From aa4d451f0ecb43714df3f71be9c2b103bac7b2b5 Mon Sep 17 00:00:00 2001
From: bigbang bot <bigbang@p1.dso.mil>
Date: Thu, 30 Mar 2023 20:31:37 +0000
Subject: [PATCH] Update Ironbank
---
CHANGELOG.md | 5 +
README.md | 90 +++---
chart/Chart.yaml | 12 +-
chart/Kptfile | 4 +-
chart/README.md | 121 ++++----
chart/README.md.gotmpl | 7 +-
chart/deps/argocd-apps/Kptfile | 4 +-
chart/templates/_common.tpl | 15 +-
chart/templates/_helpers.tpl | 16 +-
.../statefulset.yaml | 26 +-
.../argocd-applicationset/deployment.yaml | 31 +-
.../argocd-configs/argocd-cmp-cm.yaml | 24 ++
.../argocd-configs/cluster-secrets.yaml | 3 +
.../argocd-notifications/deployment.yaml | 27 +-
.../argocd-repo-server/deployment.yaml | 27 +-
chart/templates/argocd-server/deployment.yaml | 26 +-
chart/templates/argocd-server/role.yaml | 8 +
chart/templates/dex/deployment.yaml | 28 +-
chart/templates/redis/deployment.yaml | 23 +-
chart/values.yaml | 287 +++++++++++++-----
20 files changed, 513 insertions(+), 271 deletions(-)
create mode 100644 chart/templates/argocd-configs/argocd-cmp-cm.yaml
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d0659484..7b9633b4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,11 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
+## [5.27.1-bb.0] - 2023-03-22
+### Updated
+- Updated to Argo 2.6.6
+- Updated to dex 2.36.0
+
## [5.22.1-bb.2] - 2023-03-14
### Updated
- Updates Kpt file for `argocd-apps` to match 0.x.x format
diff --git a/README.md b/README.md
index d6134961..d241ae9a 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# argocd
- 
+ 
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
@@ -97,9 +97,13 @@ helm install argocd chart/
| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components |
| global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic |
-| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `soft` or `hard` |
-| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `soft` or `hard` |
+| global.priorityClassName | string | `""` | Default priority class for all components |
+| global.nodeSelector | object | `{}` | Default node selector for all components |
+| global.tolerations | object | `{}` | Default tolerations for all components |
+| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` |
+| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` |
| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity |
+| global.topologySpreadConstraints | list | `[]` | Default [TopologySpreadConstraints] rules for all components # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector of the component |
| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] |
| configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap |
| configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO |
@@ -137,7 +141,10 @@ helm install argocd chart/
| configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories |
| configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap |
| configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories |
-| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] # Ref: # - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters # - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials |
+| configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap |
+| configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap |
+| configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm |
+| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] # Ref: # - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters # - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials # - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters |
| configs.credentialTemplates | object | `{}` | Repository credentials to be used as Templates for other repos # Creates a secret for each key/value specified below to create repository credentials |
| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret |
| configs.repositories | object | `{}` | Repositories list to be used by applications # Creates a secret for each key/value specified below to create repositories # Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredentials". |
@@ -161,7 +168,7 @@ helm install argocd chart/
| controller.pdb.labels | object | `{}` | Labels to be added to application controller pdb |
| controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb |
| controller.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
-| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). # Has higher precedence over `controller.pdb.minAvailable` |
+| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). # Has higher precedence over `controller.pdb.minAvailable` |
| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller |
| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller |
| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller |
@@ -188,11 +195,11 @@ helm install argocd chart/
| controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| controller.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
-| controller.nodeSelector | object | `{}` | [Node selector] |
-| controller.tolerations | list | `[]` | [Tolerations] for use with node taints |
+| controller.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the application controller pods |
+| controller.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
+| controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
-| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the application controller # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
-| controller.priorityClassName | string | `""` | Priority class for the application controller pods |
+| controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
| controller.serviceAccount.create | bool | `true` | Create a service account for the application controller |
| controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name |
| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
@@ -216,6 +223,10 @@ helm install argocd chart/
| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
| controller.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the application controller |
+| controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace |
+| controller.metrics.rules.selector | object | `{}` | PrometheusRule selector |
+| controller.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels |
+| controller.metrics.rules.annotations | object | `{}` | PrometheusRule annotations |
| controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller |
| controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource |
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
@@ -242,7 +253,7 @@ helm install argocd chart/
| dex.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
| dex.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). # Has higher precedence over `dex.pdb.minAvailable` |
| dex.image.repository | string | `"registry1.dso.mil/ironbank/opensource/dexidp/dex"` | Dex image repository |
-| dex.image.tag | string | `"v2.35.3"` | Dex image tag |
+| dex.image.tag | string | `"v2.36.0"` | Dex image tag |
| dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy |
| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| dex.initImage.repository | string | `""` (defaults to global.image.repository) | Argo CD init image repository |
@@ -291,11 +302,11 @@ helm install argocd chart/
| dex.servicePortGrpc | int | `5557` | Service port for gRPC access |
| dex.servicePortGrpcName | string | `"grpc"` | Service port name for gRPC access |
| dex.servicePortMetrics | int | `5558` | Service port for metrics access |
-| dex.nodeSelector | object | `{}` | [Node selector] |
-| dex.tolerations | list | `[]` | [Tolerations] for use with node taints |
+| dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods |
+| dex.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
+| dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
-| dex.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to dex # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
-| dex.priorityClassName | string | `""` | Priority class for dex |
+| dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
| redis.externalEndpoint | string | `""` | Endpoint URL for external Redis For use with BigBang passthrough |
| redis.enabled | bool | `true` | Enable redis |
| redis.name | string | `"redis"` | Redis name |
@@ -308,6 +319,7 @@ helm install argocd chart/
| redis.image.tag | string | `"7.0.5"` | Redis tag |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
+| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter |
| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis.exporter.image.tag | string | `"1.45.0"` | Tag to use for the redis-exporter |
| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
@@ -332,11 +344,11 @@ helm install argocd chart/
| redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods |
| redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context |
| redis.servicePort | int | `6379` | Redis service port |
-| redis.nodeSelector | object | `{}` | [Node selector] |
-| redis.tolerations | list | `[]` | [Tolerations] for use with node taints |
+| redis.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for redis pods |
+| redis.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
+| redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
-| redis.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to redis # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
-| redis.priorityClassName | string | `""` | Priority class for redis |
+| redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
| redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod |
| redis.serviceAccount.name | string | `""` | Service account name for redis pod |
| redis.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
@@ -379,7 +391,7 @@ helm install argocd chart/
| server.pdb.labels | object | `{}` | Labels to be added to Argo CD server pdb |
| server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb |
| server.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
-| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). # Has higher precedence over `server.pdb.minAvailable` |
+| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). # Has higher precedence over `server.pdb.minAvailable` |
| server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server |
| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server |
| server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server |
@@ -403,7 +415,7 @@ helm install argocd chart/
| server.podLabels | object | `{}` | Labels to be added to server pods |
| server.resources | object | `{"limits":{"cpu":"20m","memory":"128Mi"},"requests":{"cpu":"20m","memory":"128Mi"}}` | Resource limits and requests for the Argo CD server |
| server.containerPorts.server | int | `8080` | Server container port |
-| server.containerPorts.metrics | int | `8082` | Metrics container port |
+| server.containerPorts.metrics | int | `8083` | Metrics container port |
| server.hostNetwork | bool | `false` | Host Network for Server pods |
| server.dnsConfig | object | `{}` | [DNS configuration] |
| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods |
@@ -418,11 +430,11 @@ helm install argocd chart/
| server.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| server.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| server.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
-| server.nodeSelector | object | `{}` | [Node selector] |
-| server.tolerations | list | `[]` | [Tolerations] for use with node taints |
+| server.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the Argo CD server pods |
+| server.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
+| server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
-| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the Argo CD server # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
-| server.priorityClassName | string | `""` | Priority class for the Argo CD server |
+| server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
| server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
@@ -431,7 +443,7 @@ helm install argocd chart/
| server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. # Ref: https://cert-manager.io/docs/usage/certificate/#renewal |
| server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
| server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
-| server.certificate.issuer.name | string | `""` | Certificate isser name. Eg. `letsencrypt` |
+| server.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` |
| server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
| server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` |
| server.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` |
@@ -521,7 +533,7 @@ helm install argocd chart/
| repoServer.pdb.labels | object | `{}` | Labels to be added to repo server pdb |
| repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb |
| repoServer.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
-| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). # Has higher precedence over `repoServer.pdb.minAvailable` |
+| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). # Has higher precedence over `repoServer.pdb.minAvailable` |
| repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server |
| repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server |
| repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server |
@@ -553,11 +565,11 @@ helm install argocd chart/
| repoServer.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| repoServer.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| repoServer.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
-| repoServer.nodeSelector | object | `{}` | [Node selector] |
-| repoServer.tolerations | list | `[]` | [Tolerations] for use with node taints |
+| repoServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
+| repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
-| repoServer.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the repo server # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
-| repoServer.priorityClassName | string | `""` | Priority class for the repo server |
+| repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
+| repoServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the repo server pods |
| repoServer.certificateSecret.enabled | bool | `false` | Create argocd-repo-server-tls secret |
| repoServer.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-repo-server-tls secret |
| repoServer.certificateSecret.labels | object | `{}` | Labels to be added to argocd-repo-server-tls secret |
@@ -598,7 +610,7 @@ helm install argocd chart/
| applicationSet.pdb.labels | object | `{}` | Labels to be added to ApplicationSet controller pdb |
| applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb |
| applicationSet.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
-| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). # Has higher precedence over `applicationSet.pdb.minAvailable` |
+| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). # Has higher precedence over `applicationSet.pdb.minAvailable` |
| applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller |
| applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller |
| applicationSet.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the ApplicationSet controller |
@@ -657,10 +669,11 @@ helm install argocd chart/
| applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| applicationSet.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
-| applicationSet.nodeSelector | object | `{}` | [Node selector] |
-| applicationSet.tolerations | list | `[]` | [Tolerations] for use with node taints |
+| applicationSet.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
+| applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
-| applicationSet.priorityClassName | string | `""` | If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. |
+| applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
+| applicationSet.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the ApplicationSet controller pods |
| applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks |
| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations |
| applicationSet.webhook.ingress.labels | object | `{}` | Additional ingress labels |
@@ -677,7 +690,7 @@ helm install argocd chart/
| notifications.pdb.labels | object | `{}` | Labels to be added to notifications controller pdb |
| notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb |
| notifications.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
-| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). # Has higher precedence over `notifications.pdb.minAvailable` |
+| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). # Has higher precedence over `notifications.pdb.minAvailable` |
| notifications.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the notifications controller |
| notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller |
| notifications.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the notifications controller |
@@ -717,10 +730,11 @@ helm install argocd chart/
| notifications.dnsConfig | object | `{}` | [DNS configuration] |
| notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods |
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
-| notifications.nodeSelector | object | `{}` | [Node selector] |
-| notifications.tolerations | list | `[]` | [Tolerations] for use with node taints |
+| notifications.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
+| notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
-| notifications.priorityClassName | string | `""` | Priority class for the notifications controller pods |
+| notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment |
+| notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods |
| notifications.serviceAccount.create | bool | `true` | Create notifications controller service account |
| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name |
| notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index c078fe2e..1465975c 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,9 +1,9 @@
apiVersion: v2
-appVersion: v2.6.1
+appVersion: v2.6.6
kubeVersion: ">=1.22.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argocd
-version: 5.22.1-bb.2
+version: 5.27.1-bb.0
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
@@ -30,19 +30,19 @@ dependencies:
repository: "file://./deps/argocd-apps"
annotations:
bigbang.dev/applicationVersions: |
- - Argocd: v2.6.1
+ - Argocd: v2.6.6
helm.sh/images: |
- name: argocd
- image: registry1.dso.mil/ironbank/big-bang/argocd:v2.6.1
+ image: registry1.dso.mil/ironbank/big-bang/argocd:v2.6.6
- name: base
condition: upgradeJob.enabled
image: registry1.dso.mil/ironbank/big-bang/base:2.0.0
- name: dex
condition: dex.enabled
- image: registry1.dso.mil/ironbank/opensource/dexidp/dex:v2.35.3
+ image: registry1.dso.mil/ironbank/opensource/dexidp/dex:v2.36.0
- name: redis
condition: redis-bb.enabled
image: registry1.dso.mil/ironbank/bitnami/redis:7.0.0-debian-10-r3
artifacthub.io/changes: |
- kind: changed
- description: Grouped component templates together
+ description: Upgrade Argo CD to v2.6.6
diff --git a/chart/Kptfile b/chart/Kptfile
index 48a5dbb7..73f8ddee 100644
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
- commit: 63b741ed580be65282a957855787f94ffc00b3b1
+ commit: 2563d1e6f94e7102fb403bfa1ca6ece9ca39e3c3
repo: https://github.com/argoproj/argo-helm
directory: /charts/argo-cd
- ref: argo-cd-5.22.1
+ ref: argo-cd-5.27.1
diff --git a/chart/README.md b/chart/README.md
index 8413f5c3..ecbda513 100644
--- a/chart/README.md
+++ b/chart/README.md
@@ -105,7 +105,12 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
-### 5.21.0
+### 5.24.0
+
+This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
+Default `global.affinity` rules can be disabled when `none` value is used for the preset.
+
+### 5.22.0
This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
@@ -386,8 +391,8 @@ NAME: my-release
|-----|------|---------|-------------|
| global.additionalLabels | object | `{}` | Common labels for the all resources |
| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity |
-| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `soft` or `hard` |
-| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `soft` or `hard` |
+| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` |
+| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` |
| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments |
@@ -398,11 +403,15 @@ NAME: my-release
| global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` |
| global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components |
| global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic |
+| global.nodeSelector | object | `{}` | Default node selector for all components |
| global.podAnnotations | object | `{}` | Annotations for the all deployed pods |
| global.podLabels | object | `{}` | Labels for the all deployed pods |
+| global.priorityClassName | string | `""` | Default priority class for all components |
| global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. |
| global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. |
| global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets |
+| global.tolerations | object | `{}` | Default tolerations for all components |
+| global.topologySpreadConstraints | list | `[]` | Default [TopologySpreadConstraints] rules for all components |
## Argo CD Configs
@@ -418,6 +427,9 @@ NAME: my-release
| configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap |
| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] |
| configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO |
+| configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap |
+| configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap |
+| configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm |
| configs.credentialTemplates | object | `{}` | Repository credentials to be used as Templates for other repos |
| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret |
| configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap |
@@ -488,7 +500,11 @@ NAME: my-release
| controller.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric |
| controller.metrics.applicationLabels.labels | list | `[]` | Additional labels |
| controller.metrics.enabled | bool | `false` | Deploy metrics service |
+| controller.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels |
+| controller.metrics.rules.annotations | object | `{}` | PrometheusRule annotations |
| controller.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the application controller |
+| controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace |
+| controller.metrics.rules.selector | object | `{}` | PrometheusRule selector |
| controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller |
| controller.metrics.service.annotations | object | `{}` | Metrics service annotations |
| controller.metrics.service.labels | object | `{}` | Metrics service labels |
@@ -505,15 +521,15 @@ NAME: my-release
| controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| controller.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| controller.name | string | `"application-controller"` | Application controller name string |
-| controller.nodeSelector | object | `{}` | [Node selector] |
+| controller.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
| controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb |
| controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller |
| controller.pdb.labels | object | `{}` | Labels to be added to application controller pdb |
-| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
| controller.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
| controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods |
| controller.podLabels | object | `{}` | Labels to be added to application controller pods |
-| controller.priorityClassName | string | `""` | Priority class for the application controller pods |
+| controller.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the application controller pods |
| controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| controller.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
@@ -527,8 +543,8 @@ NAME: my-release
| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name |
| controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet |
-| controller.tolerations | list | `[]` | [Tolerations] for use with node taints |
-| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the application controller |
+| controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
+| controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller |
| controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container |
| controller.volumes | list | `[]` | Additional volumes to the application controller pod |
@@ -588,15 +604,15 @@ NAME: my-release
| repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| repoServer.name | string | `"repo-server"` | Repo server name |
-| repoServer.nodeSelector | object | `{}` | [Node selector] |
+| repoServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
| repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb |
| repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server |
| repoServer.pdb.labels | object | `{}` | Labels to be added to repo server pdb |
-| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
| repoServer.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
| repoServer.podAnnotations | object | `{}` | Annotations to be added to repo server pods |
| repoServer.podLabels | object | `{}` | Labels to be added to repo server pods |
-| repoServer.priorityClassName | string | `""` | Priority class for the repo server |
+| repoServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the repo server pods |
| repoServer.rbac | list | `[]` | Repo server rbac rules |
| repoServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| repoServer.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
@@ -614,8 +630,8 @@ NAME: my-release
| repoServer.serviceAccount.create | bool | `true` | Create repo server service account |
| repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| repoServer.serviceAccount.name | string | `""` | Repo server service account name |
-| repoServer.tolerations | list | `[]` | [Tolerations] for use with node taints |
-| repoServer.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the repo server |
+| repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
+| repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server |
| repoServer.volumeMounts | list | `[]` | Additional volumeMounts to the repo server main container |
| repoServer.volumes | list | `[]` | Additional volumes to the repo server pod |
@@ -642,7 +658,7 @@ NAME: my-release
| server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
| server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
| server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
-| server.certificate.issuer.name | string | `""` | Certificate isser name. Eg. `letsencrypt` |
+| server.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` |
| server.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` |
| server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` |
| server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
@@ -654,7 +670,7 @@ NAME: my-release
| server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret |
| server.certificateSecret.key | string | `""` | Private Key of the certificate |
| server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret |
-| server.containerPorts.metrics | int | `8082` | Metrics container port |
+| server.containerPorts.metrics | int | `8083` | Metrics container port |
| server.containerPorts.server | int | `8080` | Server container port |
| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context |
| server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment |
@@ -721,15 +737,15 @@ NAME: my-release
| server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| server.name | string | `"server"` | Argo CD server name |
-| server.nodeSelector | object | `{}` | [Node selector] |
+| server.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
| server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb |
| server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server |
| server.pdb.labels | object | `{}` | Labels to be added to Argo CD server pdb |
-| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
| server.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
| server.podAnnotations | object | `{}` | Annotations to be added to server pods |
| server.podLabels | object | `{}` | Labels to be added to server pods |
-| server.priorityClassName | string | `""` | Priority class for the Argo CD server |
+| server.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the Argo CD server pods |
| server.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| server.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
| server.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
@@ -761,8 +777,8 @@ NAME: my-release
| server.serviceAccount.create | bool | `true` | Create server service account |
| server.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| server.serviceAccount.name | string | `"argocd-server"` | Server service account name |
-| server.tolerations | list | `[]` | [Tolerations] for use with node taints |
-| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the Argo CD server |
+| server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
+| server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server |
| server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container |
| server.volumes | list | `[]` | Additional volumes to the server pod |
@@ -813,7 +829,7 @@ server:
| dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod |
| dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy |
| dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository |
-| dex.image.tag | string | `"v2.35.3"` | Dex image tag |
+| dex.image.tag | string | `"v2.36.0"` | Dex image tag |
| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| dex.initContainers | list | `[]` | Init containers to add to the dex pod |
| dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy |
@@ -840,7 +856,7 @@ server:
| dex.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| dex.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| dex.name | string | `"dex-server"` | Dex name |
-| dex.nodeSelector | object | `{}` | [Node selector] |
+| dex.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
| dex.pdb.annotations | object | `{}` | Annotations to be added to Dex server pdb |
| dex.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Dex server |
| dex.pdb.labels | object | `{}` | Labels to be added to Dex server pdb |
@@ -848,7 +864,7 @@ server:
| dex.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
| dex.podAnnotations | object | `{}` | Annotations to be added to the Dex server pods |
| dex.podLabels | object | `{}` | Labels to be added to the Dex server pods |
-| dex.priorityClassName | string | `""` | Priority class for dex |
+| dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods |
| dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 |
| dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
@@ -865,8 +881,8 @@ server:
| dex.servicePortHttp | int | `5556` | Service port for HTTP access |
| dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access |
| dex.servicePortMetrics | int | `5558` | Service port for metrics access |
-| dex.tolerations | list | `[]` | [Tolerations] for use with node taints |
-| dex.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to dex |
+| dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
+| dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex |
| dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container |
| dex.volumes | list | `[]` | Additional volumes to the dex pod |
@@ -888,6 +904,7 @@ server:
| redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server |
| redis.exporter.containerSecurityContext | object | See [values.yaml] | Redis exporter security context |
| redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
+| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter |
| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis.exporter.image.tag | string | `"1.45.0"` | Tag to use for the redis-exporter |
@@ -917,7 +934,7 @@ server:
| redis.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| redis.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| redis.name | string | `"redis"` | Redis name |
-| redis.nodeSelector | object | `{}` | [Node selector] |
+| redis.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
| redis.pdb.annotations | object | `{}` | Annotations to be added to Redis pdb |
| redis.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Redis |
| redis.pdb.labels | object | `{}` | Labels to be added to Redis pdb |
@@ -925,7 +942,7 @@ server:
| redis.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
| redis.podAnnotations | object | `{}` | Annotations to be added to the Redis server pods |
| redis.podLabels | object | `{}` | Labels to be added to the Redis server pods |
-| redis.priorityClassName | string | `""` | Priority class for redis |
+| redis.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for redis pods |
| redis.resources | object | `{}` | Resource limits and requests for redis |
| redis.securityContext | object | See [values.yaml] | Redis pod-level security context |
| redis.service.annotations | object | `{}` | Redis service annotations |
@@ -935,8 +952,8 @@ server:
| redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod |
| redis.serviceAccount.name | string | `""` | Service account name for redis pod |
| redis.servicePort | int | `6379` | Redis service port |
-| redis.tolerations | list | `[]` | [Tolerations] for use with node taints |
-| redis.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to redis |
+| redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
+| redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis |
| redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container |
| redis.volumes | list | `[]` | Additional volumes to the redis pod |
@@ -955,7 +972,7 @@ The main options are listed here:
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag |
-| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes |
+| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
| redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated |
@@ -1029,15 +1046,15 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string |
-| applicationSet.nodeSelector | object | `{}` | [Node selector] |
+| applicationSet.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
| applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb |
| applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller |
| applicationSet.pdb.labels | object | `{}` | Labels to be added to ApplicationSet controller pdb |
-| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
| applicationSet.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
| applicationSet.podAnnotations | object | `{}` | Annotations for the ApplicationSet controller pods |
| applicationSet.podLabels | object | `{}` | Labels for the ApplicationSet controller pods |
-| applicationSet.priorityClassName | string | `""` | If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default. |
+| applicationSet.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the ApplicationSet controller pods |
| applicationSet.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller |
| applicationSet.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| applicationSet.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
@@ -1055,7 +1072,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account |
| applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name |
-| applicationSet.tolerations | list | `[]` | [Tolerations] for use with node taints |
+| applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
+| applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller |
| applicationSet.webhook.ingress.annotations | object | `{}` | Additional ingress annotations |
| applicationSet.webhook.ingress.enabled | bool | `false` | Enable an ingress resource for Webhooks |
| applicationSet.webhook.ingress.extraPaths | list | `[]` | Additional ingress paths |
@@ -1072,32 +1090,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|-----|------|---------|-------------|
| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
-| notifications.bots.slack.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
-| notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context |
-| notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] |
-| notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods |
-| notifications.bots.slack.enabled | bool | `false` | Enable slack bot |
-| notifications.bots.slack.extraArgs | list | `[]` | List of extra cli args to add for Slack bot |
-| notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot |
-| notifications.bots.slack.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Slack bot |
-| notifications.bots.slack.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Slack bot |
-| notifications.bots.slack.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
-| notifications.bots.slack.logFormat | string | `""` (defaults to global.logging.format) | Slack bot log format. Either `text` or `json` |
-| notifications.bots.slack.logLevel | string | `""` (defaults to global.logging.level) | Slack bot log level. One of: `debug`, `info`, `warn`, `error` |
-| notifications.bots.slack.nodeSelector | object | `{}` | [Node selector] |
-| notifications.bots.slack.pdb.annotations | object | `{}` | Annotations to be added to Slack bot pdb |
-| notifications.bots.slack.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Slack bot |
-| notifications.bots.slack.pdb.labels | object | `{}` | Labels to be added to Slack bot pdb |
-| notifications.bots.slack.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
-| notifications.bots.slack.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
-| notifications.bots.slack.resources | object | `{}` | Resource limits and requests for the Slack bot |
-| notifications.bots.slack.service.annotations | object | `{}` | Service annotations for Slack bot |
-| notifications.bots.slack.service.port | int | `80` | Service port for Slack bot |
-| notifications.bots.slack.service.type | string | `"LoadBalancer"` | Service type for Slack bot |
-| notifications.bots.slack.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
-| notifications.bots.slack.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
-| notifications.bots.slack.serviceAccount.name | string | `"argocd-notifications-bot"` | The name of the service account to use. |
-| notifications.bots.slack.tolerations | list | `[]` | [Tolerations] for use with node taints |
| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
| notifications.containerPorts.metrics | int | `9001` | Metrics container port |
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
@@ -1133,16 +1125,16 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
| notifications.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
| notifications.name | string | `"notifications-controller"` | Notifications controller name string |
-| notifications.nodeSelector | object | `{}` | [Node selector] |
+| notifications.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
| notifications.notifiers | object | See [values.yaml] | Configures notification services such as slack, email or custom webhook |
| notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb |
| notifications.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the notifications controller |
| notifications.pdb.labels | object | `{}` | Labels to be added to notifications controller pdb |
-| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
| notifications.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
| notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods |
| notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods |
-| notifications.priorityClassName | string | `""` | Priority class for the notifications controller pods |
+| notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods |
| notifications.resources | object | `{}` | Resource limits and requests for the notifications controller |
| notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret |
| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret |
@@ -1154,7 +1146,8 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name |
| notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions |
| notifications.templates | object | `{}` | The notification template is used to generate the notification content |
-| notifications.tolerations | list | `[]` | [Tolerations] for use with node taints |
+| notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
+| notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller |
| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
----------------------------------------------
diff --git a/chart/README.md.gotmpl b/chart/README.md.gotmpl
index f450e0e7..945bab72 100644
--- a/chart/README.md.gotmpl
+++ b/chart/README.md.gotmpl
@@ -104,7 +104,12 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
-### 5.21.0
+### 5.24.0
+
+This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
+Default `global.affinity` rules can be disabled when `none` value is used for the preset.
+
+### 5.22.0
This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
diff --git a/chart/deps/argocd-apps/Kptfile b/chart/deps/argocd-apps/Kptfile
index 54d7df1c..6160e72a 100644
--- a/chart/deps/argocd-apps/Kptfile
+++ b/chart/deps/argocd-apps/Kptfile
@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
- commit: 037d3a9e769749ac49d3d6e7dac5417fd673ac7f
+ commit: 2563d1e6f94e7102fb403bfa1ca6ece9ca39e3c3
repo: https://github.com/argoproj/argo-helm
directory: /charts/argocd-apps
- ref: argo-cd-5.26.0
\ No newline at end of file
+ ref: argo-cd-5.27.1
diff --git a/chart/templates/_common.tpl b/chart/templates/_common.tpl
index 2ba53d8c..dd43d0d5 100644
--- a/chart/templates/_common.tpl
+++ b/chart/templates/_common.tpl
@@ -78,16 +78,18 @@ Node affinity
{{- toYaml . -}}
{{- else -}}
{{- $preset := .context.Values.global.affinity -}}
+{{- if (eq $preset.podAntiAffinity "soft") }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- {{- if (eq $preset.podAntiAffinity "soft") }}
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
topologyKey: kubernetes.io/hostname
- {{- else }}
+{{- else if (eq $preset.podAntiAffinity "hard") }}
+podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
@@ -99,21 +101,22 @@ podAntiAffinity:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
topologyKey: kubernetes.io/hostname
- {{- end }}
+{{- end }}
{{- with $preset.nodeAffinity.matchExpressions }}
+{{- if (eq $preset.nodeAffinity.type "soft") }}
nodeAffinity:
- {{- if (eq $preset.nodeAffinity.type "soft") }}
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
{{- toYaml . | nindent 6 }}
- {{- else }}
+{{- else if (eq $preset.nodeAffinity.type "hard") }}
+nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
{{- toYaml . | nindent 6 }}
- {{- end }}
+{{- end }}
{{- end -}}
{{- end -}}
{{- end -}}
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
index 4589b735..02372139 100644
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -155,17 +155,6 @@ Create the name of the notifications service account to use
{{- end -}}
{{- end -}}
-{{/*
-Create the name of the notifications bots slack service account to use
-*/}}
-{{- define "argo-cd.notificationsBotsSlackServiceAccountName" -}}
-{{- if .Values.notifications.bots.slack.serviceAccount.create -}}
- {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.bots.slack.serviceAccount.name }}
-{{- else -}}
- {{ default "default" .Values.notifications.bots.slack.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
{{/*
Argo Configuration Preset Values (Incluenced by Values configuration)
*/}}
@@ -182,7 +171,10 @@ Merge Argo Configuration with Preset Configuration
{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}}
{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
{{- range $key, $value := mergeOverwrite $preset $config }}
-{{ $key }}: {{ toString $value | toYaml }}
+{{- $fmted := $value | toString }}
+{{- if not (eq $fmted "") }}
+{{ $key }}: {{ $fmted | toYaml }}
+{{- end }}
{{- end }}
{{- end -}}
diff --git a/chart/templates/argocd-application-controller/statefulset.yaml b/chart/templates/argocd-application-controller/statefulset.yaml
index 0a161362..ad8cbc1b 100644
--- a/chart/templates/argocd-application-controller/statefulset.yaml
+++ b/chart/templates/argocd-application-controller/statefulset.yaml
@@ -37,10 +37,18 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.global.hostAliases }}
+ hostAliases:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
+ serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }}
containers:
- command:
- argocd-application-controller
@@ -264,17 +272,19 @@ spec:
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
+ {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
affinity:
- {{- include "argo-cd.affinity" (dict "context" . "component" .Values.controller) | nindent 8 }}
- {{- with .Values.controller.nodeSelector }}
+ {{- trim . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.controller.tolerations }}
+ {{- with .Values.controller.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.controller.topologySpreadConstraints }}
+ {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
@@ -285,11 +295,6 @@ spec:
{{- end }}
{{- end }}
{{- end }}
- serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }}
- {{- with .Values.global.hostAliases }}
- hostAliases:
- {{- toYaml . | nindent 6 }}
- {{- end }}
volumes:
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
@@ -307,9 +312,6 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
- {{- with .Values.controller.priorityClassName }}
- priorityClassName: {{ . }}
- {{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- with .Values.controller.dnsConfig }}
dnsConfig:
diff --git a/chart/templates/argocd-applicationset/deployment.yaml b/chart/templates/argocd-applicationset/deployment.yaml
index 462ebcba..6d8e5460 100644
--- a/chart/templates/argocd-applicationset/deployment.yaml
+++ b/chart/templates/argocd-applicationset/deployment.yaml
@@ -35,15 +35,18 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.global.hostAliases }}
+ hostAliases:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
- serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
- {{- with .Values.global.hostAliases }}
- hostAliases:
- {{- toYaml . | nindent 6 }}
+ {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }}
+ priorityClassName: {{ . }}
{{- end }}
+ serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
containers:
- name: {{ .Values.applicationSet.name }}
image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}
@@ -198,18 +201,28 @@ spec:
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
+ {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) }}
affinity:
- {{- include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) | nindent 8 }}
- {{- with .Values.applicationSet.nodeSelector }}
+ {{- trim . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.applicationSet.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.applicationSet.tolerations }}
+ {{- with .Values.applicationSet.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.applicationSet.priorityClassName }}
- priorityClassName: {{ . }}
+ {{- with .Values.applicationSet.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- range $constraint := . }}
+ - {{ toYaml $constraint | nindent 8 | trim }}
+ {{- if not $constraint.labelSelector }}
+ labelSelector:
+ matchLabels:
+ {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.applicationSet.name) | nindent 12 }}
+ {{- end }}
+ {{- end }}
{{- end }}
volumes:
{{- with .Values.applicationSet.extraVolumes }}
diff --git a/chart/templates/argocd-configs/argocd-cmp-cm.yaml b/chart/templates/argocd-configs/argocd-cmp-cm.yaml
new file mode 100644
index 00000000..39a6db6b
--- /dev/null
+++ b/chart/templates/argocd-configs/argocd-cmp-cm.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.configs.cmp.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: argocd-cmp-cm
+ labels:
+ {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }}
+ {{- with .Values.configs.cmp.annotations }}
+ annotations:
+ {{- range $key, $value := . }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+data:
+ {{- range $cmp_plugin, $cmp_plugin_config := .Values.configs.cmp.plugins }}
+ {{ $cmp_plugin }}.yaml: |
+ apiVersion: argoproj.io/v1alpha1
+ kind: ConfigManagementPlugin
+ metadata:
+ name: {{ $cmp_plugin }}
+ spec:
+ {{- toYaml $cmp_plugin_config | nindent 6 }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/argocd-configs/cluster-secrets.yaml b/chart/templates/argocd-configs/cluster-secrets.yaml
index aba14db7..c1aaa531 100644
--- a/chart/templates/argocd-configs/cluster-secrets.yaml
+++ b/chart/templates/argocd-configs/cluster-secrets.yaml
@@ -26,6 +26,9 @@ stringData:
clusterResources: {{ .clusterResources | quote }}
{{- end }}
{{- end }}
+ {{- if .project }}
+ project: {{ .project | quote }}
+ {{- end }}
config: |
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }}
{{- end }}
diff --git a/chart/templates/argocd-notifications/deployment.yaml b/chart/templates/argocd-notifications/deployment.yaml
index 5efc0965..45ba1de0 100644
--- a/chart/templates/argocd-notifications/deployment.yaml
+++ b/chart/templates/argocd-notifications/deployment.yaml
@@ -37,10 +37,17 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.global.hostAliases }}
+ hostAliases:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }}
containers:
- name: {{ .Values.notifications.name }}
@@ -88,18 +95,28 @@ spec:
initContainers:
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
+ {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) }}
affinity:
- {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) | nindent 8 }}
- {{- with .Values.notifications.nodeSelector }}
+ {{- trim . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.notifications.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.notifications.tolerations }}
+ {{- with .Values.notifications.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.notifications.priorityClassName }}
- priorityClassName: {{ . }}
+ {{- with .Values.notifications.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- range $constraint := . }}
+ - {{ toYaml $constraint | nindent 8 | trim }}
+ {{- if not $constraint.labelSelector }}
+ labelSelector:
+ matchLabels:
+ {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.notifications.name) | nindent 12 }}
+ {{- end }}
+ {{- end }}
{{- end }}
volumes:
{{- with .Values.notifications.extraVolumes }}
diff --git a/chart/templates/argocd-repo-server/deployment.yaml b/chart/templates/argocd-repo-server/deployment.yaml
index f9de2db1..c027f91e 100755
--- a/chart/templates/argocd-repo-server/deployment.yaml
+++ b/chart/templates/argocd-repo-server/deployment.yaml
@@ -41,11 +41,18 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
- automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }}
+ {{- with .Values.global.hostAliases }}
+ hostAliases:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
+ serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }}
containers:
- name: {{ .Values.repoServer.name }}
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
@@ -309,17 +316,19 @@ spec:
{{- with .Values.repoServer.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
+ {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) }}
affinity:
- {{- include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) | nindent 8 }}
- {{- with .Values.repoServer.nodeSelector }}
+ {{- trim . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.repoServer.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.repoServer.tolerations }}
+ {{- with .Values.repoServer.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.repoServer.topologySpreadConstraints }}
+ {{- with .Values.repoServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
@@ -330,11 +339,6 @@ spec:
{{- end }}
{{- end }}
{{- end }}
- serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }}
- {{- with .Values.global.hostAliases }}
- hostAliases:
- {{- toYaml . | nindent 6 }}
- {{- end }}
volumes:
{{- with .Values.repoServer.volumes }}
{{- toYaml . | nindent 6 }}
@@ -369,9 +373,6 @@ spec:
path: tls.key
- key: ca.crt
path: ca.crt
- {{- with .Values.repoServer.priorityClassName }}
- priorityClassName: {{ . }}
- {{- end }}
hostNetwork: {{ .Values.repoServer.hostNetwork }}
{{- with .Values.repoServer.dnsConfig }}
dnsConfig:
diff --git a/chart/templates/argocd-server/deployment.yaml b/chart/templates/argocd-server/deployment.yaml
index e941aba4..8e3eec13 100755
--- a/chart/templates/argocd-server/deployment.yaml
+++ b/chart/templates/argocd-server/deployment.yaml
@@ -38,10 +38,18 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.global.hostAliases }}
+ hostAliases:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
+ serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }}
containers:
- name: {{ .Values.server.name }}
image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }}
@@ -360,17 +368,19 @@ spec:
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
+ {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }}
affinity:
- {{- include "argo-cd.affinity" (dict "context" . "component" .Values.server) | nindent 8 }}
- {{- with .Values.server.nodeSelector }}
+ {{- trim . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.server.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.server.tolerations }}
+ {{- with .Values.server.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.server.topologySpreadConstraints }}
+ {{- with .Values.server.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
@@ -381,11 +391,6 @@ spec:
{{- end }}
{{- end }}
{{- end }}
- serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }}
- {{- with .Values.global.hostAliases }}
- hostAliases:
- {{- toYaml . | nindent 6 }}
- {{- end }}
volumes:
{{- with .Values.server.volumes }}
{{- toYaml . | nindent 6}}
@@ -428,9 +433,6 @@ spec:
path: tls.crt
- key: ca.crt
path: ca.crt
- {{- with .Values.server.priorityClassName }}
- priorityClassName: {{ . }}
- {{- end }}
hostNetwork: {{ .Values.server.hostNetwork }}
{{- with .Values.server.dnsConfig }}
dnsConfig:
diff --git a/chart/templates/argocd-server/role.yaml b/chart/templates/argocd-server/role.yaml
index f4c5d533..16164a9a 100644
--- a/chart/templates/argocd-server/role.yaml
+++ b/chart/templates/argocd-server/role.yaml
@@ -42,3 +42,11 @@ rules:
verbs:
- create
- list
+{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
+- apiGroups:
+ - ""
+ resources:
+ - pods/exec
+ verbs:
+ - create
+{{- end }}
diff --git a/chart/templates/dex/deployment.yaml b/chart/templates/dex/deployment.yaml
index 7fea0b48..fd5e00d9 100755
--- a/chart/templates/dex/deployment.yaml
+++ b/chart/templates/dex/deployment.yaml
@@ -39,10 +39,18 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.global.hostAliases }}
+ hostAliases:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with.Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
+ serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
containers:
- name: {{ .Values.dex.name }}
image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
@@ -138,17 +146,19 @@ spec:
{{- with .Values.dex.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
- {{- with .Values.dex.nodeSelector }}
+ {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.dex) }}
+ affinity:
+ {{- trim . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.dex.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.dex.tolerations }}
+ {{- with .Values.dex.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
- affinity:
- {{- include "argo-cd.affinity" (dict "context" . "component" .Values.dex) | nindent 8 }}
- {{- with .Values.dex.topologySpreadConstraints }}
+ {{- with .Values.dex.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
@@ -159,11 +169,6 @@ spec:
{{- end }}
{{- end }}
{{- end }}
- serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
- {{- with .Values.global.hostAliases }}
- hostAliases:
- {{- toYaml . | nindent 6 }}
- {{- end }}
volumes:
- name: static-files
emptyDir: {}
@@ -183,9 +188,6 @@ spec:
{{- with .Values.dex.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
- {{- with .Values.dex.priorityClassName }}
- priorityClassName: {{ . }}
- {{- end }}
{{- with .Values.dex.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
diff --git a/chart/templates/redis/deployment.yaml b/chart/templates/redis/deployment.yaml
index 5b2ead2b..fd5ce19b 100755
--- a/chart/templates/redis/deployment.yaml
+++ b/chart/templates/redis/deployment.yaml
@@ -36,10 +36,17 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.global.hostAliases }}
+ hostAliases:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.redis.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }}
+ priorityClassName: {{ . }}
+ {{- end }}
serviceAccountName: {{ include "argo-cd.redisServiceAccountName" . }}
containers:
- name: {{ .Values.redis.name }}
@@ -82,6 +89,9 @@ spec:
value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }}
- name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }}
+ {{- with .Values.redis.exporter.env }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
ports:
- name: metrics
containerPort: {{ .Values.redis.containerPorts.metrics }}
@@ -98,17 +108,19 @@ spec:
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
- {{- with .Values.redis.nodeSelector }}
+ {{- with .Values.redis.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.redis.tolerations }}
+ {{- with .Values.redis.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redis) }}
affinity:
- {{- include "argo-cd.affinity" (dict "context" . "component" .Values.redis) | nindent 8 }}
- {{- with .Values.redis.topologySpreadConstraints }}
+ {{- trim . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.redis.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
@@ -119,9 +131,6 @@ spec:
{{- end }}
{{- end }}
{{- end }}
- {{- with .Values.redis.priorityClassName }}
- priorityClassName: {{ . }}
- {{- end }}
{{- with .Values.redis.volumes }}
volumes:
{{- toYaml . | nindent 8}}
diff --git a/chart/values.yaml b/chart/values.yaml
index 48903505..e84857dc 100755
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -175,13 +175,22 @@ global:
# -- Default deny all ingress traffic
defaultDenyIngress: false
+ # -- Default priority class for all components
+ priorityClassName: ""
+
+ # -- Default node selector for all components
+ nodeSelector: {}
+
+ # -- Default tolerations for all components
+ tolerations: {}
+
# Default affinity preset for all components
affinity:
- # -- Default pod anti-affinity rules. Either: `soft` or `hard`
+ # -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard`
podAntiAffinity: soft
# Node affinity rules
nodeAffinity:
- # -- Default node affinity rules. Either: `soft` or `hard`
+ # -- Default node affinity rules. Either: `none`, `soft` or `hard`
type: hard
# -- Default match expressions for node affinity
matchExpressions: []
@@ -191,6 +200,15 @@ global:
# - antarctica-east1
# - antarctica-west1
+ # -- Default [TopologySpreadConstraints] rules for all components
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ## If labelSelector is left out, it will default to the labelSelector of the component
+ topologySpreadConstraints: []
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
+
+
## Argo Configs
configs:
# General Argo CD configuration
@@ -389,11 +407,55 @@ configs:
# ...
# -----END CERTIFICATE-----
+ # ConfigMap for Config Management Plugins
+ # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
+ cmp:
+ # -- Create the argocd-cmp-cm configmap
+ create: false
+
+ # -- Annotations to be added to argocd-cmp-cm configmap
+ annotations: {}
+
+ # -- Plugin yaml files to be added to argocd-cmp-cm
+ plugins: {}
+ # --- First plugin
+ # my-plugin:
+ # init:
+ # command: [sh]
+ # args: [-c, 'echo "Initializing..."']
+ # generate:
+ # command: [sh, -c]
+ # args:
+ # - |
+ # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
+ # discover:
+ # fileName: "./subdir/s*.yaml"
+ # find:
+ # glob: "**/Chart.yaml"
+ # command: [sh, -c, find . -name env.yaml]
+
+ # --- Second plugin
+ # my-plugin2:
+ # init:
+ # command: [sh]
+ # args: [-c, 'echo "Initializing..."']
+ # generate:
+ # command: [sh, -c]
+ # args:
+ # - |
+ # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
+ # discover:
+ # fileName: "./subdir/s*.yaml"
+ # find:
+ # glob: "**/Chart.yaml"
+ # command: [sh, -c, find . -name env.yaml]
+
# -- Provide one or multiple [external cluster credentials]
# @default -- `[]` (See [values.yaml])
## Ref:
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
+ ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
clusterCredentials: []
# - name: mycluster
# server: https://mycluster.com
@@ -415,6 +477,16 @@ configs:
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
+ # - name: mycluster3-project-scoped
+ # server: https://mycluster3.com
+ # labels: {}
+ # annotations: {}
+ # project: my-project1
+ # config:
+ # bearerToken: "<authentication token>"
+ # tlsClientConfig:
+ # insecure: false
+ # caData: "<base64 encoded certificate>"
# DEPRECATED - Moved to configs.ssh.annotations
# knownHostsAnnotations: {}
@@ -575,7 +647,7 @@ controller:
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
- # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+ # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `controller.pdb.minAvailable`
maxUnavailable: ""
@@ -701,7 +773,7 @@ controller:
drop:
- ALL
- # Rediness probe for application controller
+ # Readiness probe for application controller
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
@@ -715,10 +787,16 @@ controller:
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
+ # -- Priority class for the application controller pods
+ # @default -- `""` (defaults to global.priorityClassName)
+ priorityClassName: ""
+
# -- [Node selector]
+ # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
+ # @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules to the deployment
@@ -726,15 +804,13 @@ controller:
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
+ # @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
- # - maxSkew: 1
- # topologyKey: topology.kubernetes.io/zone
- # whenUnsatisfiable: DoNotSchedule
-
- # -- Priority class for the application controller pods
- priorityClassName: ""
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
serviceAccount:
# -- Create a service account for the application controller
@@ -792,6 +868,17 @@ controller:
rules:
# -- Deploy a PrometheusRule for the application controller
enabled: false
+ # -- PrometheusRule namespace
+ namespace: "" # "monitoring"
+ # -- PrometheusRule selector
+ selector: {}
+ # prometheus: kube-prometheus
+
+ # -- PrometheusRule labels
+ additionalLabels: {}
+ # -- PrometheusRule annotations
+ annotations: {}
+
# -- PrometheusRule.Spec for the application controller
spec: []
# - alert: ArgoAppMissing
@@ -818,11 +905,6 @@ controller:
# The application [{{`{{$labels.name}}`}} has not been synchronized for over
# 12 hours which means that the state of this cloud has drifted away from the
# state inside Git.
- # selector:
- # prometheus: kube-prometheus
- # namespace: monitoring
- # additionalLabels: {}
- # annotations: {}
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
@@ -897,7 +979,7 @@ dex:
# -- Dex image repository
repository: registry1.dso.mil/ironbank/opensource/dexidp/dex
# -- Dex image tag
- tag: v2.35.3
+ tag: v2.36.0
# -- Dex imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@@ -1058,24 +1140,30 @@ dex:
# -- Service port for metrics access
servicePortMetrics: 5558
+ # -- Priority class for the dex pods
+ # @default -- `""` (defaults to global.priorityClassName)
+ priorityClassName: ""
+
# -- [Node selector]
+ # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
+
# -- [Tolerations] for use with node taints
+ # @default -- `[]` (defaults to global.tolerations)
tolerations: []
+
# -- Assign custom [affinity] rules to the deployment
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to dex
+ # @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
- # - maxSkew: 1
- # topologyKey: topology.kubernetes.io/zone
- # whenUnsatisfiable: DoNotSchedule
-
- # -- Priority class for dex
- priorityClassName: ""
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
## Redis
redis:
@@ -1118,6 +1206,8 @@ redis:
exporter:
# -- Enable Prometheus redis-exporter sidecar
enabled: false
+ # -- Environment variables to pass to the Redis exporter
+ env: []
## Prometheus redis-exporter image
image:
# -- Repository to use for the redis-exporter
@@ -1232,10 +1322,16 @@ redis:
# -- Redis service port
servicePort: 6379
+ # -- Priority class for redis pods
+ # @default -- `""` (defaults to global.priorityClassName)
+ priorityClassName: ""
+
# -- [Node selector]
+ # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
+ # @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules to the deployment
@@ -1243,15 +1339,13 @@ redis:
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to redis
+ # @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
- # - maxSkew: 1
- # topologyKey: topology.kubernetes.io/zone
- # whenUnsatisfiable: DoNotSchedule
-
- # -- Priority class for redis
- priorityClassName: ""
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
serviceAccount:
# -- Create a service account for the redis pod
@@ -1474,7 +1568,7 @@ server:
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
- # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+ # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `server.pdb.minAvailable`
maxUnavailable: ""
@@ -1512,7 +1606,7 @@ server:
lifecycle: {}
## Argo UI extensions
- ## This function in tech preview stage, do expect unstability or breaking changes in newer versions.
+ ## This function in tech preview stage, do expect instability or breaking changes in newer versions.
## Ref: https://github.com/argoproj-labs/argocd-extensions
extensions:
# -- Enable support for Argo UI extensions
@@ -1622,7 +1716,7 @@ server:
# -- Server container port
server: 8080
# -- Metrics container port
- metrics: 8082
+ metrics: 8083
# -- Host Network for Server pods
hostNetwork: false
@@ -1672,24 +1766,30 @@ server:
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
+ # -- Priority class for the Argo CD server pods
+ # @default -- `""` (defaults to global.priorityClassName)
+ priorityClassName: ""
+
# -- [Node selector]
+ # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
+
# -- [Tolerations] for use with node taints
+ # @default -- `[]` (defaults to global.tolerations)
tolerations: []
+
# -- Assign custom [affinity] rules to the deployment
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
+ # @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
- # - maxSkew: 1
- # topologyKey: topology.kubernetes.io/zone
- # whenUnsatisfiable: DoNotSchedule
-
- # -- Priority class for the Argo CD server
- priorityClassName: ""
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
@@ -1717,7 +1817,7 @@ server:
group: ""
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind: ""
- # -- Certificate isser name. Eg. `letsencrypt`
+ # -- Certificate issuer name. Eg. `letsencrypt`
name: ""
# Private key of the certificate
privateKey:
@@ -2019,7 +2119,7 @@ repoServer:
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
- # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+ # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `repoServer.pdb.minAvailable`
maxUnavailable: ""
@@ -2057,27 +2157,46 @@ repoServer:
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/
## Note: Supports use of custom Helm templates
extraContainers: []
- # - name: cmp
- # # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server
- # command: [/var/run/argocd/argocd-cmp-server]
- # # This can be off-the-shelf or custom-built image
- # image: busybox
- # securityContext:
- # runAsNonRoot: true
- # runAsUser: 999
- # volumeMounts:
- # - mountPath: /var/run/argocd
- # name: var-files
- # - mountPath: /home/argocd/cmp-server/plugins
- # name: plugins
- # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
- # - mountPath: /home/argocd/cmp-server/config/plugin.yaml
- # subPath: plugin.yaml
- # name: cmp-plugin
- # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
- # # mitigate path traversal attacks.
- # - mountPath: /tmp
- # name: cmp-tmp
+ # - name: cmp-my-plugin
+ # command:
+ # - "/var/run/argocd/argocd-cmp-server"
+ # image: busybox
+ # securityContext:
+ # runAsNonRoot: true
+ # runAsUser: 999
+ # volumeMounts:
+ # - mountPath: /var/run/argocd
+ # name: var-files
+ # - mountPath: /home/argocd/cmp-server/plugins
+ # name: plugins
+ # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
+ # - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+ # subPath: my-plugin.yaml
+ # name: argocd-cmp-cm
+ # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
+ # # mitigate path traversal attacks.
+ # - mountPath: /tmp
+ # name: cmp-tmp
+ # - name: cmp-my-plugin2
+ # command:
+ # - "/var/run/argocd/argocd-cmp-server"
+ # image: busybox
+ # securityContext:
+ # runAsNonRoot: true
+ # runAsUser: 999
+ # volumeMounts:
+ # - mountPath: /var/run/argocd
+ # name: var-files
+ # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
+ # - mountPath: /home/argocd/cmp-server/plugins
+ # name: plugins
+ # - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+ # subPath: my-plugin2.yaml
+ # name: argocd-cmp-cm
+ # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
+ # # mitigate path traversal attacks.
+ # - mountPath: /tmp
+ # name: cmp-tmp
# -- Init containers to add to the repo server pods
initContainers: []
@@ -2087,9 +2206,9 @@ repoServer:
# -- Additional volumes to the repo server pod
volumes: []
- # - name: cmp-plugin
+ # - name: argocd-cmp-cm
# configMap:
- # name: cmp-plugin
+ # name: argocd-cmp-cm
# - name: cmp-tmp
# emptyDir: {}
@@ -2167,22 +2286,28 @@ repoServer:
timeoutSeconds: 1
# -- [Node selector]
+ # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
+
# -- [Tolerations] for use with node taints
+ # @default -- `[]` (defaults to global.tolerations)
tolerations: []
+
# -- Assign custom [affinity] rules to the deployment
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the repo server
+ # @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
- # - maxSkew: 1
- # topologyKey: topology.kubernetes.io/zone
- # whenUnsatisfiable: DoNotSchedule
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
- # -- Priority class for the repo server
+ # -- Priority class for the repo server pods
+ # @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# TLS certificate configuration via Secret
@@ -2307,7 +2432,7 @@ applicationSet:
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
- # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+ # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `applicationSet.pdb.minAvailable`
maxUnavailable: ""
@@ -2503,16 +2628,28 @@ applicationSet:
failureThreshold: 3
# -- [Node selector]
+ # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
+ # @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
- # -- If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default.
+ # -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller
+ # @default -- `[]` (defaults to global.topologySpreadConstraints)
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
+ topologySpreadConstraints: []
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
+
+ # -- Priority class for the ApplicationSet controller pods
+ # @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
## Webhook for the Git Generator
@@ -2583,7 +2720,7 @@ notifications:
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
- # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+ # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `notifications.pdb.minAvailable`
maxUnavailable: ""
@@ -2749,16 +2886,28 @@ notifications:
- ALL
# -- [Node selector]
+ # @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
+ # @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
+ # -- Assign custom [TopologySpreadConstraints] rules to the application controller
+ # @default -- `[]` (defaults to global.topologySpreadConstraints)
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
+ topologySpreadConstraints: []
+ # - maxSkew: 1
+ # topologyKey: topology.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
+
# -- Priority class for the notifications controller pods
+ # @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
serviceAccount:
--
GitLab