` | Annotations to be added to Dex server pdb | | dex.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Dex server | @@ -1297,6 +1333,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | redis.containerPorts.redis | int | `6379` | Redis container port | | redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | | redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment | +| redis.deploymentLabels | object | `{}` | Labels for the Redis server Deployment | | redis.dnsConfig | object | `{}` | [DNS configuration] | | redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods | | redis.enabled | bool | `true` | Enable redis | @@ -1307,7 +1344,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"v1.73.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"v1.75.0"` | Tag to use for the redis-exporter | | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -1324,7 +1361,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | -| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | redis.image.tag | string | `"7.2.8-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | @@ -1353,6 +1390,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf | redis.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | redis.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | redis.name | string | `"redis"` | Redis name | +| redis.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by redis | | redis.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | redis.pdb.annotations | object | `{}` | Annotations to be added to Redis pdb | | redis.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Redis | @@ -1400,17 +1438,18 @@ The main options are listed here: | redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"v1.69.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"v1.75.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.image.repository | string | `"ecr-public.aws.com/docker/library/haproxy"` | HAProxy Image Repository | | redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | -| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | redis-ha.image.tag | string | `"7.2.8-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | @@ -1434,7 +1473,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| -| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored | +| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored | | externalRedis.host | string | `""` | External Redis server host | | externalRedis.password | string | `""` | External Redis password | | externalRedis.port | int | `6379` | External Redis server port | @@ -1494,6 +1533,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | | applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment | +| applicationSet.deploymentLabels | object | `{}` | Labels for the ApplicationSet controller Deployment | | applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | | applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | @@ -1547,6 +1587,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string | +| applicationSet.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by ApplicationSet controller | | applicationSet.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb | | applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller | @@ -1592,6 +1633,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | | notifications.context | object | `{}` | Define user-defined context | | notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | +| notifications.deploymentLabels | object | `{}` | Labels for the notifications controller Deployment | | notifications.deploymentStrategy | object | `{"type":"Recreate"}` | Deployment strategy to be added to the notifications controller Deployment | | notifications.dnsConfig | object | `{}` | [DNS configuration] | | notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods | @@ -1630,6 +1672,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | notifications.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | notifications.name | string | `"notifications-controller"` | Notifications controller name string | +| notifications.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by notifications controller | | notifications.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | notifications.notifiers | object | See [values.yaml] | Configures notification services such as slack, email or custom webhook | | notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb | @@ -1677,6 +1720,7 @@ To read more about this component, please read [Argo CD Manifest Hydrator] and [ | commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | | commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | | commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| commitServer.deploymentLabels | object | `{}` | Labels for the commit server Deployment | | commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | | commitServer.dnsConfig | object | `{}` | [DNS configuration] | | commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | @@ -1702,6 +1746,7 @@ To read more about this component, please read [Argo CD Manifest Hydrator] and [ | commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | | commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | commitServer.name | string | `"commit-server"` | Commit server name | +| commitServer.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by commit server | | commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | | commitServer.podLabels | object | `{}` | Labels for the commit server pods | @@ -1715,6 +1760,8 @@ To read more about this component, please read [Argo CD Manifest Hydrator] and [ | commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | | commitServer.service.annotations | object | `{}` | commit server service annotations | | commitServer.service.labels | object | `{}` | commit server service labels | +| commitServer.service.port | int | `8086` | commit server service port | +| commitServer.service.portName | string | `"server"` | commit server service port name | | commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | commitServer.serviceAccount.create | bool | `true` | Create commit server service account | diff --git a/charts/argocd/charts/redis-ha/Chart.yaml b/charts/argocd/charts/redis-ha/Chart.yaml index 43f997fa5b..ee7119fcc4 100644 --- a/charts/argocd/charts/redis-ha/Chart.yaml +++ b/charts/argocd/charts/redis-ha/Chart.yaml @@ -16,4 +16,4 @@ sources: - https://redis.io/download - https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha - https://github.com/oliver006/redis_exporter -version: 4.33.2 +version: 4.33.7 diff --git a/charts/argocd/charts/redis-ha/README.md b/charts/argocd/charts/redis-ha/README.md index 584d76a7a0..e1562b08db 100644 --- a/charts/argocd/charts/redis-ha/README.md +++ b/charts/argocd/charts/redis-ha/README.md @@ -78,7 +78,7 @@ The following table lists the configurable parameters of the Redis chart and the | `extraInitContainers` | Extra init containers to include in StatefulSet | list | `[]` | | `extraLabels` | Labels added here are applied to all created resources | object | `{}` | | `extraVolumes` | Extra volumes to include in StatefulSet | list | `[]` | -| `fullNameOverride` | Full name of the Redis HA Resources | string | `""` | +| `fullnameOverride` | Full name of the Redis HA Resources | string | `""` | | `global.compatibility` | Openshift compatibility options | object | `{"openshift":{"adaptSecurityContext":"auto"}}` | | `global.priorityClassName` | Default priority class for all components | string | `""` | | `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. # This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature | bool | `true` | @@ -165,7 +165,7 @@ The following table lists the configurable parameters of the Redis chart and the | `schedulerName` | Use an alternate scheduler, e.g. "stork". ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | string | `""` | | `securityContext` | Security context to be added to the Redis StatefulSet. | object | `{"fsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | | `serviceAccount.annotations` | Annotations to be added to the service account for the redis statefulset | object | `{}` | -| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `false` | +| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `true` | | `serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | | `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the redis-ha.fullname template | string | `""` | | `serviceLabels` | Custom labels for redis service | object | `{}` | diff --git a/charts/argocd/charts/redis-ha/templates/redis-ha-pdb.yaml b/charts/argocd/charts/redis-ha/templates/redis-ha-pdb.yaml index 82506938f8..fbcb5062bb 100644 --- a/charts/argocd/charts/redis-ha/templates/redis-ha-pdb.yaml +++ b/charts/argocd/charts/redis-ha/templates/redis-ha-pdb.yaml @@ -12,9 +12,6 @@ metadata: spec: selector: matchLabels: - # The replica label is set on StatefulSet pods but not the Test pods - # We want to avoid including the Test pods in the budget - {{ template "redis-ha.fullname" . }}: replica release: {{ .Release.Name }} app: {{ template "redis-ha.name" . }} {{ toYaml .Values.podDisruptionBudget | indent 2 }} diff --git a/charts/argocd/charts/redis-ha/values.yaml b/charts/argocd/charts/redis-ha/values.yaml index 8fd8f2f48f..e857f158fb 100644 --- a/charts/argocd/charts/redis-ha/values.yaml +++ b/charts/argocd/charts/redis-ha/values.yaml @@ -19,7 +19,7 @@ image: pullPolicy: IfNotPresent # -- Full name of the Redis HA Resources -fullNameOverride: "" +fullnameOverride: "" # -- Name override for Redis HA resources nameOverride: "" @@ -127,7 +127,7 @@ haproxy: # -- HAProxy Image Repository repository: public.ecr.aws/docker/library/haproxy # -- HAProxy Image Tag - tag: 3.0.7-alpine + tag: 3.0.8-alpine # -- HAProxy Image PullPolicy pullPolicy: IfNotPresent @@ -185,7 +185,7 @@ haproxy: serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true - automountToken: false + automountToken: true ## Official HAProxy embedded prometheus metrics settings. ## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter @@ -418,15 +418,15 @@ redis: # -- Enable Startup Probe enabled: true # -- Initial delay in seconds for startup probe - initialDelaySeconds: 5 + initialDelaySeconds: 30 # -- Period in seconds after which startup probe will be repeated - periodSeconds: 10 + periodSeconds: 15 # -- Timeout seconds for startup probe timeoutSeconds: 15 # -- Success threshold for startup probe successThreshold: 1 # -- Failure threshold for startup probe - failureThreshold: 3 + failureThreshold: 5 # -- Array with commands to disable disableCommands: diff --git a/charts/argocd/templates/NOTES.txt b/charts/argocd/templates/NOTES.txt index 78c38b4b99..049f5f20b4 100644 --- a/charts/argocd/templates/NOTES.txt +++ b/charts/argocd/templates/NOTES.txt @@ -12,10 +12,13 @@ DEPRECATED option dex.logFormat - Use `configs.params."dexserver.log.format"` {{- end }} In order to access the server UI you have the following options: +{{ $rootpath := default "" (index .Values "configs" "params" "server.rootpath") -}} 1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443 - +{{ if $rootpath }} + and then open the browser on http://localhost:8080/{{ $rootpath }} and accept the certificate +{{ else }} and then open the browser on http://localhost:8080 and accept the certificate - +{{ end }} 2. enable ingress in the values file `server.ingress.enabled` and either - Add the annotation for ssl passthrough: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts diff --git a/charts/argocd/templates/_helpers.tpl b/charts/argocd/templates/_helpers.tpl index 3b620aa92a..a7dcb3c9fb 100644 --- a/charts/argocd/templates/_helpers.tpl +++ b/charts/argocd/templates/_helpers.tpl @@ -238,7 +238,10 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}} {{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}} {{- end -}} -{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" "notificationscontroller" "dexserver" -}} +{{- if .Values.commitServer.enabled -}} +{{- $_ := set $presets "commit.server" (printf "%s:%s" (include "argo-cd.commitServer.fullname" .) (.Values.commitServer.service.port | toString)) -}} +{{- end -}} +{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" "notificationscontroller" "dexserver" "commitserver" -}} {{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} {{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} {{- end -}} diff --git a/charts/argocd/templates/argocd-application-controller/deployment.yaml b/charts/argocd/templates/argocd-application-controller/deployment.yaml index aacba1b4a9..9e8383a129 100644 --- a/charts/argocd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argocd/templates/argocd-application-controller/deployment.yaml @@ -12,6 +12,9 @@ metadata: namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.controller.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.controller.replicas }} revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} @@ -181,6 +184,12 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cooldown.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT valueFrom: configMapKeyRef: @@ -333,6 +342,12 @@ spec: name: argocd-cmd-params-cm key: controller.cluster.cache.events.processing.interval optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commit.server + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/charts/argocd/templates/argocd-application-controller/networkpolicy.yaml b/charts/argocd/templates/argocd-application-controller/networkpolicy.yaml index db1ee7c248..cd710ab48c 100644 --- a/charts/argocd/templates/argocd-application-controller/networkpolicy.yaml +++ b/charts/argocd/templates/argocd-application-controller/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.networkPolicy.create }} +{{- if or .Values.controller.networkPolicy.create .Values.global.networkPolicy.create }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argocd/templates/argocd-application-controller/statefulset.yaml b/charts/argocd/templates/argocd-application-controller/statefulset.yaml index 128a10d04b..99ef68c8b6 100644 --- a/charts/argocd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argocd/templates/argocd-application-controller/statefulset.yaml @@ -180,6 +180,12 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cooldown.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT valueFrom: configMapKeyRef: @@ -338,6 +344,12 @@ spec: name: argocd-cmd-params-cm key: controller.cluster.cache.events.processing.interval optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commit.server + optional: true - name: KUBECACHEDIR value: /tmp/kubecache {{- with .Values.controller.envFrom }} diff --git a/charts/argocd/templates/argocd-applicationset/deployment.yaml b/charts/argocd/templates/argocd-applicationset/deployment.yaml index 25f58f6c59..6f8f6f93e3 100644 --- a/charts/argocd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argocd/templates/argocd-applicationset/deployment.yaml @@ -11,6 +11,9 @@ metadata: namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.applicationSet.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.applicationSet.deploymentStrategy) }} strategy: @@ -217,6 +220,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.github.api.metrics + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT valueFrom: configMapKeyRef: diff --git a/charts/argocd/templates/argocd-applicationset/networkpolicy.yaml b/charts/argocd/templates/argocd-applicationset/networkpolicy.yaml index 3a295f772a..1a3d105ccc 100644 --- a/charts/argocd/templates/argocd-applicationset/networkpolicy.yaml +++ b/charts/argocd/templates/argocd-applicationset/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} +{{- if and (or .Values.applicationSet.networkPolicy.create .Values.global.networkPolicy.create) (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argocd/templates/argocd-commit-server/deployment.yaml b/charts/argocd/templates/argocd-commit-server/deployment.yaml index d0ab14d491..76ea482dbc 100644 --- a/charts/argocd/templates/argocd-commit-server/deployment.yaml +++ b/charts/argocd/templates/argocd-commit-server/deployment.yaml @@ -12,6 +12,9 @@ metadata: namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.commitServer.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }} strategy: @@ -157,23 +160,6 @@ spec: # We need a writeable temp directory for the askpass socket file. - name: tmp mountPath: /tmp - initContainers: - - command: - - /bin/cp - - -n - - /usr/local/bin/argocd - - /var/run/argocd/argocd-cmp-server - image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} - name: copyutil - resources: - {{- toYaml .Values.commitServer.resources | nindent 10 }} - {{- with .Values.commitServer.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 10 }} - {{- end }} - volumeMounts: - - mountPath: /var/run/argocd - name: var-files volumes: {{- with .Values.commitServer.extraVolumes }} {{- toYaml . | nindent 8 }} @@ -202,8 +188,6 @@ spec: path: tls.key - key: ca.crt path: ca.crt - - emptyDir: {} - name: var-files {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }} affinity: {{- trim . | nindent 8 }} diff --git a/charts/argocd/templates/argocd-commit-server/networkpolicy.yaml b/charts/argocd/templates/argocd-commit-server/networkpolicy.yaml index 6ec0a6ac5e..1453cf6387 100644 --- a/charts/argocd/templates/argocd-commit-server/networkpolicy.yaml +++ b/charts/argocd/templates/argocd-commit-server/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }} +{{- if and .Values.commitServer.enabled (or .Values.commitServer.networkPolicy.create .Values.global.networkPolicy.create)}} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argocd/templates/argocd-commit-server/service.yaml b/charts/argocd/templates/argocd-commit-server/service.yaml index 7b0bf87850..d4cca0e416 100644 --- a/charts/argocd/templates/argocd-commit-server/service.yaml +++ b/charts/argocd/templates/argocd-commit-server/service.yaml @@ -17,10 +17,10 @@ metadata: {{- end }} spec: ports: - - name: server + - name: {{ .Values.commitServer.service.portName }} protocol: TCP - port: 8086 - targetPort: 8086 + port: {{ .Values.commitServer.service.port }} + targetPort: server selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} {{- end }} diff --git a/charts/argocd/templates/argocd-notifications/deployment.yaml b/charts/argocd/templates/argocd-notifications/deployment.yaml index a52a1a29aa..4467e651a5 100644 --- a/charts/argocd/templates/argocd-notifications/deployment.yaml +++ b/charts/argocd/templates/argocd-notifications/deployment.yaml @@ -12,6 +12,9 @@ metadata: namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.notifications.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: 1 revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} diff --git a/charts/argocd/templates/argocd-notifications/networkpolicy.yaml b/charts/argocd/templates/argocd-notifications/networkpolicy.yaml index b03c26ca4d..1a5df53e13 100644 --- a/charts/argocd/templates/argocd-notifications/networkpolicy.yaml +++ b/charts/argocd/templates/argocd-notifications/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.notifications.enabled .Values.global.networkPolicy.create .Values.notifications.metrics.enabled }} +{{- if and .Values.notifications.enabled (or .Values.notifications.networkPolicy.create .Values.global.networkPolicy.create) .Values.notifications.metrics.enabled }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argocd/templates/argocd-repo-server/deployment.yaml b/charts/argocd/templates/argocd-repo-server/deployment.yaml index a7b66741e4..1689ce27d3 100644 --- a/charts/argocd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argocd/templates/argocd-repo-server/deployment.yaml @@ -11,6 +11,9 @@ metadata: namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.repoServer.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.repoServer.deploymentStrategy) }} strategy: diff --git a/charts/argocd/templates/argocd-repo-server/networkpolicy.yaml b/charts/argocd/templates/argocd-repo-server/networkpolicy.yaml index c11ab12961..fda9d5ac12 100644 --- a/charts/argocd/templates/argocd-repo-server/networkpolicy.yaml +++ b/charts/argocd/templates/argocd-repo-server/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.networkPolicy.create }} +{{- if or .Values.repoServer.networkPolicy.create .Values.global.networkPolicy.create }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argocd/templates/argocd-repo-server/service.yaml b/charts/argocd/templates/argocd-repo-server/service.yaml index 24ca10ef5a..7e20c86481 100644 --- a/charts/argocd/templates/argocd-repo-server/service.yaml +++ b/charts/argocd/templates/argocd-repo-server/service.yaml @@ -23,3 +23,6 @@ spec: targetPort: repo-server selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} + {{- if .Values.repoServer.service.trafficDistribution }} + trafficDistribution: {{ .Values.repoServer.service.trafficDistribution }} + {{- end }} diff --git a/charts/argocd/templates/argocd-server/deployment.yaml b/charts/argocd/templates/argocd-server/deployment.yaml index 7fc56747e2..0edd412559 100644 --- a/charts/argocd/templates/argocd-server/deployment.yaml +++ b/charts/argocd/templates/argocd-server/deployment.yaml @@ -11,6 +11,9 @@ metadata: namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.server.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.server.deploymentStrategy) }} strategy: @@ -207,12 +210,6 @@ spec: name: argocd-cmd-params-cm key: server.oidc.cache.expiration optional: true - - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.login.attempts.expiration - optional: true - name: ARGOCD_SERVER_STATIC_ASSETS valueFrom: configMapKeyRef: @@ -371,6 +368,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.github.api.metrics + optional: true - name: ARGOCD_HYDRATOR_ENABLED valueFrom: configMapKeyRef: diff --git a/charts/argocd/templates/argocd-server/networkpolicy.yaml b/charts/argocd/templates/argocd-server/networkpolicy.yaml index 4621e24fe9..3234d5ad7d 100644 --- a/charts/argocd/templates/argocd-server/networkpolicy.yaml +++ b/charts/argocd/templates/argocd-server/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.networkPolicy.create }} +{{- if or .Values.server.networkPolicy.create .Values.global.networkPolicy.create }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argocd/templates/crds/crd-application.yaml b/charts/argocd/templates/crds/crd-application.yaml index be305cfe43..f7b7511f30 100644 --- a/charts/argocd/templates/crds/crd-application.yaml +++ b/charts/argocd/templates/crds/crd-application.yaml @@ -2000,12 +2000,13 @@ spec: format: date-time type: string message: - description: Message is a human-readable informational message - describing the health status + description: |- + Message is a human-readable informational message describing the health status + + Deprecated: this field is not used and will be removed in a future release. type: string status: - description: Status holds the status code of the application or - resource + description: Status holds the status code of the application type: string type: object history: @@ -3874,6 +3875,12 @@ spec: description: HookType specifies the type of the hook. Empty for non-hook resources type: string + images: + description: Images contains the images related to the + ResourceResult + items: + type: string + type: array kind: description: Kind specifies the API kind of the resource type: string @@ -4751,8 +4758,10 @@ spec: (e.g., Healthy, Degraded, Progressing). properties: lastTransitionTime: - description: LastTransitionTime is the time the HealthStatus - was set or updated + description: |- + LastTransitionTime is the time the HealthStatus was set or updated + + Deprecated: this field is not used and will be removed in a future release. format: date-time type: string message: @@ -4760,8 +4769,7 @@ spec: describing the health status type: string status: - description: Status holds the status code of the application - or resource + description: Status holds the status code of the resource type: string type: object hook: diff --git a/charts/argocd/templates/crds/crd-applicationset.yaml b/charts/argocd/templates/crds/crd-applicationset.yaml index 7c6e5caff0..257214422c 100644 --- a/charts/argocd/templates/crds/crd-applicationset.yaml +++ b/charts/argocd/templates/crds/crd-applicationset.yaml @@ -1428,6 +1428,8 @@ spec: files: items: properties: + exclude: + type: boolean path: type: string required: @@ -4138,6 +4140,8 @@ spec: files: items: properties: + exclude: + type: boolean path: type: string required: @@ -6284,6 +6288,10 @@ spec: type: string insecure: type: boolean + labels: + items: + type: string + type: array owner: type: string repo: @@ -9972,6 +9980,8 @@ spec: files: items: properties: + exclude: + type: boolean path: type: string required: @@ -12118,6 +12128,10 @@ spec: type: string insecure: type: boolean + labels: + items: + type: string + type: array owner: type: string repo: @@ -15243,6 +15257,10 @@ spec: type: string insecure: type: boolean + labels: + items: + type: string + type: array owner: type: string repo: @@ -17716,3 +17734,4 @@ spec: subresources: status: {} {{- end }} + diff --git a/charts/argocd/templates/crds/crd-project.yaml b/charts/argocd/templates/crds/crd-project.yaml index 8ddd7a0b98..7e50234777 100644 --- a/charts/argocd/templates/crds/crd-project.yaml +++ b/charts/argocd/templates/crds/crd-project.yaml @@ -95,6 +95,7 @@ spec: type: array description: description: Description contains optional project description + maxLength: 255 type: string destinationServiceAccounts: description: DestinationServiceAccounts holds information about the @@ -305,6 +306,11 @@ spec: items: type: string type: array + description: + description: Description of the sync that will be applied to + the schedule, can be used to add any information such as a + ticket number for example + type: string duration: description: Duration is the amount of time the sync window will be open @@ -370,3 +376,4 @@ spec: served: true storage: true {{- end }} + diff --git a/charts/argocd/templates/dex/deployment.yaml b/charts/argocd/templates/dex/deployment.yaml index efdefc182b..fe23a763a0 100644 --- a/charts/argocd/templates/dex/deployment.yaml +++ b/charts/argocd/templates/dex/deployment.yaml @@ -12,6 +12,9 @@ metadata: namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.dex.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.dex.deploymentStrategy) }} strategy: diff --git a/charts/argocd/templates/dex/networkpolicy.yaml b/charts/argocd/templates/dex/networkpolicy.yaml index 6d0c978965..68fedb3ba2 100644 --- a/charts/argocd/templates/dex/networkpolicy.yaml +++ b/charts/argocd/templates/dex/networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.global.networkPolicy.create .Values.dex.enabled }} +{{- if and (or .Values.dex.networkPolicy.create .Values.global.networkPolicy.create) .Values.dex.enabled }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argocd/templates/redis/deployment.yaml b/charts/argocd/templates/redis/deployment.yaml index 6558166558..e7c540c9aa 100644 --- a/charts/argocd/templates/redis/deployment.yaml +++ b/charts/argocd/templates/redis/deployment.yaml @@ -13,6 +13,9 @@ metadata: namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.redis.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: 1 revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} diff --git a/charts/argocd/templates/redis/networkpolicy.yaml b/charts/argocd/templates/redis/networkpolicy.yaml index d602a93189..955017fde8 100644 --- a/charts/argocd/templates/redis/networkpolicy.yaml +++ b/charts/argocd/templates/redis/networkpolicy.yaml @@ -1,5 +1,5 @@ {{- $redisHa := (index .Values "redis-ha") -}} -{{- if and .Values.global.networkPolicy.create .Values.redis.enabled (not $redisHa.enabled) }} +{{- if and (or .Values.redis.networkPolicy.create .Values.global.networkPolicy.create) .Values.redis.enabled (not $redisHa.enabled) }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/charts/argocd/values.yaml b/charts/argocd/values.yaml index 86cd1c7545..d361cdf582 100644 --- a/charts/argocd/values.yaml +++ b/charts/argocd/values.yaml @@ -35,7 +35,7 @@ crds: keep: true # -- Annotations to be added to all CRDs annotations: {} - # -- Addtional labels to be added to all CRDs + # -- Additional labels to be added to all CRDs additionalLabels: {} ## Globally shared configuration @@ -79,6 +79,9 @@ global: # -- Annotations for the all deployed Deployments deploymentAnnotations: {} + # -- Labels for the all deployed Deployments + deploymentLabels: {} + # -- Annotations for the all deployed pods podAnnotations: {} @@ -419,6 +422,8 @@ configs: server.enable.gzip: true # -- Enable proxy extension feature. (proxy extension is in Alpha phase) server.enable.proxy.extension: false + # -- Enable the hydrator feature (hydrator is in Alpha phase) + hydrator.enabled: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin @@ -887,6 +892,9 @@ controller: # -- Annotations for the application controller Deployment deploymentAnnotations: {} + # -- Labels for the application controller Deployment + deploymentLabels: {} + # -- Annotations to be added to application controller pods podAnnotations: {} @@ -1082,6 +1090,12 @@ controller: # -- List of custom rules for the application controller's ClusterRole resource rules: [] + # Default application controller's network policy + networkPolicy: + # -- Default network policy rules used by application controller + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## Dex dex: # -- Enable dex @@ -1235,6 +1249,9 @@ dex: # -- Annotations to be added to the Dex server Deployment deploymentAnnotations: {} + # -- Labels for the Dex server Deployment + deploymentLabels: {} + # -- Annotations to be added to the Dex server pods podAnnotations: {} @@ -1378,6 +1395,12 @@ dex: # maxSurge: 25% # maxUnavailable: 25% + # Default Dex server's network policy + networkPolicy: + # -- Default network policy rules used by Dex server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + # DEPRECATED - Use configs.params to override # -- Dex log format. Either `text` or `json` # @default -- `""` (defaults to global.logging.format) @@ -1416,7 +1439,7 @@ redis: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 7.2.8-alpine @@ -1435,7 +1458,7 @@ redis: # -- Repository to use for the redis-exporter repository: ghcr.io/oliver006/redis_exporter # -- Tag to use for the redis-exporter - tag: v1.73.0 + tag: v1.75.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1556,6 +1579,9 @@ redis: # -- Annotations to be added to the Redis server Deployment deploymentAnnotations: {} + # -- Labels for the Redis server Deployment + deploymentLabels: {} + # -- Annotations to be added to the Redis server pods podAnnotations: {} @@ -1695,6 +1721,12 @@ redis: # -- Prometheus ServiceMonitor annotations annotations: {} + # Default redis's network policy + networkPolicy: + # -- Default network policy rules used by redis + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` # Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml redis-ha: @@ -1703,7 +1735,7 @@ redis-ha: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 7.2.8-alpine @@ -1714,7 +1746,7 @@ redis-ha: # -- Repository to use for the redis-exporter image: ghcr.io/oliver006/redis_exporter # -- Tag to use for the redis-exporter - tag: v1.69.0 + tag: v1.75.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false @@ -1735,6 +1767,9 @@ redis-ha: # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. labels: app.kubernetes.io/name: argocd-redis-ha-haproxy + image: + # -- HAProxy Image Repository + repository: ecr-public.aws.com/docker/library/haproxy metrics: # -- HAProxy enable prometheus metric scraping enabled: true @@ -1799,8 +1834,8 @@ externalRedis: password: "" # -- External Redis server port port: 6379 - # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. - # When it's set, the `externalRedis.password` parameter is ignored + # -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. + # When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored existingSecret: "" # -- External Redis Secret annotations secretAnnotations: {} @@ -2088,6 +2123,9 @@ server: # -- Annotations to be added to server Deployment deploymentAnnotations: {} + # -- Labels for the server Deployment + deploymentLabels: {} + # -- Annotations to be added to server pods podAnnotations: {} @@ -2555,6 +2593,12 @@ server: # -- List of custom rules for the server's ClusterRole resource rules: [] + # Default ArgoCD Server's network policy + networkPolicy: + # -- Default network policy rules used by ArgoCD Server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## Repo Server repoServer: # -- Repo server name @@ -2736,6 +2780,9 @@ repoServer: # -- Annotations to be added to repo server Deployment deploymentAnnotations: {} + # -- Labels for the repo server Deployment + deploymentLabels: {} + # -- Annotations to be added to repo server pods podAnnotations: {} @@ -2866,6 +2913,8 @@ repoServer: port: 8081 # -- Repo server service port name portName: tcp-repo-server + # -- Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy. + trafficDistribution: "" ## Repo server metrics service configuration metrics: @@ -2949,6 +2998,12 @@ repoServer: # - list # - watch + # Default repo server's network policy + networkPolicy: + # -- Default network policy rules used by repo server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## ApplicationSet controller applicationSet: # -- ApplicationSet controller name string @@ -3106,6 +3161,9 @@ applicationSet: # -- Annotations to be added to ApplicationSet controller Deployment deploymentAnnotations: {} + # -- Labels for the ApplicationSet controller Deployment + deploymentLabels: {} + # -- Annotations for the ApplicationSet controller pods podAnnotations: {} @@ -3318,6 +3376,13 @@ applicationSet: # - argocd-applicationset.example.com # -- Enable ApplicationSet in any namespace feature allowAnyNamespace: false + + # Default ApplicationSet controller's network policy + networkPolicy: + # -- Default network policy rules used by ApplicationSet controller + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## Notifications controller notifications: # -- Enable notifications controller @@ -3488,6 +3553,9 @@ notifications: # -- Annotations to be applied to the notifications controller Deployment deploymentAnnotations: {} + # -- Labels for the notifications controller Deployment + deploymentLabels: {} + # -- Annotations to be applied to the notifications controller Pods podAnnotations: {} @@ -3884,6 +3952,12 @@ notifications: # defaultTriggers: | # - on-sync-status-unknown + # Default notifications controller's network policy + networkPolicy: + # -- Default network policy rules used by notifications controller + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + commitServer: # -- Enable commit server enabled: false @@ -3952,6 +4026,10 @@ commitServer: annotations: {} # -- commit server service labels labels: {} + # -- commit server service port + port: 8086 + # -- commit server service port name + portName: server # -- Automount API credentials for the Service Account into the pod. automountServiceAccountToken: false @@ -3971,6 +4049,9 @@ commitServer: # -- Annotations to be added to commit server Deployment deploymentAnnotations: {} + # -- Labels for the commit server Deployment + deploymentLabels: {} + # -- Annotations for the commit server pods podAnnotations: {} @@ -4063,3 +4144,9 @@ commitServer: # -- Priority class for the commit server pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + + # Default commit server's network policy + networkPolicy: + # -- Default network policy rules used by commit server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false