diff --git a/manifests/argo-cd/Chart.lock b/manifests/argo-cd/Chart.lock index 36656a1..21d9303 100644 --- a/manifests/argo-cd/Chart.lock +++ b/manifests/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.29.4 -digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7 -generated: "2024-11-13T09:07:36.494128+09:00" + version: 4.33.7 +digest: sha256:a3eba6bba484e9fbfaca33e7f1ea3e6daed74014df7e7b077c496c2201b01996 +generated: "2025-05-25T11:18:29.356017-05:00" diff --git a/manifests/argo-cd/Chart.yaml b/manifests/argo-cd/Chart.yaml index f7c82dc..4b247a2 100644 --- a/manifests/argo-cd/Chart.yaml +++ b/manifests/argo-cd/Chart.yaml @@ -1,17 +1,17 @@ annotations: artifacthub.io/changes: | - kind: added - description: Added functionality to en/disable argocd-ssh-known-hosts-cm + description: Added hydrator.enabled parameter to support the hydrator feature artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc apiVersion: v2 -appVersion: v2.13.2 +appVersion: v3.0.5 dependencies: - condition: redis-ha.enabled name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.29.4 + version: 4.33.7 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. home: https://github.com/argoproj/argo-helm @@ -28,4 +28,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 7.7.11 +version: 8.0.14 diff --git a/manifests/argo-cd/README.md b/manifests/argo-cd/README.md index 226c37a..834c893 100644 --- a/manifests/argo-cd/README.md +++ b/manifests/argo-cd/README.md @@ -191,7 +191,7 @@ server: alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip @@ -278,6 +278,42 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 8.0.0 + +In this release we upgrade the Helm chart to deploy the next major version of Argo CD (v3.0.0). +Please carefully read at least those resources: +- [v2.14 to 3.0 upgrade instructions] +- [Argo CD v3.0 Release Blog Post] + +### 7.9.0 + +Chart versions from >= 7.7.2 and < 7.9.0 are using a Redis version which is no longer using an open source version of Redis. +Thus we downgraded Redis to latest available 7.2 (from 7.4) to be in-line with upstream manifests and fully honor +[CNCF Allowlist License Policy]. + +**Users using redis-ha may encounter issues** which can be resolved by either deleting all redis-ha pods after the +deployment/upgrade: + +```bash +kubectl delete pods -l app=redis-ha +``` + +Or alternatively by temporary switching to a single redis installation, then back to HA. +1. Evaluate current chart version in use + ```bash + $ helm ls + NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION + argocd argocd 3 2025-04-29 00:07:43.099922 +0200 CEST deployed argo-cd-7.8.28 v2.14.11 + ``` +2. Switch to single redis + ```bash + helm upgrade argocd argo/argo-cd --version --reuse-values --set redis-ha.enabled=false + ``` +3. Upgrade to chart version 7.9 or newer and re-enable redis HA again + ```bash + helm upgrade argocd argo/argo-cd --version 7.9.0 --reuse-values --set redis-ha.enabled=true + ``` + ### 7.0.0 We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. @@ -312,7 +348,7 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr Upstream steps in the [FAQ] are not enough, since we chose a different approach. (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) -Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash kubectl delete secret argocd-redis -n @@ -685,6 +721,8 @@ NAME: my-release ## Global Configs +NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm ConfigMap. + | Key | Type | Default | Description | |-----|------|---------|-------------| | global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. | @@ -708,7 +746,7 @@ NAME: my-release | global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` | | global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | | global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | -| global.nodeSelector | object | `{}` | Default node selector for all components | +| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components | | global.podAnnotations | object | `{}` | Annotations for the all deployed pods | | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.priorityClassName | string | `""` | Default priority class for all components | @@ -726,7 +764,17 @@ NAME: my-release | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | +| configs.cm."resource.customizations.ignoreResourceUpdates.ConfigMap" | string | See [values.yaml] | Ignore the cluster-autoscaler status | +| configs.cm."resource.customizations.ignoreResourceUpdates.Endpoints" | string | See [values.yaml] | Ignores update if Endpoints is not excluded globally | +| configs.cm."resource.customizations.ignoreResourceUpdates.all" | string | See [values.yaml] | Ignoring status for all resources. An update will still be sent if the status update causes the health to change. | +| configs.cm."resource.customizations.ignoreResourceUpdates.apps_ReplicaSet" | string | See [values.yaml] | Ignore the common scaling annotations | +| configs.cm."resource.customizations.ignoreResourceUpdates.argoproj.io_Application" | string | See [values.yaml] | Some Application fields are generated and not related to the application updates itself | +| configs.cm."resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout" | string | See [values.yaml] | Ignore Argo Rollouts generated fields | +| configs.cm."resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler" | string | See [values.yaml] | Legacy annotations used on HPA autoscaling/v1 | +| configs.cm."resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice" | string | See [values.yaml] | Ignores update if EndpointSlice is not excluded globally | +| configs.cm."resource.exclusions" | string | See [values.yaml] | Resource Exclusion/Inclusion | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | | configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | @@ -749,6 +797,8 @@ NAME: my-release | configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | | configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | | configs.params."controller.status.processors" | int | `20` | Number of application status processors | +| configs.params."controller.sync.timeout.seconds" | int | `0` | Specifies the timeout after which a sync would be terminated. 0 means no timeout | +| configs.params."hydrator.enabled" | bool | `false` | Enable the hydrator feature (hydrator is in Alpha phase) | | configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") | | configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | @@ -789,6 +839,7 @@ NAME: my-release | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | | configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap | | configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories | +| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. | ## Argo CD Controller @@ -1168,7 +1219,7 @@ NAME: my-release | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.41.1"` | Dex image tag | +| dex.image.tag | string | `"v2.43.1"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | @@ -1184,8 +1235,6 @@ NAME: my-release | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| dex.logFormat | string | `""` (defaults to global.logging.format) | Dex log format. Either `text` or `json` | -| dex.logLevel | string | `""` (defaults to global.logging.level) | Dex log level. One of: `debug`, `info`, `warn`, `error` | | dex.metrics.enabled | bool | `false` | Deploy metrics service | | dex.metrics.service.annotations | object | `{}` | Metrics service annotations | | dex.metrics.service.labels | object | `{}` | Metrics service labels | @@ -1258,8 +1307,8 @@ NAME: my-release | redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | -| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.repository | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | +| redis.exporter.image.tag | string | `"v1.73.0"` | Tag to use for the redis-exporter | | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -1276,8 +1325,8 @@ NAME: my-release | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | -| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.4.1-alpine"` | Redis tag | +| redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | +| redis.image.tag | string | `"7.2.8-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1351,19 +1400,20 @@ The main options are listed here: | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | -| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | +| redis-ha.exporter.image | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"v1.69.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.image.repository | string | `"ecr-public.aws.com/docker/library/haproxy"` | HAProxy Image Repository | | redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | -| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.4.1-alpine"` | Redis tag | +| redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | +| redis-ha.image.tag | string | `"7.2.8-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | @@ -1565,8 +1615,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` | -| notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` | | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | | notifications.metrics.port | int | `9001` | Metrics port | | notifications.metrics.service.annotations | object | `{}` | Metrics service annotations | @@ -1619,30 +1667,89 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | +| commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | +| commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | +| commitServer.dnsConfig | object | `{}` | [DNS configuration] | +| commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | +| commitServer.enabled | bool | `false` | Enable commit server | +| commitServer.extraArgs | list | `[]` | commit server command line flags | +| commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server | +| commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server | +| commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| commitServer.extraVolumes | list | `[]` | List of extra volumes to add | +| commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server | +| commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server | +| commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server | +| commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] | +| commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out | +| commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| commitServer.metrics.service.labels | object | `{}` | Metrics service labels | +| commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name | +| commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | +| commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| commitServer.name | string | `"commit-server"` | Commit server name | +| commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | +| commitServer.podLabels | object | `{}` | Labels for the commit server pods | +| commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods | +| commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. | +| commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | +| commitServer.service.annotations | object | `{}` | commit server service annotations | +| commitServer.service.labels | object | `{}` | commit server service labels | +| commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| commitServer.serviceAccount.create | bool | `true` | Create commit server service account | +| commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name | +| commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server | + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 @@ -1651,3 +1758,8 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md +[CNCF Allowlist License Policy]: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md#cncf-allowlist-license-policy +[v2.14 to 3.0 upgrade instructions]: https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/2.14-3.0/ +[Argo CD v3.0 Release Blog Post]: https://blog.argoproj.io/argo-cd-v3-0-release-candidate-a0b933f4e58f diff --git a/manifests/argo-cd/charts/redis-ha/Chart.yaml b/manifests/argo-cd/charts/redis-ha/Chart.yaml index 79d4874..ee7119f 100644 --- a/manifests/argo-cd/charts/redis-ha/Chart.yaml +++ b/manifests/argo-cd/charts/redis-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.2.4 +appVersion: 7.2.7 description: This Helm chart provides a highly available Redis implementation with a master/slave configuration and uses Sentinel sidecars for failover management home: http://redis.io/ @@ -9,8 +9,6 @@ keywords: - keyvalue - database maintainers: -- email: salimsalaues@gmail.com - name: ssalaues - email: aaron.layfield@gmail.com name: dandydeveloper name: redis-ha @@ -18,4 +16,4 @@ sources: - https://redis.io/download - https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha - https://github.com/oliver006/redis_exporter -version: 4.29.4 +version: 4.33.7 diff --git a/manifests/argo-cd/charts/redis-ha/README.md b/manifests/argo-cd/charts/redis-ha/README.md index e6d0cb1..e1562b0 100644 --- a/manifests/argo-cd/charts/redis-ha/README.md +++ b/manifests/argo-cd/charts/redis-ha/README.md @@ -67,9 +67,9 @@ The following table lists the configurable parameters of the Redis chart and the | `auth` | Configures redis with AUTH (requirepass & masterauth conf params) | bool | `false` | | `authKey` | Defines the key holding the redis password in existing secret. | string | `"auth"` | | `configmap.labels` | Custom labels for the redis configmap | object | `{}` | -| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.5.0"}` | +| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.10.0"}` | | `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | string | `"koalaman/shellcheck"` | -| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.5.0"` | +| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.10.0"` | | `configmapTest.resources` | Resources for the ConfigMap test pod | object | `{}` | | `containerSecurityContext` | Security context to be added to the Redis containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | | `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | object | `{}` | @@ -78,7 +78,7 @@ The following table lists the configurable parameters of the Redis chart and the | `extraInitContainers` | Extra init containers to include in StatefulSet | list | `[]` | | `extraLabels` | Labels added here are applied to all created resources | object | `{}` | | `extraVolumes` | Extra volumes to include in StatefulSet | list | `[]` | -| `fullNameOverride` | Full name of the Redis HA Resources | string | `""` | +| `fullnameOverride` | Full name of the Redis HA Resources | string | `""` | | `global.compatibility` | Openshift compatibility options | object | `{"openshift":{"adaptSecurityContext":"auto"}}` | | `global.priorityClassName` | Default priority class for all components | string | `""` | | `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. # This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature | bool | `true` | @@ -86,7 +86,7 @@ The following table lists the configurable parameters of the Redis chart and the | `hostPath.path` | Use this path on the host for data storage. path is evaluated as template so placeholders are replaced | string | `""` | | `image.pullPolicy` | Redis image pull policy | string | `"IfNotPresent"` | | `image.repository` | Redis image repository | string | `"public.ecr.aws/docker/library/redis"` | -| `image.tag` | Redis image tag | string | `"7.2.4-alpine"` | +| `image.tag` | Redis image tag | string | `"7.2.7-alpine"` | | `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | list | `[]` | | `init.resources` | Extra init resources | object | `{}` | | `labels` | Custom labels for the redis pod | object | `{}` | @@ -165,7 +165,7 @@ The following table lists the configurable parameters of the Redis chart and the | `schedulerName` | Use an alternate scheduler, e.g. "stork". ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | string | `""` | | `securityContext` | Security context to be added to the Redis StatefulSet. | object | `{"fsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | | `serviceAccount.annotations` | Annotations to be added to the service account for the redis statefulset | object | `{}` | -| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `false` | +| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `true` | | `serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | | `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the redis-ha.fullname template | string | `""` | | `serviceLabels` | Custom labels for redis service | object | `{}` | diff --git a/manifests/argo-cd/charts/redis-ha/templates/_configs.tpl b/manifests/argo-cd/charts/redis-ha/templates/_configs.tpl index 40c507c..e1222ad 100644 --- a/manifests/argo-cd/charts/redis-ha/templates/_configs.tpl +++ b/manifests/argo-cd/charts/redis-ha/templates/_configs.tpl @@ -333,7 +333,7 @@ identify_announce_ip if [ -z "${ANNOUNCE_IP}" ]; then - "Error: Could not resolve the announce ip for this pod." + "Error: Could not resolve the announce ip for this pod" exit 1 elif [ "${MASTER}" ]; then find_master @@ -534,7 +534,7 @@ {{- if .Values.haproxy.tls.enabled }} bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.haproxy.containerPort }} ssl crt {{ .Values.haproxy.tls.certMountPath }}{{ .Values.haproxy.tls.keyName }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }} {{ else }} - bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.redis.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }} + bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ if ne (int $root.Values.redis.port) 0 }}{{ $root.Values.redis.port }}{{ else }}{{ $root.Values.redis.tlsPort }}{{ end }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }} {{- end }} use_backend bk_redis_master {{- if .Values.haproxy.readOnly.enabled }} diff --git a/manifests/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml b/manifests/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml index 8250693..fbcb506 100644 --- a/manifests/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml +++ b/manifests/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml @@ -12,9 +12,6 @@ metadata: spec: selector: matchLabels: - # The replica label is set on StatefulSet pods but not the Test pods - # We want to avoid including the Test pods in the budget - {{ template "redis-ha.fullname" . }}: replica release: {{ .Release.Name }} app: {{ template "redis-ha.name" . }} {{ toYaml .Values.podDisruptionBudget | indent 2 }} diff --git a/manifests/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml b/manifests/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml index 8f247e6..1351ab1 100644 --- a/manifests/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml +++ b/manifests/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml @@ -1,5 +1,6 @@ {{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}} {{- $regexRestoreSSH := "^.+@.+:.+" -}} +{{- $regexRestoreRedis := "^redis://(?:[A-Za-z0-9_]+(?::[^@]+)?@)?[A-Za-z0-9.-]+(?::\\d{1,5})?(?:/\\d+)?$" -}} apiVersion: apps/v1 kind: StatefulSet @@ -246,6 +247,34 @@ spec: - name: data mountPath: /data {{- end }} +{{ if regexFind $regexRestoreRedis (toString .Values.restore.redis.source) }} + - name: restore-redis + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: +{{ toYaml .Values.init.resources | indent 10 }} + command: + - sh + args: + - "-c" + - "echo $HOSTNAME | grep -q 'ha-server-0' \ + && nc -w 5 -vz {{ regexReplaceAll "^redis:\\/\\/(.*)" .Values.restore.redis.source "${1}" }} \ + && test ! -s /data/dump.rdb \ + && timeout {{ .Values.restore.timeout }} \ + redis-cli -u {{ .Values.restore.redis.source }} --rdb /data/dump.rdb_ \ + && test -s /data/dump.rdb_ \ + && if test -s /data/dump.rdb; \ + then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \ + && mv -v /data/dump.rdb_ /data/dump.rdb || true" + {{- if .Values.restore.existingSecret }} + envFrom: + - secretRef: + name: {{ .Values.existingSecret }} + {{- end }} + volumeMounts: + - name: data + mountPath: /data +{{- end }} {{- if .Values.extraInitContainers }} {{- toYaml .Values.extraInitContainers | nindent 6 }} {{- end }} diff --git a/manifests/argo-cd/charts/redis-ha/values.yaml b/manifests/argo-cd/charts/redis-ha/values.yaml index a4b33c6..e857f15 100644 --- a/manifests/argo-cd/charts/redis-ha/values.yaml +++ b/manifests/argo-cd/charts/redis-ha/values.yaml @@ -14,12 +14,12 @@ image: # -- Redis image repository repository: public.ecr.aws/docker/library/redis # -- Redis image tag - tag: 7.2.4-alpine + tag: 7.2.7-alpine # -- Redis image pull policy pullPolicy: IfNotPresent # -- Full name of the Redis HA Resources -fullNameOverride: "" +fullnameOverride: "" # -- Name override for Redis HA resources nameOverride: "" @@ -70,7 +70,7 @@ configmapTest: # -- Repository of the configmap shellcheck test image. repository: koalaman/shellcheck # -- Tag of the configmap shellcheck test image. - tag: v0.5.0 + tag: v0.10.0 # -- Resources for the ConfigMap test pod resources: {} @@ -127,7 +127,7 @@ haproxy: # -- HAProxy Image Repository repository: public.ecr.aws/docker/library/haproxy # -- HAProxy Image Tag - tag: 2.9.4-alpine + tag: 3.0.8-alpine # -- HAProxy Image PullPolicy pullPolicy: IfNotPresent @@ -185,7 +185,7 @@ haproxy: serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true - automountToken: false + automountToken: true ## Official HAProxy embedded prometheus metrics settings. ## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter @@ -418,15 +418,15 @@ redis: # -- Enable Startup Probe enabled: true # -- Initial delay in seconds for startup probe - initialDelaySeconds: 5 + initialDelaySeconds: 30 # -- Period in seconds after which startup probe will be repeated - periodSeconds: 10 + periodSeconds: 15 # -- Timeout seconds for startup probe timeoutSeconds: 15 # -- Success threshold for startup probe successThreshold: 1 # -- Failure threshold for startup probe - failureThreshold: 3 + failureThreshold: 5 # -- Array with commands to disable disableCommands: @@ -700,9 +700,9 @@ exporter: # -- If `true`, the prometheus exporter sidecar is enabled enabled: false # -- Exporter image - image: oliver006/redis_exporter + image: quay.io/oliver006/redis_exporter # -- Exporter image tag - tag: v1.57.0 + tag: v1.67.0 # -- Exporter image pullPolicy pullPolicy: IfNotPresent @@ -889,6 +889,8 @@ tls: # EXAMPLE source for s3 restore: 's3://bucket/dump.rdb' # REQUIRED for ssh restore: 'key' should be in one line including CR i.e. '-----BEGIN RSA PRIVATE KEY-----\n...\n...\n...\n-----END RSA PRIVATE KEY-----' # EXAMPLE source for ssh restore: 'user@server:/path/dump.rdb' +# REQUIRED for redis restore: 'source' should be in form of redis connection uri: 'redis://[username:password@]host:port[/db]' +# EXAMPLE source for redis restore: 'redis://username:password@localhost:6379' restore: # -- Timeout for the restore timeout: 600 @@ -914,6 +916,8 @@ restore: # Key should be in one line separated with \n. # i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----` key: "" + redis: + source: "" ## Custom PrometheusRule to be defined ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart diff --git a/manifests/argo-cd/templates/NOTES.txt b/manifests/argo-cd/templates/NOTES.txt index 8821ab7..78c38b4 100644 --- a/manifests/argo-cd/templates/NOTES.txt +++ b/manifests/argo-cd/templates/NOTES.txt @@ -1,3 +1,15 @@ +{{- if .Values.notifications.logLevel }} +DEPRECATED option notifications.logLevel - Use `configs.params."notificationscontroller.log.level"` +{{- end }} +{{- if .Values.notifications.logFormat }} +DEPRECATED option notifications.logFormat - Use `configs.params."notificationscontroller.log.format"` +{{- end }} +{{- if .Values.dex.logLevel }} +DEPRECATED option dex.logLevel - Use `configs.params."dexserver.log.level"` +{{- end }} +{{- if .Values.dex.logFormat }} +DEPRECATED option dex.logFormat - Use `configs.params."dexserver.log.format"` +{{- end }} In order to access the server UI you have the following options: 1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443 diff --git a/manifests/argo-cd/templates/_helpers.tpl b/manifests/argo-cd/templates/_helpers.tpl index 1ef054b..3b620aa 100644 --- a/manifests/argo-cd/templates/_helpers.tpl +++ b/manifests/argo-cd/templates/_helpers.tpl @@ -177,6 +177,24 @@ Create the name of the notifications service account to use {{- end -}} {{- end -}} +{{/* +Create argocd commit-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.commitServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the commit-server service account to use +*/}} +{{- define "argo-cd.commitServer.serviceAccountName" -}} +{{- if .Values.commitServer.serviceAccount.create -}} + {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.commitServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Argo Configuration Preset Values (Influenced by Values configuration) */}} @@ -220,7 +238,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ {{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}} {{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}} {{- end -}} -{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}} +{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" "notificationscontroller" "dexserver" -}} {{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} {{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} {{- end -}} @@ -257,3 +275,44 @@ ipFamilyPolicy: {{ . }} ipFamilies: {{ toYaml . | nindent 4 }} {{- end }} {{- end }} + +{{/* +secretKeyRef of env variable REDIS_USERNAME +*/}} +{{- define "argo-cd.redisUsernameSecretRef" -}} + {{- if .Values.externalRedis.host -}} +name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} +key: redis-username +optional: {{ if .Values.externalRedis.username }}false{{ else }}true{{ end }} + + {{- else -}} +name: "argocd-redis" +key: redis-username +optional: true + {{- end -}} +{{- end -}} + +{{/* +secretKeyRef of env variable REDIS_PASSWORD +*/}} +{{- define "argo-cd.redisPasswordSecretRef" -}} + {{- if .Values.externalRedis.host -}} + {{- /* External Redis use case */ -}} + {{- /* Secret is required when specifying existingSecret or a password, otherwise it is optional */ -}} +name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} +key: redis-password +optional: {{ if or .Values.externalRedis.existingSecret .Values.externalRedis.password }}false{{ else }}true{{ end }} + + {{- else if and .Values.redisSecretInit.enabled -}} + {{- /* Default case where Secret is generated by the Job with Helm pre-install hooks */ -}} +name: "argocd-redis" # hard-coded in Job command and embedded Redis deployments (standalone and redis-ha) +key: auth +optional: false # Secret is not optional in this case ! + + {{- else -}} + {{- /* All other use cases (e.g. disabled pre-install Job) */ -}} +name: "argocd-redis" +key: auth +optional: true + {{- end -}} +{{- end -}} diff --git a/manifests/argo-cd/templates/argocd-application-controller/deployment.yaml b/manifests/argo-cd/templates/argocd-application-controller/deployment.yaml index e61a852..5246bac 100644 --- a/manifests/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/manifests/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -145,6 +145,12 @@ spec: name: argocd-cmd-params-cm key: controller.log.level optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -175,6 +181,18 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cooldown.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -220,19 +238,11 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - key: redis-username - optional: true + {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - {{- if .Values.externalRedis.host }} - key: redis-password - {{- else }} - key: auth - {{- end }} - optional: true + {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }} - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: @@ -311,6 +321,24 @@ spec: name: argocd-cmd-params-cm key: controller.ignore.normalizer.jq.timeout optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/manifests/argo-cd/templates/argocd-application-controller/role.yaml b/manifests/argo-cd/templates/argocd-application-controller/role.yaml index 27e3e95..fa3a791 100644 --- a/manifests/argo-cd/templates/argocd-application-controller/role.yaml +++ b/manifests/argo-cd/templates/argocd-application-controller/role.yaml @@ -19,6 +19,7 @@ rules: - argoproj.io resources: - applications + - applicationsets - appprojects verbs: - create diff --git a/manifests/argo-cd/templates/argocd-application-controller/statefulset.yaml b/manifests/argo-cd/templates/argocd-application-controller/statefulset.yaml index a907ac7..02c5180 100644 --- a/manifests/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/manifests/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -144,6 +144,12 @@ spec: name: argocd-cmd-params-cm key: controller.log.level optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -174,6 +180,18 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cooldown.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -219,19 +237,11 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - key: redis-username - optional: true + {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - {{- if .Values.externalRedis.host }} - key: redis-password - {{- else }} - key: auth - {{- end }} - optional: true + {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }} - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: @@ -268,6 +278,12 @@ spec: name: argocd-cmd-params-cm key: otlp.headers optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -310,6 +326,26 @@ spec: name: argocd-cmd-params-cm key: controller.ignore.normalizer.jq.timeout optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -344,6 +380,8 @@ spec: name: argocd-home - name: argocd-cmd-params-cm mountPath: /home/argocd/params + - name: argocd-application-controller-tmp + mountPath: /tmp {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -385,6 +423,8 @@ spec: {{- else }} emptyDir: {} {{- end }} + - emptyDir: {} + name: argocd-application-controller-tmp - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls diff --git a/manifests/argo-cd/templates/argocd-applicationset/deployment.yaml b/manifests/argo-cd/templates/argocd-applicationset/deployment.yaml index 303106b..25f58f6 100644 --- a/manifests/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/manifests/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -133,6 +133,12 @@ spec: key: applicationsetcontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -151,6 +157,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING valueFrom: configMapKeyRef: @@ -211,6 +223,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.webhook.parallelism.limit optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/manifests/argo-cd/templates/argocd-commit-server/deployment.yaml b/manifests/argo-cd/templates/argocd-commit-server/deployment.yaml new file mode 100644 index 0000000..d0ab14d --- /dev/null +++ b/manifests/argo-cd/templates/argocd-commit-server/deployment.yaml @@ -0,0 +1,238 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }} + containers: + - name: {{ .Values.commitServer.name }} + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-commit-server + {{- with .Values.commitServer.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.metrics.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.format + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + {{- with .Values.commitServer.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8086 + name: server + protocol: TCP + - containerPort: 8087 + name: metrics + protocol: TCP + {{- if .Values.commitServer.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.commitServer.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }} + {{- end }} + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commitServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.commitServer.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + mountPath: /app/config/ssh + - name: tls-certs + mountPath: /app/config/tls + - name: gpg-keys + mountPath: /app/config/gpg/source + - name: gpg-keyring + mountPath: /app/config/gpg/keys + # We need a writeable temp directory for the askpass socket file. + - name: tmp + mountPath: /tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + name: copyutil + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + volumes: + {{- with .Values.commitServer.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + emptyDir: {} + - name: tmp + emptyDir: {} + - name: argocd-commit-server-tls + secret: + secretName: argocd-commit-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - emptyDir: {} + name: var-files + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.commitServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.commitServer.hostNetwork }} + hostNetwork: {{ .Values.commitServer.hostNetwork }} + {{- end }} + {{- with .Values.commitServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.commitServer.dnsPolicy }} +{{- end }} diff --git a/manifests/argo-cd/templates/argocd-commit-server/metrics.yaml b/manifests/argo-cd/templates/argocd-commit-server/metrics.yaml new file mode 100644 index 0000000..7d198a7 --- /dev/null +++ b/manifests/argo-cd/templates/argocd-commit-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.commitServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }} + {{- with .Values.commitServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.commitServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.commitServer.metrics.service.type }} + {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.commitServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.commitServer.metrics.service.servicePort }} + targetPort: 8087 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/manifests/argo-cd/templates/argocd-commit-server/networkpolicy.yaml b/manifests/argo-cd/templates/argocd-commit-server/networkpolicy.yaml new file mode 100644 index 0000000..6ec0a6a --- /dev/null +++ b/manifests/argo-cd/templates/argocd-commit-server/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }} + ports: + - protocol: TCP + port: 8086 + - from: + - namespaceSelector: { } + ports: + - port: 8087 +{{- end }} diff --git a/manifests/argo-cd/templates/argocd-commit-server/service.yaml b/manifests/argo-cd/templates/argocd-commit-server/service.yaml new file mode 100644 index 0000000..7b0bf87 --- /dev/null +++ b/manifests/argo-cd/templates/argocd-commit-server/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commitServer.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + ports: + - name: server + protocol: TCP + port: 8086 + targetPort: 8086 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/manifests/argo-cd/templates/argocd-commit-server/serviceaccount.yaml b/manifests/argo-cd/templates/argocd-commit-server/serviceaccount.yaml new file mode 100644 index 0000000..d0cf9e7 --- /dev/null +++ b/manifests/argo-cd/templates/argocd-commit-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.commitServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.commitServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/manifests/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/manifests/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index db582e6..3aad401 100644 --- a/manifests/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/manifests/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.tls.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -15,3 +16,4 @@ metadata: data: {{- toYaml . | nindent 2 }} {{- end }} +{{- end }} diff --git a/manifests/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/manifests/argo-cd/templates/argocd-configs/cluster-secrets.yaml index d317eac..956bbf5 100644 --- a/manifests/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/manifests/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -22,7 +22,7 @@ stringData: {{- if $cluster_value.shard }} shard: {{ $cluster_value.shard | quote }} {{- end }} - name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} + name: {{ $cluster_key }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} {{- if $cluster_value.namespaces }} namespaces: {{ $cluster_value.namespaces }} diff --git a/manifests/argo-cd/templates/argocd-notifications/deployment.yaml b/manifests/argo-cd/templates/argocd-notifications/deployment.yaml index cee627d..a52a1a2 100644 --- a/manifests/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/manifests/argo-cd/templates/argocd-notifications/deployment.yaml @@ -66,11 +66,15 @@ spec: args: - /usr/local/bin/argocd-notifications - --metrics-port={{ .Values.notifications.containerPorts.metrics }} - - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }} - - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }} - --namespace={{ include "argo-cd.namespace" . }} - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - --secret-name={{ .Values.notifications.secret.name }} + {{- with .Values.notifications.logLevel }} + - --loglevel={{ . }} + {{- end }} + {{- with .Values.notifications.logFormat }} + - --logformat={{ . }} + {{- end }} {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} @@ -90,6 +94,12 @@ spec: key: notificationscontroller.log.format name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: diff --git a/manifests/argo-cd/templates/argocd-repo-server/deployment.yaml b/manifests/argo-cd/templates/argocd-repo-server/deployment.yaml index 2617251..a7b6674 100644 --- a/manifests/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/manifests/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -109,6 +109,12 @@ spec: name: argocd-cmd-params-cm key: reposerver.log.level optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT valueFrom: configMapKeyRef: @@ -178,19 +184,11 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - key: redis-username - optional: true + {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - {{- if .Values.externalRedis.host }} - key: redis-password - {{- else }} - key: auth - {{- end }} - optional: true + {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }} - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: @@ -227,6 +225,12 @@ spec: name: argocd-cmd-params-cm key: otlp.headers optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE valueFrom: configMapKeyRef: @@ -239,6 +243,12 @@ spec: name: argocd-cmd-params-cm key: reposerver.plugin.tar.exclusions optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS valueFrom: configMapKeyRef: diff --git a/manifests/argo-cd/templates/argocd-server/deployment.yaml b/manifests/argo-cd/templates/argocd-server/deployment.yaml index cc5f7bf..7fc5674 100644 --- a/manifests/argo-cd/templates/argocd-server/deployment.yaml +++ b/manifests/argo-cd/templates/argocd-server/deployment.yaml @@ -246,19 +246,11 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - key: redis-username - optional: true + {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} - {{- if .Values.externalRedis.host }} - key: redis-password - {{- else }} - key: auth - {{- end }} - optional: true + {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }} - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: @@ -313,6 +305,12 @@ spec: name: argocd-cmd-params-cm key: otlp.headers optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true - name: ARGOCD_APPLICATION_NAMESPACES valueFrom: configMapKeyRef: @@ -373,6 +371,18 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.sync.replace.allowed + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} diff --git a/manifests/argo-cd/templates/argocd-server/ingress.yaml b/manifests/argo-cd/templates/argocd-server/ingress.yaml index 31f72ed..8724baa 100644 --- a/manifests/argo-cd/templates/argocd-server/ingress.yaml +++ b/manifests/argo-cd/templates/argocd-server/ingress.yaml @@ -9,20 +9,20 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- with .Values.server.ingress.annotations }} annotations: {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} + {{ $key }}: {{ tpl (toString $value) $ | quote }} {{- end }} {{- end }} spec: {{- with .Values.server.ingress.ingressClassName }} - ingressClassName: {{ . }} + ingressClassName: {{ tpl . $ }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -36,7 +36,7 @@ spec: port: number: {{ $servicePort }} {{- range .Values.server.ingress.extraHosts }} - - host: {{ .name | quote }} + - host: {{ tpl .name $ | quote }} http: paths: - path: {{ default $.Values.server.ingress.path .path }} @@ -54,10 +54,10 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - - {{ .name }} + - {{ tpl .name $ }} {{- end }} {{- end }} secretName: argocd-server-tls diff --git a/manifests/argo-cd/templates/crds/crd-application.yaml b/manifests/argo-cd/templates/crds/crd-application.yaml index 7e3afda..be305cf 100644 --- a/manifests/argo-cd/templates/crds/crd-application.yaml +++ b/manifests/argo-cd/templates/crds/crd-application.yaml @@ -319,6 +319,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -382,6 +390,11 @@ spec: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally by + not appending them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -395,6 +408,10 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether to + apply common labels to resource templates or not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -466,6 +483,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -685,6 +706,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -750,6 +779,11 @@ spec: force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -763,6 +797,10 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -834,6 +872,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1166,6 +1208,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1228,6 +1278,11 @@ spec: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize from + failing when components do not exist locally by not appending + them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -1241,6 +1296,10 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether to apply + common labels to resource templates or not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1312,6 +1371,10 @@ spec: use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1378,6 +1441,64 @@ spec: required: - repoURL type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: description: Sources is a reference to the location of the application's manifests or chart @@ -1523,6 +1644,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1586,6 +1715,11 @@ spec: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally by not + appending them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -1599,6 +1733,10 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether to + apply common labels to resource templates or not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1670,6 +1808,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1751,6 +1893,10 @@ spec: description: 'AllowEmpty allows apps have zero live resources (default: false)' type: boolean + enabled: + description: Enable allows apps to explicitly control automated + sync + type: boolean prune: description: 'Prune specifies whether to delete resources from the cluster that are not found in the sources anymore @@ -1848,6 +1994,11 @@ spec: description: Health contains information about the application's current health status properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -2045,6 +2196,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -2110,6 +2269,11 @@ spec: force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -2123,6 +2287,10 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -2194,6 +2362,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -2414,6 +2586,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -2480,6 +2660,11 @@ spec: force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -2493,6 +2678,11 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -2565,6 +2755,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -2933,6 +3127,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3000,6 +3202,12 @@ spec: to force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents + kustomize from failing when components do not + exist locally by not appending them to kustomization + file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -3013,6 +3221,11 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates + or not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors @@ -3085,6 +3298,11 @@ spec: Kustomize to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced @@ -3320,6 +3538,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3389,6 +3615,12 @@ spec: to force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents + kustomize from failing when components do + not exist locally by not appending them to + kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -3402,6 +3634,11 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies + whether to apply common labels to resource + templates or not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource @@ -3475,6 +3712,11 @@ spec: of Kustomize to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications @@ -3824,6 +4066,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3890,6 +4140,11 @@ spec: force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -3903,6 +4158,11 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -3975,6 +4235,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -4205,6 +4469,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -4272,6 +4544,11 @@ spec: to force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -4285,6 +4562,11 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4357,6 +4639,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced @@ -4453,16 +4739,22 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: ResourceStatus holds the current synchronization and + health status of a Kubernetes resource. properties: group: + description: Group represents the API group of the resource + (e.g., "apps" for Deployments). type: string health: - description: HealthStatus contains information about the currently - observed health state of an application or resource + description: Health indicates the health status of the resource + (e.g., Healthy, Degraded, Progressing). properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -4473,26 +4765,216 @@ spec: type: string type: object hook: + description: Hook is true if the resource is used as a lifecycle + hook in an Argo CD application. type: boolean kind: + description: Kind specifies the type of the resource (e.g., + "Deployment", "Service"). type: string name: + description: Name is the unique name of the resource within + the namespace. type: string namespace: + description: Namespace defines the Kubernetes namespace where + the resource is located. type: string + requiresDeletionConfirmation: + description: RequiresDeletionConfirmation is true if the resource + requires explicit user confirmation before deletion. + type: boolean requiresPruning: + description: RequiresPruning is true if the resource needs to + be pruned (deleted) as part of synchronization. type: boolean status: - description: SyncStatusCode is a type which represents possible - comparison results + description: Status represents the synchronization state of + the resource (e.g., Synced, OutOfSync). type: string syncWave: + description: |- + SyncWave determines the order in which resources are applied during a sync operation. + Lower values are applied first. format: int64 type: integer version: + description: Version indicates the API version of the resource + (e.g., "v1", "v1beta1"). type: string type: object type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object sourceType: description: SourceType specifies the type of this application type: string @@ -4730,6 +5212,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -4796,6 +5286,11 @@ spec: force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -4809,6 +5304,11 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4881,6 +5381,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -5111,6 +5615,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -5178,6 +5690,11 @@ spec: to force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -5191,6 +5708,11 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -5263,6 +5785,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced diff --git a/manifests/argo-cd/templates/crds/crd-applicationset.yaml b/manifests/argo-cd/templates/crds/crd-applicationset.yaml index 6cf0922..7c6e5ca 100644 --- a/manifests/argo-cd/templates/crds/crd-applicationset.yaml +++ b/manifests/argo-cd/templates/crds/crd-applicationset.yaml @@ -242,6 +242,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -278,12 +282,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -340,6 +348,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -385,6 +395,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -472,6 +518,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -508,12 +558,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -570,6 +624,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -622,6 +678,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -676,6 +734,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -864,6 +924,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -900,12 +964,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -962,6 +1030,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1007,6 +1077,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1094,6 +1200,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1130,12 +1240,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -1192,6 +1306,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1244,6 +1360,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -1487,6 +1605,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1523,12 +1645,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -1585,6 +1711,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1630,6 +1758,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1717,6 +1881,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1753,12 +1921,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -1815,6 +1987,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1867,6 +2041,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -2090,6 +2266,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2126,12 +2306,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -2188,6 +2372,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2233,6 +2419,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2320,6 +2542,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2356,12 +2582,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -2418,6 +2648,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2470,6 +2702,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -2718,6 +2952,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2754,12 +2992,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -2816,6 +3058,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2861,6 +3105,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2948,6 +3228,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2984,12 +3268,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -3046,6 +3334,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3098,6 +3388,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -3152,6 +3444,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -3340,6 +3634,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3376,12 +3674,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -3438,6 +3740,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3483,6 +3787,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -3570,6 +3910,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3606,12 +3950,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -3668,6 +4016,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3720,6 +4070,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -3963,6 +4315,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3999,12 +4355,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -4061,6 +4421,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4106,6 +4468,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -4193,6 +4591,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4229,12 +4631,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -4291,6 +4697,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4343,6 +4751,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -4566,6 +4976,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4602,12 +5016,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -4664,6 +5082,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4709,6 +5129,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -4796,6 +5252,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4832,12 +5292,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -4894,6 +5358,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4946,6 +5412,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -5177,6 +5645,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -5213,12 +5685,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -5275,6 +5751,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -5320,6 +5798,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -5407,6 +5921,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -5443,12 +5961,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -5505,6 +6027,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -5557,6 +6081,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -6007,6 +6533,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6043,12 +6573,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -6105,6 +6639,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6150,6 +6686,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -6237,6 +6809,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6273,12 +6849,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -6335,6 +6915,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6387,6 +6969,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -6432,6 +7016,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object scmProvider: properties: @@ -6832,6 +7420,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6868,12 +7460,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -6930,6 +7526,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6975,6 +7573,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7062,6 +7696,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7098,12 +7736,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -7160,6 +7802,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7212,6 +7856,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -7452,6 +8098,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7488,12 +8138,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -7550,6 +8204,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7595,6 +8251,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7682,6 +8374,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7718,12 +8414,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -7780,6 +8480,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7832,6 +8534,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -8082,6 +8786,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8118,12 +8826,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -8180,6 +8892,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8225,6 +8939,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8312,6 +9062,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8348,12 +9102,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -8410,6 +9168,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8462,6 +9222,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -8516,6 +9278,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -8704,6 +9468,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8740,12 +9508,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -8802,6 +9574,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8847,6 +9621,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8934,6 +9744,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8970,12 +9784,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -9032,6 +9850,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9084,6 +9904,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -9327,6 +10149,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9363,12 +10189,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -9425,6 +10255,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9470,6 +10302,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9557,6 +10425,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9593,12 +10465,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -9655,6 +10531,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9707,6 +10585,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -9930,6 +10810,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9966,12 +10850,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -10028,6 +10916,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10073,6 +10963,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10160,6 +11086,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10196,12 +11126,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -10258,6 +11192,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10310,6 +11246,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -10541,6 +11479,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10577,12 +11519,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -10639,6 +11585,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10684,6 +11632,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10771,6 +11755,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10807,12 +11795,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -10869,6 +11861,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10921,6 +11915,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -11371,6 +12367,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -11407,12 +12407,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -11469,6 +12473,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -11514,6 +12520,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -11601,6 +12643,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -11637,12 +12683,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -11699,6 +12749,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -11751,6 +12803,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -11796,6 +12850,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object scmProvider: properties: @@ -12196,6 +13254,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12232,12 +13294,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -12294,6 +13360,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12339,6 +13407,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -12426,6 +13530,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12462,12 +13570,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -12524,6 +13636,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12576,6 +13690,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -12820,6 +13936,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12856,12 +13976,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -12918,6 +14042,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12963,6 +14089,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13050,6 +14212,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13086,12 +14252,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -13148,6 +14318,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13200,6 +14372,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -13430,6 +14604,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13466,12 +14644,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -13528,6 +14710,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13573,6 +14757,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13660,6 +14880,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13696,12 +14920,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -13758,6 +14986,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13810,6 +15040,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -14260,6 +15492,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -14296,12 +15532,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -14358,6 +15598,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -14403,6 +15645,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -14490,6 +15768,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -14526,12 +15808,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -14588,6 +15874,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -14640,6 +15928,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -14685,6 +15975,10 @@ spec: - metadata - spec type: object + values: + additionalProperties: + type: string + type: object type: object scmProvider: properties: @@ -15085,6 +16379,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15121,12 +16419,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -15183,6 +16485,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15228,6 +16532,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15315,6 +16655,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15351,12 +16695,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -15413,6 +16761,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15465,6 +16815,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -15780,6 +17132,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15816,12 +17172,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -15878,6 +17238,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15923,6 +17285,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -16010,6 +17408,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -16046,12 +17448,16 @@ spec: type: boolean forceCommonLabels: type: boolean + ignoreMissingComponents: + type: boolean images: items: type: string type: array kubeVersion: type: string + labelIncludeTemplates: + type: boolean labelWithoutSelector: type: boolean namePrefix: @@ -16108,6 +17514,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -16160,6 +17568,8 @@ spec: properties: allowEmpty: type: boolean + enabled: + type: boolean prune: type: boolean selfHeal: @@ -16267,6 +17677,9 @@ spec: type: string health: properties: + lastTransitionTime: + format: date-time + type: string message: type: string status: @@ -16280,6 +17693,8 @@ spec: type: string namespace: type: string + requiresDeletionConfirmation: + type: boolean requiresPruning: type: boolean status: diff --git a/manifests/argo-cd/templates/crds/crd-project.yaml b/manifests/argo-cd/templates/crds/crd-project.yaml index 1865aa2..8ddd7a0 100644 --- a/manifests/argo-cd/templates/crds/crd-project.yaml +++ b/manifests/argo-cd/templates/crds/crd-project.yaml @@ -289,6 +289,10 @@ spec: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: + andOperator: + description: UseAndOperator use AND operator for matching applications, + namespaces and clusters instead of the default OR operator + type: boolean applications: description: Applications contains a list of applications that the window will apply to diff --git a/manifests/argo-cd/templates/dex/deployment.yaml b/manifests/argo-cd/templates/dex/deployment.yaml index 4c6209a..efdefc1 100644 --- a/manifests/argo-cd/templates/dex/deployment.yaml +++ b/manifests/argo-cd/templates/dex/deployment.yaml @@ -72,8 +72,12 @@ spec: imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }} command: - /shared/argocd-dex - - --logformat={{ default .Values.global.logging.format .Values.dex.logFormat }} - - --loglevel={{ default .Values.global.logging.level .Values.dex.logLevel }} + {{- with .Values.dex.logLevel }} + - --loglevel={{ . }} + {{- end }} + {{- with .Values.dex.logFormat }} + - --logformat={{ . }} + {{- end }} args: - rundex {{- with .Values.dex.extraArgs }} @@ -95,6 +99,12 @@ spec: key: dexserver.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/manifests/argo-cd/templates/dex/servicemonitor.yaml b/manifests/argo-cd/templates/dex/servicemonitor.yaml index 93c9fa3..2564cfa 100644 --- a/manifests/argo-cd/templates/dex/servicemonitor.yaml +++ b/manifests/argo-cd/templates/dex/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/manifests/argo-cd/values.yaml b/manifests/argo-cd/values.yaml index a40ca5f..c28df6f 100644 --- a/manifests/argo-cd/values.yaml +++ b/manifests/argo-cd/values.yaml @@ -42,7 +42,7 @@ crds: global: # -- Default domain used by all components ## Used for ingresses, certificates, SSO, notifications, etc. - domain: argocd.example.com + domain: argocd.homelab.local # -- Runtime class name for all components runtimeClassName: "" @@ -119,7 +119,8 @@ global: priorityClassName: "" # -- Default node selector for all components - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux # -- Default tolerations for all components tolerations: [] @@ -141,7 +142,7 @@ global: # - antarctica-west1 # -- Default [TopologySpreadConstraints] rules for all components - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector of the component topologySpreadConstraints: [] # - maxSkew: 1 @@ -163,7 +164,7 @@ global: ## Argo Configs configs: - # General Argo CD configuration + # General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap. ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml cm: # -- Create the argocd-cm configmap for [declarative setup] @@ -175,6 +176,10 @@ configs: # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance + # -- Enable control of the service account used for the sync operation (alpha) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ + application.sync.impersonation.enabled: false + # -- Enable logs RBAC enforcement ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement server.rbac.log.enforce.enable: false @@ -247,6 +252,131 @@ configs: # name: some-cluster # server: https://some-cluster + ## Default configuration for ignoreResourceUpdates. + ## The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated + ## by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates. + + # -- Ignoring status for all resources. An update will still be sent if the status update causes the health to change. + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.all: | + jsonPointers: + - /status + # -- Some Application fields are generated and not related to the application updates itself + ## The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | + jqPathExpressions: + - '.metadata.annotations."notified.notifications.argoproj.io"' + - '.metadata.annotations."argocd.argoproj.io/refresh"' + - '.metadata.annotations."argocd.argoproj.io/hydrate"' + - '.operation' + # -- Ignore Argo Rollouts generated fields + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: | + jqPathExpressions: + - '.metadata.annotations."notified.notifications.argoproj.io"' + # -- Legacy annotations used on HPA autoscaling/v1 + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: | + jqPathExpressions: + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"' + # -- Ignore the cluster-autoscaler status + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.ConfigMap: | + jqPathExpressions: + # Ignore the cluster-autoscaler status + - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"' + # Ignore the annotation of the legacy Leases election + - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"' + # -- Ignore the common scaling annotations + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: | + jqPathExpressions: + - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"' + - '.metadata.annotations."deployment.kubernetes.io/max-replicas"' + - '.metadata.annotations."rollout.argoproj.io/desired-replicas"' + # -- Ignores update if EndpointSlice is not excluded globally + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: | + jsonPointers: + - /metadata + - /endpoints + - /ports + # -- Ignores update if Endpoints is not excluded globally + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.Endpoints: | + jsonPointers: + - /metadata + - /subsets + + ## Default configuration for exclusions. + ## The exclusion list are K8s resources that we assume will never be declared in Git, + ## and are never child objects of managed resources that need to be presented in the resource tree. + ## This list contains high volume and high churn metadata objects which we exclude for performance + ## reasons, reducing connections and load to the K8s API servers of managed clusters. + + # -- Resource Exclusion/Inclusion + # @default -- See [values.yaml] + resource.exclusions: | + ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter + - apiGroups: + - '' + - discovery.k8s.io + kinds: + - Endpoints + - EndpointSlice + ### Internal Kubernetes resources excluded reduce the number of watched events + - apiGroups: + - coordination.k8s.io + kinds: + - Lease + ### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events + - apiGroups: + - authentication.k8s.io + - authorization.k8s.io + kinds: + - SelfSubjectReview + - TokenReview + - LocalSubjectAccessReview + - SelfSubjectAccessReview + - SelfSubjectRulesReview + - SubjectAccessReview + ### Intermediate Certificate Request excluded reduce the number of watched events + - apiGroups: + - certificates.k8s.io + kinds: + - CertificateSigningRequest + - apiGroups: + - cert-manager.io + kinds: + - CertificateRequest + ### Cilium internal resources excluded reduce the number of watched events and UI Clutter + - apiGroups: + - cilium.io + kinds: + - CiliumIdentity + - CiliumEndpoint + - CiliumEndpointSlice + ### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance + - apiGroups: + - kyverno.io + - reports.kyverno.io + - wgpolicyk8s.io + kinds: + - PolicyReport + - ClusterPolicyReport + - EphemeralReport + - ClusterEphemeralReport + - AdmissionReport + - ClusterAdmissionReport + - BackgroundScanReport + - ClusterBackgroundScanReport + - UpdateRequest + + # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: @@ -270,6 +400,8 @@ configs: controller.self.heal.timeout.seconds: 5 # -- Repo server RPC call timeout seconds. controller.repo.server.timeout.seconds: 60 + # -- Specifies the timeout after which a sync would be terminated. 0 means no timeout + controller.sync.timeout.seconds: 0 ## Server properties # -- Run server without TLS @@ -287,6 +419,8 @@ configs: server.enable.gzip: true # -- Enable proxy extension feature. (proxy extension is in Alpha phase) server.enable.proxy.extension: false + # -- Enable the hydrator feature (hydrator is in Alpha phase) + hydrator.enabled: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin @@ -412,6 +546,9 @@ configs: # ... # -----END CERTIFICATE----- + # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm. + create: true + # ConfigMap for Config Management Plugins # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ cmp: @@ -721,8 +858,9 @@ controller: # image: alpine:3 # command: [sh, -c] # args: - # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && - # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ + # - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip && + # mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip && + # mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip # volumeMounts: # - mountPath: /custom-tools # name: custom-tools @@ -792,7 +930,7 @@ controller: - ALL # Readiness probe for application controller - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -826,7 +964,7 @@ controller: # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1017,7 +1155,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.41.1 + tag: v2.43.1 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1228,7 +1366,7 @@ dex: # -- Assign custom [TopologySpreadConstraints] rules to dex # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1242,12 +1380,13 @@ dex: # maxSurge: 25% # maxUnavailable: 25% + # DEPRECATED - Use configs.params to override # -- Dex log format. Either `text` or `json` # @default -- `""` (defaults to global.logging.format) - logFormat: "" + # logFormat: "" # -- Dex log level. One of: `debug`, `info`, `warn`, `error` # @default -- `""` (defaults to global.logging.level) - logLevel: "" + # logLevel: "" ## Redis redis: @@ -1279,9 +1418,10 @@ redis: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag - tag: 7.4.1-alpine + ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis + tag: 7.2.8-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1295,9 +1435,9 @@ redis: ## Prometheus redis-exporter image image: # -- Repository to use for the redis-exporter - repository: public.ecr.aws/bitnami/redis-exporter + repository: ghcr.io/oliver006/redis_exporter # -- Tag to use for the redis-exporter - tag: 1.58.0 + tag: v1.73.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1315,7 +1455,7 @@ redis: - ALL ## Probes for Redis exporter (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis exporter (optional) enabled: false @@ -1373,7 +1513,7 @@ redis: # name: secret-name ## Probes for Redis server (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis server enabled: false @@ -1483,7 +1623,7 @@ redis: # -- Assign custom [TopologySpreadConstraints] rules to redis # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1565,17 +1705,18 @@ redis-ha: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag - tag: 7.4.1-alpine + ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis + tag: 7.2.8-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar enabled: false # -- Repository to use for the redis-exporter - image: public.ecr.aws/bitnami/redis-exporter + image: ghcr.io/oliver006/redis_exporter # -- Tag to use for the redis-exporter - tag: 1.58.0 + tag: v1.69.0 persistentVolume: # -- Configures persistence on Redis nodes enabled: false @@ -1596,6 +1737,9 @@ redis-ha: # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. labels: app.kubernetes.io/name: argocd-redis-ha-haproxy + image: + # -- HAProxy Image Repository + repository: ecr-public.aws.com/docker/library/haproxy metrics: # -- HAProxy enable prometheus metric scraping enabled: true @@ -1632,7 +1776,7 @@ redis-ha: tolerations: [] # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ topologySpreadConstraints: # -- Enable Redis HA topology spread constraints enabled: false @@ -1921,8 +2065,9 @@ server: # image: alpine:3 # command: [sh, -c] # args: - # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && - # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ + # - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip && + # mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip && + # mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip # volumeMounts: # - mountPath: /custom-tools # name: custom-tools @@ -1991,7 +2136,7 @@ server: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -2037,7 +2182,7 @@ server: # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -2137,9 +2282,10 @@ server: # -- The class of the load balancer implementation loadBalancerClass: "" # -- LoadBalancer will get created with the IP specified in this field - loadBalancerIP: "" + loadBalancerIP: 192.168.0.242 # -- Source IP ranges to allow access to service from - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer + ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb loadBalancerSourceRanges: [] # -- Server service external IPs externalIPs: [] @@ -2639,7 +2785,7 @@ repoServer: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -2681,7 +2827,7 @@ repoServer: # -- Assign custom [TopologySpreadConstraints] rules to the repo server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -3008,7 +3154,7 @@ applicationSet: - ALL ## Probes for ApplicationSet controller (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for ApplicationSet controller enabled: false @@ -3226,12 +3372,13 @@ notifications: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] + # DEPRECATED - Use configs.params to override # -- Notifications controller log format. Either `text` or `json` # @default -- `""` (defaults to global.logging.format) - logFormat: "" + # logFormat: "" # -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error` # @default -- `""` (defaults to global.logging.level) - logLevel: "" + # logLevel: "" # -- Extra arguments to provide to the notifications controller extraArgs: [] @@ -3385,7 +3532,7 @@ notifications: - ALL ## Probes for notifications controller Pods (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for notifications controller Pods enabled: false @@ -3431,7 +3578,7 @@ notifications: # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -3742,3 +3889,183 @@ notifications: # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown + +commitServer: + # -- Enable commit server + enabled: false + + # -- Commit server name + name: commit-server + + # -- Runtime class name for the commit server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## commit server controller image + image: + # -- Repository to use for the commit server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the commit server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the commit server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- commit server command line flags + extraArgs: [] + + # -- Environment variables to pass to the commit server + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the commit server + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + metrics: + # -- Enables prometheus metrics server + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8087 + # -- Metrics service port name + portName: metrics + + ## commit server service configuration + service: + # -- commit server service annotations + annotations: {} + # -- commit server service labels + labels: {} + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: false + + serviceAccount: + # -- Create commit server service account + create: true + # -- commit server service account name + name: argocd-commit-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Annotations to be added to commit server Deployment + deploymentAnnotations: {} + + # -- Annotations for the commit server pods + podAnnotations: {} + + # -- Labels for the commit server pods + podLabels: {} + + # -- Resource limits and requests for the commit server pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for commit server pods + dnsPolicy: "ClusterFirst" + + # -- commit server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + + ## Probes for commit server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 30 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 5 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the commit server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the commit server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the commit server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: ""