From bc16a8b46391e99ecd567cdd22d4eff96dd6cbd7 Mon Sep 17 00:00:00 2001 From: robot Date: Fri, 14 Feb 2025 20:04:19 +0000 Subject: [PATCH] robot: project argo-cd chart upgrades from 7.4.4 to 7.8.2 Signed-off-by: robot --- charts/argo-cd/argo-cd/Chart.yaml | 10 +- charts/argo-cd/argo-cd/README.md | 112 +- .../argo-cd/argo-cd/charts/argo-cd/Chart.lock | 6 +- .../argo-cd/argo-cd/charts/argo-cd/Chart.yaml | 10 +- .../argo-cd/argo-cd/charts/argo-cd/README.md | 112 +- .../argo-cd/charts/redis-ha/.helmignore | 25 + .../charts/argo-cd/charts/redis-ha/Chart.yaml | 2 +- .../charts/argo-cd/charts/redis-ha/README.md | 498 ++-- .../redis-ha/ci/haproxy-enabled-values.yaml | 10 - .../charts/redis-ha/templates/_configs.tpl | 49 +- .../charts/redis-ha/templates/_helpers.tpl | 36 + .../templates/redis-ha-network-policy.yaml | 7 - .../templates/redis-ha-serviceaccount.yaml | 4 + .../templates/redis-ha-servicemonitor.yaml | 2 +- .../templates/redis-ha-statefulset.yaml | 103 +- .../templates/redis-haproxy-deployment.yaml | 19 +- .../redis-haproxy-servicemonitor.yaml | 2 +- .../tests/test-redis-ha-configmap.yaml | 2 +- .../templates/tests/test-redis-ha-pod.yaml | 2 +- .../argo-cd/charts/redis-ha/values.yaml | 546 +++-- .../charts/argo-cd/templates/_helpers.tpl | 20 +- .../deployment.yaml | 54 + .../servicemonitor.yaml | 1 + .../statefulset.yaml | 62 +- .../argocd-applicationset/clusterrole.yaml | 1 - .../clusterrolebinding.yaml | 1 - .../argocd-applicationset/deployment.yaml | 21 + .../argocd-applicationset/servicemonitor.yaml | 1 + .../argocd-commit-server/deployment.yaml | 238 ++ .../argocd-commit-server/metrics.yaml | 35 + .../argocd-commit-server/networkpolicy.yaml | 25 + .../argocd-commit-server/service.yaml | 26 + .../argocd-commit-server/serviceaccount.yaml | 19 + .../argocd-ssh-known-hosts-cm.yaml | 2 + .../argocd-configs/argocd-tls-certs-cm.yaml | 2 + .../argocd-configs/cluster-secrets.yaml | 4 +- .../argocd-notifications/deployment.yaml | 9 + .../argocd-notifications/servicemonitor.yaml | 1 + .../argocd-repo-server/deployment.yaml | 11 +- .../argocd-repo-server/servicemonitor.yaml | 1 + .../templates/argocd-server/certificate.yaml | 4 +- .../templates/argocd-server/clusterrole.yaml | 12 +- .../templates/argocd-server/deployment.yaml | 50 +- .../templates/argocd-server/ingress.yaml | 16 +- .../argocd-server/servicemonitor.yaml | 1 + .../templates/crds/crd-application.yaml | 745 ++++++ .../templates/crds/crd-applicationset.yaml | 2083 ++++++++++++++++- .../argo-cd/templates/crds/crd-project.yaml | 26 + .../argo-cd/templates/dex/deployment.yaml | 15 + .../argo-cd/templates/dex/servicemonitor.yaml | 3 +- .../templates/redis-secret-init/job.yaml | 8 +- .../argo-cd/templates/redis/deployment.yaml | 3 + .../templates/redis/servicemonitor.yaml | 1 + .../argo-cd/charts/argo-cd/values.yaml | 277 ++- charts/argo-cd/argo-cd/values.yaml | 277 ++- charts/argo-cd/config | 2 +- 56 files changed, 5075 insertions(+), 539 deletions(-) create mode 100644 charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/.helmignore delete mode 100644 charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/ci/haproxy-enabled-values.yaml create mode 100644 charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/deployment.yaml create mode 100644 charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/metrics.yaml create mode 100644 charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml create mode 100644 charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/service.yaml create mode 100644 charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml diff --git a/charts/argo-cd/argo-cd/Chart.yaml b/charts/argo-cd/argo-cd/Chart.yaml index 502e7d825..83831b26d 100644 --- a/charts/argo-cd/argo-cd/Chart.yaml +++ b/charts/argo-cd/argo-cd/Chart.yaml @@ -1,12 +1,12 @@ annotations: artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.12.1 + - kind: fixed + description: Create ServiceMonitor for dex only if dex is enabled artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc apiVersion: v2 -appVersion: v2.12.1 +appVersion: v2.14.2 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png @@ -22,8 +22,8 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 7.4.4 +version: 7.8.2 dependencies: - name: argo-cd - version: "7.4.4" + version: "7.8.2" repository: "https://argoproj.github.io/argo-helm" diff --git a/charts/argo-cd/argo-cd/README.md b/charts/argo-cd/argo-cd/README.md index 39baf4054..f1140f1f1 100644 --- a/charts/argo-cd/argo-cd/README.md +++ b/charts/argo-cd/argo-cd/README.md @@ -191,7 +191,7 @@ server: alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip @@ -312,10 +312,10 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr Upstream steps in the [FAQ] are not enough, since we chose a different approach. (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) -Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash - kubectl delete secret argocd-redis -n + kubectl delete secret argocd-redis -n ``` * **Perform a helm upgrade** ```bash @@ -708,11 +708,12 @@ NAME: my-release | global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` | | global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | | global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | -| global.nodeSelector | object | `{}` | Default node selector for all components | +| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components | | global.podAnnotations | object | `{}` | Annotations for the all deployed pods | | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.priorityClassName | string | `""` | Default priority class for all components | | global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| global.runtimeClassName | string | `""` | Runtime class name for all components | | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | | global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | | global.tolerations | list | `[]` | Default tolerations for all components | @@ -725,6 +726,7 @@ NAME: my-release | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | @@ -741,6 +743,7 @@ NAME: my-release | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | @@ -752,6 +755,7 @@ NAME: my-release | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | | configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | +| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) | | configs.params."server.insecure" | bool | `false` | Run server without TLS | | configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | @@ -780,11 +784,13 @@ NAME: my-release | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | | configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | | configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap | +| configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. | | configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories | | configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. | | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | | configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap | | configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories | +| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. | ## Argo CD Controller @@ -831,6 +837,7 @@ NAME: my-release | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -856,6 +863,7 @@ NAME: my-release | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | | controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | +| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | @@ -924,6 +932,7 @@ NAME: my-release | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -950,6 +959,7 @@ NAME: my-release | repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.replicas | int | `1` | The number of repo server pods to run | | repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server | | repoServer.service.annotations | object | `{}` | Repo server service annotations | | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | @@ -1016,7 +1026,7 @@ NAME: my-release | server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | -| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | @@ -1073,6 +1083,7 @@ NAME: my-release | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1103,6 +1114,7 @@ NAME: my-release | server.route.hostname | string | `""` | Hostname of OpenShift Route | | server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route | | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | +| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server | | server.service.annotations | object | `{}` | Server service annotations | | server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | @@ -1158,7 +1170,7 @@ NAME: my-release | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.38.0"` | Dex image tag | +| dex.image.tag | string | `"v2.41.1"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | @@ -1183,6 +1195,7 @@ NAME: my-release | dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1210,6 +1223,7 @@ NAME: my-release | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex | | dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | dex.serviceAccount.create | bool | `true` | Create dex service account | @@ -1247,7 +1261,7 @@ NAME: my-release | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.67.0"` | Tag to use for the redis-exporter | | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -1265,7 +1279,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag | +| redis.image.tag | string | `"7.4.2-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1284,6 +1298,7 @@ NAME: my-release | redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped | | redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1308,6 +1323,7 @@ NAME: my-release | redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | +| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | | redis.service.labels | object | `{}` | Additional redis service labels | @@ -1349,7 +1365,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.4.2-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | @@ -1386,6 +1402,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | Key | Type | Default | Description | |-----|------|---------|-------------| +| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | @@ -1474,6 +1491,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1500,6 +1518,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | | applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | +| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller | | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | @@ -1560,6 +1579,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | @@ -1583,6 +1603,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | +| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | @@ -1600,30 +1621,89 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | +| commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | +| commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | +| commitServer.dnsConfig | object | `{}` | [DNS configuration] | +| commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | +| commitServer.enabled | bool | `false` | Enable commit server | +| commitServer.extraArgs | list | `[]` | commit server command line flags | +| commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server | +| commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server | +| commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| commitServer.extraVolumes | list | `[]` | List of extra volumes to add | +| commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server | +| commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server | +| commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server | +| commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] | +| commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out | +| commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| commitServer.metrics.service.labels | object | `{}` | Metrics service labels | +| commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name | +| commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | +| commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| commitServer.name | string | `"commit-server"` | Commit server name | +| commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | +| commitServer.podLabels | object | `{}` | Labels for the commit server pods | +| commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods | +| commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. | +| commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | +| commitServer.service.annotations | object | `{}` | commit server service annotations | +| commitServer.service.labels | object | `{}` | commit server service labels | +| commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| commitServer.serviceAccount.create | bool | `true` | Create commit server service account | +| commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name | +| commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server | + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 @@ -1632,3 +1712,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/Chart.lock b/charts/argo-cd/argo-cd/charts/argo-cd/Chart.lock index bc11a7154..36656a142 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/Chart.lock +++ b/charts/argo-cd/argo-cd/charts/argo-cd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.26.1 -digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41 -generated: "2024-02-18T19:42:53.135599+02:00" + version: 4.29.4 +digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7 +generated: "2024-11-13T09:07:36.494128+09:00" diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/Chart.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/Chart.yaml index bf45fdcdf..aba9d5549 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/Chart.yaml @@ -1,17 +1,17 @@ annotations: artifacthub.io/changes: | - - kind: changed - description: Bump argo-cd to v2.12.1 + - kind: fixed + description: Create ServiceMonitor for dex only if dex is enabled artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc apiVersion: v2 -appVersion: v2.12.1 +appVersion: v2.14.2 dependencies: - condition: redis-ha.enabled name: redis-ha repository: https://dandydeveloper.github.io/charts/ - version: 4.26.1 + version: 4.29.4 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. home: https://github.com/argoproj/argo-helm @@ -28,4 +28,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 7.4.4 +version: 7.8.2 diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/README.md b/charts/argo-cd/argo-cd/charts/argo-cd/README.md index 39baf4054..f1140f1f1 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/README.md +++ b/charts/argo-cd/argo-cd/charts/argo-cd/README.md @@ -191,7 +191,7 @@ server: alb.ingress.kubernetes.io/scheme: internal alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/backend-protocol: HTTP - alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' aws: serviceType: ClusterIP # <- Used with target-type: ip @@ -312,10 +312,10 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr Upstream steps in the [FAQ] are not enough, since we chose a different approach. (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) -Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): * Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash - kubectl delete secret argocd-redis -n + kubectl delete secret argocd-redis -n ``` * **Perform a helm upgrade** ```bash @@ -708,11 +708,12 @@ NAME: my-release | global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` | | global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | | global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | -| global.nodeSelector | object | `{}` | Default node selector for all components | +| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components | | global.podAnnotations | object | `{}` | Annotations for the all deployed pods | | global.podLabels | object | `{}` | Labels for the all deployed pods | | global.priorityClassName | string | `""` | Default priority class for all components | | global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| global.runtimeClassName | string | `""` | Runtime class name for all components | | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | | global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | | global.tolerations | list | `[]` | Default tolerations for all components | @@ -725,6 +726,7 @@ NAME: my-release | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | | configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | @@ -741,6 +743,7 @@ NAME: my-release | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) | | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | @@ -752,6 +755,7 @@ NAME: my-release | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | | configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | +| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) | | configs.params."server.insecure" | bool | `false` | Run server without TLS | | configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | @@ -780,11 +784,13 @@ NAME: my-release | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | | configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | | configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap | +| configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. | | configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories | | configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. | | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | | configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap | | configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories | +| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. | ## Argo CD Controller @@ -831,6 +837,7 @@ NAME: my-release | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -856,6 +863,7 @@ NAME: my-release | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | | controller.resources | object | `{}` | Resource limits and requests for the application controller pods | | controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | +| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller | | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | @@ -924,6 +932,7 @@ NAME: my-release | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -950,6 +959,7 @@ NAME: my-release | repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | repoServer.replicas | int | `1` | The number of repo server pods to run | | repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server | | repoServer.service.annotations | object | `{}` | Repo server service annotations | | repoServer.service.labels | object | `{}` | Repo server service labels | | repoServer.service.port | int | `8081` | Repo server service port | @@ -1016,7 +1026,7 @@ NAME: my-release | server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | -| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image | | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | @@ -1073,6 +1083,7 @@ NAME: my-release | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1103,6 +1114,7 @@ NAME: my-release | server.route.hostname | string | `""` | Hostname of OpenShift Route | | server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route | | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | +| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server | | server.service.annotations | object | `{}` | Server service annotations | | server.service.externalIPs | list | `[]` | Server service external IPs | | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | @@ -1158,7 +1170,7 @@ NAME: my-release | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.38.0"` | Dex image tag | +| dex.image.tag | string | `"v2.41.1"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | @@ -1183,6 +1195,7 @@ NAME: my-release | dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1210,6 +1223,7 @@ NAME: my-release | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex | | dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | dex.serviceAccount.create | bool | `true` | Create dex service account | @@ -1247,7 +1261,7 @@ NAME: my-release | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | -| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | +| redis.exporter.image.tag | string | `"1.67.0"` | Tag to use for the redis-exporter | | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -1265,7 +1279,7 @@ NAME: my-release | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag | +| redis.image.tag | string | `"7.4.2-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | @@ -1284,6 +1298,7 @@ NAME: my-release | redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped | | redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1308,6 +1323,7 @@ NAME: my-release | redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | | redis.resources | object | `{}` | Resource limits and requests for redis | +| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis | | redis.securityContext | object | See [values.yaml] | Redis pod-level security context | | redis.service.annotations | object | `{}` | Redis service annotations | | redis.service.labels | object | `{}` | Additional redis service labels | @@ -1349,7 +1365,7 @@ The main options are listed here: | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.4.2-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | @@ -1386,6 +1402,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | Key | Type | Default | Description | |-----|------|---------|-------------| +| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | @@ -1474,6 +1491,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | | applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | @@ -1500,6 +1518,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | | applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | +| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller | | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | | applicationSet.service.labels | object | `{}` | ApplicationSet service labels | | applicationSet.service.port | int | `7000` | ApplicationSet service port | @@ -1560,6 +1579,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | | notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | | notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | | notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | @@ -1583,6 +1603,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | +| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller | | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | @@ -1600,30 +1621,89 @@ If you use an External Redis (See Option 3 above), this Job is not deployed. | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | +| commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | +| commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | +| commitServer.dnsConfig | object | `{}` | [DNS configuration] | +| commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | +| commitServer.enabled | bool | `false` | Enable commit server | +| commitServer.extraArgs | list | `[]` | commit server command line flags | +| commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server | +| commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server | +| commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| commitServer.extraVolumes | list | `[]` | List of extra volumes to add | +| commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server | +| commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server | +| commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server | +| commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] | +| commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out | +| commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| commitServer.metrics.service.labels | object | `{}` | Metrics service labels | +| commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name | +| commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | +| commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| commitServer.name | string | `"commit-server"` | Commit server name | +| commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | +| commitServer.podLabels | object | `{}` | Labels for the commit server pods | +| commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods | +| commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. | +| commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | +| commitServer.service.annotations | object | `{}` | commit server service annotations | +| commitServer.service.labels | object | `{}` | commit server service labels | +| commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| commitServer.serviceAccount.create | bool | `true` | Create commit server service account | +| commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name | +| commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server | + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ -[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ -[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs -[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config -[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ [values.yaml]: values.yaml [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md [tini]: https://github.com/argoproj/argo-cd/pull/12707 @@ -1632,3 +1712,5 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/.helmignore b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/.helmignore new file mode 100644 index 000000000..ee9c40f04 --- /dev/null +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +ci/ +*.gotmpl diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/Chart.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/Chart.yaml index ecc91c811..79d487477 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/Chart.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/Chart.yaml @@ -18,4 +18,4 @@ sources: - https://redis.io/download - https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha - https://github.com/oliver006/redis_exporter -version: 4.26.1 +version: 4.29.4 diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/README.md b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/README.md index 364ffce5e..e6d0cb1cc 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/README.md +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/README.md @@ -58,213 +58,289 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the Redis chart and their default values. -| Parameter | Description | Default | -|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------| -| `image.repository` | Redis image repository | `redis` | -| `image.tag` | Redis image tag | `6.2.5-alpine` | -| `image.pullPolicy` | Redis image pull policy | `IfNotPresent` | -| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] | -| `tag` | Redis tag | `6.2.5-alpine` | -| `replicas` | Number of redis master/slave pods | `3` | -| `podManagementPolicy` | The statefulset pod management policy | `OrderedReady` | -| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | ``| -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template | -| `serviceAccount.automountToken` | Opt in/out of automounting API credentials into container | `false` | -| `serviceAnnotations` | Annotations to set on Redis HA service | `null` | -| `serviceLabels` | Labels to set on Redis HA service | `{}` | -| `rbac.create` | Create and use RBAC resources | `true` | -| `redis.port` | Port to access the redis service | `6379` | -| `redis.tlsPort` | TLS Port to access the redis service |``| -| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf |``| -| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``| -| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` | -| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` | -| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` | -| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | -| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` | -| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` | -| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` | -| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` | -| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | -| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` | -| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` | -| `redis.disableCommands` | Array with commands to disable | `["FLUSHDB","FLUSHALL"]` | -| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml | -| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored |``| -| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` | -| `redis.lifecycle` | Container Lifecycle Hooks for redis container | see values.yaml | -| `redis.annotations` | Annotations for the redis statefulset | `{}` | -| `redis.updateStategy.type`| Update strategy for redis statefulSet | `RollingUpdate` | -| `redis.extraVolumeMounts` | Extra volume mounts for Redis container | `[]` | -| `sentinel.port` | Port to access the sentinel service | `26379` | -| `sentinel.bind` | Configure the 'bind' directive to bind to a list of network interfaces | `` | -| `sentinel.tlsPort` | TLS Port to access the sentinel service |``| -| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf |``| -| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``| -| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` | -| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` | -| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` | -| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | -| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` | -| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` | -| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` | -| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` | -| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | `3` | -| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` | -| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | `false` | -| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) |``| -| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) |``| -| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | `sentinel-password` | -| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` | -| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml | -| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored |``| -| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` | -| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container | `{}` | -| `sentinel.extraVolumeMounts` | Extra volume mounts for Sentinel container | `[]` | -| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` | -| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` | -| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) |``| -| `authKey` | The key holding the redis password in an existing secret. | `auth` | -| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) |``| -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` | -| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` | -| `securityContext` | Security context to be added to the Redis StatefulSet. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` | -| `containerSecurityContext` | Security context to be added to the Redis containers. | `{ runAsNonRoot: true, allowPrivilegeEscalation: false, seccompProfile: { type: RuntimeDefault }, capabilities: { drop: [ "ALL" ] }` | -| `affinity` | Override all other affinity settings with a string. | `""` | -| `labels` | Labels for the Redis pod. | `{}` | -| `configmap.labels` | Labels for the Redis configmap. | `{}` | -| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | `koalaman/shellcheck` | -| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | `v0.5.0` | -| `configmapTest.resources` | Resources for the ConfigMap tests. | `{}` | -| `persistentVolume.size` | Size for the volume | 10Gi | -| `persistentVolume.annotations` | Annotations for the volume | `{}` | -| `persistentVolume.labels` | Labels for the volume | `{}` | -| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` | -| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` | -| `exporter.image` | Exporter image | `oliver006/redis_exporter` | -| `exporter.tag` | Exporter tag | `v1.27.0` | -| `exporter.port` | Exporter port | `9121` | -| `exporter.portName` | Exporter port name | `exporter-port` | -| `exporter.address` | Redis instance Hostname/Address Exists to circumvent some issues with issues in IPv6 hostname resolution | `localhost` | -| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` | -| `exporter.extraArgs` | Additional args for the exporter | `{}` | -| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | | -| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | -| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` | -| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | -| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` | -| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | -| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` | -| `exporter.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | `{}` | -| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` | -| `haproxy.replicas` | Number of HAProxy instances | `3` | -| `haproxy.servicePort` | Modify HAProxy service port | `6379` | -| `haproxy.containerPort` | Modify HAProxy deployment container port | `6379` -| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` | -| `haproxy.image.tag` | HAProxy Image Tag | `2.4.2` | -| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` | -| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] | -| `haproxy.tls.enabled` | If "true" this will enable TLS termination on haproxy | `false` -| `haproxy.tls.secretName` | Secret containing the .pem file | `""` -| `haproxy.tls.certMountPath` | Path to mount the secret that contains the certificates. haproxy | `false` -| `haproxy.tls.secretName` | Secret containing the .pem file | `""` -| `haproxy.annotations` | HAProxy template annotations | `{}` | -| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten |``| -| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg |``| -| `haproxy.resources` | HAProxy resources | `{}` | -| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` | -| `haproxy.labels` | Labels for the HAProxy pod | `{}` | -| `haproxy.serviceAccountName`| HAProxy serviceAccountName | `default` -| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` | -| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set | -| `haproxy.service.externalTrafficPolicy`| HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | not set | -| `haproxy.service.annotations` | HAProxy service annotations | `{}` | -| `haproxy.service.labels` | HAProxy service labels | `{}` | -| `haproxy.service.loadBalancerIP` | HAProxy service loadbalancer IP | not set | -| `haproxy.service.externalIPs` | HAProxy external IPs | `{}` | -| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` | -| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` | -| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` | -| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` | -| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` | -| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `http-exporter-port` | -| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` | -| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` | -| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` | -| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | -| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` | -| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` | -| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` | -| `haproxy.metrics.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | `{}` | -| `haproxy.init.resources` | Extra init resources | `{}` | -| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` | -| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` | -| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` | -| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` | -| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | `1s` | -| `haproxy.checkFall` | haproxy.cfg `check fall` setting | `1` | -| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set | -| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 99, fsGroup: 99, runAsNonRoot: true}` | -| `haproxy.containerSecurityContext` | Security context to be added to the HAProxy containers. | `{ runAsNonRoot: true, allowPrivilegeEscalation: false, seccompProfile: { type: RuntimeDefault }, capabilities: { drop: [ "ALL" ] }` | -| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` | -| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` | -| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` | -| `haproxy.tests.resources` | Pod resources for the tests against HAProxy. | `{}` | -| `haproxy.IPv6.enabled` | Disables certain binding options to support non-IPv6 environments. | `true` | -| `networkPolicy.enabled` | Create NetworkPolicy for Haproxy pods |`false`| -| `networkPolicy.labels` | Labels for Haproxy NetworkPolicy |`{}`| -| `networkPolicy.annotations` | Annotations for Haproxy NetworkPolicy |`{}`| -| `networkPolicy.ingressRules[].selectors` | Label selector query to define resources for this ingress rule |`[]`| -| `networkPolicy.ingressRules[].ports` | The destination ports for the ingress rule |`[{port: redis.port, protocol: TCP}, {port: sentinel.port, protocol: TCP}]`| -| `networkPolicy.egressRules[].selectors` | Label selector query to define resources for this egress rule |`[]`| -| `networkPolicy.egressRules[].ports` | The destination ports for the egress rule |``| -| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` | -| `nameOverride` | Override the chart name | `""` | -| `fullnameOverride` | Fully override the release name and chart name | `""` | -| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set | -| `hostPath.path` | Use this path on the host for data storage | not set | -| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` | -| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` | -| `sysctlImage.command` | sysctlImage command to execute | [] | -| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` | -| `sysctlImage.repository` | sysctlImage Init container name | `busybox` | -| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` | -| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` | -| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` | -| `sysctlImage.resources` | sysctlImage resources | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `tls.secretName` | The name of secret if you want to use your own TLS certificates. The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file | ``| -| `tls.certFile` | Name of certificate file | `redis.crt` | -| `tls.keyFile` | Name of key file | `redis.key` | -| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file |`` | -| `tls.caCertFile` | Name of CA certificate file | `ca.crt` | -| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb | `false` | -| `restore.existingSecret` | Set to true to use existingSecret for the AWS S3 or SSH credentials | `false` | -| `topologySpreadConstraints.enabled` | Enable topology spread constraints |`false`| -| `topologySpreadConstraints.maxSkew` | Max skew of pods tolerated |`1`| -| `topologySpreadConstraints.topologyKey` | Topology key for spread |`topology.kubernetes.io/zone`| -| `topologySpreadConstraints.whenUnsatisfiable` | Enforcement policy, hard or soft |`ScheduleAnyway`| -| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source |``| -| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source |``| -| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source |``| -| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb | `false` | -| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. -----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY----- |`` | -| `extraContainers` | Extra containers to include in StatefulSet |`[]`| -| `extraInitContainers` | Extra init containers to include in StatefulSet |`[]`| -| `extraVolumes` | Extra volumes to include in StatefulSet |`[]`| -| `extraLabels` | Labels that should be applied to all created resources |`{}`| -| `networkPolicy.enabled` | Create NetworkPolicy for Redis StatefulSet pods |`false`| -| `networkPolicy.labels` | Labels for NetworkPolicy |`{}`| -| `networkPolicy.annotations` | Annotations for NetworkPolicy |`{}`| -| `networkPolicy.ingressRules[].selectors` | Label selector query to define resources for this ingress rule |`[]`| -| `networkPolicy.ingressRules[].ports` | The destination ports for the ingress rule |`[{port: redis.port, protocol: TCP}, {port: sentinel.port, protocol: TCP}]`| -| `networkPolicy.egressRules[].selectors` | Label selector query to define resources for this egress rule |`[]`| -| `networkPolicy.egressRules[].ports` | The destination ports for the egress rule |``| -| `splitBrainDetection.interval` | Interval between redis sentinel and server split brain checks (in seconds) |`60`| -| `splitBrainDetection.resources` | splitBrainDetection resources |`{}`| +### General parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `additionalAffinities` | Additional affinities to add to the Redis server pods. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | object | `{}` | +| `affinity` | Override all other affinity settings for the Redis server pods with a string. | string | `""` | +| `auth` | Configures redis with AUTH (requirepass & masterauth conf params) | bool | `false` | +| `authKey` | Defines the key holding the redis password in existing secret. | string | `"auth"` | +| `configmap.labels` | Custom labels for the redis configmap | object | `{}` | +| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.5.0"}` | +| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | string | `"koalaman/shellcheck"` | +| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.5.0"` | +| `configmapTest.resources` | Resources for the ConfigMap test pod | object | `{}` | +| `containerSecurityContext` | Security context to be added to the Redis containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | +| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | object | `{}` | +| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | string | `nil` | +| `extraContainers` | Extra containers to include in StatefulSet | list | `[]` | +| `extraInitContainers` | Extra init containers to include in StatefulSet | list | `[]` | +| `extraLabels` | Labels added here are applied to all created resources | object | `{}` | +| `extraVolumes` | Extra volumes to include in StatefulSet | list | `[]` | +| `fullNameOverride` | Full name of the Redis HA Resources | string | `""` | +| `global.compatibility` | Openshift compatibility options | object | `{"openshift":{"adaptSecurityContext":"auto"}}` | +| `global.priorityClassName` | Default priority class for all components | string | `""` | +| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. # This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature | bool | `true` | +| `hostPath.chown` | if chown is true, an init-container with root permissions is launched to change the owner of the hostPath folder to the user defined in the security context | bool | `true` | +| `hostPath.path` | Use this path on the host for data storage. path is evaluated as template so placeholders are replaced | string | `""` | +| `image.pullPolicy` | Redis image pull policy | string | `"IfNotPresent"` | +| `image.repository` | Redis image repository | string | `"public.ecr.aws/docker/library/redis"` | +| `image.tag` | Redis image tag | string | `"7.2.4-alpine"` | +| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | list | `[]` | +| `init.resources` | Extra init resources | object | `{}` | +| `labels` | Custom labels for the redis pod | object | `{}` | +| `nameOverride` | Name override for Redis HA resources | string | `""` | +| `networkPolicy.annotations` | Annotations for NetworkPolicy | object | `{}` | +| `networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[{"ports":[{"port":53,"protocol":"UDP"},{"port":53,"protocol":"TCP"}],"selectors":[{"namespaceSelector":{}},{"ipBlock":{"cidr":"169.254.0.0/16"}}]}]` | +| `networkPolicy.egressRules[0].selectors[0]` | Allow all destinations for DNS traffic | object | `{"namespaceSelector":{}}` | +| `networkPolicy.enabled` | whether NetworkPolicy for Redis StatefulSets should be created. when enabled, inter-Redis connectivity is created | bool | `false` | +| `networkPolicy.ingressRules` | User defined ingress rules that Redis should permit into. Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` | +| `networkPolicy.labels` | Labels for NetworkPolicy | object | `{}` | +| `nodeSelector` | Node labels for pod assignment | object | `{}` | +| `persistentVolume.accessModes` | Persistent volume access modes | list | `["ReadWriteOnce"]` | +| `persistentVolume.annotations` | Annotations for the volume | object | `{}` | +| `persistentVolume.enabled` | Enable persistent volume | bool | `true` | +| `persistentVolume.labels` | Labels for the volume | object | `{}` | +| `persistentVolume.size` | Persistent volume size | string | `"10Gi"` | +| `persistentVolume.storageClass` | redis-ha data Persistent Volume Storage Class | string | `nil` | +| `podDisruptionBudget` | Pod Disruption Budget rules | object | `{}` | +| `podManagementPolicy` | The statefulset pod management policy | string | `"OrderedReady"` | +| `priorityClassName` | Kubernetes priorityClass name for the redis-ha-server pod | string | `""` | +| `rbac.create` | Create and use RBAC resources | bool | `true` | +| `redis.annotations` | Annotations for the redis statefulset | object | `{}` | +| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` | +| `redis.config` | Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below) | object | see values.yaml | +| `redis.config.maxmemory` | Max memory to use for each redis instance. Default is unlimited. | string | `"0"` | +| `redis.config.maxmemory-policy` | Max memory policy to use for each redis instance. Default is volatile-lru. | string | `"volatile-lru"` | +| `redis.config.min-replicas-max-lag` | Value in seconds | int | `5` | +| `redis.config.repl-diskless-sync` | When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false. | string | `"yes"` | +| `redis.config.save` | Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication. | string | `"900 1"` | +| `redis.customArgs` | Allows overriding the redis container arguments | list | `[]` | +| `redis.customCommand` | Allows overriding the redis container command | list | `[]` | +| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | string | `nil` | +| `redis.disableCommands` | Array with commands to disable | list | `["FLUSHDB","FLUSHALL"]` | +| `redis.envFrom` | Load environment variables from ConfigMap/Secret | list | `[]` | +| `redis.extraVolumeMounts` | additional volumeMounts for Redis container | list | `[]` | +| `redis.lifecycle` | Container Lifecycle Hooks for redis container Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | see values.yaml | +| `redis.livenessProbe` | Liveness probe parameters for redis container | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | +| `redis.livenessProbe.enabled` | Enable the Liveness Probe | bool | `true` | +| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` | +| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` | +| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` | +| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` | +| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | string | `"mymaster"` | +| `redis.port` | Port to access the redis service | int | `6379` | +| `redis.readinessProbe` | Readiness probe parameters for redis container | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | +| `redis.readinessProbe.enabled` | Enable the Readiness Probe | bool | `true` | +| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` | +| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` | +| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `1` | +| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` | +| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | object | `{}` | +| `redis.startupProbe` | Startup probe parameters for redis container | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":15}` | +| `redis.startupProbe.enabled` | Enable Startup Probe | bool | `true` | +| `redis.startupProbe.failureThreshold` | Failure threshold for startup probe | int | `3` | +| `redis.startupProbe.initialDelaySeconds` | Initial delay in seconds for startup probe | int | `5` | +| `redis.startupProbe.periodSeconds` | Period in seconds after which startup probe will be repeated | int | `10` | +| `redis.startupProbe.successThreshold` | Success threshold for startup probe | int | `1` | +| `redis.startupProbe.timeoutSeconds` | Timeout seconds for startup probe | int | `15` | +| `redis.terminationGracePeriodSeconds` | Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s) ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced | int | `60` | +| `redis.tlsPort` | TLS Port to access the redis service | int | `nil` | +| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf | bool | `nil` | +| `redis.updateStrategy` | Update strategy for Redis StatefulSet # ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies | object | `{"type":"RollingUpdate"}` | +| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | string | `nil` | +| `replicas` | Number of redis master/slave | int | `3` | +| `restore.existingSecret` | Set existingSecret to true to use secret specified in existingSecret above | bool | `false` | +| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source | string | `""` | +| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source | string | `""` | +| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source | string | `""` | +| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb or false | string | `""` | +| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----` | string | `""` | +| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb or false | string | `""` | +| `restore.timeout` | Timeout for the restore | int | `600` | +| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | string | `""` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | string | `""` | +| `securityContext` | Security context to be added to the Redis StatefulSet. | object | `{"fsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | +| `serviceAccount.annotations` | Annotations to be added to the service account for the redis statefulset | object | `{}` | +| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `false` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the redis-ha.fullname template | string | `""` | +| `serviceLabels` | Custom labels for redis service | object | `{}` | +| `splitBrainDetection.interval` | Interval between redis sentinel and server split brain checks (in seconds) | int | `60` | +| `splitBrainDetection.resources` | splitBrainDetection resources | object | `{}` | +| `sysctlImage.command` | sysctlImage command to execute | list | `[]` | +| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | bool | `false` | +| `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | bool | `false` | +| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | string | `"Always"` | +| `sysctlImage.registry` | sysctlImage Init container registry | string | `"public.ecr.aws/docker/library"` | +| `sysctlImage.repository` | sysctlImage Init container name | string | `"busybox"` | +| `sysctlImage.resources` | sysctlImage resources | object | `{}` | +| `sysctlImage.tag` | sysctlImage Init container tag | string | `"1.34.1"` | +| `tls.caCertFile` | Name of CA certificate file | string | `"ca.crt"` | +| `tls.certFile` | Name of certificate file | string | `"redis.crt"` | +| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file (Example: redis.dh) | string | `nil` | +| `tls.keyFile` | Name of key file | string | `"redis.key"` | +| `topologySpreadConstraints.enabled` | Enable topology spread constraints | bool | `false` | +| `topologySpreadConstraints.maxSkew` | Max skew of pods tolerated | string | `""` | +| `topologySpreadConstraints.topologyKey` | Topology key for spread constraints | string | `""` | +| `topologySpreadConstraints.whenUnsatisfiable` | Enforcement policy, hard or soft | string | `""` | + +### Redis Sentinel parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | bool | `false` | +| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` | +| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | string | `"sentinel-password"` | +| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | object | see values.yaml | +| `sentinel.customArgs` | | list | `[]` | +| `sentinel.customCommand` | | list | `[]` | +| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | string | `""` | +| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) | string | `""` | +| `sentinel.extraVolumeMounts` | additional volumeMounts for Sentinel container | list | `[]` | +| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` | +| `sentinel.livenessProbe.enabled` | | bool | `true` | +| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` | +| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` | +| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` | +| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` | +| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) | string | `nil` | +| `sentinel.port` | Port to access the sentinel service | int | `26379` | +| `sentinel.quorum` | Minimum number of nodes expected to be live. | int | `2` | +| `sentinel.readinessProbe.enabled` | | bool | `true` | +| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` | +| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` | +| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `3` | +| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` | +| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | object | `{}` | +| `sentinel.startupProbe` | Startup probe parameters for redis container | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":15}` | +| `sentinel.startupProbe.enabled` | Enable Startup Probe | bool | `true` | +| `sentinel.startupProbe.failureThreshold` | Failure threshold for startup probe | int | `3` | +| `sentinel.startupProbe.initialDelaySeconds` | Initial delay in seconds for startup probe | int | `5` | +| `sentinel.startupProbe.periodSeconds` | Period in seconds after which startup probe will be repeated | int | `10` | +| `sentinel.startupProbe.successThreshold` | Success threshold for startup probe | int | `1` | +| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startup probe | int | `15` | +| `sentinel.tlsPort` | TLS Port to access the sentinel service | int | `nil` | +| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf | bool | `nil` | + +### HAProxy parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `haproxy.IPv6.enabled` | Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default. | bool | `true` | +| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy pods. | object | `{}` | +| `haproxy.affinity` | Override all other affinity settings for the haproxy pods with a string. | string | `""` | +| `haproxy.annotations` | HAProxy template annotations | object | `{}` | +| `haproxy.checkFall` | haproxy.cfg `check fall` setting | int | `1` | +| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | string | `"1s"` | +| `haproxy.containerPort` | Modify HAProxy deployment container port | int | `6379` | +| `haproxy.containerSecurityContext` | Security context to be added to the HAProxy containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | +| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | string | `nil` | +| `haproxy.deploymentStrategy` | Deployment strategy for the haproxy deployment | object | `{"type":"RollingUpdate"}` | +| `haproxy.emptyDir` | Configuration of `emptyDir` | object | `{}` | +| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | bool | `false` | +| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | string | `nil` | +| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | bool | `true` | +| `haproxy.image.pullPolicy` | HAProxy Image PullPolicy | string | `"IfNotPresent"` | +| `haproxy.image.repository` | HAProxy Image Repository | string | `"public.ecr.aws/docker/library/haproxy"` | +| `haproxy.image.tag` | HAProxy Image Tag | string | `"2.9.4-alpine"` | +| `haproxy.imagePullSecrets` | Reference to one or more secrets to be used when pulling images ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | list | `[]` | +| `haproxy.init.resources` | Extra init resources | object | `{}` | +| `haproxy.labels` | Custom labels for the haproxy pod | object | `{}` | +| `haproxy.lifecycle` | Container lifecycle hooks. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` | +| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | bool | `false` | +| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | int | `9101` | +| `haproxy.metrics.portName` | HAProxy metrics scraping port name | string | `"http-exporter-port"` | +| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping path | string | `"/metrics"` | +| `haproxy.metrics.serviceMonitor.disableAPICheck` | Disable API Check on ServiceMonitor | bool | `false` | +| `haproxy.metrics.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` | +| `haproxy.metrics.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` | +| `haproxy.metrics.serviceMonitor.interval` | Set how frequently Prometheus should scrape (default is 30s) | string | `""` | +| `haproxy.metrics.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` | +| `haproxy.metrics.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` | +| `haproxy.metrics.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path (default is /metrics) | string | `""` | +| `haproxy.metrics.serviceMonitor.timeout` | Set timeout for scrape (default is 10s) | string | `""` | +| `haproxy.networkPolicy.annotations` | Annotations for Haproxy NetworkPolicy | object | `{}` | +| `haproxy.networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[]` | +| `haproxy.networkPolicy.enabled` | whether NetworkPolicy for Haproxy should be created | bool | `false` | +| `haproxy.networkPolicy.ingressRules` | user defined ingress rules that Haproxy should permit into. uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` | +| `haproxy.networkPolicy.labels` | Labels for Haproxy NetworkPolicy | object | `{}` | +| `haproxy.podDisruptionBudget` | Pod Disruption Budget ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | object | `{}` | +| `haproxy.priorityClassName` | Kubernetes priorityClass name for the haproxy pod | string | `""` | +| `haproxy.readOnly` | Enable read-only redis-slaves | object | `{"enabled":false,"port":6380}` | +| `haproxy.readOnly.enabled` | Enable if you want a dedicated port in haproxy for redis-slaves | bool | `false` | +| `haproxy.readOnly.port` | Port for the read-only redis-slaves | int | `6380` | +| `haproxy.replicas` | Number of HAProxy instances | int | `3` | +| `haproxy.resources` | HAProxy resources | object | `{}` | +| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | object | `{"fsGroup":99,"runAsNonRoot":true,"runAsUser":99}` | +| `haproxy.service.annotations` | HAProxy service annotations | string | `nil` | +| `haproxy.service.externalIPs` | HAProxy external IPs | object | `{}` | +| `haproxy.service.externalTrafficPolicy` | HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | string | `nil` | +| `haproxy.service.labels` | HAProxy service labels | object | `{}` | +| `haproxy.service.loadBalancerIP` | HAProxy service loadbalancer IP | string | `nil` | +| `haproxy.service.loadBalancerSourceRanges` | List of CIDR's allowed to connect to LoadBalancer | list | `[]` | +| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | int | `nil` | +| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | string | `"ClusterIP"` | +| `haproxy.serviceAccount.automountToken` | | bool | `false` | +| `haproxy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | +| `haproxy.serviceAccountName` | HAProxy serviceAccountName | string | `"redis-sa"` | +| `haproxy.servicePort` | Modify HAProxy service port | int | `6379` | +| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | bool | `false` | +| `haproxy.tests.resources` | Pod resources for the tests against HAProxy. | object | `{}` | +| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | string | `"2s"` | +| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | string | `"330s"` | +| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | string | `"4s"` | +| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | string | `"330s"` | +| `haproxy.tls` | Enable TLS termination on HAproxy, This will create a volume mount | object | `{"certMountPath":"/tmp/","enabled":false,"keyName":null,"secretName":""}` | +| `haproxy.tls.certMountPath` | Path to mount the secret that contains the certificates. haproxy | string | `"/tmp/"` | +| `haproxy.tls.enabled` | If "true" this will enable TLS termination on haproxy | bool | `false` | +| `haproxy.tls.keyName` | Key file name | string | `nil` | +| `haproxy.tls.secretName` | Secret containing the .pem file | string | `""` | + +### Prometheus exporter parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `exporter.address` | Address/Host for Redis instance. Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments | string | `"localhost"` | +| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | bool | `false` | +| `exporter.extraArgs` | Additional args for redis exporter | object | `{}` | +| `exporter.image` | Exporter image | string | `"oliver006/redis_exporter"` | +| `exporter.livenessProbe.httpGet.path` | Exporter liveness probe httpGet path | string | `"/metrics"` | +| `exporter.livenessProbe.httpGet.port` | Exporter liveness probe httpGet port | int | `9121` | +| `exporter.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe of exporter | int | `15` | +| `exporter.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `exporter.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe of exporter | int | `3` | +| `exporter.port` | Exporter port | int | `9121` | +| `exporter.portName` | Exporter port name | string | `"exporter-port"` | +| `exporter.pullPolicy` | Exporter image pullPolicy | string | `"IfNotPresent"` | +| `exporter.readinessProbe.httpGet.path` | Exporter readiness probe httpGet path | string | `"/metrics"` | +| `exporter.readinessProbe.httpGet.port` | Exporter readiness probe httpGet port | int | `9121` | +| `exporter.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe of exporter | int | `15` | +| `exporter.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `exporter.readinessProbe.successThreshold` | Success threshold for readiness probe of exporter | int | `2` | +| `exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe of exporter | int | `3` | +| `exporter.resources` | cpu/memory resource limits/requests | object | `{}` | +| `exporter.scrapePath` | Exporter scrape path | string | `"/metrics"` | +| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | string | `""` | +| `exporter.serviceMonitor.disableAPICheck` | Disable API Check on ServiceMonitor | bool | `false` | +| `exporter.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` | +| `exporter.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` | +| `exporter.serviceMonitor.interval` | Set how frequently Prometheus should scrape (default is 30s) | string | `""` | +| `exporter.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` | +| `exporter.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` | +| `exporter.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path (default is /metrics) | string | `""` | +| `exporter.serviceMonitor.timeout` | Set timeout for scrape (default is 10s) | string | `""` | +| `exporter.tag` | Exporter image tag | string | `"v1.57.0"` | +| `prometheusRule.additionalLabels` | Additional labels to be set in metadata. | object | `{}` | +| `prometheusRule.enabled` | If true, creates a Prometheus Operator PrometheusRule. | bool | `false` | +| `prometheusRule.interval` | How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). | string | `"10s"` | +| `prometheusRule.namespace` | Namespace which Prometheus is running in. | string | `nil` | +| `prometheusRule.rules` | Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). | list | `[]` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -391,13 +467,12 @@ The proposed solution is currently implemented as a sidecar container that runs If any of the checks above fails - the redis server reinitialisation happens (it regenerates configs the same way it's done during the pod init), and then the redis server is instructed to shutdown. Then kubernetes restarts the container immediately. - # Change Log ## 4.14.9 - ** POTENTIAL BREAKING CHANGE. ** -Introduced the ability to change the Haproxy Deployment container pod +Introduced the ability to change the Haproxy Deployment container pod - Container port in redis-haproxy-deployment.yam has been changed. Was **redis.port** To **haproxy.containerPort**. Default value is 6379. -- Port in redis-haproxy-service.yaml has been changed. Was **redis.port** To **haproxy.servicePort**. Default value is 6379. +- Port in redis-haproxy-service.yaml has been changed. Was **redis.port** To **haproxy.servicePort**. Default value is 6379. ## 4.21.0 - BREAKING CHANGES (Kubernetes Deprecation) This version introduced the deprecation of the PSP and subsequently added fields to the securityContexts that were introduced in Kubernetes v1.19: @@ -405,3 +480,6 @@ This version introduced the deprecation of the PSP and subsequently added fields https://kubernetes.io/docs/tutorials/security/seccomp/ As a result, from this version onwards Kubernetes versions older than 1.19 will fail to install without the removal of `.Values.containerSecurityContext.seccompProfile` and `.Values.haproxy.containerSecurityContext.seccompProfile` (If HAProxy is enabled) + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/ci/haproxy-enabled-values.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/ci/haproxy-enabled-values.yaml deleted file mode 100644 index 9aca7bf96..000000000 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/ci/haproxy-enabled-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -## Enable HAProxy to manage Load Balancing -haproxy: - enabled: true - annotations: - any.domain/key: "value" - serviceAccount: - create: true - metrics: - enabled: true diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/_configs.tpl b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/_configs.tpl index 10f52766e..40c507cd6 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/_configs.tpl +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/_configs.tpl @@ -27,7 +27,13 @@ {{- end }} {{- end }} {{- range $key, $value := .Values.redis.config }} + {{- if kindIs "slice" $value }} + {{- range $value }} + {{ $key }} {{ . }} + {{- end }} + {{- else }} {{ $key }} {{ $value }} + {{- end }} {{- end }} {{- if .Values.auth }} requirepass replace-default-auth @@ -459,6 +465,7 @@ identify_announce_ip done + trap "exit 0" TERM while true; do sleep {{ .Values.splitBrainDetection.interval }} @@ -636,11 +643,12 @@ {{- end}} ping ) - if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then - echo "$response" - exit 1 - fi echo "response=$response" + case $response in + PONG|LOADING*) ;; + *) exit 1 ;; + esac + exit 0 {{- end }} {{- define "redis_readiness.sh" }} @@ -661,10 +669,39 @@ ping ) if [ "$response" != "PONG" ] ; then - echo "$response" + echo "ping=$response" + exit 1 + fi + + response=$( + redis-cli \ + {{- if .Values.auth }} + -a "${AUTH}" --no-auth-warning \ + {{- end }} + -h localhost \ + {{- if ne (int .Values.redis.port) 0 }} + -p {{ .Values.redis.port }} \ + {{- else }} + -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \ + {{- end}} + role + ) + role=$( echo "$response" | sed "1!d" ) + if [ "$role" = "master" ]; then + echo "role=$role" + exit 0 + elif [ "$role" = "slave" ]; then + repl=$( echo "$response" | sed "4!d" ) + echo "role=$role; repl=$repl" + if [ "$repl" = "connected" ]; then + exit 0 + else + exit 1 + fi + else + echo "role=$role" exit 1 fi - echo "response=$response" {{- end }} {{- define "sentinel_liveness.sh" }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/_helpers.tpl b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/_helpers.tpl index 72f78ce18..92aab55df 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/_helpers.tpl +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/_helpers.tpl @@ -92,3 +92,39 @@ Return the appropriate apiVersion for poddisruptionbudget. {{- print "policy/v1beta1" -}} {{- end -}} {{- end -}} + +{{/* +Return true if the detected platform is Openshift +Usage: +{{- include "common.compatibility.isOpenshift" . -}} +*/}} +{{- define "compatibility.isOpenshift" -}} +{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC +Usage: +{{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} +*/}} +{{- define "compatibility.renderSecurityContext" -}} +{{- $adaptedContext := .secContext -}} + +{{- if (((.context.Values.global).compatibility).openshift) -}} + {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "compatibility.isOpenshift" .context)) -}} + {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} + {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + {{- if not .secContext.seLinuxOptions -}} + {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{/* Remove fields that are disregarded when running the container in privileged mode */}} +{{- if $adaptedContext.privileged -}} + {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}} +{{- end -}} +{{- omit $adaptedContext "enabled" | toYaml -}} +{{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-network-policy.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-network-policy.yaml index 176d91bd2..8f688cafe 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-network-policy.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-network-policy.yaml @@ -35,13 +35,6 @@ spec: protocol: TCP - port: {{ .Values.sentinel.port }} protocol: TCP - - to: - - namespaceSelector: {} - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP {{- range $rule := .Values.networkPolicy.egressRules }} - to: {{ (tpl (toYaml $rule.selectors) $) | indent 7 }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-serviceaccount.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-serviceaccount.yaml index e8894c1e9..9e1b21e12 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-serviceaccount.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-serviceaccount.yaml @@ -12,6 +12,10 @@ metadata: {{- range $key, $value := .Values.extraLabels }} {{ $key }}: {{ $value | quote }} {{- end }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} {{- if or .Values.auth .Values.sentinel.auth }} secrets: {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-servicemonitor.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-servicemonitor.yaml index 08542297f..6b374a871 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-servicemonitor.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.exporter.serviceMonitor.enabled ) ( .Values.exporter.enabled ) }} +{{- if and ( or .Values.exporter.serviceMonitor.disableAPICheck ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ) ( .Values.exporter.serviceMonitor.enabled ) ( .Values.exporter.enabled ) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml index 8a352b8a5..cc0c794c4 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml @@ -24,6 +24,9 @@ spec: podManagementPolicy: {{ .Values.podManagementPolicy }} updateStrategy: type: {{ .Values.redis.updateStrategy.type }} + {{- if .Values.redis.minReadySeconds }} + minReadySeconds: {{ .Values.redis.minReadySeconds }} + {{- end }} template: metadata: annotations: @@ -105,7 +108,7 @@ spec: {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} - securityContext: {{ toYaml .Values.securityContext | nindent 8 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 8 }} serviceAccountName: {{ template "redis-ha.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.serviceAccount.automountToken }} initContainers: @@ -120,12 +123,12 @@ spec: mountPath: /host-sys {{- end }} command: {{ toYaml .Values.sysctlImage.command | nindent 10 }} - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} {{- end }} {{- if and .Values.hostPath.path .Values.hostPath.chown }} - name: hostpath-chown image: {{ include "global.images.image" (dict "imageRoot" .Values.image "global" .Values.global ) }} - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} command: - chown - "{{ .Values.containerSecurityContext.runAsUser }}" @@ -143,7 +146,7 @@ spec: - sh args: - /readonly-config/init.sh - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} env: {{- $replicas := int (toString .Values.replicas) -}} {{- range $i := until $replicas }} @@ -231,7 +234,7 @@ spec: && if test -s /data/dump.rdb; \ then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \ && mv -v /data/dump.rdb_ /data/dump.rdb" - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} envFrom: - secretRef: {{- if .Values.restore.existingSecret }} @@ -251,10 +254,18 @@ spec: image: {{ include "global.images.image" (dict "imageRoot" .Values.image "global" .Values.global ) }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: - - redis-server + {{- if .Values.redis.customCommand }} +{{ toYaml .Values.redis.customCommand | indent 10 }} + {{- else }} + - redis-server + {{- end }} args: - - /data/conf/redis.conf - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} + {{- if .Values.redis.customArgs }} +{{ toYaml .Values.redis.customArgs | indent 10 }} + {{- else }} + - /data/conf/redis.conf + {{- end }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} {{- if .Values.auth }} env: - name: AUTH @@ -267,6 +278,11 @@ spec: {{- end }} key: {{ .Values.authKey }} {{- end }} + {{- if .Values.redis.envFrom }} + envFrom: +{{ toYaml .Values.redis.envFrom | indent 10 }} + {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} livenessProbe: initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} @@ -278,6 +294,8 @@ spec: - sh - -c - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} readinessProbe: initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} @@ -289,6 +307,20 @@ spec: - sh - -c - /health/redis_readiness.sh + {{- end }} + {{- if .Values.redis.startupProbe.enabled }} + startupProbe: + initialDelaySeconds: {{ .Values.redis.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.startupProbe.successThreshold }} + failureThreshold: {{ .Values.redis.startupProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + {{- end }} resources: {{ toYaml .Values.redis.resources | indent 10 }} ports: @@ -321,10 +353,18 @@ spec: image: {{ include "global.images.image" (dict "imageRoot" .Values.image "global" .Values.global ) }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: + {{- if .Values.sentinel.customCommand }} +{{ toYaml .Values.sentinel.customCommand | indent 10 }} + {{- else }} - redis-sentinel + {{- end }} args: + {{- if .Values.sentinel.customArgs }} +{{ toYaml .Values.sentinel.customArgs | indent 10 }} + {{- else }} - /data/conf/sentinel.conf - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} + {{- end }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} {{- if or .Values.auth .Values.sentinel.auth}} env: {{- if .Values.auth }} @@ -350,6 +390,7 @@ spec: key: {{ .Values.sentinel.authKey }} {{- end }} {{- end }} + {{- if .Values.sentinel.livenessProbe.enabled }} livenessProbe: initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} @@ -361,6 +402,8 @@ spec: - sh - -c - /health/sentinel_liveness.sh + {{- end }} + {{- if .Values.sentinel.readinessProbe.enabled }} readinessProbe: initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} @@ -372,6 +415,20 @@ spec: - sh - -c - /health/sentinel_liveness.sh + {{- end }} + {{- if .Values.sentinel.startupProbe.enabled }} + startupProbe: + initialDelaySeconds: {{ .Values.sentinel.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sentinel.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.sentinel.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.sentinel.startupProbe.successThreshold }} + failureThreshold: {{ .Values.sentinel.startupProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + {{- end }} resources: {{ toYaml .Values.sentinel.resources | indent 10 }} ports: @@ -405,7 +462,7 @@ spec: - sh args: - /readonly-config/fix-split-brain.sh - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} env: {{- $replicas := int (toString .Values.replicas) -}} {{- range $i := until $replicas }} @@ -455,7 +512,7 @@ spec: {{- range $key, $value := .Values.exporter.extraArgs }} - --{{ $key }}={{ $value }} {{- end }} - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} env: - name: REDIS_ADDR {{- if .Values.exporter.sslEnabled }} @@ -487,19 +544,9 @@ spec: value: /tls-certs/{{ .Values.tls.caCertFile }} {{- end }} livenessProbe: - httpGet: - path: {{ .Values.exporter.scrapePath }} - port: {{ .Values.exporter.port }} - initialDelaySeconds: {{ .Values.exporter.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.exporter.livenessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.exporter.livenessProbe.periodSeconds }} +{{ toYaml .Values.exporter.livenessProbe | indent 10 }} readinessProbe: - httpGet: - path: {{ .Values.exporter.scrapePath }} - port: {{ .Values.exporter.port }} - initialDelaySeconds: {{ .Values.exporter.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.exporter.readinessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.exporter.readinessProbe.periodSeconds }} +{{ toYaml .Values.exporter.readinessProbe | indent 10 }} resources: {{ toYaml .Values.exporter.resources | indent 10 }} ports: @@ -518,9 +565,9 @@ spec: {{- if .Values.extraContainers }} {{- toYaml .Values.extraContainers | nindent 6 }} {{- end -}} -{{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} -{{- end }} + {{- with .Values.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} volumes: - name: config configMap: @@ -556,7 +603,9 @@ spec: {{- end -}} {{- if .Values.persistentVolume.enabled }} volumeClaimTemplates: - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: data annotations: {{- range $key, $value := .Values.persistentVolume.annotations }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-haproxy-deployment.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-haproxy-deployment.yaml index 9eed44b42..247a40636 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-haproxy-deployment.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-haproxy-deployment.yaml @@ -49,7 +49,8 @@ spec: {{- else }} serviceAccountName: {{ .Values.haproxy.serviceAccountName }} {{- end }} - securityContext: {{ toYaml .Values.haproxy.securityContext | nindent 8 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.haproxy.securityContext "context" $) | nindent 8 }} + automountServiceAccountToken: {{ .Values.haproxy.serviceAccount.automountToken }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} tolerations: @@ -102,7 +103,7 @@ spec: - sh args: - /readonly/haproxy_init.sh - securityContext: {{ toYaml .Values.haproxy.containerSecurityContext | nindent 10 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.haproxy.containerSecurityContext "context" $) | nindent 10 }} volumeMounts: - name: config-volume mountPath: /readonly @@ -116,7 +117,7 @@ spec: - name: haproxy image: {{ include "global.images.image" (dict "imageRoot" .Values.haproxy.image "global" .Values.global ) }} imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }} - securityContext: {{ toYaml .Values.haproxy.containerSecurityContext | nindent 10 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.haproxy.containerSecurityContext "context" $) | nindent 10 }} {{- if or .Values.auth .Values.sentinel.auth}} env: {{- if .Values.auth }} @@ -145,16 +146,18 @@ spec: livenessProbe: httpGet: path: /healthz - port: 8888 + port: probe initialDelaySeconds: 5 periodSeconds: 3 readinessProbe: httpGet: path: /healthz - port: 8888 + port: probe initialDelaySeconds: 5 periodSeconds: 3 ports: + - name: probe + containerPort: 8888 - name: redis containerPort: {{ default "6379" .Values.haproxy.containerPort }} {{- if .Values.haproxy.readOnly.enabled }} @@ -178,9 +181,9 @@ spec: {{- end }} lifecycle: {{ toYaml .Values.haproxy.lifecycle | indent 10 }} -{{- if .Values.haproxy.priorityClassName }} - priorityClassName: {{ .Values.haproxy.priorityClassName }} -{{- end }} + {{- with .Values.haproxy.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} volumes: {{- if .Values.haproxy.tls.enabled }} - name: pemfile diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml index 52a84b957..188eac0cf 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.haproxy.metrics.serviceMonitor.enabled ) ( .Values.haproxy.metrics.enabled ) }} +{{- if and ( or .Values.haproxy.metrics.serviceMonitor.disableAPICheck ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ) ( .Values.haproxy.metrics.serviceMonitor.enabled ) ( .Values.haproxy.metrics.enabled ) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml index 856d9caf1..e9b43cd65 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml @@ -21,7 +21,7 @@ spec: mountPath: /readonly-config readOnly: true resources: {{ toYaml .Values.configmapTest.resources | nindent 6 }} - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 6 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 6 }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml index e9bad39b0..a09d53bc3 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml @@ -21,7 +21,7 @@ spec: - -c - redis-cli -h {{ template "redis-ha.fullname" . }}-haproxy -p {{ .Values.redis.port }} info server resources: {{ toYaml .Values.haproxy.tests.resources | nindent 6 }} - securityContext: {{ toYaml .Values.containerSecurityContext | nindent 6 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 6 }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/values.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/values.yaml index 9e8603308..e67ac921d 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/values.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/charts/redis-ha/values.yaml @@ -1,75 +1,108 @@ -## Configure resource requests and limits +## Globally shared configuration +global: + # -- Default priority class for all components + priorityClassName: "" + # -- Openshift compatibility options + compatibility: + openshift: + adaptSecurityContext: auto +## -- Image information for Redis HA ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## image: - repository: redis + # -- Redis image repository + repository: public.ecr.aws/docker/library/redis + # -- Redis image tag tag: 7.2.4-alpine + # -- Redis image pull policy pullPolicy: IfNotPresent registry: docker.m.daocloud.io +# -- Full name of the Redis HA Resources +fullNameOverride: "" +# -- Name override for Redis HA resources +nameOverride: "" ## Reference to one or more secrets to be used when pulling images ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## This imagePullSecrets is only for redis images ## +# -- Reference to one or more secrets to be used when pulling redis images imagePullSecrets: [] # - name: "image-pull-secret" -## replicas number for each component +# -- Number of redis master/slave replicas: 3 ## Customize the statefulset pod management policy: ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +# -- The statefulset pod management policy podManagementPolicy: OrderedReady ## read-only replicas ## indexed slaves get never promoted to be master ## index starts with 0 - which is master on init ## i.e. "8,9" means 8th and 9th slave will be replica with replica-priority=0 ## see also: https://redis.io/topics/sentinel +# -- Comma separated list of slaves which never get promoted to be master. +# Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. ro_replicas: "" -## Kubernetes priorityClass name for the redis-ha-server pod -# priorityClassName: "" - -## Custom labels for the redis pod +# -- Kubernetes priorityClass name for the redis-ha-server pod +priorityClassName: "" +# -- Custom labels for the redis pod labels: {} -## Custom labels for redis service +# -- Custom labels for redis service serviceLabels: {} +## Custom labels for the redis configmap configmap: - ## Custom labels for the redis configmap + # -- Custom labels for the redis configmap labels: {} +## ConfigMap Test Parameters configmapTest: - ## Image for redis-ha-configmap-test hook + # -- Image for redis-ha-configmap-test hook image: + # -- Repository of the configmap shellcheck test image. repository: koalaman/shellcheck + # -- Tag of the configmap shellcheck test image. tag: v0.5.0 - ## Resources for the ConfigMap test pod + # -- Resources for the ConfigMap test pod resources: {} ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ serviceAccount: - ## Specifies whether a ServiceAccount should be created - ## + # -- Specifies whether a ServiceAccount should be created create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the redis-ha.fullname template - # name: - ## opt in/out of automounting API credentials into container - ## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + # -- The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the redis-ha.fullname template + name: "" + # -- opt in/out of automounting API credentials into container. + # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ automountToken: false + # -- Annotations to be added to the service account for the redis statefulset + annotations: {} ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. ## Recommend for externally exposed Redis clusters. ## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html haproxy: + # -- Enabled HAProxy LoadBalancing/Proxy enabled: false + # -- Modify HAProxy service port servicePort: 6379 + # -- Modify HAProxy deployment container port containerPort: 6379 - ## Enable TLS termination on HAproxy, This will create a volume mount + # -- Enable TLS termination on HAproxy, This will create a volume mount tls: + # -- If "true" this will enable TLS termination on haproxy enabled: false + # -- Secret containing the .pem file secretName: "" + # -- Key file name keyName: + # -- Path to mount the secret that contains the certificates. haproxy certMountPath: /tmp/ - # Enable if you want a dedicated port in haproxy for redis-slaves + # -- Enable read-only redis-slaves readOnly: + # -- Enable if you want a dedicated port in haproxy for redis-slaves enabled: false + # -- Port for the read-only redis-slaves port: 6380 + # -- Number of HAProxy instances replicas: 3 # -- Deployment strategy for the haproxy deployment deploymentStrategy: @@ -78,24 +111,28 @@ haproxy: # maxSurge: 25% # maxUnavailable: 25% image: - repository: haproxy + # -- HAProxy Image Repository + repository: public.ecr.aws/docker/library/haproxy + # -- HAProxy Image Tag tag: 2.9.4-alpine + # -- HAProxy Image PullPolicy pullPolicy: IfNotPresent registry: docker.m.daocloud.io - ## Custom labels for the haproxy pod + # -- Custom labels for the haproxy pod labels: {} - ## Reference to one or more secrets to be used when pulling images - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## + # -- Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # - name: "image-pull-secret" + # -- HAProxy template annotations annotations: {} + # -- HAProxy resources resources: {} + # -- Configuration of `emptyDir` emptyDir: {} - ## Pod Disruption Budget - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## + # -- Pod Disruption Budget + # ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} # Use only one of the two # maxUnavailable: 1 @@ -103,59 +140,86 @@ haproxy: ## Enable sticky sessions to Redis nodes via HAProxy ## Very useful for long-living connections as in case of Sentry for example + # -- HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. stickyBalancing: false - ## Kubernetes priorityClass name for the haproxy pod - # priorityClassName: "" - + # -- Kubernetes priorityClass name for the haproxy pod + priorityClassName: "" ## Service for HAProxy service: + # -- HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" type: ClusterIP + # -- (int) HAProxy service nodePort value (haproxy.service.type must be NodePort) + nodePort: ~ + # -- HAProxy service loadbalancer IP loadBalancerIP: + # -- (string) HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) + externalTrafficPolicy: ~ + # -- HAProxy external IPs externalIPs: {} + # -- HAProxy service labels labels: {} + # -- HAProxy service annotations annotations: null - # List of CIDR's allowed to connect to LoadBalancer - # loadBalancerSourceRanges: [] + # -- List of CIDR's allowed to connect to LoadBalancer + loadBalancerSourceRanges: [] + # -- HAProxy serviceAccountName serviceAccountName: redis-sa serviceAccount: + # -- Specifies whether a ServiceAccount should be created create: true + automountToken: false ## Official HAProxy embedded prometheus metrics settings. ## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter ## metrics: + # -- HAProxy enable prometheus metric scraping enabled: false - # prometheus port & scrape path + # -- HAProxy prometheus metrics scraping port port: 9101 + # -- HAProxy metrics scraping port name portName: http-exporter-port + # -- HAProxy prometheus metrics scraping path scrapePath: /metrics serviceMonitor: - # When set true then use a ServiceMonitor to configure scraping + # -- When set true then use a ServiceMonitor to configure scraping enabled: false - # Set the namespace the ServiceMonitor should be deployed - # namespace: "monitoring" - # Set how frequently Prometheus should scrape - # interval: 30s - # Set path to redis-exporter telemtery-path - # telemetryPath: /metrics - # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator + # -- Set the namespace the ServiceMonitor should be deployed + # @default -- `.Release.Namespace` + namespace: "" + # -- Set how frequently Prometheus should scrape (default is 30s) + interval: "" + # -- Set path to redis-exporter telemtery-path (default is /metrics) + telemetryPath: "" + # -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator labels: {} - # Set timeout for scrape - # timeout: 10s - # Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. + # -- Set timeout for scrape (default is 10s) + timeout: "" + # -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. endpointAdditionalProperties: {} + # -- Disable API Check on ServiceMonitor + disableAPICheck: false init: + # -- Extra init resources resources: {} timeout: + # -- haproxy.cfg `timeout connect` setting connect: 4s + # -- haproxy.cfg `timeout server` setting server: 330s + # -- haproxy.cfg `timeout client` setting client: 330s + # -- haproxy.cfg `timeout check` setting check: 2s + # -- haproxy.cfg `check inter` setting checkInterval: 1s + # -- haproxy.cfg `check fall` setting checkFall: 1 + # -- Security context to be added to the HAProxy deployment. securityContext: runAsUser: 99 fsGroup: 99 runAsNonRoot: true + # -- Security context to be added to the HAProxy containers. containerSecurityContext: runAsNonRoot: true allowPrivilegeEscalation: false @@ -164,36 +228,45 @@ haproxy: capabilities: drop: - ALL - ## Whether the haproxy pods should be forced to run on separate nodes. + # -- Whether the haproxy pods should be forced to run on separate nodes. hardAntiAffinity: true - ## Additional affinities to add to the haproxy pods. + # -- Additional affinities to add to the haproxy pods. additionalAffinities: {} - ## Override all other affinity settings for the haproxy pods with a string. + # -- Override all other affinity settings for the haproxy pods with a string. affinity: "" ## Custom config-haproxy.cfg files used to override default settings. If this file is ## specified then the config-haproxy.cfg above will be ignored. + # -- (string) Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten + customConfig: ~ # customConfig: |- # Define configuration here + ## Place any additional configuration section to add to the default config-haproxy.cfg + # -- (string) Allows to place any additional configuration section to add to the default config-haproxy.cfg + extraConfig: ~ # extraConfig: |- # Define configuration here - ## Container lifecycle hooks - ## Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ + # -- Container lifecycle hooks. + # Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ lifecycle: {} ## HAProxy test related options tests: + # -- Pod resources for the tests against HAProxy. resources: {} ## Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default. IPv6: + # -- Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default. enabled: true networkPolicy: - ## whether NetworkPolicy for Haproxy should be created + # -- whether NetworkPolicy for Haproxy should be created enabled: false + # -- Annotations for Haproxy NetworkPolicy annotations: {} + # -- Labels for Haproxy NetworkPolicy labels: {} - ## user defines ingress rules that Haproxy should permit into - ## uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + # -- user defined ingress rules that Haproxy should permit into. + # uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors ingressRules: [] # - selectors: # - namespaceSelector: @@ -209,81 +282,142 @@ haproxy: # - port: 26379 # protocol: TCP - ## user can define egress rules too, uses the same structure as ingressRules + # -- user can define egress rules too, uses the same structure as ingressRules egressRules: [] ## Role Based Access ## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ ## rbac: + # -- Create and use RBAC resources create: true # NOT RECOMMENDED: Additional container in which you can execute arbitrary commands to update sysctl parameters # You can now use securityContext.sysctls to leverage this capability # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ ## sysctlImage: + # -- Enable an init container to modify Kernel settings enabled: false + # -- sysctlImage command to execute command: [] - registry: docker.io + # -- sysctlImage Init container registry + registry: public.ecr.aws/docker/library + # -- sysctlImage Init container name repository: busybox + # -- sysctlImage Init container tag tag: 1.34.1 + # -- sysctlImage Init container pull policy pullPolicy: Always + # -- Mount the host `/sys` folder to `/host-sys` mountHostSys: false + # -- sysctlImage resources resources: {} -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - +# -- Use an alternate scheduler, e.g. "stork". +# ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +schedulerName: "" ## Redis specific configuration options redis: + # -- Port to access the redis service port: 6379 + # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated masterGroupName: "mymaster" # must match ^[\\w-\\.]+$) and can be templated + # -- Allows overriding the redis container command + customCommand: [] + # - bash + + # -- Allows overriding the redis container arguments + customArgs: [] + # - "custom-startup.sh" + + # -- Load environment variables from ConfigMap/Secret + envFrom: [] + # - secretRef: + # name: add-env-secret + ## Configures redis with tls-port parameter + # -- (int) TLS Port to access the redis service + tlsPort: ~ # tlsPort: 6385 - ## Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf - # tlsReplication: true - - ## It is possible to disable client side certificates authentication when "authClients" is set to "no" + # -- (bool) Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf + tlsReplication: ~ + # -- It is possible to disable client side certificates authentication when "authClients" is set to "no" + authClients: "" # authClients: "no" - ## Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s) - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced + # -- Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s) + # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced terminationGracePeriodSeconds: 60 - # liveness probe parameters for redis container + # -- Liveness probe parameters for redis container livenessProbe: + # -- Enable the Liveness Probe + enabled: true + # -- Initial delay in seconds for liveness probe initialDelaySeconds: 30 + # -- Period in seconds after which liveness probe will be repeated periodSeconds: 15 + # -- Timeout seconds for liveness probe timeoutSeconds: 15 + # -- Success threshold for liveness probe successThreshold: 1 + # -- Failure threshold for liveness probe failureThreshold: 5 + # -- Readiness probe parameters for redis container readinessProbe: + # -- Enable the Readiness Probe + enabled: true + # -- Initial delay in seconds for readiness probe initialDelaySeconds: 30 + # -- Period in seconds after which readiness probe will be repeated periodSeconds: 15 + # -- Timeout seconds for readiness probe timeoutSeconds: 15 + # -- Success threshold for readiness probe successThreshold: 1 + # -- Failure threshold for readiness probe failureThreshold: 5 + # -- Startup probe parameters for redis container + startupProbe: + # -- Enable Startup Probe + enabled: true + # -- Initial delay in seconds for startup probe + initialDelaySeconds: 5 + # -- Period in seconds after which startup probe will be repeated + periodSeconds: 10 + # -- Timeout seconds for startup probe + timeoutSeconds: 15 + # -- Success threshold for startup probe + successThreshold: 1 + # -- Failure threshold for startup probe + failureThreshold: 3 + # -- Array with commands to disable disableCommands: - FLUSHDB - FLUSHALL + # -- Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below) + # @default -- see values.yaml config: - ## Additional redis conf options can be added below - ## For all available options see http://download.redis.io/redis-stable/redis.conf + ## -- Additional redis conf options can be added below + ## -- For all available options see http://download.redis.io/redis-stable/redis.conf min-replicas-to-write: 1 - min-replicas-max-lag: 5 # Value in seconds - maxmemory: "0" # Max memory to use for each redis instance. Default is unlimited. - maxmemory-policy: "volatile-lru" # Max memory policy to use for each redis instance. Default is volatile-lru. - # Determines if scheduled RDB backups are created. Default is false. - # Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication. + # -- Value in seconds + min-replicas-max-lag: 5 + # -- Max memory to use for each redis instance. Default is unlimited. + maxmemory: "0" + # -- Max memory policy to use for each redis instance. Default is volatile-lru. + maxmemory-policy: "volatile-lru" + # -- Determines if scheduled RDB backups are created. Default is false. + # -- Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication. save: "900 1" - # When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false. + # -- When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false. repl-diskless-sync: "yes" rdbcompression: "yes" rdbchecksum: "yes" - ## Custom redis.conf files used to override default settings. If this file is - ## specified then the redis.config above will be ignored. + # -- (string) Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored + customConfig: ~ # customConfig: |- # Define configuration here + + # -- CPU/Memory for master/slave nodes resource requests/limits resources: {} # requests: # memory: 200Mi @@ -291,61 +425,102 @@ redis: # limits: # memory: 700Mi - ## Container lifecycle hooks - ## Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ + # -- Container Lifecycle Hooks for redis container + # Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ + # @default -- see values.yaml lifecycle: preStop: exec: command: ["/bin/sh", "/readonly-config/trigger-failover-if-master.sh"] - ## annotations for the redis statefulset + # -- Annotations for the redis statefulset annotations: {} - ## updateStrategy for Redis StatefulSet + # -- Update strategy for Redis StatefulSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies updateStrategy: type: RollingUpdate - ## additional volumeMounts for Redis container + # -- additional volumeMounts for Redis container extraVolumeMounts: [] # - name: empty # mountPath: /empty ## Sentinel specific configuration options sentinel: + # -- Port to access the sentinel service port: 26379 ## Configure the 'bind' directive to bind to a list of network interfaces # bind: 0.0.0.0 ## Configures sentinel with tls-port parameter + # -- (int) TLS Port to access the sentinel service + tlsPort: ~ # tlsPort: 26385 - ## Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf + # -- (bool) Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf + tlsReplication: ~ # tlsReplication: true - ## It is possible to disable client side certificates authentication when "authClients" is set to "no" + # -- It is possible to disable client side certificates authentication when "authClients" is set to "no" + authClients: "" # authClients: "no" ## Configures sentinel with AUTH (requirepass params) + # -- Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) auth: false + # -- (string) A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) + password: ~ # password: password - ## Use existing secret containing key `authKey` (ignores sentinel.password) - # existingSecret: sentinel-secret - + # -- An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` + # in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) + existingSecret: "" ## Defines the key holding the sentinel password in existing secret. + # -- The key holding the sentinel password in an existing secret. authKey: sentinel-password + customCommand: [] + customArgs: [] # liveness probe parameters for sentinel container livenessProbe: + enabled: true + # -- Initial delay in seconds for liveness probe initialDelaySeconds: 30 + # -- Period in seconds after which liveness probe will be repeated periodSeconds: 15 + # -- Timeout seconds for liveness probe timeoutSeconds: 15 + # -- Success threshold for liveness probe successThreshold: 1 + # -- Failure threshold for liveness probe failureThreshold: 5 # readiness probe parameters for sentinel container readinessProbe: + enabled: true + # -- Initial delay in seconds for readiness probe initialDelaySeconds: 30 + # -- Period in seconds after which readiness probe will be repeated periodSeconds: 15 + # -- Timeout seconds for readiness probe timeoutSeconds: 15 + # -- Success threshold for readiness probe successThreshold: 3 + # -- Failure threshold for readiness probe failureThreshold: 5 + # -- Startup probe parameters for redis container + startupProbe: + # -- Enable Startup Probe + enabled: true + # -- Initial delay in seconds for startup probe + initialDelaySeconds: 5 + # -- Period in seconds after which startup probe will be repeated + periodSeconds: 10 + # -- Timeout seconds for startup probe + timeoutSeconds: 15 + # -- Success threshold for startup probe + successThreshold: 1 + # -- Failure threshold for startup probe + failureThreshold: 3 + # -- Minimum number of nodes expected to be live. quorum: 2 + # -- Valid sentinel config options in this section will be applied as config options to each sentinel (see below) + # @default -- see values.yaml config: ## Additional sentinel conf options can be added below. Only options that ## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will @@ -358,8 +533,12 @@ sentinel: maxclients: 10000 ## Custom sentinel.conf files used to override default settings. If this file is ## specified then the sentinel.config above will be ignored. + # -- Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored + customConfig: "" # customConfig: |- # Define configuration here + + # -- CPU/Memory for sentinel node resource requests/limits resources: {} # requests: # memory: 200Mi @@ -367,17 +546,19 @@ sentinel: # limits: # memory: 200Mi - ## Container lifecycle hooks - ## Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ + # -- Container Lifecycle Hooks for sentinel container. + # Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ lifecycle: {} - ## additional volumeMounts for Sentinel container + # -- additional volumeMounts for Sentinel container extraVolumeMounts: [] # - name: empty # mountPath: /empty +# -- Security context to be added to the Redis StatefulSet. securityContext: runAsUser: 1000 fsGroup: 1000 runAsNonRoot: true +# -- Security context to be added to the Redis containers. containerSecurityContext: runAsUser: 1000 runAsNonRoot: true @@ -397,13 +578,15 @@ containerSecurityContext: ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +# -- Node labels for pod assignment nodeSelector: {} -## Whether the Redis server pods should be forced to run on separate nodes. +# -- Whether the Redis server pods should be forced to run on separate nodes. ## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature -## hardAntiAffinity: true -## Additional affinities to add to the Redis server pods. +# -- Additional affinities to add to the Redis server pods. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +additionalAffinities: {} ## ## Example: ## nodeAffinity: @@ -416,10 +599,9 @@ hardAntiAffinity: true ## values: ## - "true" ## -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -additionalAffinities: {} -## Override all other affinity settings for the Redis server pods with a string. + +# -- Override all other affinity settings for the Redis server pods with a string. +affinity: "" ## ## Example: ## affinity: | @@ -439,33 +621,44 @@ additionalAffinities: {} ## release: {{ .Release.Name }} ## topologyKey: failure-domain.beta.kubernetes.io/zone ## -affinity: "" + ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: + # -- Enable topology spread constraints enabled: false + # -- Max skew of pods tolerated maxSkew: "" + # -- Topology key for spread constraints topologyKey: "" + # -- Enforcement policy, hard or soft whenUnsatisfiable: "" # Prometheus exporter specific configuration options exporter: + # -- If `true`, the prometheus exporter sidecar is enabled enabled: false + # -- Exporter image tag tag: v1.57.0 + # -- Exporter image pullPolicy pullPolicy: IfNotPresent - # prometheus port & scrape path - port: 9121 + # -- Exporter port + port: &exporter_port 9121 + # -- Exporter port name portName: exporter-port - scrapePath: /metrics - # Address/Host for Redis instance. Default: localhost + # -- Exporter scrape path + scrapePath: &exporter_scrapePath /metrics + # -- Address/Host for Redis instance. # Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments - ## address: localhost ## Set this to true if you want to connect to redis tls port # sslEnabled: true - # cpu/memory resource limits/requests + # -- cpu/memory resource limits/requests resources: {} - # Additional args for redis exporter + # -- Additional args for redis exporter extraArgs: {} + # -- A custom custom Lua script that will be mounted to exporter for collection of custom metrics. + # Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. + script: "" # Used to mount a LUA-Script via config map and use it for metrics-collection # script: | # -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua @@ -490,52 +683,76 @@ exporter: # table.insert(result, "42") -- note the string, use tostring() if needed # # return result + serviceMonitor: - # When set true then use a ServiceMonitor to configure scraping + # -- When set true then use a ServiceMonitor to configure scraping enabled: false - # Set the namespace the ServiceMonitor should be deployed - # namespace: "monitoring" - # Set how frequently Prometheus should scrape - # interval: 30s - # Set path to redis-exporter telemtery-path - # telemetryPath: /metrics - # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator + # -- Set the namespace the ServiceMonitor should be deployed + # @default -- `.Release.Namespace` + namespace: "" + # -- Set how frequently Prometheus should scrape (default is 30s) + interval: "" + # -- Set path to redis-exporter telemtery-path (default is /metrics) + telemetryPath: "" + # -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator labels: {} - # Set timeout for scrape - # timeout: 10s - # Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. + # -- Set timeout for scrape (default is 10s) + timeout: "" + # -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. endpointAdditionalProperties: {} + # -- Disable API Check on ServiceMonitor + disableAPICheck: false # prometheus exporter SCANS redis db which can take some time # allow different probe settings to not let container crashloop livenessProbe: + httpGet: + # -- Exporter liveness probe httpGet path + path: *exporter_scrapePath + # -- Exporter liveness probe httpGet port + port: *exporter_port + # -- Initial delay in seconds for liveness probe of exporter initialDelaySeconds: 15 + # -- Timeout seconds for liveness probe of exporter timeoutSeconds: 3 + # -- Period in seconds after which liveness probe will be repeated periodSeconds: 15 readinessProbe: + httpGet: + # -- Exporter readiness probe httpGet path + path: *exporter_scrapePath + # -- Exporter readiness probe httpGet port + port: *exporter_port + # -- Initial delay in seconds for readiness probe of exporter initialDelaySeconds: 15 + # -- Timeout seconds for readiness probe of exporter timeoutSeconds: 3 + # -- Period in seconds after which readiness probe will be repeated periodSeconds: 15 + # -- Success threshold for readiness probe of exporter successThreshold: 2 image: registry: docker.m.daocloud.io repository: oliver006/redis_exporter tag: v1.57.0 +# -- Pod Disruption Budget rules podDisruptionBudget: {} # Use only one of the two # maxUnavailable: 1 # minAvailable: 1 -## Configures redis with AUTH (requirepass & masterauth conf params) +# -- Configures redis with AUTH (requirepass & masterauth conf params) auth: false -# redisPassword: - +# -- (string) A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) +redisPassword: ~ ## Use existing secret containing key `authKey` (ignores redisPassword) ## Can also store AWS S3 or SSH secrets in this secret -# existingSecret: - -## Defines the key holding the redis password in existing secret. +# -- An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf +# parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) +existingSecret: ~ +# -- Defines the key holding the redis password in existing secret. authKey: auth persistentVolume: + # -- Enable persistent volume enabled: true ## redis-ha data Persistent Volume Storage Class ## If defined, storageClassName: @@ -545,24 +762,34 @@ persistentVolume: ## GKE, AWS & OpenStack) ## # storageClass: "-" + # -- redis-ha data Persistent Volume Storage Class + storageClass: ~ + # -- Persistent volume access modes accessModes: - ReadWriteOnce + # -- Persistent volume size size: 10Gi + # -- Annotations for the volume annotations: {} + # -- Labels for the volume labels: {} init: + # -- Extra init resources resources: {} # To use a hostPath for data, set persistentVolume.enabled to false # and define hostPath.path. # Warning: this might overwrite existing folders on the host system! hostPath: - ## path is evaluated as template so placeholders are replaced + # -- Use this path on the host for data storage. + # path is evaluated as template so placeholders are replaced + path: "" # path: "/data/{{ .Release.Name }}" - # if chown is true, an init-container with root permissions is launched to + # -- if chown is true, an init-container with root permissions is launched to # change the owner of the hostPath folder to the user defined in the # security context chown: true +# -- Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified emptyDir: {} tls: ## Fill the name of secret if you want to use your own TLS certificates. @@ -570,13 +797,13 @@ tls: ## These secret will be genrated using files from certs folder if the secretName is not set and redis.tlsPort is set # secretName: tls-secret - ## Name of certificate file + # -- Name of certificate file certFile: redis.crt - ## Name of key file + # -- Name of key file keyFile: redis.key - ## Name of Diffie-Hellman (DH) key exchange parameters file - # dhParamsFile: redis.dh - ## Name of CA certificate file + # -- (string) Name of Diffie-Hellman (DH) key exchange parameters file (Example: redis.dh) + dhParamsFile: ~ + # -- Name of CA certificate file caCertFile: ca.crt # restore init container is executed if restore.[s3|ssh].source is not false # restore init container creates /data/dump.rdb_ from original if exists @@ -587,34 +814,43 @@ tls: # REQUIRED for ssh restore: 'key' should be in one line including CR i.e. '-----BEGIN RSA PRIVATE KEY-----\n...\n...\n...\n-----END RSA PRIVATE KEY-----' # EXAMPLE source for ssh restore: 'user@server:/path/dump.rdb' restore: + # -- Timeout for the restore timeout: 600 - # Set existingSecret to true to use secret specified in existingSecret above + # -- Set existingSecret to true to use secret specified in existingSecret above existingSecret: false s3: - source: false + # -- Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb or false + source: "" # If using existingSecret, that secret must contain: # AWS_SECRET_ACCESS_KEY: # AWS_ACCESS_KEY_ID: # If not set the key and ID as strings below: + # -- Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source access_key: "" + # -- Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source secret_key: "" + # -- Restore init container - AWS AWS_REGION to access restore.s3.source region: "" ssh: - source: false + # -- Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb or false + source: "" + # -- Restore init container - SSH private key to scp restore.ssh.source to init container. + # Key should be in one line separated with \n. + # i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----` key: "" ## Custom PrometheusRule to be defined ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions prometheusRule: - # prometheusRule.enabled -- If true, creates a Prometheus Operator PrometheusRule. + # -- If true, creates a Prometheus Operator PrometheusRule. enabled: false - # prometheusRule.additionalLabels -- Additional labels to be set in metadata. + # -- Additional labels to be set in metadata. additionalLabels: {} - # prometheusRule.namespace -- Namespace which Prometheus is running in. + # -- Namespace which Prometheus is running in. namespace: - # prometheusRule.interval -- How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). + # -- How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). interval: 10s - # prometheusRule.rules -- Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). + # -- Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). rules: [] # Example: # - alert: RedisPodDown @@ -626,26 +862,33 @@ prometheusRule: # annotations: # description: Redis pod {{ "{{ $labels.pod }}" }} is down # summary: Redis pod {{ "{{ $labels.pod }}" }} is down +# -- Extra init containers to include in StatefulSet extraInitContainers: [] # - name: extraInit # image: alpine + +# -- Extra containers to include in StatefulSet extraContainers: [] # - name: extra # image: alpine + +# -- Extra volumes to include in StatefulSet extraVolumes: [] # - name: empty # emptyDir: {} -# Labels added here are applied to all created resources +# -- Labels added here are applied to all created resources extraLabels: {} networkPolicy: - ## whether NetworkPolicy for Redis StatefulSets should be created - ## when enabled, inter-Redis connectivity is created + # -- whether NetworkPolicy for Redis StatefulSets should be created. + # when enabled, inter-Redis connectivity is created enabled: false + # -- Annotations for NetworkPolicy annotations: {} + # -- Labels for NetworkPolicy labels: {} - ## user defines ingress rules that Redis should permit into - ## uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + # -- User defined ingress rules that Redis should permit into. + # Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors ingressRules: [] # - selectors: # - namespaceSelector: @@ -661,8 +904,23 @@ networkPolicy: # - port: 26379 # protocol: TCP - ## user can define egress rules too, uses the same structure as ingressRules - egressRules: [] + # -- user can define egress rules too, uses the same structure as ingressRules + egressRules: + - selectors: + # -- Allow all destinations for DNS traffic + - namespaceSelector: {} + - ipBlock: + # Cloud Provider often uses the local link local range to host managed DNS resolvers. + # We need to allow this range to ensure that the Redis pods can resolve DNS. + # Example architecture for GCP Cloud DNS: https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns#architecture + cidr: 169.254.0.0/16 + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP splitBrainDetection: + # -- Interval between redis sentinel and server split brain checks (in seconds) interval: 60 + # -- splitBrainDetection resources resources: {} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/argo-cd/charts/argo-cd/templates/_helpers.tpl index 3f3008870..948670e70 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/_helpers.tpl @@ -177,13 +177,31 @@ Create the name of the notifications service account to use {{- end -}} {{- end -}} +{{/* +Create argocd commit-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.commitServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the commit-server service account to use +*/}} +{{- define "argo-cd.commitServer.serviceAccountName" -}} +{{- if .Values.commitServer.serviceAccount.create -}} + {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.commitServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Argo Configuration Preset Values (Influenced by Values configuration) */}} {{- define "argo-cd.config.cm.presets" -}} {{- $presets := dict -}} {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} -{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}} +{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}} {{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} {{- end -}} {{- if .Values.configs.styles -}} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 3938c25d2..0b8285b70 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -154,6 +157,30 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -290,6 +317,24 @@ spec: name: argocd-cmd-params-cm key: controller.ignore.normalizer.jq.timeout optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -322,6 +367,8 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -375,6 +422,13 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml index a9edaf545..d19124704 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }} {{- with .Values.controller.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 3a40f32fb..9e99c8e48 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -37,6 +37,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -153,6 +156,30 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.timeout.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -207,10 +234,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: @@ -289,6 +316,26 @@ spec: name: argocd-cmd-params-cm key: controller.ignore.normalizer.jq.timeout optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -321,6 +368,10 @@ spec: name: argocd-repo-server-tls - mountPath: /home/argocd name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + - name: argocd-application-controller-tmp + mountPath: /tmp {{- with .Values.controller.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -362,6 +413,8 @@ spec: {{- else }} emptyDir: {} {{- end }} + - emptyDir: {} + name: argocd-application-controller-tmp - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls @@ -373,6 +426,13 @@ spec: path: tls.key - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled {{- if .Values.controller.hostNetwork }} hostNetwork: {{ .Values.controller.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml index 7b1f19980..2723e3d22 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} rules: diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml index af6d52978..9dcae8d2b 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} - namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} roleRef: diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 42eeb08a5..768fc68dd 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -148,6 +151,12 @@ spec: key: applicationsetcontroller.enable.progressive.syncs name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING valueFrom: configMapKeyRef: @@ -202,6 +211,18 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml index 8fac6a8da..52d707007 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }} {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/deployment.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/deployment.yaml new file mode 100644 index 000000000..96cf65753 --- /dev/null +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/deployment.yaml @@ -0,0 +1,238 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }} + containers: + - name: {{ .Values.commitServer.name }} + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-commit-server + {{- with .Values.commitServer.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.metrics.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.format + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + {{- with .Values.commitServer.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8086 + name: server + protocol: TCP + - containerPort: 8087 + name: metrics + protocol: TCP + {{- if .Values.commitServer.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.commitServer.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }} + {{- end }} + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commitServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.commitServer.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + mountPath: /app/config/ssh + - name: tls-certs + mountPath: /app/config/tls + - name: gpg-keys + mountPath: /app/config/gpg/source + - name: gpg-keyring + mountPath: /app/config/gpg/keys + # We need a writeable temp directory for the askpass socket file. + - name: tmp + mountPath: /tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + name: copyutil + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + volumes: + {{- with .Values.commitServer.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + emptyDir: {} + - name: tmp + emptyDir: {} + - name: argocd-commit-server-tls + secret: + secretName: argocd-commit-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - emptyDir: {} + name: var-files + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.commitServer.hostNetwork }} + hostNetwork: {{ .Values.commitServer.hostNetwork }} + {{- end }} + {{- with .Values.commitServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.commitServer.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/metrics.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/metrics.yaml new file mode 100644 index 000000000..7d198a70f --- /dev/null +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.commitServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }} + {{- with .Values.commitServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.commitServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.commitServer.metrics.service.type }} + {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.commitServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.commitServer.metrics.service.servicePort }} + targetPort: 8087 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml new file mode 100644 index 000000000..6ec0a6ac5 --- /dev/null +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }} + ports: + - protocol: TCP + port: 8086 + - from: + - namespaceSelector: { } + ports: + - port: 8087 +{{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/service.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/service.yaml new file mode 100644 index 000000000..7b0bf8785 --- /dev/null +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commitServer.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + ports: + - name: server + protocol: TCP + port: 8086 + targetPort: 8086 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml new file mode 100644 index 000000000..d0cf9e737 --- /dev/null +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.commitServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.commitServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml index b0695ed3d..0218d40b3 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.ssh.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -17,3 +18,4 @@ data: {{- with .Values.configs.ssh.extraHosts }} {{- . | nindent 4 }} {{- end }} +{{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml index db582e6d2..3aad40115 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.tls.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -15,3 +16,4 @@ metadata: data: {{- toYaml . | nindent 2 }} {{- end }} +{{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 0b4b1e113..956bbf547 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -20,9 +20,9 @@ metadata: type: Opaque stringData: {{- if $cluster_value.shard }} - shard: {{ $cluster_value.shard }} + shard: {{ $cluster_value.shard | quote }} {{- end }} - name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} + name: {{ $cluster_key }} server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} {{- if $cluster_value.namespaces }} namespaces: {{ $cluster_value.namespaces }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 8b2eb739e..787b7474f 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -99,6 +102,12 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml index 0d2c704f2..22b882a68 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml @@ -41,6 +41,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }} namespaceSelector: matchNames: - {{ include "argo-cd.namespace" . }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index a6b903287..be8e40e02 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -47,6 +47,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -184,10 +187,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: @@ -236,6 +239,12 @@ spec: name: argocd-cmd-params-cm key: reposerver.plugin.tar.exclusions optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml index 709953987..3d7cc4970 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }} {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/certificate.yaml index 803452f63..a98621392 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/certificate.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -13,13 +13,13 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} spec: + {{- with .Values.server.certificate.secretTemplateAnnotations }} secretTemplate: - {{- with .Values.server.certificate.secretTemplateAnnotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end }} - {{- end }} + {{- end }} secretName: argocd-server-tls commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} dnsNames: diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/clusterrole.yaml index c1439b0c9..1bc9aed54 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -14,25 +14,23 @@ rules: resources: - '*' verbs: - - delete - - get - - patch + - delete # supports deletion a live object in UI + - get # supports viewing live object manifest in UI + - patch # supports `argocd app patch` - apiGroups: - "" resources: - events verbs: - - list - {{- if (index .Values.configs.params "application.namespaces") }} + - list # supports listing events in UI - create - {{- end }} - apiGroups: - "" resources: - pods - pods/log verbs: - - get + - get # supports viewing pod logs from UI {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} - apiGroups: - "" diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/deployment.yaml index 1f04c8caf..64c26f3bd 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -41,6 +41,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -252,10 +255,10 @@ spec: name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} {{- if .Values.externalRedis.host }} key: redis-password - optional: true {{- else }} key: auth {{- end }} + optional: true - name: REDIS_SENTINEL_USERNAME valueFrom: secretKeyRef: @@ -340,6 +343,42 @@ spec: name: argocd-cmd-params-cm key: server.api.content.types optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -362,6 +401,8 @@ spec: name: styles - mountPath: /tmp name: tmp + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params {{- if .Values.server.extensions.enabled }} - mountPath: /tmp/extensions name: extensions @@ -510,6 +551,13 @@ spec: path: tls.crt - key: ca.crt path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: server.profile.enabled + path: profiler.enabled {{- if .Values.server.hostNetwork }} hostNetwork: {{ .Values.server.hostNetwork }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/ingress.yaml index 846683732..8724baa71 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/ingress.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -9,20 +9,20 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- with .Values.server.ingress.labels }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- with .Values.server.ingress.annotations }} annotations: {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} + {{ $key }}: {{ tpl (toString $value) $ | quote }} {{- end }} {{- end }} spec: {{- with .Values.server.ingress.ingressClassName }} - ingressClassName: {{ . }} + ingressClassName: {{ tpl . $ }} {{- end }} rules: - - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} http: paths: {{- with .Values.server.ingress.extraPaths }} @@ -36,7 +36,7 @@ spec: port: number: {{ $servicePort }} {{- range .Values.server.ingress.extraHosts }} - - host: {{ .name | quote }} + - host: {{ tpl .name $ | quote }} http: paths: - path: {{ default $.Values.server.ingress.path .path }} @@ -54,16 +54,16 @@ spec: tls: {{- if .Values.server.ingress.tls }} - hosts: - - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} {{- range .Values.server.ingress.extraHosts }} {{- if .name }} - - {{ .name }} + - {{ tpl .name $ }} {{- end }} {{- end }} secretName: argocd-server-tls {{- end }} {{- with .Values.server.ingress.extraTls }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} {{- end }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/servicemonitor.yaml index 74902ef04..49c24138d 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -34,6 +34,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }} {{- with .Values.server.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-application.yaml index 1b75cebdc..2c69f9bab 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-application.yaml @@ -125,6 +125,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync @@ -244,6 +249,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -265,6 +277,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -297,6 +319,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -322,6 +352,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -361,6 +398,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -432,6 +474,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -580,6 +626,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -601,6 +654,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -634,6 +697,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -659,6 +730,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -700,6 +778,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -771,6 +854,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1035,6 +1122,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1056,6 +1150,15 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation @@ -1087,6 +1190,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1112,6 +1223,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1150,6 +1268,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1221,6 +1344,10 @@ spec: use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1287,6 +1414,64 @@ spec: required: - repoURL type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: description: Sources is a reference to the location of the application's manifests or chart @@ -1362,6 +1547,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1383,6 +1575,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon manifest @@ -1415,6 +1617,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1440,6 +1650,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1479,6 +1696,11 @@ spec: definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -1550,6 +1772,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -1728,6 +1954,11 @@ spec: description: Health contains information about the application's current health status properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -1854,6 +2085,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -1875,6 +2113,16 @@ spec: from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -1908,6 +2156,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -1933,6 +2189,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1974,6 +2237,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -2045,6 +2313,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -2192,6 +2464,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2214,6 +2493,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -2248,6 +2537,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -2274,6 +2571,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2315,6 +2619,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -2387,6 +2696,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -2547,6 +2860,11 @@ spec: sync: description: Sync contains parameters for the operation properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync @@ -2673,6 +2991,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -2697,6 +3022,16 @@ spec: not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -2733,6 +3068,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -2759,6 +3102,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2801,6 +3151,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors @@ -2873,6 +3228,11 @@ spec: Kustomize to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced @@ -3030,6 +3390,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3054,6 +3421,16 @@ spec: do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3091,6 +3468,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3118,6 +3503,13 @@ spec: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3161,6 +3553,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource @@ -3234,6 +3631,11 @@ spec: of Kustomize to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications @@ -3510,6 +3912,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3532,6 +3941,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -3566,6 +3985,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3592,6 +4019,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3633,6 +4067,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -3705,6 +4144,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -3858,6 +4301,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -3882,6 +4332,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -3918,6 +4378,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -3944,6 +4412,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3986,6 +4461,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4058,6 +4538,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced @@ -4164,6 +4648,11 @@ spec: description: HealthStatus contains information about the currently observed health state of an application or resource properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -4181,6 +4670,8 @@ spec: type: string namespace: type: string + requiresDeletionConfirmation: + type: boolean requiresPruning: type: boolean status: @@ -4194,6 +4685,177 @@ spec: type: string type: object type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object sourceType: description: SourceType specifies the type of this application type: string @@ -4358,6 +5020,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4380,6 +5049,16 @@ spec: template from failing when valueFiles do not exist locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command upon @@ -4414,6 +5093,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -4440,6 +5127,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4481,6 +5175,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4553,6 +5252,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -4706,6 +5409,13 @@ spec: helm: description: Helm holds helm specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array fileParameters: description: FileParameters are file parameters to the helm template @@ -4730,6 +5440,16 @@ spec: locally by not appending them to helm template --values type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string parameters: description: Parameters is a list of Helm parameters which are passed to the helm template command @@ -4766,6 +5486,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -4792,6 +5520,13 @@ spec: kustomize: description: Kustomize holds kustomize specific options properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4834,6 +5569,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or @@ -4906,6 +5646,10 @@ spec: to use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced @@ -5009,3 +5753,4 @@ spec: storage: true subresources: {} {{- end }} + diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-applicationset.yaml index 899c5d09e..eff945f8b 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-applicationset.yaml @@ -62,11 +62,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -204,6 +206,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -215,6 +221,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -232,6 +242,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -246,6 +260,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -268,6 +286,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -324,6 +344,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -369,6 +391,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -420,6 +478,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -431,6 +493,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -448,6 +514,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -462,6 +532,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -484,6 +558,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -540,6 +616,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -646,6 +724,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -659,11 +739,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -796,6 +878,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -807,6 +893,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -824,6 +914,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -838,6 +932,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -860,6 +958,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -916,6 +1016,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -961,6 +1063,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1012,6 +1150,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1023,6 +1165,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1040,6 +1186,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1054,6 +1204,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1076,6 +1230,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1132,6 +1288,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1391,6 +1549,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1402,6 +1564,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1419,6 +1585,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1433,6 +1603,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1455,6 +1629,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1511,6 +1687,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1556,6 +1734,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1607,6 +1821,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1618,6 +1836,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1635,6 +1857,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -1649,6 +1875,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -1671,6 +1901,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -1727,6 +1959,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -1966,6 +2200,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -1977,6 +2215,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -1994,6 +2236,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2008,6 +2254,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2030,6 +2280,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2086,6 +2338,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2131,6 +2385,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2182,6 +2472,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2193,6 +2487,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2210,6 +2508,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2224,6 +2526,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2246,6 +2552,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2302,6 +2610,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2422,11 +2732,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2564,6 +2876,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2575,6 +2891,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2592,6 +2912,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2606,6 +2930,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2628,6 +2956,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2684,6 +3014,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -2729,6 +3061,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2780,6 +3148,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -2791,6 +3163,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -2808,6 +3184,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -2822,6 +3202,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -2844,6 +3228,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -2900,6 +3286,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3006,6 +3394,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -3019,11 +3409,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3156,6 +3548,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3167,6 +3563,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3184,6 +3584,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3198,8 +3602,12 @@ spec: type: object kustomize: properties: - commonAnnotations: - additionalProperties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: type: string type: object commonAnnotationsEnvsubst: @@ -3220,6 +3628,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3276,6 +3686,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3321,6 +3733,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -3372,6 +3820,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3383,6 +3835,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3400,6 +3856,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3414,6 +3874,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3436,6 +3900,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3492,6 +3958,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3751,6 +4219,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3762,6 +4234,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3779,6 +4255,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -3793,6 +4273,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -3815,6 +4299,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -3871,6 +4357,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -3916,6 +4404,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -3967,6 +4491,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -3978,6 +4506,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -3995,6 +4527,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4009,6 +4545,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4031,6 +4571,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4087,6 +4629,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4326,6 +4870,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4337,6 +4885,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4354,6 +4906,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4368,6 +4924,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4390,6 +4950,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4446,6 +5008,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4491,6 +5055,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -4542,6 +5142,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4553,6 +5157,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4570,6 +5178,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4584,6 +5196,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4606,6 +5222,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -4662,6 +5280,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -4909,6 +5529,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -4920,6 +5544,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -4937,6 +5565,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -4951,6 +5583,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -4973,6 +5609,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5029,6 +5667,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -5074,6 +5714,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -5125,6 +5801,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5136,6 +5816,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5153,6 +5837,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -5167,6 +5855,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5189,6 +5881,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5245,6 +5939,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -5447,6 +6143,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -5522,6 +6245,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -5674,6 +6407,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5685,6 +6422,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5702,6 +6443,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -5716,6 +6461,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5738,6 +6487,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -5794,6 +6545,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -5839,6 +6592,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -5890,6 +6679,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -5901,6 +6694,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -5918,6 +6715,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -5932,6 +6733,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -5954,6 +6759,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6010,6 +6817,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6202,7 +7011,34 @@ spec: - passwordRef - username type: object - project: + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: type: string required: - api @@ -6282,6 +7118,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -6434,6 +7280,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6445,6 +7295,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6462,6 +7316,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6476,6 +7334,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6498,6 +7360,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6554,6 +7418,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6599,6 +7465,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -6650,6 +7552,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -6661,6 +7567,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -6678,6 +7588,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -6692,6 +7606,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -6714,6 +7632,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -6770,6 +7690,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -6885,11 +7807,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7024,6 +7948,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7035,6 +7963,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7052,6 +7984,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7066,6 +8002,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7088,6 +8028,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7144,6 +8086,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7189,6 +8133,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7240,6 +8220,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7251,6 +8235,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7268,6 +8256,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7282,6 +8274,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7304,6 +8300,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7360,6 +8358,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7482,11 +8482,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7624,6 +8626,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7635,6 +8641,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7652,6 +8662,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7666,6 +8680,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7688,6 +8706,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7744,6 +8764,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -7789,6 +8811,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7840,6 +8898,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -7851,6 +8913,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -7868,6 +8934,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -7882,6 +8952,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -7904,6 +8978,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -7960,6 +9036,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8066,6 +9144,8 @@ spec: type: object clusters: properties: + flatList: + type: boolean selector: properties: matchExpressions: @@ -8079,11 +9159,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8216,6 +9298,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8227,6 +9313,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8244,6 +9334,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8258,6 +9352,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8280,6 +9378,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8336,6 +9436,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8381,6 +9483,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8432,6 +9570,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8443,6 +9585,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8460,6 +9606,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8474,6 +9624,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8496,6 +9650,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8552,6 +9708,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8811,6 +9969,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -8822,6 +9984,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -8839,6 +10005,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -8853,6 +10023,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -8875,6 +10049,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -8931,6 +10107,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -8976,6 +10154,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9027,6 +10241,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9038,7 +10256,11 @@ spec: type: array ignoreMissingValueFiles: type: boolean - parameters: + kubeVersion: + type: string + namespace: + type: string + parameters: items: properties: forceString: @@ -9055,6 +10277,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9069,6 +10295,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9091,6 +10321,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9147,6 +10379,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9386,6 +10620,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9397,6 +10635,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9414,6 +10656,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9428,6 +10674,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9450,6 +10700,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9506,6 +10758,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9551,6 +10805,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9602,6 +10892,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9613,6 +10907,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9630,6 +10928,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -9644,6 +10946,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -9666,6 +10972,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -9722,6 +11030,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -9969,6 +11279,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -9980,6 +11294,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -9997,6 +11315,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10011,6 +11333,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10033,6 +11359,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10089,6 +11417,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10134,6 +11464,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10185,6 +11551,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10196,6 +11566,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10213,6 +11587,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10227,6 +11605,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10249,6 +11631,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10305,6 +11689,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10507,6 +11893,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -10582,6 +11995,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -10734,6 +12157,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10745,6 +12172,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10762,6 +12193,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10776,6 +12211,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -10798,6 +12237,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -10854,6 +12295,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -10899,6 +12342,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10950,6 +12429,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -10961,6 +12444,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -10978,6 +12465,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -10992,6 +12483,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11014,6 +12509,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11070,6 +12567,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -11262,6 +12761,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -11342,6 +12868,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -11494,6 +13030,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11505,6 +13045,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11522,6 +13066,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -11536,6 +13084,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11558,6 +13110,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11614,6 +13168,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -11659,6 +13215,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -11710,6 +13302,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -11721,6 +13317,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -11738,6 +13338,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -11752,6 +13356,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -11774,6 +13382,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -11830,6 +13440,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -11945,11 +13557,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12088,6 +13702,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12099,6 +13717,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12116,6 +13738,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12130,6 +13756,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12152,6 +13782,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12208,6 +13840,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12253,6 +13887,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -12304,6 +13974,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12315,6 +13989,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12332,6 +14010,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12346,6 +14028,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12368,6 +14054,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12424,6 +14112,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12670,6 +14360,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12681,6 +14375,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12698,6 +14396,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12712,6 +14414,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12734,6 +14440,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -12790,6 +14498,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -12835,6 +14545,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -12886,6 +14632,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -12897,6 +14647,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -12914,6 +14668,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -12928,6 +14686,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -12950,6 +14712,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13006,6 +14770,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13208,6 +14974,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string repo: @@ -13283,6 +15076,16 @@ spec: properties: api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object insecure: type: boolean labels: @@ -13435,6 +15238,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13446,6 +15253,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13463,6 +15274,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13477,6 +15292,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13499,6 +15318,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13555,6 +15376,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13600,6 +15423,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13651,6 +15510,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -13662,6 +15525,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -13679,6 +15546,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -13693,6 +15564,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -13715,6 +15590,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -13771,6 +15648,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -13963,6 +15842,33 @@ spec: - passwordRef - username type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean project: type: string required: @@ -14043,6 +15949,16 @@ spec: type: boolean api: type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object group: type: string includeSharedProjects: @@ -14195,6 +16111,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14206,6 +16126,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14223,6 +16147,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -14237,6 +16165,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14259,6 +16191,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14315,6 +16249,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -14360,6 +16296,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -14411,6 +16383,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14422,6 +16398,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14439,6 +16419,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -14453,6 +16437,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14475,6 +16463,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14531,6 +16521,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -14646,11 +16638,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14860,6 +16854,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -14871,6 +16869,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -14888,6 +16890,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -14902,6 +16908,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -14924,6 +16934,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -14980,6 +16992,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15025,6 +17039,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15076,6 +17126,10 @@ spec: type: object helm: properties: + apiVersions: + items: + type: string + type: array fileParameters: items: properties: @@ -15087,6 +17141,10 @@ spec: type: array ignoreMissingValueFiles: type: boolean + kubeVersion: + type: string + namespace: + type: string parameters: items: properties: @@ -15104,6 +17162,10 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean valueFiles: items: type: string @@ -15118,6 +17180,10 @@ spec: type: object kustomize: properties: + apiVersions: + items: + type: string + type: array commonAnnotations: additionalProperties: type: string @@ -15140,6 +17206,8 @@ spec: items: type: string type: array + kubeVersion: + type: string labelWithoutSelector: type: boolean namePrefix: @@ -15196,6 +17264,8 @@ spec: version: type: string type: object + name: + type: string path: type: string plugin: @@ -15355,6 +17425,9 @@ spec: type: string health: properties: + lastTransitionTime: + format: date-time + type: string message: type: string status: @@ -15368,6 +17441,8 @@ spec: type: string namespace: type: string + requiresDeletionConfirmation: + type: boolean requiresPruning: type: boolean status: diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-project.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-project.yaml index f9910152e..1865aa2d0 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-project.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/crds/crd-project.yaml @@ -96,6 +96,32 @@ spec: description: description: Description contains optional project description type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array destinations: description: Destinations contains list of destinations available for deployment diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/dex/deployment.yaml index a2bfef212..605e689f9 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/dex/deployment.yaml @@ -43,6 +43,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -80,6 +83,18 @@ spec: {{- with (concat .Values.global.env .Values.dex.env) }} {{- toYaml . | nindent 10 }} {{- end }} + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_DEX_SERVER_DISABLE_TLS valueFrom: configMapKeyRef: diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/dex/servicemonitor.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/dex/servicemonitor.yaml index 2c03e5970..2564cfa1b 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/dex/servicemonitor.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/dex/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -31,6 +31,7 @@ spec: metricRelabelings: {{- toYaml . |nindent 8 }} {{- end }} + honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }} {{- with .Values.dex.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis-secret-init/job.yaml index 239145ae1..2de040a5d 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis-secret-init/job.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -28,9 +28,9 @@ spec: {{- end }} {{- end }} spec: - {{- with .Values.global.imagePullSecrets }} + {{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: - {{ toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - command: @@ -54,6 +54,10 @@ spec: priorityClassName: {{ . }} {{- end }} restartPolicy: OnFailure + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis/deployment.yaml index 525484fbd..310809aee 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis/deployment.yaml @@ -33,6 +33,9 @@ spec: {{- end }} {{- end }} spec: + {{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} {{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis/servicemonitor.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis/servicemonitor.yaml index 4132c1ce0..4710d2869 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis/servicemonitor.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/templates/redis/servicemonitor.yaml @@ -32,6 +32,7 @@ spec: metricRelabelings: {{- toYaml . | nindent 8 }} {{- end }} + honorLabels: {{ .Values.redis.metrics.serviceMonitor.honorLabels }} {{- with .Values.redis.metrics.serviceMonitor.scheme }} scheme: {{ . }} {{- end }} diff --git a/charts/argo-cd/argo-cd/charts/argo-cd/values.yaml b/charts/argo-cd/argo-cd/charts/argo-cd/values.yaml index 435a7aa57..6f056f3b2 100644 --- a/charts/argo-cd/argo-cd/charts/argo-cd/values.yaml +++ b/charts/argo-cd/argo-cd/charts/argo-cd/values.yaml @@ -39,6 +39,8 @@ global: # -- Default domain used by all components ## Used for ingresses, certificates, SSO, notifications, etc. domain: argocd.example.com + # -- Runtime class name for all components + runtimeClassName: "" # -- Common labels for the all resources additionalLabels: {} # app: argo-cd @@ -99,7 +101,8 @@ global: # -- Default priority class for all components priorityClassName: "" # -- Default node selector for all components - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux # -- Default tolerations for all components tolerations: [] # Default affinity preset for all components @@ -118,7 +121,7 @@ global: # - antarctica-east1 # - antarctica-west1 # -- Default [TopologySpreadConstraints] rules for all components - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector of the component topologySpreadConstraints: [] # - maxSkew: 1 @@ -147,6 +150,9 @@ configs: annotations: {} # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance + # -- Enable control of the service account used for the sync operation (alpha) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ + application.sync.impersonation.enabled: false # -- Enable logs RBAC enforcement ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement server.rbac.log.enforce.enable: false @@ -193,6 +199,25 @@ configs: # - profile # - email + # Extension Configuration + ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/ + # extension.config: | + # extensions: + # - name: httpbin + # backend: + # connectionTimeout: 2s + # keepAlive: 15s + # idleConnectionTimeout: 60s + # maxIdleConnections: 30 + # services: + # - url: http://httpbin.org + # headers: + # - name: some-header + # value: '$some.argocd.secret.key' + # cluster: + # name: some-cluster + # server: https://some-cluster + # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: @@ -227,6 +252,8 @@ configs: server.disable.auth: false # -- Enable GZIP compression server.enable.gzip: true + # -- Enable proxy extension feature. (proxy extension is in Alpha phase) + server.enable.proxy.extension: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin ## Repo-server properties @@ -237,6 +264,10 @@ configs: applicationsetcontroller.policy: sync # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) + # @default -- `""` (default is only the ns where the controller is installed) + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/ + applicationsetcontroller.namespaces: "" # -- Enables [Applications in any namespace] ## List of additional namespaces where applications may be created in and reconciled from. ## The namespace where Argo CD is installed to will always be allowed. @@ -295,6 +326,8 @@ configs: # SSH known hosts for Git repositories ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys ssh: + # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. + create: true # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap annotations: {} # -- Known hosts to be added to the known host list by default. @@ -328,6 +361,9 @@ configs: # -----BEGIN CERTIFICATE----- # ... # -----END CERTIFICATE----- + + # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm. + create: true # ConfigMap for Config Management Plugins # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ cmp: @@ -553,6 +589,9 @@ controller: ## clusters are distributed according to the algorithm. If the algorithm is well-balanced, ## like round-robin, then the shards will be well-balanced. dynamicClusterDistribution: false + # -- Runtime class name for the application controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" # -- Application controller heartbeat time # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution heartbeatTime: 10 @@ -674,7 +713,7 @@ controller: drop: - ALL # Readiness probe for application controller - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -702,7 +741,7 @@ controller: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -751,6 +790,8 @@ controller: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -823,6 +864,9 @@ dex: name: dex-server # -- Additional command line arguments to pass to the Dex server extraArgs: [] + # -- Runtime class name for Dex + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" metrics: # -- Deploy metrics service enabled: false @@ -838,6 +882,8 @@ dex: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -876,7 +922,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.38.0 + tag: v2.41.1 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1061,7 +1107,7 @@ dex: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to dex # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1087,6 +1133,9 @@ redis: enabled: true # -- Redis name name: redis + # -- Runtime class name for redis + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## Redis Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -1107,7 +1156,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.2.4-alpine + tag: 7.4.2-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1122,7 +1171,7 @@ redis: # -- Repository to use for the redis-exporter repository: public.ecr.aws/bitnami/redis-exporter # -- Tag to use for the redis-exporter - tag: 1.58.0 + tag: 1.67.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1138,7 +1187,7 @@ redis: drop: - ALL ## Probes for Redis exporter (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis exporter (optional) enabled: false @@ -1192,7 +1241,7 @@ redis: # name: secret-name ## Probes for Redis server (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis server enabled: false @@ -1285,7 +1334,7 @@ redis: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to redis # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1332,6 +1381,8 @@ redis: enabled: false # -- Interval at which metrics should be scraped interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -1360,7 +1411,7 @@ redis-ha: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.2.4-alpine + tag: 7.4.2-alpine ## Prometheus redis-exporter sidecar exporter: # -- Enable Prometheus redis-exporter sidecar @@ -1420,7 +1471,7 @@ redis-ha: # -- [Tolerations] for use with node taints for Redis pods. tolerations: [] # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ topologySpreadConstraints: # -- Enable Redis HA topology spread constraints enabled: false @@ -1463,7 +1514,7 @@ redisSecretInit: repository: "argoproj/argocd" # defaults to global.image.repository # -- Tag to use for the Redis secret-init Job # @default -- `""` (defaults to global.image.tag) - tag: "v2.12.1" # defaults to global.image.tag + tag: "v2.14.2" # defaults to global.image.tag # -- Image pull policy for the Redis secret-init Job # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" # IfNotPresent @@ -1510,6 +1561,8 @@ redisSecretInit: # -- Priority class for Redis secret-init Job # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + # -- Assign custom [affinity] rules to the Redis secret-init Job + affinity: {} # -- Node selector to be added to the Redis secret-init Job # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} @@ -1522,6 +1575,9 @@ server: name: server # -- The number of server pods to run replicas: 1 + # -- Runtime class name for the Argo CD server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## Argo CD server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server @@ -1607,7 +1663,7 @@ server: # -- Repository to use for extension installer image repository: "quay.io/argoprojlabs/argocd-extension-installer" # -- Tag to use for extension installer image - tag: "v0.0.5" + tag: "v0.0.8" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1737,7 +1793,7 @@ server: drop: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -1776,7 +1832,7 @@ server: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1875,7 +1931,8 @@ server: # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer + ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb loadBalancerSourceRanges: [] # -- Server service external IPs externalIPs: [] @@ -1909,6 +1966,8 @@ server: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2136,6 +2195,9 @@ repoServer: name: repo-server # -- The number of repo server pods to run replicas: 1 + # -- Runtime class name for the repo server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## Repo server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server @@ -2330,7 +2392,7 @@ repoServer: drop: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -2366,7 +2428,7 @@ repoServer: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the repo server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -2433,6 +2495,8 @@ repoServer: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2490,6 +2554,9 @@ applicationSet: name: applicationset-controller # -- The number of ApplicationSet controller pods to run replicas: 1 + # -- Runtime class name for the ApplicationSet controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## ApplicationSet controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -2574,6 +2641,8 @@ applicationSet: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2656,7 +2725,7 @@ applicationSet: drop: - ALL ## Probes for ApplicationSet controller (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for ApplicationSet controller enabled: false @@ -2821,6 +2890,9 @@ notifications: # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates # @default -- `""` (defaults to https://`global.domain`) argocdUrl: "" + # -- Runtime class name for the notifications controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -2941,6 +3013,8 @@ notifications: scheme: "" # -- Prometheus ServiceMonitor tlsConfig tlsConfig: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2987,7 +3061,7 @@ notifications: drop: - ALL ## Probes for notifications controller Pods (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for notifications controller Pods enabled: false @@ -3027,7 +3101,7 @@ notifications: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -3332,3 +3406,160 @@ notifications: # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown +commitServer: + # -- Enable commit server + enabled: false + # -- Commit server name + name: commit-server + # -- Runtime class name for the commit server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## commit server controller image + image: + # -- Repository to use for the commit server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the commit server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the commit server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + # -- commit server command line flags + extraArgs: [] + # -- Environment variables to pass to the commit server + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the commit server + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + # -- List of extra volumes to add + extraVolumes: [] + metrics: + # -- Enables prometheus metrics server + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8087 + # -- Metrics service port name + portName: metrics + ## commit server service configuration + service: + # -- commit server service annotations + annotations: {} + # -- commit server service labels + labels: {} + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: false + serviceAccount: + # -- Create commit server service account + create: true + # -- commit server service account name + name: argocd-commit-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + # -- Annotations to be added to commit server Deployment + deploymentAnnotations: {} + # -- Annotations for the commit server pods + podAnnotations: {} + # -- Labels for the commit server pods + podLabels: {} + # -- Resource limits and requests for the commit server pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for commit server pods + dnsPolicy: "ClusterFirst" + # -- commit server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ## Probes for commit server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + livenessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 30 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 5 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + # -- Assign custom [TopologySpreadConstraints] rules to the commit server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the commit server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the commit server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" diff --git a/charts/argo-cd/argo-cd/values.yaml b/charts/argo-cd/argo-cd/values.yaml index 31a7069fe..2da5d7efe 100644 --- a/charts/argo-cd/argo-cd/values.yaml +++ b/charts/argo-cd/argo-cd/values.yaml @@ -41,6 +41,8 @@ argo-cd: # -- Default domain used by all components ## Used for ingresses, certificates, SSO, notifications, etc. domain: argocd.example.com + # -- Runtime class name for all components + runtimeClassName: "" # -- Common labels for the all resources additionalLabels: {} # app: argo-cd @@ -52,7 +54,7 @@ argo-cd: # -- If defined, a repository applied to all Argo CD deployments repository: argoproj/argocd # -- Overrides the global Argo CD image tag whose default is the chart appVersion - tag: "v2.12.1" + tag: "v2.14.2" # -- If defined, a imagePullPolicy applied to all Argo CD deployments imagePullPolicy: IfNotPresent registry: quay.m.daocloud.io @@ -102,7 +104,8 @@ argo-cd: # -- Default priority class for all components priorityClassName: "" # -- Default node selector for all components - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux # -- Default tolerations for all components tolerations: [] # Default affinity preset for all components @@ -121,7 +124,7 @@ argo-cd: # - antarctica-east1 # - antarctica-west1 # -- Default [TopologySpreadConstraints] rules for all components - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector of the component topologySpreadConstraints: [] # - maxSkew: 1 @@ -153,6 +156,9 @@ argo-cd: annotations: {} # -- The name of tracking label used by Argo CD for resource pruning application.instanceLabelKey: argocd.argoproj.io/instance + # -- Enable control of the service account used for the sync operation (alpha) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ + application.sync.impersonation.enabled: false # -- Enable logs RBAC enforcement ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement server.rbac.log.enforce.enable: false @@ -201,6 +207,25 @@ argo-cd: # - profile # - email + # Extension Configuration + ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/ + # extension.config: | + # extensions: + # - name: httpbin + # backend: + # connectionTimeout: 2s + # keepAlive: 15s + # idleConnectionTimeout: 60s + # maxIdleConnections: 30 + # services: + # - url: http://httpbin.org + # headers: + # - name: some-header + # value: '$some.argocd.secret.key' + # cluster: + # name: some-cluster + # server: https://some-cluster + # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: @@ -235,6 +260,8 @@ argo-cd: server.disable.auth: false # -- Enable GZIP compression server.enable.gzip: true + # -- Enable proxy extension feature. (proxy extension is in Alpha phase) + server.enable.proxy.extension: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin ## Repo-server properties @@ -245,6 +272,10 @@ argo-cd: applicationsetcontroller.policy: sync # -- Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: false + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) + # @default -- `""` (default is only the ns where the controller is installed) + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/ + applicationsetcontroller.namespaces: "" # -- Enables [Applications in any namespace] ## List of additional namespaces where applications may be created in and reconciled from. ## The namespace where Argo CD is installed to will always be allowed. @@ -303,6 +334,8 @@ argo-cd: # SSH known hosts for Git repositories ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys ssh: + # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. + create: true # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap annotations: {} # -- Known hosts to be added to the known host list by default. @@ -336,6 +369,9 @@ argo-cd: # -----BEGIN CERTIFICATE----- # ... # -----END CERTIFICATE----- + + # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm. + create: true # ConfigMap for Config Management Plugins # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ cmp: @@ -561,6 +597,9 @@ argo-cd: ## clusters are distributed according to the algorithm. If the algorithm is well-balanced, ## like round-robin, then the shards will be well-balanced. dynamicClusterDistribution: false + # -- Runtime class name for the application controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" # -- Application controller heartbeat time # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution heartbeatTime: 10 @@ -688,7 +727,7 @@ argo-cd: drop: - ALL # Readiness probe for application controller - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -716,7 +755,7 @@ argo-cd: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -765,6 +804,8 @@ argo-cd: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -837,6 +878,9 @@ argo-cd: name: dex-server # -- Additional command line arguments to pass to the Dex server extraArgs: [] + # -- Runtime class name for Dex + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" metrics: # -- Deploy metrics service enabled: false @@ -852,6 +896,8 @@ argo-cd: enabled: false # -- Prometheus ServiceMonitor interval interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -890,7 +936,7 @@ argo-cd: # -- Dex image repository repository: dexidp/dex # -- Dex image tag - tag: v2.38.0 + tag: v2.41.1 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1082,7 +1128,7 @@ argo-cd: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to dex # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1108,6 +1154,9 @@ argo-cd: enabled: true # -- Redis name name: redis + # -- Runtime class name for redis + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## Redis Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -1128,7 +1177,7 @@ argo-cd: # -- Redis repository repository: library/redis # -- Redis tag - tag: 7.2.4-alpine + tag: 7.4.2-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1161,7 +1210,7 @@ argo-cd: drop: - ALL ## Probes for Redis exporter (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis exporter (optional) enabled: false @@ -1215,7 +1264,7 @@ argo-cd: # name: secret-name ## Probes for Redis server (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for Redis server enabled: false @@ -1314,7 +1363,7 @@ argo-cd: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to redis # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1361,6 +1410,8 @@ argo-cd: enabled: false # -- Interval at which metrics should be scraped interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -1392,7 +1443,7 @@ argo-cd: # -- Redis repository repository: library/redis # -- Redis tag - tag: 7.2.4-alpine + tag: 7.4.2-alpine registry: docker.m.daocloud.io ## Prometheus redis-exporter sidecar exporter: @@ -1464,7 +1515,7 @@ argo-cd: # -- [Tolerations] for use with node taints for Redis pods. tolerations: [] # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ topologySpreadConstraints: # -- Enable Redis HA topology spread constraints enabled: false @@ -1517,7 +1568,7 @@ argo-cd: repository: "argoproj/argocd" # defaults to global.image.repository # -- Tag to use for the Redis secret-init Job # @default -- `""` (defaults to global.image.tag) - tag: "v2.12.1" # defaults to global.image.tag + tag: "v2.14.2" # defaults to global.image.tag # -- Image pull policy for the Redis secret-init Job # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" # IfNotPresent @@ -1570,6 +1621,8 @@ argo-cd: # -- Priority class for Redis secret-init Job # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + # -- Assign custom [affinity] rules to the Redis secret-init Job + affinity: {} # -- Node selector to be added to the Redis secret-init Job # @default -- `{}` (defaults to global.nodeSelector) nodeSelector: {} @@ -1582,6 +1635,9 @@ argo-cd: name: server # -- The number of server pods to run replicas: 1 + # -- Runtime class name for the Argo CD server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## Argo CD server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server @@ -1667,7 +1723,7 @@ argo-cd: # -- Repository to use for extension installer image repository: "quay.io/argoprojlabs/argocd-extension-installer" # -- Tag to use for extension installer image - tag: "v0.0.5" + tag: "v0.0.8" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1803,7 +1859,7 @@ argo-cd: drop: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -1842,7 +1898,7 @@ argo-cd: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -1941,7 +1997,8 @@ argo-cd: # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" # -- Source IP ranges to allow access to service from - ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer + ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb loadBalancerSourceRanges: [] # -- Server service external IPs externalIPs: [] @@ -1975,6 +2032,8 @@ argo-cd: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2202,6 +2261,9 @@ argo-cd: name: repo-server # -- The number of repo server pods to run replicas: 1 + # -- Runtime class name for the repo server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## Repo server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server @@ -2402,7 +2464,7 @@ argo-cd: drop: - ALL ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 @@ -2438,7 +2500,7 @@ argo-cd: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the repo server # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -2505,6 +2567,8 @@ argo-cd: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2562,6 +2626,9 @@ argo-cd: name: applicationset-controller # -- The number of ApplicationSet controller pods to run replicas: 1 + # -- Runtime class name for the ApplicationSet controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## ApplicationSet controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -2646,6 +2713,8 @@ argo-cd: interval: 30s # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -2734,7 +2803,7 @@ argo-cd: drop: - ALL ## Probes for ApplicationSet controller (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for ApplicationSet controller enabled: false @@ -2899,6 +2968,9 @@ argo-cd: # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates # @default -- `""` (defaults to https://`global.domain`) argocdUrl: "" + # -- Runtime class name for the notifications controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" ## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb: @@ -3019,6 +3091,8 @@ argo-cd: scheme: "" # -- Prometheus ServiceMonitor tlsConfig tlsConfig: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion @@ -3071,7 +3145,7 @@ argo-cd: drop: - ALL ## Probes for notifications controller Pods (optional) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe: # -- Enable Kubernetes liveness probe for notifications controller Pods enabled: false @@ -3111,7 +3185,7 @@ argo-cd: affinity: {} # -- Assign custom [TopologySpreadConstraints] rules to the application controller # @default -- `[]` (defaults to global.topologySpreadConstraints) - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 @@ -3416,3 +3490,160 @@ argo-cd: # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown + commitServer: + # -- Enable commit server + enabled: false + # -- Commit server name + name: commit-server + # -- Runtime class name for the commit server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + ## commit server controller image + image: + # -- Repository to use for the commit server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the commit server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the commit server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + # -- commit server command line flags + extraArgs: [] + # -- Environment variables to pass to the commit server + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the commit server + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + # -- List of extra volumes to add + extraVolumes: [] + metrics: + # -- Enables prometheus metrics server + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8087 + # -- Metrics service port name + portName: metrics + ## commit server service configuration + service: + # -- commit server service annotations + annotations: {} + # -- commit server service labels + labels: {} + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: false + serviceAccount: + # -- Create commit server service account + create: true + # -- commit server service account name + name: argocd-commit-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + # -- Annotations to be added to commit server Deployment + deploymentAnnotations: {} + # -- Annotations for the commit server pods + podAnnotations: {} + # -- Labels for the commit server pods + podLabels: {} + # -- Resource limits and requests for the commit server pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for commit server pods + dnsPolicy: "ClusterFirst" + # -- commit server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ## Probes for commit server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + livenessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 30 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 5 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + # -- Assign custom [TopologySpreadConstraints] rules to the commit server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the commit server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the commit server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" diff --git a/charts/argo-cd/config b/charts/argo-cd/config index 3d7938bb9..cd6df3077 100644 --- a/charts/argo-cd/config +++ b/charts/argo-cd/config @@ -4,7 +4,7 @@ export USE_OPENSOURCE_CHART=false export REPO_URL=https://argoproj.github.io/argo-helm export REPO_NAME=argo-cd export CHART_NAME=argo-cd -export VERSION=7.4.4 +export VERSION=7.8.2 # pr, issue, none export UPGRADE_METHOD=pr