iskm/maabara
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

argo-cd upgrade v2.13.2 --> v3.0.5

Browse Source
This commit is contained in:
Ibrahim Mkusa 2025-06-01 14:34:19 -04:00
parent f37e839267
commit cf9eada196
32 changed files with 3106 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
manifests/argo-cd/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.29.4
digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7
generated: "2024-11-13T09:07:36.494128+09:00"
version: 4.33.7
digest: sha256:a3eba6bba484e9fbfaca33e7f1ea3e6daed74014df7e7b077c496c2201b01996
generated: "2025-05-25T11:18:29.356017-05:00"

8
manifests/argo-cd/Chart.yaml
View File

@ -1,17 +1,17 @@
annotations:
artifacthub.io/changes: |
- kind: added
description: Added functionality to en/disable argocd-ssh-known-hosts-cm
description: Added hydrator.enabled parameter to support the hydrator feature
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
apiVersion: v2
appVersion: v2.13.2
appVersion: v3.0.5
dependencies:
- condition: redis-ha.enabled
name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.29.4
version: 4.33.7
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool
for Kubernetes.
home: https://github.com/argoproj/argo-helm
@ -28,4 +28,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
version: 7.7.11
version: 8.0.14

156
manifests/argo-cd/README.md
View File

@ -191,7 +191,7 @@ server:
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
aws:
serviceType: ClusterIP # <- Used with target-type: ip
@ -278,6 +278,42 @@ For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 8.0.0
In this release we upgrade the Helm chart to deploy the next major version of Argo CD (v3.0.0).
Please carefully read at least those resources:
- [v2.14 to 3.0 upgrade instructions]
- [Argo CD v3.0 Release Blog Post]
### 7.9.0
Chart versions from >= 7.7.2 and < 7.9.0 are using a Redis version which is no longer using an open source version of Redis.
Thus we downgraded Redis to latest available 7.2 (from 7.4) to be in-line with upstream manifests and fully honor
[CNCF Allowlist License Policy].
**Users using redis-ha may encounter issues** which can be resolved by either deleting all redis-ha pods after the
deployment/upgrade:
```bash
kubectl delete pods -l app=redis-ha
```
Or alternatively by temporary switching to a single redis installation, then back to HA.
1. Evaluate current chart version in use
```bash
$ helm ls
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
argocd argocd 3 2025-04-29 00:07:43.099922 +0200 CEST deployed argo-cd-7.8.28 v2.14.11
```
2. Switch to single redis
```bash
helm upgrade argocd argo/argo-cd --version <your current chart version> --reuse-values --set redis-ha.enabled=false
```
3. Upgrade to chart version 7.9 or newer and re-enable redis HA again
```bash
helm upgrade argocd argo/argo-cd --version 7.9.0 --reuse-values --set redis-ha.enabled=true
```
### 7.0.0
We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
@ -312,7 +348,7 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr
Upstream steps in the [FAQ] are not enough, since we chose a different approach.
(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
Steps to rotate the secret when using the helm chart (bold step is additional to upstream):
* Delete `argocd-redis` secret in the namespace where Argo CD is installed.
```bash
kubectl delete secret argocd-redis -n <argocd namespace>
@ -685,6 +721,8 @@ NAME: my-release
## Global Configs
NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm ConfigMap.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. |
@ -708,7 +746,7 @@ NAME: my-release
| global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` |
| global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components |
| global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic |
| global.nodeSelector | object | `{}` | Default node selector for all components |
| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components |
| global.podAnnotations | object | `{}` | Annotations for the all deployed pods |
| global.podLabels | object | `{}` | Labels for the all deployed pods |
| global.priorityClassName | string | `""` | Default priority class for all components |
@ -726,7 +764,17 @@ NAME: my-release
| configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
| configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning |
| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) |
| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
| configs.cm."resource.customizations.ignoreResourceUpdates.ConfigMap" | string | See [values.yaml] | Ignore the cluster-autoscaler status |
| configs.cm."resource.customizations.ignoreResourceUpdates.Endpoints" | string | See [values.yaml] | Ignores update if Endpoints is not excluded globally |
| configs.cm."resource.customizations.ignoreResourceUpdates.all" | string | See [values.yaml] | Ignoring status for all resources. An update will still be sent if the status update causes the health to change. |
| configs.cm."resource.customizations.ignoreResourceUpdates.apps_ReplicaSet" | string | See [values.yaml] | Ignore the common scaling annotations |
| configs.cm."resource.customizations.ignoreResourceUpdates.argoproj.io_Application" | string | See [values.yaml] | Some Application fields are generated and not related to the application updates itself |
| configs.cm."resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout" | string | See [values.yaml] | Ignore Argo Rollouts generated fields |
| configs.cm."resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler" | string | See [values.yaml] | Legacy annotations used on HPA autoscaling/v1 |
| configs.cm."resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice" | string | See [values.yaml] | Ignores update if EndpointSlice is not excluded globally |
| configs.cm."resource.exclusions" | string | See [values.yaml] | Resource Exclusion/Inclusion |
| configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement |
| configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge |
| configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache |
@ -749,6 +797,8 @@ NAME: my-release
| configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. |
| configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts |
| configs.params."controller.status.processors" | int | `20` | Number of application status processors |
| configs.params."controller.sync.timeout.seconds" | int | `0` | Specifies the timeout after which a sync would be terminated. 0 means no timeout |
| configs.params."hydrator.enabled" | bool | `false` | Enable the hydrator feature (hydrator is in Alpha phase) |
| configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") |
| configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. |
| configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / |
@ -789,6 +839,7 @@ NAME: my-release
| configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. |
| configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap |
| configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories |
| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. |
## Argo CD Controller
@ -1168,7 +1219,7 @@ NAME: my-release
| dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod |
| dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy |
| dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository |
| dex.image.tag | string | `"v2.41.1"` | Dex image tag |
| dex.image.tag | string | `"v2.43.1"` | Dex image tag |
| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| dex.initContainers | list | `[]` | Init containers to add to the dex pod |
| dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy |
@ -1184,8 +1235,6 @@ NAME: my-release
| dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| dex.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| dex.logFormat | string | `""` (defaults to global.logging.format) | Dex log format. Either `text` or `json` |
| dex.logLevel | string | `""` (defaults to global.logging.level) | Dex log level. One of: `debug`, `info`, `warn`, `error` |
| dex.metrics.enabled | bool | `false` | Deploy metrics service |
| dex.metrics.service.annotations | object | `{}` | Metrics service annotations |
| dex.metrics.service.labels | object | `{}` | Metrics service labels |
@ -1258,8 +1307,8 @@ NAME: my-release
| redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter |
| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
| redis.exporter.image.repository | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter |
| redis.exporter.image.tag | string | `"v1.73.0"` | Tag to use for the redis-exporter |
| redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter |
| redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated |
@ -1276,8 +1325,8 @@ NAME: my-release
| redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server |
| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis.image.tag | string | `"7.4.1-alpine"` | Redis tag |
| redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository |
| redis.image.tag | string | `"7.2.8-alpine"` | Redis tag |
| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redis.initContainers | list | `[]` | Init containers to add to the redis pod |
| redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server |
@ -1351,19 +1400,20 @@ The main options are listed here:
| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
| redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. |
| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
| redis-ha.exporter.image | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter |
| redis-ha.exporter.tag | string | `"v1.69.0"` | Tag to use for the redis-exporter |
| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. |
| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. |
| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context |
| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. |
| redis-ha.haproxy.image.repository | string | `"ecr-public.aws.com/docker/library/haproxy"` | HAProxy Image Repository |
| redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. |
| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
| redis-ha.image.tag | string | `"7.4.1-alpine"` | Redis tag |
| redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository |
| redis-ha.image.tag | string | `"7.2.8-alpine"` | Redis tag |
| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled |
@ -1565,8 +1615,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
| notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` |
| notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` |
| notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server |
| notifications.metrics.port | int | `9001` | Metrics port |
| notifications.metrics.service.annotations | object | `{}` | Metrics service annotations |
@ -1619,30 +1667,89 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller |
| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
## Commit server (Manifest Hydrator)
The Argo CD Commit Server provides push access to git repositories for hydrated manifests.
To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator].
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
| commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. |
| commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context |
| commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment |
| commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment |
| commitServer.dnsConfig | object | `{}` | [DNS configuration] |
| commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods |
| commitServer.enabled | bool | `false` | Enable commit server |
| commitServer.extraArgs | list | `[]` | commit server command line flags |
| commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server |
| commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server |
| commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) |
| commitServer.extraVolumes | list | `[]` | List of extra volumes to add |
| commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server |
| commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server |
| commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server |
| commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server |
| commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated |
| commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] |
| commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out |
| commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server |
| commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations |
| commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
| commitServer.metrics.service.labels | object | `{}` | Metrics service labels |
| commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name |
| commitServer.metrics.service.servicePort | int | `8087` | Metrics service port |
| commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
| commitServer.name | string | `"commit-server"` | Commit server name |
| commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
| commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods |
| commitServer.podLabels | object | `{}` | Labels for the commit server pods |
| commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods |
| commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server |
| commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
| commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated |
| commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
| commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
| commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. |
| commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server |
| commitServer.service.annotations | object | `{}` | commit server service annotations |
| commitServer.service.labels | object | `{}` | commit server service labels |
| commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| commitServer.serviceAccount.create | bool | `true` | Create commit server service account |
| commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name |
| commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
| commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
[values.yaml]: values.yaml
[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
[tini]: https://github.com/argoproj/argo-cd/pull/12707
@ -1651,3 +1758,8 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer
[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/
[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md
[CNCF Allowlist License Policy]: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md#cncf-allowlist-license-policy
[v2.14 to 3.0 upgrade instructions]: https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/2.14-3.0/
[Argo CD v3.0 Release Blog Post]: https://blog.argoproj.io/argo-cd-v3-0-release-candidate-a0b933f4e58f

6
manifests/argo-cd/charts/redis-ha/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 7.2.4
appVersion: 7.2.7
description: This Helm chart provides a highly available Redis implementation with
a master/slave configuration and uses Sentinel sidecars for failover management
home: http://redis.io/
@ -9,8 +9,6 @@ keywords:
- keyvalue
- database
maintainers:
- email: salimsalaues@gmail.com
name: ssalaues
- email: aaron.layfield@gmail.com
name: dandydeveloper
name: redis-ha
@ -18,4 +16,4 @@ sources:
- https://redis.io/download
- https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha
- https://github.com/oliver006/redis_exporter
version: 4.29.4
version: 4.33.7

10
manifests/argo-cd/charts/redis-ha/README.md
View File

@ -67,9 +67,9 @@ The following table lists the configurable parameters of the Redis chart and the
| `auth` | Configures redis with AUTH (requirepass & masterauth conf params) | bool | `false` |
| `authKey` | Defines the key holding the redis password in existing secret. | string | `"auth"` |
| `configmap.labels` | Custom labels for the redis configmap | object | `{}` |
| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.5.0"}` |
| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.10.0"}` |
| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | string | `"koalaman/shellcheck"` |
| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.5.0"` |
| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.10.0"` |
| `configmapTest.resources` | Resources for the ConfigMap test pod | object | `{}` |
| `containerSecurityContext` | Security context to be added to the Redis containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` |
| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | object | `{}` |
@ -78,7 +78,7 @@ The following table lists the configurable parameters of the Redis chart and the
| `extraInitContainers` | Extra init containers to include in StatefulSet | list | `[]` |
| `extraLabels` | Labels added here are applied to all created resources | object | `{}` |
| `extraVolumes` | Extra volumes to include in StatefulSet | list | `[]` |
| `fullNameOverride` | Full name of the Redis HA Resources | string | `""` |
| `fullnameOverride` | Full name of the Redis HA Resources | string | `""` |
| `global.compatibility` | Openshift compatibility options | object | `{"openshift":{"adaptSecurityContext":"auto"}}` |
| `global.priorityClassName` | Default priority class for all components | string | `""` |
| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. # This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature | bool | `true` |
@ -86,7 +86,7 @@ The following table lists the configurable parameters of the Redis chart and the
| `hostPath.path` | Use this path on the host for data storage. path is evaluated as template so placeholders are replaced | string | `""` |
| `image.pullPolicy` | Redis image pull policy | string | `"IfNotPresent"` |
| `image.repository` | Redis image repository | string | `"public.ecr.aws/docker/library/redis"` |
| `image.tag` | Redis image tag | string | `"7.2.4-alpine"` |
| `image.tag` | Redis image tag | string | `"7.2.7-alpine"` |
| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | list | `[]` |
| `init.resources` | Extra init resources | object | `{}` |
| `labels` | Custom labels for the redis pod | object | `{}` |
@ -165,7 +165,7 @@ The following table lists the configurable parameters of the Redis chart and the
| `schedulerName` | Use an alternate scheduler, e.g. "stork". ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | string | `""` |
| `securityContext` | Security context to be added to the Redis StatefulSet. | object | `{"fsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` |
| `serviceAccount.annotations` | Annotations to be added to the service account for the redis statefulset | object | `{}` |
| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `false` |
| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `true` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the redis-ha.fullname template | string | `""` |
| `serviceLabels` | Custom labels for redis service | object | `{}` |

4
manifests/argo-cd/charts/redis-ha/templates/_configs.tpl
View File

@ -333,7 +333,7 @@
identify_announce_ip
if [ -z "${ANNOUNCE_IP}" ]; then
"Error: Could not resolve the announce ip for this pod."
"Error: Could not resolve the announce ip for this pod"
exit 1
elif [ "${MASTER}" ]; then
find_master
@ -534,7 +534,7 @@
{{- if .Values.haproxy.tls.enabled }}
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.haproxy.containerPort }} ssl crt {{ .Values.haproxy.tls.certMountPath }}{{ .Values.haproxy.tls.keyName }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
{{ else }}
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.redis.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ if ne (int $root.Values.redis.port) 0 }}{{ $root.Values.redis.port }}{{ else }}{{ $root.Values.redis.tlsPort }}{{ end }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
{{- end }}
use_backend bk_redis_master
{{- if .Values.haproxy.readOnly.enabled }}

3
manifests/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml
View File

@ -12,9 +12,6 @@ metadata:
spec:
selector:
matchLabels:
# The replica label is set on StatefulSet pods but not the Test pods
# We want to avoid including the Test pods in the budget
{{ template "redis-ha.fullname" . }}: replica
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
{{ toYaml .Values.podDisruptionBudget | indent 2 }}

29
manifests/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml
View File

@ -1,5 +1,6 @@
{{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}}
{{- $regexRestoreSSH := "^.+@.+:.+" -}}
{{- $regexRestoreRedis := "^redis://(?:[A-Za-z0-9_]+(?::[^@]+)?@)?[A-Za-z0-9.-]+(?::\\d{1,5})?(?:/\\d+)?$" -}}
apiVersion: apps/v1
kind: StatefulSet
@ -246,6 +247,34 @@ spec:
- name: data
mountPath: /data
{{- end }}
{{ if regexFind $regexRestoreRedis (toString .Values.restore.redis.source) }}
- name: restore-redis
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{ toYaml .Values.init.resources | indent 10 }}
command:
- sh
args:
- "-c"
- "echo $HOSTNAME | grep -q 'ha-server-0' \
&& nc -w 5 -vz {{ regexReplaceAll "^redis:\\/\\/(.*)" .Values.restore.redis.source "${1}" }} \
&& test ! -s /data/dump.rdb \
&& timeout {{ .Values.restore.timeout }} \
redis-cli -u {{ .Values.restore.redis.source }} --rdb /data/dump.rdb_ \
&& test -s /data/dump.rdb_ \
&& if test -s /data/dump.rdb; \
then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \
&& mv -v /data/dump.rdb_ /data/dump.rdb || true"
{{- if .Values.restore.existingSecret }}
envFrom:
- secretRef:
name: {{ .Values.existingSecret }}
{{- end }}
volumeMounts:
- name: data
mountPath: /data
{{- end }}
{{- if .Values.extraInitContainers }}
{{- toYaml .Values.extraInitContainers | nindent 6 }}
{{- end }}

24
manifests/argo-cd/charts/redis-ha/values.yaml
View File

@ -14,12 +14,12 @@ image:
# -- Redis image repository
repository: public.ecr.aws/docker/library/redis
# -- Redis image tag
tag: 7.2.4-alpine
tag: 7.2.7-alpine
# -- Redis image pull policy
pullPolicy: IfNotPresent
# -- Full name of the Redis HA Resources
fullNameOverride: ""
fullnameOverride: ""
# -- Name override for Redis HA resources
nameOverride: ""
@ -70,7 +70,7 @@ configmapTest:
# -- Repository of the configmap shellcheck test image.
repository: koalaman/shellcheck
# -- Tag of the configmap shellcheck test image.
tag: v0.5.0
tag: v0.10.0
# -- Resources for the ConfigMap test pod
resources: {}
@ -127,7 +127,7 @@ haproxy:
# -- HAProxy Image Repository
repository: public.ecr.aws/docker/library/haproxy
# -- HAProxy Image Tag
tag: 2.9.4-alpine
tag: 3.0.8-alpine
# -- HAProxy Image PullPolicy
pullPolicy: IfNotPresent
@ -185,7 +185,7 @@ haproxy:
serviceAccount:
# -- Specifies whether a ServiceAccount should be created
create: true
automountToken: false
automountToken: true
## Official HAProxy embedded prometheus metrics settings.
## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter
@ -418,15 +418,15 @@ redis:
# -- Enable Startup Probe
enabled: true
# -- Initial delay in seconds for startup probe
initialDelaySeconds: 5
initialDelaySeconds: 30
# -- Period in seconds after which startup probe will be repeated
periodSeconds: 10
periodSeconds: 15
# -- Timeout seconds for startup probe
timeoutSeconds: 15
# -- Success threshold for startup probe
successThreshold: 1
# -- Failure threshold for startup probe
failureThreshold: 3
failureThreshold: 5
# -- Array with commands to disable
disableCommands:
@ -700,9 +700,9 @@ exporter:
# -- If `true`, the prometheus exporter sidecar is enabled
enabled: false
# -- Exporter image
image: oliver006/redis_exporter
image: quay.io/oliver006/redis_exporter
# -- Exporter image tag
tag: v1.57.0
tag: v1.67.0
# -- Exporter image pullPolicy
pullPolicy: IfNotPresent
@ -889,6 +889,8 @@ tls:
# EXAMPLE source for s3 restore: 's3://bucket/dump.rdb'
# REQUIRED for ssh restore: 'key' should be in one line including CR i.e. '-----BEGIN RSA PRIVATE KEY-----\n...\n...\n...\n-----END RSA PRIVATE KEY-----'
# EXAMPLE source for ssh restore: 'user@server:/path/dump.rdb'
# REQUIRED for redis restore: 'source' should be in form of redis connection uri: 'redis://[username:password@]host:port[/db]'
# EXAMPLE source for redis restore: 'redis://username:password@localhost:6379'
restore:
# -- Timeout for the restore
timeout: 600
@ -914,6 +916,8 @@ restore:
# Key should be in one line separated with \n.
# i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----`
key: ""
redis:
source: ""
## Custom PrometheusRule to be defined
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart

12
manifests/argo-cd/templates/NOTES.txt
View File

@ -1,3 +1,15 @@
{{- if .Values.notifications.logLevel }}
DEPRECATED option notifications.logLevel - Use `configs.params."notificationscontroller.log.level"`
{{- end }}
{{- if .Values.notifications.logFormat }}
DEPRECATED option notifications.logFormat - Use `configs.params."notificationscontroller.log.format"`
{{- end }}
{{- if .Values.dex.logLevel }}
DEPRECATED option dex.logLevel - Use `configs.params."dexserver.log.level"`
{{- end }}
{{- if .Values.dex.logFormat }}
DEPRECATED option dex.logFormat - Use `configs.params."dexserver.log.format"`
{{- end }}
In order to access the server UI you have the following options:
1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443

61
manifests/argo-cd/templates/_helpers.tpl
View File

@ -177,6 +177,24 @@ Create the name of the notifications service account to use
{{- end -}}
{{- end -}}
{{/*
Create argocd commit-server name and version as used by the chart label.
*/}}
{{- define "argo-cd.commitServer.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the commit-server service account to use
*/}}
{{- define "argo-cd.commitServer.serviceAccountName" -}}
{{- if .Values.commitServer.serviceAccount.create -}}
{{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.commitServer.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Argo Configuration Preset Values (Influenced by Values configuration)
*/}}
@ -220,7 +238,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ
{{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}}
{{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}}
{{- end -}}
{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}}
{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" "notificationscontroller" "dexserver" -}}
{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}}
{{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}}
{{- end -}}
@ -257,3 +275,44 @@ ipFamilyPolicy: {{ . }}
ipFamilies: {{ toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{/*
secretKeyRef of env variable REDIS_USERNAME
*/}}
{{- define "argo-cd.redisUsernameSecretRef" -}}
{{- if .Values.externalRedis.host -}}
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-username
optional: {{ if .Values.externalRedis.username }}false{{ else }}true{{ end }}
{{- else -}}
name: "argocd-redis"
key: redis-username
optional: true
{{- end -}}
{{- end -}}
{{/*
secretKeyRef of env variable REDIS_PASSWORD
*/}}
{{- define "argo-cd.redisPasswordSecretRef" -}}
{{- if .Values.externalRedis.host -}}
{{- /* External Redis use case */ -}}
{{- /* Secret is required when specifying existingSecret or a password, otherwise it is optional */ -}}
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-password
optional: {{ if or .Values.externalRedis.existingSecret .Values.externalRedis.password }}false{{ else }}true{{ end }}
{{- else if and .Values.redisSecretInit.enabled -}}
{{- /* Default case where Secret is generated by the Job with Helm pre-install hooks */ -}}
name: "argocd-redis" # hard-coded in Job command and embedded Redis deployments (standalone and redis-ha)
key: auth
optional: false # Secret is not optional in this case !
{{- else -}}
{{- /* All other use cases (e.g. disabled pre-install Job) */ -}}
name: "argocd-redis"
key: auth
optional: true
{{- end -}}
{{- end -}}

48
manifests/argo-cd/templates/argocd-application-controller/deployment.yaml
View File

@ -145,6 +145,12 @@ spec:
name: argocd-cmd-params-cm
key: controller.log.level
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: log.format.timestamp
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
@ -175,6 +181,18 @@ spec:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.cap.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.cooldown.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.sync.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
@ -220,19 +238,11 @@ spec:
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
{{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password
{{- else }}
key: auth
{{- end }}
optional: true
{{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
@ -311,6 +321,24 @@ spec:
name: argocd-cmd-params-cm
key: controller.ignore.normalizer.jq.timeout
optional: true
- name: ARGOCD_HYDRATOR_ENABLED
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: hydrator.enabled
optional: true
- name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.cluster.cache.batch.events.processing
optional: true
- name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.cluster.cache.events.processing.interval
optional: true
{{- with .Values.controller.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}

1
manifests/argo-cd/templates/argocd-application-controller/role.yaml
View File

@ -19,6 +19,7 @@ rules:
- argoproj.io
resources:
- applications
- applicationsets
- appprojects
verbs:
- create

60
manifests/argo-cd/templates/argocd-application-controller/statefulset.yaml
View File

@ -144,6 +144,12 @@ spec:
name: argocd-cmd-params-cm
key: controller.log.level
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: log.format.timestamp
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
@ -174,6 +180,18 @@ spec:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.cap.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.backoff.cooldown.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.sync.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
@ -219,19 +237,11 @@ spec:
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
{{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password
{{- else }}
key: auth
{{- end }}
optional: true
{{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
@ -268,6 +278,12 @@ spec:
name: argocd-cmd-params-cm
key: otlp.headers
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.attrs
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
@ -310,6 +326,26 @@ spec:
name: argocd-cmd-params-cm
key: controller.ignore.normalizer.jq.timeout
optional: true
- name: ARGOCD_HYDRATOR_ENABLED
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: hydrator.enabled
optional: true
- name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.cluster.cache.batch.events.processing
optional: true
- name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.cluster.cache.events.processing.interval
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
{{- with .Values.controller.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
@ -344,6 +380,8 @@ spec:
name: argocd-home
- name: argocd-cmd-params-cm
mountPath: /home/argocd/params
- name: argocd-application-controller-tmp
mountPath: /tmp
{{- with .Values.controller.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
@ -385,6 +423,8 @@ spec:
{{- else }}
emptyDir: {}
{{- end }}
- emptyDir: {}
name: argocd-application-controller-tmp
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls

18
manifests/argo-cd/templates/argocd-applicationset/deployment.yaml
View File

@ -133,6 +133,12 @@ spec:
key: applicationsetcontroller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: log.format.timestamp
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
valueFrom:
configMapKeyRef:
@ -151,6 +157,12 @@ spec:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.tokenref.strict.mode
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
valueFrom:
configMapKeyRef:
@ -211,6 +223,12 @@ spec:
name: argocd-cmd-params-cm
key: applicationsetcontroller.webhook.parallelism.limit
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
{{- with .Values.applicationSet.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}

238
manifests/argo-cd/templates/argocd-commit-server/deployment.yaml Normal file
View File

@ -0,0 +1,238 @@
{{- if .Values.commitServer.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.commitServer.fullname" . }}
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
spec:
{{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }}
strategy:
{{- trim . | nindent 4 }}
{{- end }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
template:
metadata:
annotations:
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }}
runtimeClassName: {{ . }}
{{- end }}
{{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.commitServer.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }}
containers:
- name: {{ .Values.commitServer.name }}
image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }}
args:
- /usr/local/bin/argocd-commit-server
{{- with .Values.commitServer.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- with (concat .Values.global.env .Values.commitServer.extraEnv) }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: commitserver.listen.address
optional: true
- name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: commitserver.metrics.listen.address
optional: true
- name: ARGOCD_COMMIT_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: commitserver.log.format
optional: true
- name: ARGOCD_COMMIT_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: commitserver.log.level
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: log.format.timestamp
optional: true
{{- with .Values.commitServer.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- containerPort: 8086
name: server
protocol: TCP
- containerPort: 8087
name: metrics
protocol: TCP
{{- if .Values.commitServer.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz?full=true
port: 8087
initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }}
timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.commitServer.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz
port: 8087
initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }}
timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }}
{{- end }}
resources:
{{- toYaml .Values.commitServer.resources | nindent 10 }}
{{- with .Values.commitServer.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.commitServer.lifecycle }}
lifecycle:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
{{- with .Values.commitServer.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: ssh-known-hosts
mountPath: /app/config/ssh
- name: tls-certs
mountPath: /app/config/tls
- name: gpg-keys
mountPath: /app/config/gpg/source
- name: gpg-keyring
mountPath: /app/config/gpg/keys
# We need a writeable temp directory for the askpass socket file.
- name: tmp
mountPath: /tmp
initContainers:
- command:
- /bin/cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
name: copyutil
resources:
{{- toYaml .Values.commitServer.resources | nindent 10 }}
{{- with .Values.commitServer.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
volumes:
{{- with .Values.commitServer.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
- name: gpg-keys
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
emptyDir: {}
- name: tmp
emptyDir: {}
- name: argocd-commit-server-tls
secret:
secretName: argocd-commit-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
- emptyDir: {}
name: var-files
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.commitServer.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.commitServer.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.commitServer.hostNetwork }}
hostNetwork: {{ .Values.commitServer.hostNetwork }}
{{- end }}
{{- with .Values.commitServer.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.commitServer.dnsPolicy }}
{{- end }}

35
manifests/argo-cd/templates/argocd-commit-server/metrics.yaml Normal file
View File

@ -0,0 +1,35 @@
{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "argo-cd.commitServer.fullname" . }}-metrics
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }}
{{- with .Values.commitServer.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
annotations:
{{- if .Values.global.addPrometheusAnnotations }}
prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }}
prometheus.io/scrape: "true"
{{- end }}
{{- range $key, $value := .Values.commitServer.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.commitServer.metrics.service.type }}
{{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }}
clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }}
{{- end }}
{{- include "argo-cd.dualStack" . | indent 2 }}
ports:
- name: {{ .Values.commitServer.metrics.service.portName }}
protocol: TCP
port: {{ .Values.commitServer.metrics.service.servicePort }}
targetPort: 8087
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
{{- end }}

25
manifests/argo-cd/templates/argocd-commit-server/networkpolicy.yaml Normal file
View File

@ -0,0 +1,25 @@
{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "argo-cd.commitServer.fullname" . }}
namespace: {{ include "argo-cd.namespace" . }}
spec:
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }}
ports:
- protocol: TCP
port: 8086
- from:
- namespaceSelector: { }
ports:
- port: 8087
{{- end }}

26
manifests/argo-cd/templates/argocd-commit-server/service.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if .Values.commitServer.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-cd.commitServer.fullname" . }}
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
{{- with .Values.commitServer.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.commitServer.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
ports:
- name: server
protocol: TCP
port: 8086
targetPort: 8086
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
{{- end }}

19
manifests/argo-cd/templates/argocd-commit-server/serviceaccount.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "argo-cd.commitServer.serviceAccountName" . }}
namespace: {{ include "argo-cd.namespace" . }}
{{- with .Values.commitServer.serviceAccount.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
{{- with .Values.commitServer.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
manifests/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.configs.tls.create }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -15,3 +16,4 @@ metadata:
data:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

2
manifests/argo-cd/templates/argocd-configs/cluster-secrets.yaml
View File

@ -22,7 +22,7 @@ stringData:
{{- if $cluster_value.shard }}
shard: {{ $cluster_value.shard | quote }}
{{- end }}
name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }}
name: {{ $cluster_key }}
server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
{{- if $cluster_value.namespaces }}
namespaces: {{ $cluster_value.namespaces }}

14
manifests/argo-cd/templates/argocd-notifications/deployment.yaml
View File

@ -66,11 +66,15 @@ spec:
args:
- /usr/local/bin/argocd-notifications
- --metrics-port={{ .Values.notifications.containerPorts.metrics }}
- --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
- --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
- --namespace={{ include "argo-cd.namespace" . }}
- --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --secret-name={{ .Values.notifications.secret.name }}
{{- with .Values.notifications.logLevel }}
- --loglevel={{ . }}
{{- end }}
{{- with .Values.notifications.logFormat }}
- --logformat={{ . }}
{{- end }}
{{- range .Values.notifications.extraArgs }}
- {{ . | squote }}
{{- end }}
@ -90,6 +94,12 @@ spec:
key: notificationscontroller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: log.format.timestamp
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:

30
manifests/argo-cd/templates/argocd-repo-server/deployment.yaml
View File

@ -109,6 +109,12 @@ spec:
name: argocd-cmd-params-cm
key: reposerver.log.level
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: log.format.timestamp
optional: true
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
@ -178,19 +184,11 @@ spec:
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
{{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password
{{- else }}
key: auth
{{- end }}
optional: true
{{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
@ -227,6 +225,12 @@ spec:
name: argocd-cmd-params-cm
key: otlp.headers
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ATTRS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.attrs
optional: true
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
valueFrom:
configMapKeyRef:
@ -239,6 +243,12 @@ spec:
name: argocd-cmd-params-cm
key: reposerver.plugin.tar.exclusions
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS
valueFrom:
configMapKeyRef:
key: reposerver.plugin.use.manifest.generate.paths
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:

30
manifests/argo-cd/templates/argocd-server/deployment.yaml
View File

@ -246,19 +246,11 @@ spec:
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
{{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
{{- if .Values.externalRedis.host }}
key: redis-password
{{- else }}
key: auth
{{- end }}
optional: true
{{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
@ -313,6 +305,12 @@ spec:
name: argocd-cmd-params-cm
key: otlp.headers
optional: true
- name: ARGOCD_SERVER_OTLP_ATTRS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.attrs
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
@ -373,6 +371,18 @@ spec:
name: argocd-cmd-params-cm
key: applicationsetcontroller.enable.scm.providers
optional: true
- name: ARGOCD_HYDRATOR_ENABLED
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: hydrator.enabled
optional: true
- name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.sync.replace.allowed
optional: true
{{- with .Values.server.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}

14
manifests/argo-cd/templates/argocd-server/ingress.yaml
View File

@ -9,20 +9,20 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
{{- with .Values.server.ingress.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{ $key }}: {{ tpl (toString $value) $ | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
ingressClassName: {{ tpl . $ }}
{{- end }}
rules:
- host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
- host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }}
http:
paths:
{{- with .Values.server.ingress.extraPaths }}
@ -36,7 +36,7 @@ spec:
port:
number: {{ $servicePort }}
{{- range .Values.server.ingress.extraHosts }}
- host: {{ .name | quote }}
- host: {{ tpl .name $ | quote }}
http:
paths:
- path: {{ default $.Values.server.ingress.path .path }}
@ -54,10 +54,10 @@ spec:
tls:
{{- if .Values.server.ingress.tls }}
- hosts:
- {{ .Values.server.ingress.hostname | default .Values.global.domain }}
- {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }}
{{- range .Values.server.ingress.extraHosts }}
{{- if .name }}
- {{ .name }}
- {{ tpl .name $ }}
{{- end }}
{{- end }}
secretName: argocd-server-tls

540
manifests/argo-cd/templates/crds/crd-application.yaml
View File

@ -319,6 +319,14 @@ spec:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema validation
(Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
@ -382,6 +390,11 @@ spec:
description: ForceCommonLabels specifies whether to force
applying common labels to resources for Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize
from failing when components do not exist locally by
not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
@ -395,6 +408,10 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether to
apply common labels to resource templates or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether to
apply common labels to resource selectors or not
@ -466,6 +483,10 @@ spec:
to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is displayed
in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
@ -685,6 +706,14 @@ spec:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema
validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
@ -750,6 +779,11 @@ spec:
force applying common labels to resources for Kustomize
apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize
from failing when components do not exist locally
by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
@ -763,6 +797,10 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether
to apply common labels to resource templates or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or not
@ -834,6 +872,10 @@ spec:
to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is displayed
in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
@ -1166,6 +1208,14 @@ spec:
description: SkipCrds skips custom resource definition installation
step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema validation
(Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation step
(Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files to
use when generating a template
@ -1228,6 +1278,11 @@ spec:
description: ForceCommonLabels specifies whether to force
applying common labels to resources for Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize from
failing when components do not exist locally by not appending
them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
@ -1241,6 +1296,10 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether to apply
common labels to resource templates or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether to apply
common labels to resource selectors or not
@ -1312,6 +1371,10 @@ spec:
use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is displayed
in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
@ -1378,6 +1441,64 @@ spec:
required:
- repoURL
type: object
sourceHydrator:
description: SourceHydrator provides a way to push hydrated manifests
back to git before syncing them to the cluster.
properties:
drySource:
description: DrySource specifies where the dry "don't repeat yourself"
manifest source lives.
properties:
path:
description: Path is a directory path within the Git repository
where the manifests are located
type: string
repoURL:
description: RepoURL is the URL to the git repository that
contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of the source
to hydrate
type: string
required:
- path
- repoURL
- targetRevision
type: object
hydrateTo:
description: |-
HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
have to move manifests to the SyncSource, e.g. by pull request.
properties:
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- targetBranch
type: object
syncSource:
description: SyncSource specifies where to sync hydrated manifests
from.
properties:
path:
description: |-
Path is a directory path within the git repository where hydrated manifests should be committed to and synced
from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
type: string
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- path
- targetBranch
type: object
required:
- drySource
- syncSource
type: object
sources:
description: Sources is a reference to the location of the application's
manifests or chart
@ -1523,6 +1644,14 @@ spec:
description: SkipCrds skips custom resource definition installation
step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema validation
(Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files to
use when generating a template
@ -1586,6 +1715,11 @@ spec:
description: ForceCommonLabels specifies whether to force
applying common labels to resources for Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize
from failing when components do not exist locally by not
appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
@ -1599,6 +1733,10 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether to
apply common labels to resource templates or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether to apply
common labels to resource selectors or not
@ -1670,6 +1808,10 @@ spec:
to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is displayed
in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
@ -1751,6 +1893,10 @@ spec:
description: 'AllowEmpty allows apps have zero live resources
(default: false)'
type: boolean
enabled:
description: Enable allows apps to explicitly control automated
sync
type: boolean
prune:
description: 'Prune specifies whether to delete resources
from the cluster that are not found in the sources anymore
@ -1848,6 +1994,11 @@ spec:
description: Health contains information about the application's current
health status
properties:
lastTransitionTime:
description: LastTransitionTime is the time the HealthStatus was
set or updated
format: date-time
type: string
message:
description: Message is a human-readable informational message
describing the health status
@ -2045,6 +2196,14 @@ spec:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema
validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
@ -2110,6 +2269,11 @@ spec:
force applying common labels to resources for Kustomize
apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize
from failing when components do not exist locally
by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
@ -2123,6 +2287,10 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether
to apply common labels to resource templates or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or not
@ -2194,6 +2362,10 @@ spec:
to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is displayed
in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
@ -2414,6 +2586,14 @@ spec:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema
validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
@ -2480,6 +2660,11 @@ spec:
force applying common labels to resources for Kustomize
apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize
from failing when components do not exist locally
by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
@ -2493,6 +2678,11 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether
to apply common labels to resource templates or
not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -2565,6 +2755,10 @@ spec:
to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is
displayed in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
@ -2933,6 +3127,14 @@ spec:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema
validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value
files to use when generating a template
@ -3000,6 +3202,12 @@ spec:
to force applying common labels to resources
for Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents
kustomize from failing when components do not
exist locally by not appending them to kustomization
file
type: boolean
images:
description: Images is a list of Kustomize image
override specifications
@ -3013,6 +3221,11 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether
to apply common labels to resource templates
or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors
@ -3085,6 +3298,11 @@ spec:
Kustomize to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and
is displayed in the UI. It is used in multi-source
Applications.
type: string
path:
description: Path is a directory path within the Git
repository, and is only valid for applications sourced
@ -3320,6 +3538,14 @@ spec:
description: SkipCrds skips custom resource
definition installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON
schema validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value
files to use when generating a template
@ -3389,6 +3615,12 @@ spec:
to force applying common labels to resources
for Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents
kustomize from failing when components do
not exist locally by not appending them to
kustomization file
type: boolean
images:
description: Images is a list of Kustomize image
override specifications
@ -3402,6 +3634,11 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies
whether to apply common labels to resource
templates or not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies
whether to apply common labels to resource
@ -3475,6 +3712,11 @@ spec:
of Kustomize to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and
is displayed in the UI. It is used in multi-source
Applications.
type: string
path:
description: Path is a directory path within the
Git repository, and is only valid for applications
@ -3824,6 +4066,14 @@ spec:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema
validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
@ -3890,6 +4140,11 @@ spec:
force applying common labels to resources for Kustomize
apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize
from failing when components do not exist locally
by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
@ -3903,6 +4158,11 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether
to apply common labels to resource templates or
not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -3975,6 +4235,10 @@ spec:
to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is
displayed in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
@ -4205,6 +4469,14 @@ spec:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema
validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value
files to use when generating a template
@ -4272,6 +4544,11 @@ spec:
to force applying common labels to resources for
Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize
from failing when components do not exist locally
by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image
override specifications
@ -4285,6 +4562,11 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether
to apply common labels to resource templates or
not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -4357,6 +4639,10 @@ spec:
to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is
displayed in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git
repository, and is only valid for applications sourced
@ -4453,16 +4739,22 @@ spec:
description: Resources is a list of Kubernetes resources managed by
this application
items:
description: |-
ResourceStatus holds the current sync and health status of a resource
TODO: describe members of this type
description: ResourceStatus holds the current synchronization and
health status of a Kubernetes resource.
properties:
group:
description: Group represents the API group of the resource
(e.g., "apps" for Deployments).
type: string
health:
description: HealthStatus contains information about the currently
observed health state of an application or resource
description: Health indicates the health status of the resource
(e.g., Healthy, Degraded, Progressing).
properties:
lastTransitionTime:
description: LastTransitionTime is the time the HealthStatus
was set or updated
format: date-time
type: string
message:
description: Message is a human-readable informational message
describing the health status
@ -4473,26 +4765,216 @@ spec:
type: string
type: object
hook:
description: Hook is true if the resource is used as a lifecycle
hook in an Argo CD application.
type: boolean
kind:
description: Kind specifies the type of the resource (e.g.,
"Deployment", "Service").
type: string
name:
description: Name is the unique name of the resource within
the namespace.
type: string
namespace:
description: Namespace defines the Kubernetes namespace where
the resource is located.
type: string
requiresDeletionConfirmation:
description: RequiresDeletionConfirmation is true if the resource
requires explicit user confirmation before deletion.
type: boolean
requiresPruning:
description: RequiresPruning is true if the resource needs to
be pruned (deleted) as part of synchronization.
type: boolean
status:
description: SyncStatusCode is a type which represents possible
comparison results
description: Status represents the synchronization state of
the resource (e.g., Synced, OutOfSync).
type: string
syncWave:
description: |-
SyncWave determines the order in which resources are applied during a sync operation.
Lower values are applied first.
format: int64
type: integer
version:
description: Version indicates the API version of the resource
(e.g., "v1", "v1beta1").
type: string
type: object
type: array
sourceHydrator:
description: SourceHydrator stores information about the current state
of source hydration
properties:
currentOperation:
description: CurrentOperation holds the status of the hydrate
operation
properties:
drySHA:
description: DrySHA holds the resolved revision (sha) of the
dry source as of the most recent reconciliation
type: string
finishedAt:
description: FinishedAt indicates when the hydrate operation
finished
format: date-time
type: string
hydratedSHA:
description: HydratedSHA holds the resolved revision (sha)
of the hydrated source as of the most recent reconciliation
type: string
message:
description: Message contains a message describing the current
status of the hydrate operation
type: string
phase:
description: Phase indicates the status of the hydrate operation
enum:
- Hydrating
- Failed
- Hydrated
type: string
sourceHydrator:
description: SourceHydrator holds the hydrator config used
for the hydrate operation
properties:
drySource:
description: DrySource specifies where the dry "don't
repeat yourself" manifest source lives.
properties:
path:
description: Path is a directory path within the Git
repository where the manifests are located
type: string
repoURL:
description: RepoURL is the URL to the git repository
that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to hydrate
type: string
required:
- path
- repoURL
- targetRevision
type: object
hydrateTo:
description: |-
HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
have to move manifests to the SyncSource, e.g. by pull request.
properties:
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- targetBranch
type: object
syncSource:
description: SyncSource specifies where to sync hydrated
manifests from.
properties:
path:
description: |-
Path is a directory path within the git repository where hydrated manifests should be committed to and synced
from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
type: string
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- path
- targetBranch
type: object
required:
- drySource
- syncSource
type: object
startedAt:
description: StartedAt indicates when the hydrate operation
started
format: date-time
type: string
required:
- message
- phase
type: object
lastSuccessfulOperation:
description: LastSuccessfulOperation holds info about the most
recent successful hydration
properties:
drySHA:
description: DrySHA holds the resolved revision (sha) of the
dry source as of the most recent reconciliation
type: string
hydratedSHA:
description: HydratedSHA holds the resolved revision (sha)
of the hydrated source as of the most recent reconciliation
type: string
sourceHydrator:
description: SourceHydrator holds the hydrator config used
for the hydrate operation
properties:
drySource:
description: DrySource specifies where the dry "don't
repeat yourself" manifest source lives.
properties:
path:
description: Path is a directory path within the Git
repository where the manifests are located
type: string
repoURL:
description: RepoURL is the URL to the git repository
that contains the application manifests
type: string
targetRevision:
description: TargetRevision defines the revision of
the source to hydrate
type: string
required:
- path
- repoURL
- targetRevision
type: object
hydrateTo:
description: |-
HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
have to move manifests to the SyncSource, e.g. by pull request.
properties:
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- targetBranch
type: object
syncSource:
description: SyncSource specifies where to sync hydrated
manifests from.
properties:
path:
description: |-
Path is a directory path within the git repository where hydrated manifests should be committed to and synced
from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
type: string
targetBranch:
description: TargetBranch is the branch to which hydrated
manifests should be committed
type: string
required:
- path
- targetBranch
type: object
required:
- drySource
- syncSource
type: object
type: object
type: object
sourceType:
description: SourceType specifies the type of this application
type: string
@ -4730,6 +5212,14 @@ spec:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema
validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value files
to use when generating a template
@ -4796,6 +5286,11 @@ spec:
force applying common labels to resources for Kustomize
apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize
from failing when components do not exist locally
by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image override
specifications
@ -4809,6 +5304,11 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether
to apply common labels to resource templates or
not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -4881,6 +5381,10 @@ spec:
to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is
displayed in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git repository,
and is only valid for applications sourced from Git.
@ -5111,6 +5615,14 @@ spec:
description: SkipCrds skips custom resource definition
installation step (Helm's --skip-crds)
type: boolean
skipSchemaValidation:
description: SkipSchemaValidation skips JSON schema
validation (Helm's --skip-schema-validation)
type: boolean
skipTests:
description: SkipTests skips test manifest installation
step (Helm's --skip-tests).
type: boolean
valueFiles:
description: ValuesFiles is a list of Helm value
files to use when generating a template
@ -5178,6 +5690,11 @@ spec:
to force applying common labels to resources for
Kustomize apps
type: boolean
ignoreMissingComponents:
description: IgnoreMissingComponents prevents kustomize
from failing when components do not exist locally
by not appending them to kustomization file
type: boolean
images:
description: Images is a list of Kustomize image
override specifications
@ -5191,6 +5708,11 @@ spec:
KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
uses the Kubernetes version of the target cluster.
type: string
labelIncludeTemplates:
description: LabelIncludeTemplates specifies whether
to apply common labels to resource templates or
not
type: boolean
labelWithoutSelector:
description: LabelWithoutSelector specifies whether
to apply common labels to resource selectors or
@ -5263,6 +5785,10 @@ spec:
to use for rendering manifests
type: string
type: object
name:
description: Name is used to refer to a source and is
displayed in the UI. It is used in multi-source Applications.
type: string
path:
description: Path is a directory path within the Git
repository, and is only valid for applications sourced

1415
manifests/argo-cd/templates/crds/crd-applicationset.yaml
View File

File diff suppressed because it is too large Load Diff

4
manifests/argo-cd/templates/crds/crd-project.yaml
View File

@ -289,6 +289,10 @@ spec:
description: SyncWindow contains the kind, time, duration and attributes
that are used to assign the syncWindows to apps
properties:
andOperator:
description: UseAndOperator use AND operator for matching applications,
namespaces and clusters instead of the default OR operator
type: boolean
applications:
description: Applications contains a list of applications that
the window will apply to

14
manifests/argo-cd/templates/dex/deployment.yaml
View File

@ -72,8 +72,12 @@ spec:
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }}
command:
- /shared/argocd-dex
- --logformat={{ default .Values.global.logging.format .Values.dex.logFormat }}
- --loglevel={{ default .Values.global.logging.level .Values.dex.logLevel }}
{{- with .Values.dex.logLevel }}
- --loglevel={{ . }}
{{- end }}
{{- with .Values.dex.logFormat }}
- --logformat={{ . }}
{{- end }}
args:
- rundex
{{- with .Values.dex.extraArgs }}
@ -95,6 +99,12 @@ spec:
key: dexserver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: log.format.timestamp
optional: true
- name: ARGOCD_DEX_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:

2
manifests/argo-cd/templates/dex/servicemonitor.yaml
View File

@ -1,4 +1,4 @@
{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }}
{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:

401
manifests/argo-cd/values.yaml
View File

@ -42,7 +42,7 @@ crds:
global:
# -- Default domain used by all components
## Used for ingresses, certificates, SSO, notifications, etc.
domain: argocd.example.com
domain: argocd.homelab.local
# -- Runtime class name for all components
runtimeClassName: ""
@ -119,7 +119,8 @@ global:
priorityClassName: ""
# -- Default node selector for all components
nodeSelector: {}
nodeSelector:
kubernetes.io/os: linux
# -- Default tolerations for all components
tolerations: []
@ -141,7 +142,7 @@ global:
# - antarctica-west1
# -- Default [TopologySpreadConstraints] rules for all components
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector of the component
topologySpreadConstraints: []
# - maxSkew: 1
@ -163,7 +164,7 @@ global:
## Argo Configs
configs:
# General Argo CD configuration
# General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap.
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
cm:
# -- Create the argocd-cm configmap for [declarative setup]
@ -175,6 +176,10 @@ configs:
# -- The name of tracking label used by Argo CD for resource pruning
application.instanceLabelKey: argocd.argoproj.io/instance
# -- Enable control of the service account used for the sync operation (alpha)
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/
application.sync.impersonation.enabled: false
# -- Enable logs RBAC enforcement
## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement
server.rbac.log.enforce.enable: false
@ -247,6 +252,131 @@ configs:
# name: some-cluster
# server: https://some-cluster
## Default configuration for ignoreResourceUpdates.
## The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated
## by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates.
# -- Ignoring status for all resources. An update will still be sent if the status update causes the health to change.
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.all: |
jsonPointers:
- /status
# -- Some Application fields are generated and not related to the application updates itself
## The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
jqPathExpressions:
- '.metadata.annotations."notified.notifications.argoproj.io"'
- '.metadata.annotations."argocd.argoproj.io/refresh"'
- '.metadata.annotations."argocd.argoproj.io/hydrate"'
- '.operation'
# -- Ignore Argo Rollouts generated fields
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
jqPathExpressions:
- '.metadata.annotations."notified.notifications.argoproj.io"'
# -- Legacy annotations used on HPA autoscaling/v1
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
jqPathExpressions:
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
# -- Ignore the cluster-autoscaler status
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.ConfigMap: |
jqPathExpressions:
# Ignore the cluster-autoscaler status
- '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
# Ignore the annotation of the legacy Leases election
- '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
# -- Ignore the common scaling annotations
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
jqPathExpressions:
- '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
- '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
- '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
# -- Ignores update if EndpointSlice is not excluded globally
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
jsonPointers:
- /metadata
- /endpoints
- /ports
# -- Ignores update if Endpoints is not excluded globally
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.Endpoints: |
jsonPointers:
- /metadata
- /subsets
## Default configuration for exclusions.
## The exclusion list are K8s resources that we assume will never be declared in Git,
## and are never child objects of managed resources that need to be presented in the resource tree.
## This list contains high volume and high churn metadata objects which we exclude for performance
## reasons, reducing connections and load to the K8s API servers of managed clusters.
# -- Resource Exclusion/Inclusion
# @default -- See [values.yaml]
resource.exclusions: |
### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter
- apiGroups:
- ''
- discovery.k8s.io
kinds:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- coordination.k8s.io
kinds:
- Lease
### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events
- apiGroups:
- authentication.k8s.io
- authorization.k8s.io
kinds:
- SelfSubjectReview
- TokenReview
- LocalSubjectAccessReview
- SelfSubjectAccessReview
- SelfSubjectRulesReview
- SubjectAccessReview
### Intermediate Certificate Request excluded reduce the number of watched events
- apiGroups:
- certificates.k8s.io
kinds:
- CertificateSigningRequest
- apiGroups:
- cert-manager.io
kinds:
- CertificateRequest
### Cilium internal resources excluded reduce the number of watched events and UI Clutter
- apiGroups:
- cilium.io
kinds:
- CiliumIdentity
- CiliumEndpoint
- CiliumEndpointSlice
### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance
- apiGroups:
- kyverno.io
- reports.kyverno.io
- wgpolicyk8s.io
kinds:
- PolicyReport
- ClusterPolicyReport
- EphemeralReport
- ClusterEphemeralReport
- AdmissionReport
- ClusterAdmissionReport
- BackgroundScanReport
- ClusterBackgroundScanReport
- UpdateRequest
# Argo CD configuration parameters
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
params:
@ -270,6 +400,8 @@ configs:
controller.self.heal.timeout.seconds: 5
# -- Repo server RPC call timeout seconds.
controller.repo.server.timeout.seconds: 60
# -- Specifies the timeout after which a sync would be terminated. 0 means no timeout
controller.sync.timeout.seconds: 0
## Server properties
# -- Run server without TLS
@ -287,6 +419,8 @@ configs:
server.enable.gzip: true
# -- Enable proxy extension feature. (proxy extension is in Alpha phase)
server.enable.proxy.extension: false
# -- Enable the hydrator feature (hydrator is in Alpha phase)
hydrator.enabled: false
# -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "".
server.x.frame.options: sameorigin
@ -412,6 +546,9 @@ configs:
# ...
# -----END CERTIFICATE-----
# -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
create: true
# ConfigMap for Config Management Plugins
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
cmp:
@ -721,8 +858,9 @@ controller:
# image: alpine:3
# command: [sh, -c]
# args:
# - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip &&
# unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/
# - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
# mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
# mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
@ -792,7 +930,7 @@ controller:
- ALL
# Readiness probe for application controller
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -826,7 +964,7 @@ controller:
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -1017,7 +1155,7 @@ dex:
# -- Dex image repository
repository: ghcr.io/dexidp/dex
# -- Dex image tag
tag: v2.41.1
tag: v2.43.1
# -- Dex imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1228,7 +1366,7 @@ dex:
# -- Assign custom [TopologySpreadConstraints] rules to dex
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -1242,12 +1380,13 @@ dex:
# maxSurge: 25%
# maxUnavailable: 25%
# DEPRECATED - Use configs.params to override
# -- Dex log format. Either `text` or `json`
# @default -- `""` (defaults to global.logging.format)
logFormat: ""
# logFormat: ""
# -- Dex log level. One of: `debug`, `info`, `warn`, `error`
# @default -- `""` (defaults to global.logging.level)
logLevel: ""
# logLevel: ""
## Redis
redis:
@ -1279,9 +1418,10 @@ redis:
## Redis image
image:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
repository: ecr-public.aws.com/docker/library/redis
# -- Redis tag
tag: 7.4.1-alpine
## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
tag: 7.2.8-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1295,9 +1435,9 @@ redis:
## Prometheus redis-exporter image
image:
# -- Repository to use for the redis-exporter
repository: public.ecr.aws/bitnami/redis-exporter
repository: ghcr.io/oliver006/redis_exporter
# -- Tag to use for the redis-exporter
tag: 1.58.0
tag: v1.73.0
# -- Image pull policy for the redis-exporter
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
@ -1315,7 +1455,7 @@ redis:
- ALL
## Probes for Redis exporter (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for Redis exporter (optional)
enabled: false
@ -1373,7 +1513,7 @@ redis:
# name: secret-name
## Probes for Redis server (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for Redis server
enabled: false
@ -1483,7 +1623,7 @@ redis:
# -- Assign custom [TopologySpreadConstraints] rules to redis
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -1565,17 +1705,18 @@ redis-ha:
## Redis image
image:
# -- Redis repository
repository: public.ecr.aws/docker/library/redis
repository: ecr-public.aws.com/docker/library/redis
# -- Redis tag
tag: 7.4.1-alpine
## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
tag: 7.2.8-alpine
## Prometheus redis-exporter sidecar
exporter:
# -- Enable Prometheus redis-exporter sidecar
enabled: false
# -- Repository to use for the redis-exporter
image: public.ecr.aws/bitnami/redis-exporter
image: ghcr.io/oliver006/redis_exporter
# -- Tag to use for the redis-exporter
tag: 1.58.0
tag: v1.69.0
persistentVolume:
# -- Configures persistence on Redis nodes
enabled: false
@ -1596,6 +1737,9 @@ redis-ha:
# -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI.
labels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
image:
# -- HAProxy Image Repository
repository: ecr-public.aws.com/docker/library/haproxy
metrics:
# -- HAProxy enable prometheus metric scraping
enabled: true
@ -1632,7 +1776,7 @@ redis-ha:
tolerations: []
# -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
topologySpreadConstraints:
# -- Enable Redis HA topology spread constraints
enabled: false
@ -1921,8 +2065,9 @@ server:
# image: alpine:3
# command: [sh, -c]
# args:
# - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip &&
# unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/
# - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
# mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
# mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
@ -1991,7 +2136,7 @@ server:
- ALL
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -2037,7 +2182,7 @@ server:
# -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -2137,9 +2282,10 @@ server:
# -- The class of the load balancer implementation
loadBalancerClass: ""
# -- LoadBalancer will get created with the IP specified in this field
loadBalancerIP: ""
loadBalancerIP: 192.168.0.242
# -- Source IP ranges to allow access to service from
## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer
## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb
loadBalancerSourceRanges: []
# -- Server service external IPs
externalIPs: []
@ -2639,7 +2785,7 @@ repoServer:
- ALL
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
@ -2681,7 +2827,7 @@ repoServer:
# -- Assign custom [TopologySpreadConstraints] rules to the repo server
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -3008,7 +3154,7 @@ applicationSet:
- ALL
## Probes for ApplicationSet controller (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled: false
@ -3226,12 +3372,13 @@ notifications:
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# DEPRECATED - Use configs.params to override
# -- Notifications controller log format. Either `text` or `json`
# @default -- `""` (defaults to global.logging.format)
logFormat: ""
# logFormat: ""
# -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error`
# @default -- `""` (defaults to global.logging.level)
logLevel: ""
# logLevel: ""
# -- Extra arguments to provide to the notifications controller
extraArgs: []
@ -3385,7 +3532,7 @@ notifications:
- ALL
## Probes for notifications controller Pods (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
@ -3431,7 +3578,7 @@ notifications:
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
@ -3742,3 +3889,183 @@ notifications:
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
# defaultTriggers: |
# - on-sync-status-unknown
commitServer:
# -- Enable commit server
enabled: false
# -- Commit server name
name: commit-server
# -- Runtime class name for the commit server
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## commit server controller image
image:
# -- Repository to use for the commit server
# @default -- `""` (defaults to global.image.repository)
repository: ""
# -- Tag to use for the commit server
# @default -- `""` (defaults to global.image.tag)
tag: ""
# -- Image pull policy for the commit server
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- commit server command line flags
extraArgs: []
# -- Environment variables to pass to the commit server
extraEnv: []
# - name: "MY_VAR"
# value: "value"
# -- envFrom to pass to the commit server
# @default -- `[]` (See [values.yaml])
extraEnvFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# -- List of extra mounts to add (normally used with extraVolumes)
extraVolumeMounts: []
# -- List of extra volumes to add
extraVolumes: []
metrics:
# -- Enables prometheus metrics server
enabled: false
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
labels: {}
# -- Metrics service port
servicePort: 8087
# -- Metrics service port name
portName: metrics
## commit server service configuration
service:
# -- commit server service annotations
annotations: {}
# -- commit server service labels
labels: {}
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: false
serviceAccount:
# -- Create commit server service account
create: true
# -- commit server service account name
name: argocd-commit-server
# -- Annotations applied to created service account
annotations: {}
# -- Labels applied to created service account
labels: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# -- Annotations to be added to commit server Deployment
deploymentAnnotations: {}
# -- Annotations for the commit server pods
podAnnotations: {}
# -- Labels for the commit server pods
podLabels: {}
# -- Resource limits and requests for the commit server pods.
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for commit server pods
dnsPolicy: "ClusterFirst"
# -- commit server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
## Probes for commit server (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for commit server
enabled: true
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 5
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
livenessProbe:
# -- Enable Kubernetes liveness probe for commit server
enabled: true
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 30
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 5
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the commit server
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Deployment strategy to be added to the commit server Deployment
deploymentStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# -- Priority class for the commit server pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""