├── charts ├── argo-events │ ├── ci │ │ └── test-values.yaml │ ├── templates │ │ ├── argo-events-sa.yaml │ │ ├── _helpers.tpl │ │ ├── argo-events-rbac.yaml │ │ ├── controller-manager.yaml │ │ ├── argo-events-cluster-rbac.yaml │ │ └── controller-cm.yaml │ ├── .helmignore │ ├── Chart.yaml │ ├── crds │ │ ├── eventsource-crd.yml │ │ ├── sensor-crd.yml │ │ └── eventbus-crd.yml │ ├── values.yaml │ ├── README.md │ └── DOCS.md ├── argo-cd │ ├── .helmignore │ ├── templates │ │ ├── repo-server │ │ │ ├── rbac.yaml │ │ │ ├── service-monitor.yaml │ │ │ ├── service.yaml │ │ │ └── networkpolicy.yaml │ │ ├── config │ │ │ ├── argocd-rbac-cm.yaml │ │ │ ├── argocd-gpg-keys-cm.yaml │ │ │ ├── argocd-cm-params-cm.yaml │ │ │ ├── argocd-tls-certs-cm.yaml │ │ │ ├── argocd-ssh-known-hosts-cm.yaml │ │ │ ├── repository-secret.yaml │ │ │ ├── argocd-secret.yaml │ │ │ └── argocd-cm.yaml │ │ ├── argocd-server │ │ │ ├── networkpolicy.yaml │ │ │ ├── service-monitor.yaml │ │ │ ├── metrics-service.yaml │ │ │ ├── service.yaml │ │ │ ├── ingress.yaml │ │ │ ├── cluster-rbac.yaml │ │ │ └── rbac.yaml │ │ ├── application-controller │ │ │ ├── networkpolicy.yaml │ │ │ ├── metrics-service.yaml │ │ │ ├── service-monitor.yaml │ │ │ ├── cluster-rbac.yaml │ │ │ └── rbac.yaml │ │ ├── applicationset-controller │ │ │ ├── service-monitor.yaml │ │ │ ├── networkpolicy.yaml │ │ │ ├── service.yaml │ │ │ ├── cluster-rbac.yaml │ │ │ └── rbac.yaml │ │ ├── redis-ha │ │ │ ├── redis-ha-svc.yaml │ │ │ ├── haproxy-svc.yaml │ │ │ ├── haproxy-networkpolicy.yaml │ │ │ ├── redis-ha-networkpolicy.yaml │ │ │ ├── redis-ha-rbac.yaml │ │ │ ├── haproxy-rbac.yaml │ │ │ ├── redis-ha-config.yaml │ │ │ ├── redis-ha-announce-svcs.yaml │ │ │ └── haproxy.yaml │ │ ├── notifications-controller │ │ │ ├── service.yaml │ │ │ ├── networkpolicy.yaml │ │ │ ├── config.yaml │ │ │ ├── rbac.yaml │ │ │ └── deployment.yaml │ │ ├── _helpers.tpl │ │ ├── dex │ │ │ ├── networkpolicy.yaml │ │ │ ├── service.yaml │ │ │ ├── rbac.yaml │ │ │ └── deployment.yaml │ │ └── NOTES.txt │ ├── Chart.lock │ ├── Chart.yaml │ └── ci │ │ └── test-values.yaml ├── argo-cd-extensions │ ├── values.yaml │ ├── templates │ │ ├── extensions.yaml │ │ └── rbac.yaml │ ├── extensions │ │ └── argo-rollouts.yaml │ ├── Chart.yaml │ ├── README.md │ └── crds │ │ └── argocdextension.yaml ├── argo-workflows │ ├── templates │ │ ├── controller │ │ │ ├── priorityclass.yaml │ │ │ ├── config.yaml │ │ │ ├── deployment.yaml │ │ │ ├── aggregate-rbac.yaml │ │ │ └── cluster-rbac.yaml │ │ ├── NOTES.txt │ │ ├── server │ │ │ ├── service.yaml │ │ │ ├── ingress.yaml │ │ │ ├── cluster-rbac.yaml │ │ │ └── deployment.yaml │ │ └── _helpers.tpl │ ├── .helmignore │ ├── Chart.yaml │ ├── values.yaml │ └── README.md ├── argo-rollouts │ ├── templates │ │ ├── notifications │ │ │ ├── secret.yaml │ │ │ └── configmap.yaml │ │ ├── controller │ │ │ ├── argo-rollouts-sa.yaml │ │ │ ├── argo-rollouts-metrics-service.yaml │ │ │ ├── argo-rollouts-controller-rolebinding.yaml │ │ │ ├── argo-rollouts-clusterrolebinding.yaml │ │ │ ├── argo-rollouts-controller-role.yaml │ │ │ ├── argo-rollouts-deployment.yaml │ │ │ ├── argo-rollouts-aggregate-roles.yaml │ │ │ ├── argo-rollouts-clusterrole-readonly.yaml │ │ │ ├── argo-rollouts-clusterrole.yaml │ │ │ └── argo-rollouts-clusterrole-write.yaml │ │ └── dashboard │ │ │ ├── dashboard-serviceaccount.yaml │ │ │ ├── dashboard-service.yaml │ │ │ ├── dashboard-clusterrolebinding.yaml │ │ │ ├── dashboard-ingress.yaml │ │ │ ├── dashboard-deployment.yaml │ │ │ ├── dashboard-clusterrole-readonly.yaml │ │ │ └── dashboard-clusterrole.yaml │ ├── Chart.yaml │ ├── .helmignore │ ├── ci │ │ └── test-values.yaml │ ├── notifications │ │ ├── on-rollout-paused │ │ ├── on-rollout-aborted │ │ ├── on-rollout-updated │ │ ├── on-rollout-completed │ │ ├── on-analysis-run-failed │ │ ├── on-analysis-run-running │ │ ├── on-analysis-run-error │ │ ├── on-scaling-replica-set │ │ └── on-rollout-step-completed │ ├── DOCS.md │ ├── values.yaml │ └── README.md └── argocd-image-updater │ ├── templates │ ├── secret.yaml │ ├── serviceaccount.yaml │ ├── _helpers.tpl │ ├── config.yaml │ ├── rbac.yaml │ └── deployment.yaml │ ├── .helmignore │ ├── Chart.yaml │ ├── values.yaml │ ├── README.md │ └── DOCS.md ├── .gitignore ├── docs ├── argo-cd-install │ ├── values.yaml │ ├── kustomization.yaml │ └── README.md ├── argo-cd-example │ ├── README.md │ ├── kustomization.yaml │ └── values.yaml └── argo-cd │ └── README.md ├── .github ├── configs │ ├── kind-config.yaml │ ├── ct-lint.yaml │ ├── ct-install.yaml │ └── lintconf.yaml └── workflows │ ├── chart-publish.yml │ ├── image-publish.yml │ └── lint-and-test.yml ├── .pre-commit-config.yaml ├── scripts └── lint.sh ├── hack ├── compare-image-updater.sh ├── compare-events.sh ├── compare-workflows.sh ├── compare-rollouts.sh └── compare-cd.sh └── CONTRIBUTING.md /charts/argo-events/ci/test-values.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /charts/argo-cd/.helmignore: -------------------------------------------------------------------------------- 1 | /*.tgz 2 | output 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | charts/argo-cd/charts/ 2 | values-testing.yaml 3 | docs/**/charts 4 | -------------------------------------------------------------------------------- /charts/argo-cd-extensions/values.yaml: -------------------------------------------------------------------------------- 1 | # list of extensions to enable 2 | extensions: 3 | - argo-rollouts 4 | -------------------------------------------------------------------------------- /docs/argo-cd-install/values.yaml: -------------------------------------------------------------------------------- 1 | config: 2 | argocd: 3 | kustomize.buildOptions: --enable-helm 4 | -------------------------------------------------------------------------------- /charts/argo-events/templates/argo-events-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: argo-events-sa -------------------------------------------------------------------------------- /docs/argo-cd-example/README.md: -------------------------------------------------------------------------------- 1 | # Example Install 2 | 3 | This is an example Argo CD installation using Akutiy Argo CD helm chart. 4 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/controller/priorityclass.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scheduling.k8s.io/v1 2 | kind: PriorityClass 3 | metadata: 4 | name: workflow-controller 5 | value: 1000000 6 | -------------------------------------------------------------------------------- /.github/configs/kind-config.yaml: -------------------------------------------------------------------------------- 1 | # https://kind.sigs.k8s.io/docs/user/configuration/ 2 | kind: Cluster 3 | apiVersion: kind.x-k8s.io/v1alpha4 4 | nodes: 5 | - role: control-plane 6 | - role: worker 7 | - role: worker 8 | - role: worker 9 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/controller/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: workflow-controller-configmap 5 | {{- if .Values.config }} 6 | data: 7 | {{ toYaml .Values.config | indent 2}} 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/notifications/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.notifications.createSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: argo-rollouts-notification-secret 6 | namespace: {{ .Release.Namespace }} 7 | {{- end }} 8 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-image-updater-secret 6 | app.kubernetes.io/part-of: argocd-image-updater 7 | name: argocd-image-updater-secret 8 | -------------------------------------------------------------------------------- /docs/argo-cd-install/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | helmCharts: 5 | - name: argo-cd 6 | repo: https://charts.akuity.io 7 | includeCRDs: true 8 | namespace: argocd 9 | valuesFile: values.yaml 10 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: argocd-image-updater 7 | app.kubernetes.io/part-of: argocd-image-updater 8 | name: argocd-image-updater 9 | -------------------------------------------------------------------------------- /docs/argo-cd-example/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | helmCharts: 5 | - name: argo-cd 6 | repo: https://charts.akuity.io 7 | includeCRDs: true 8 | namespace: argocd 9 | valuesFile: values.yaml 10 | version: 2.5.2-ak.0.0 # pin to a version 11 | -------------------------------------------------------------------------------- /charts/argo-cd-extensions/templates/extensions.yaml: -------------------------------------------------------------------------------- 1 | {{ $currentScope := .}} 2 | {{ range $path, $_ := .Files.Glob "extensions/*.yaml" }} 3 | {{- with $currentScope}} 4 | {{- if has ($path | base | split ".")._0 .Values.extensions }} 5 | {{ .Files.Get $path }} 6 | --- 7 | {{- end }} 8 | {{- end }} 9 | {{ end }} -------------------------------------------------------------------------------- /charts/argo-cd/templates/repo-server/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: repo-server 6 | app.kubernetes.io/name: argocd-repo-server 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-repo-server 9 | namespace: {{ .Release.Namespace }} 10 | --- -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/norwoodj/helm-docs 3 | rev: v1.11.0 4 | hooks: 5 | - id: helm-docs 6 | args: 7 | # Make the tool search for charts only under the `example-charts` directory 8 | - --chart-search-root=charts 9 | - --output-file=README.md 10 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get Argo Server external IP/domain by running: 2 | 3 | kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep argo-server 4 | 5 | 2. Submit the hello-world workflow by running: 6 | 7 | argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch 8 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: argo-server 5 | spec: 6 | {{- if .Values.server.service.type }} 7 | type: {{ .Values.server.service.type }} 8 | {{- end }} 9 | ports: 10 | - name: web 11 | port: 2746 12 | targetPort: 2746 13 | selector: 14 | app: argo-server 15 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/config/argocd-rbac-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-rbac-cm 6 | app.kubernetes.io/part-of: argocd 7 | name: argocd-rbac-cm 8 | namespace: {{ .Release.Namespace }} 9 | {{- with .Values.config.rbac }} 10 | data: 11 | {{- toYaml . | nindent 2}} 12 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-cd-extensions/extensions/argo-rollouts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: ArgoCDExtension 3 | metadata: 4 | name: argo-rollouts 5 | finalizers: 6 | - extensions-finalizer.argocd.argoproj.io 7 | spec: 8 | sources: 9 | - web: 10 | url: https://github.com/argoproj-labs/rollout-extension/releases/download/v0.1.0/extension.tar 11 | -------------------------------------------------------------------------------- /charts/argo-cd/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argo-cd-extensions 3 | repository: https://charts.akuity.io 4 | version: 0.0.4 5 | - name: argocd-image-updater 6 | repository: https://charts.akuity.io 7 | version: 0.1.2 8 | digest: sha256:ab13e2c1536ba105d834c4ac9ff9324e6df9e4ad63061b4dd3be4aa9d2e63037 9 | generated: "2022-09-28T15:18:30.607897-07:00" 10 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/config/argocd-gpg-keys-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-gpg-keys-cm 6 | app.kubernetes.io/part-of: argocd 7 | name: argocd-gpg-keys-cm 8 | namespace: {{ .Release.Namespace }} 9 | {{- with .Values.config.gpgKeys }} 10 | data: 11 | {{- toYaml . | nindent 2}} 12 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-rollouts/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | version: 1.4.1-ak.0.0 3 | appVersion: 1.4.1 4 | description: A Helm chart for Argo Rollouts 5 | name: argo-rollouts 6 | icon: https://argoproj.github.io/argo-rollouts/assets/logo.png 7 | home: https://github.com/akuity/helm-charts 8 | maintainers: 9 | - name: terrytangyuan 10 | - name: jessesuen 11 | - name: wanghong230 12 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/config/argocd-cm-params-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-cmd-params-cm 6 | app.kubernetes.io/part-of: argocd 7 | name: argocd-cmd-params-cm 8 | namespace: {{ .Release.Namespace }} 9 | {{- with .Values.config.params }} 10 | data: 11 | {{- toYaml . | nindent 2}} 12 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-cd/templates/config/argocd-tls-certs-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-tls-certs-cm 6 | app.kubernetes.io/part-of: argocd 7 | name: argocd-tls-certs-cm 8 | namespace: {{ .Release.Namespace }} 9 | {{- with .Values.config.tlsCerts }} 10 | data: 11 | {{- toYaml . | nindent 4}} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/argocd-server/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: argocd-server-network-policy 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | ingress: 9 | - {} 10 | podSelector: 11 | matchLabels: 12 | app.kubernetes.io/name: argocd-server 13 | policyTypes: 14 | - Ingress 15 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-sa.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.controller.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: argo-rollouts 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app.kubernetes.io/component: rollouts-controller 9 | app.kubernetes.io/name: argo-rollouts 10 | app.kubernetes.io/part-of: argo-rollouts 11 | 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/dashboard/dashboard-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dashboard.enabled -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: argo-rollouts-dashboard 7 | app.kubernetes.io/name: argo-rollouts-dashboard 8 | app.kubernetes.io/part-of: argo-rollouts 9 | name: argo-rollouts-dashboard 10 | namespace: {{ .Release.Namespace }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/argo-events/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | ci/ 23 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/notifications/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.notifications.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: argo-rollouts-notification-configmap 6 | namespace: {{ .Release.Namespace }} 7 | data: 8 | {{- $currentScope := . }} 9 | {{- range $path, $_ := .Files.Glob "notifications/*" }} 10 | {{- with $currentScope}} 11 | {{- .Files.Get $path | nindent 2 }} 12 | {{- end }} 13 | {{ end }} 14 | {{ end }} -------------------------------------------------------------------------------- /charts/argo-rollouts/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | ci/ 23 | -------------------------------------------------------------------------------- /charts/argo-workflows/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | ci/ 23 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/config/argocd-ssh-known-hosts-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-ssh-known-hosts-cm 6 | app.kubernetes.io/part-of: argocd 7 | name: argocd-ssh-known-hosts-cm 8 | namespace: {{ .Release.Namespace }} 9 | data: 10 | ssh_known_hosts: | 11 | {{- .Values.config.sshKnownHosts.default | nindent 4 }} 12 | {{- .Values.config.sshKnownHosts.additional | nindent 4}} 13 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/config/repository-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- range $repo_key, $repo_value := .Values.config.repositories }} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | labels: 7 | argocd.argoproj.io/secret-type: repository 8 | name: argocd-repo-{{ $repo_key }} 9 | namespace: {{ $.Release.Namespace }} 10 | data: 11 | {{- range $key, $value := $repo_value }} 12 | {{ $key }}: {{ $value | toString | b64enc }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/application-controller/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: argocd-application-controller-network-policy 5 | namespace: {{ .Release.Namespace }} 6 | spec: 7 | ingress: 8 | - from: 9 | - namespaceSelector: {} 10 | ports: 11 | - port: 8082 12 | podSelector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-application-controller 15 | policyTypes: 16 | - Ingress -------------------------------------------------------------------------------- /charts/argocd-image-updater/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/config/argocd-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.config.createSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: argocd-secret 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-secret 9 | namespace: {{ .Release.Namespace }} 10 | type: Opaque 11 | {{- with .Values.config.secret }} 12 | data: 13 | {{- range $key, $value := . }} 14 | {{ $key }}: {{ $value | b64enc }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/application-controller/metrics-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics 6 | app.kubernetes.io/name: argocd-metrics 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-metrics 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | ports: 12 | - name: metrics 13 | port: 8082 14 | protocol: TCP 15 | targetPort: 8082 16 | selector: 17 | app.kubernetes.io/name: argocd-application-controller 18 | -------------------------------------------------------------------------------- /.github/configs/ct-lint.yaml: -------------------------------------------------------------------------------- 1 | ## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md 2 | # Don't add the 'debug' attribute, otherwise the workflow won't work anymore 3 | # Only Used for the CT Lint Stage 4 | remote: origin 5 | chart-dirs: 6 | - charts 7 | chart-repos: 8 | - akuity=https://charts.akuity.io 9 | helm-extra-args: "--timeout 600s" 10 | validate-chart-schema: false 11 | validate-maintainers: true 12 | validate-yaml: true 13 | exclude-deprecated: true 14 | excluded-charts: [] 15 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "argocd-image-updater.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 7 | {{- end }} 8 | 9 | {{/* 10 | Create chart name and version as used by the chart label. 11 | */}} 12 | {{- define "argocd-image-updater.chart" -}} 13 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-metrics-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: argo-rollouts-metrics 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app.kubernetes.io/component: server 8 | app.kubernetes.io/name: argo-rollouts-metrics 9 | app.kubernetes.io/part-of: argo-rollouts 10 | spec: 11 | ports: 12 | - name: metrics 13 | protocol: TCP 14 | port: 8090 15 | targetPort: 8090 16 | selector: 17 | app.kubernetes.io/name: argo-rollouts -------------------------------------------------------------------------------- /charts/argo-workflows/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | version: 3.5.7-ak.0.0 3 | appVersion: 3.5.7 4 | name: argo-workflows 5 | description: A Helm chart for Argo Workflows 6 | type: application 7 | icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png 8 | home: https://github.com/akuity/helm-charts 9 | sources: 10 | - https://github.com/argoproj/argo-workflows 11 | maintainers: 12 | - name: jessesuen 13 | email: jesse@akuity.io 14 | - name: 34fathombelow 15 | email: justin@akuity.io 16 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-controller-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: argo-rollouts-controller 5 | labels: 6 | app.kubernetes.io/component: rollouts-controller 7 | app.kubernetes.io/name: argo-rollouts 8 | app.kubernetes.io/part-of: argo-rollouts 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: argo-rollouts-controller 13 | subjects: 14 | - kind: ServiceAccount 15 | name: argo-rollouts 16 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/application-controller/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: argocd-metrics 6 | labels: 7 | release: argocd-service 8 | {{- with .Values.global.serviceMonitor.additionalLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-metrics 15 | endpoints: 16 | - port: metrics 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/argocd-server/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: argocd-server-metrics 6 | labels: 7 | release: argocd-service 8 | {{- with .Values.global.serviceMonitor.additionalLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-server-metrics 15 | endpoints: 16 | - port: metrics 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/repo-server/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: argocd-repo-server-metrics 6 | labels: 7 | release: argocd-service 8 | {{- with .Values.global.serviceMonitor.additionalLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-repo-server 15 | endpoints: 16 | - port: metrics 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /.github/configs/ct-install.yaml: -------------------------------------------------------------------------------- 1 | ## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md 2 | # Don't add the 'debug' attribute, otherwise the workflow won't work anymore 3 | # Only Used for the CT Install Stage 4 | remote: origin 5 | chart-dirs: 6 | - charts 7 | chart-repos: 8 | - akuity=https://charts.akuity.io 9 | helm-extra-args: "--timeout 1200s" 10 | validate-chart-schema: false 11 | validate-maintainers: true 12 | validate-yaml: true 13 | exclude-deprecated: true 14 | excluded-charts: 15 | - "argocd-applicationset" 16 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/argocd-server/metrics-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: server 7 | app.kubernetes.io/name: argocd-server-metrics 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-server-metrics 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | ports: 13 | - name: metrics 14 | port: 8083 15 | protocol: TCP 16 | targetPort: 8083 17 | selector: 18 | app.kubernetes.io/name: argocd-server 19 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-cd-extensions/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | version: 0.0.4 3 | appVersion: 0.1.0 4 | description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. 5 | name: argo-cd-extensions 6 | home: https://charts.akuity.io 7 | icon: https://argoproj.github.io/argo-cd/assets/logo.png 8 | keywords: 9 | - argoproj 10 | - argocd 11 | - gitops 12 | maintainers: 13 | - name: terrytangyuan 14 | email: terry@akuity.io 15 | - name: jessesuen 16 | email: jesse@akuity.io 17 | - name: wanghong230 18 | email: hong@akuity.io 19 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: argo-rollouts 5 | labels: 6 | app.kubernetes.io/component: rollouts-controller 7 | app.kubernetes.io/name: argo-rollouts 8 | app.kubernetes.io/part-of: argo-rollouts 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: argo-rollouts 13 | subjects: 14 | - kind: ServiceAccount 15 | name: argo-rollouts 16 | namespace: {{ .Release.Namespace }} 17 | -------------------------------------------------------------------------------- /charts/argo-rollouts/ci/test-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | extraArgs: 3 | - --aws-verify-target-group 4 | 5 | dashboard: 6 | enabled: true 7 | ingress: 8 | enabled: true 9 | className: traefik 10 | host: rollouts.demo.akuity.io 11 | annotations: 12 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443},{"HTTP":80}]' 13 | alb.ingress.kubernetes.io/scheme: internet-facing 14 | alb.ingress.kubernetes.io/ssl-redirect: '443' 15 | tls: 16 | enabled: true 17 | secretName: my-tls-secret 18 | 19 | notifications: 20 | enabled: true 21 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/applicationset-controller/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: argocd-applicationset-controller-metrics 6 | labels: 7 | release: argocd-service 8 | {{- with .Values.global.serviceMonitor.additionalLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-applicationset-controller 15 | endpoints: 16 | - port: metrics 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/repo-server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: repo-server 6 | app.kubernetes.io/name: argocd-repo-server 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-repo-server 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | ports: 12 | - name: server 13 | port: 8081 14 | protocol: TCP 15 | targetPort: 8081 16 | - name: metrics 17 | port: 8084 18 | protocol: TCP 19 | targetPort: 8084 20 | selector: 21 | app.kubernetes.io/name: argocd-repo-server 22 | -------------------------------------------------------------------------------- /charts/argo-events/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | version: 1.7.3-ak.0.0 3 | appVersion: 1.7.3 4 | description: A Helm chart to install Argo-Events in k8s Cluster 5 | name: argo-events 6 | keywords: 7 | - argo-events 8 | - sensor-controller 9 | - eventsource-controller 10 | - eventbus-controller 11 | sources: 12 | - https://github.com/argoproj/argo-events 13 | maintainers: 14 | - name: terrytangyuan 15 | - name: jessesuen 16 | - name: wanghong230 17 | - name: gdsoumya 18 | icon: https://argoproj.github.io/argo-events/assets/logo.png 19 | home: https://github.com/akuity/helm-charts 20 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/dashboard/dashboard-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dashboard.enabled -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: argo-rollouts-dashboard 7 | app.kubernetes.io/name: argo-rollouts-dashboard 8 | app.kubernetes.io/part-of: argo-rollouts 9 | name: argo-rollouts-dashboard 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | selector: 13 | app.kubernetes.io/name: argo-rollouts-dashboard 14 | ports: 15 | - port: 3100 16 | protocol: TCP 17 | targetPort: 3100 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | version: 0.1.2 3 | appVersion: 0.12.0 4 | name: argocd-image-updater 5 | description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD 6 | type: application 7 | home: https://github.com/argoproj-labs/argocd-image-updater 8 | icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png 9 | keywords: 10 | - argoproj 11 | - argocd 12 | - gitops 13 | maintainers: 14 | - name: terrytangyuan 15 | - name: jessesuen 16 | - name: wanghong230 17 | -------------------------------------------------------------------------------- /charts/argo-events/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/applicationset-controller/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.applicationsetController.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: argocd-applicationset-controller-network-policy 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | ingress: 9 | - from: 10 | - namespaceSelector: {} 11 | ports: 12 | - port: 7000 13 | protocol: TCP 14 | - port: 8080 15 | protocol: TCP 16 | podSelector: 17 | matchLabels: 18 | app.kubernetes.io/name: argocd-applicationset-controller 19 | policyTypes: 20 | - Ingress 21 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-cd/templates/redis-ha/redis-ha-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: redis 6 | app.kubernetes.io/name: argocd-redis-ha 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-redis-ha 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | clusterIP: None 12 | ports: 13 | - name: tcp-server 14 | port: 6379 15 | protocol: TCP 16 | targetPort: redis 17 | - name: tcp-sentinel 18 | port: 26379 19 | protocol: TCP 20 | targetPort: sentinel 21 | selector: 22 | app.kubernetes.io/name: argocd-redis-ha 23 | type: ClusterIP 24 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/notifications-controller/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.notificationsController.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: notifications-controller 7 | app.kubernetes.io/name: argocd-notifications-controller-metrics 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-notifications-controller-metrics 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | ports: 13 | - name: metrics 14 | port: 9001 15 | protocol: TCP 16 | targetPort: 9001 17 | selector: 18 | app.kubernetes.io/name: argocd-notifications-controller 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/redis-ha/haproxy-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: redis 6 | app.kubernetes.io/name: argocd-redis-ha-haproxy 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-redis-ha-haproxy 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | ports: 12 | - name: tcp-haproxy 13 | port: 6379 14 | protocol: TCP 15 | targetPort: redis 16 | - name: http-exporter-port 17 | port: 9101 18 | protocol: TCP 19 | targetPort: metrics-port 20 | selector: 21 | app.kubernetes.io/name: argocd-redis-ha-haproxy 22 | type: ClusterIP 23 | -------------------------------------------------------------------------------- /scripts/lint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script runs the chart-testing tool locally. It simulates the linting that is also done by the github action. Run this without any errors before pushing. 3 | # Reference: https://github.com/helm/chart-testing 4 | set -eux 5 | 6 | SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" 7 | 8 | echo -e "\n-- Linting all Helm Charts --\n" 9 | docker run \ 10 | -v "$SRCROOT:/workdir" \ 11 | --entrypoint /bin/sh \ 12 | quay.io/helmpack/chart-testing:v3.3.1 \ 13 | -c cd /workdir \ 14 | ct lint \ 15 | --config .github/configs/ct-lint.yaml \ 16 | --lint-conf .github/configs/lintconf.yaml \ 17 | --debug 18 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/dashboard/dashboard-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dashboard.enabled -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: argo-rollouts-dashboard 7 | app.kubernetes.io/name: argo-rollouts-dashboard 8 | app.kubernetes.io/part-of: argo-rollouts 9 | name: argo-rollouts-dashboard 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: argo-rollouts-dashboard 14 | subjects: 15 | - kind: ServiceAccount 16 | name: argo-rollouts-dashboard 17 | namespace: {{ .Release.Namespace }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/argocd-server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: server 6 | app.kubernetes.io/name: argocd-server 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-server 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | {{- if .Values.server.service.type }} 12 | type: {{ .Values.server.service.type }} 13 | {{- end }} 14 | ports: 15 | - name: http 16 | port: 80 17 | protocol: TCP 18 | targetPort: 8080 19 | - name: https 20 | port: 443 21 | protocol: TCP 22 | targetPort: 8080 23 | selector: 24 | app.kubernetes.io/name: argocd-server 25 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-controller-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: argo-rollouts-controller 5 | labels: 6 | app.kubernetes.io/component: rollouts-controller 7 | app.kubernetes.io/name: argo-rollouts 8 | app.kubernetes.io/part-of: argo-rollouts 9 | rules: 10 | # leases create/get/update needed for leader election 11 | - apiGroups: 12 | - coordination.k8s.io 13 | resources: 14 | - leases 15 | verbs: 16 | - create 17 | - get 18 | - update 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - secrets 23 | - configmaps 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/templates/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-image-updater-config 6 | app.kubernetes.io/part-of: argocd-image-updater 7 | name: argocd-image-updater-config 8 | {{ if .Values.config.registries }} 9 | data: 10 | registries.conf: | 11 | {{- with .Values.config.registries }} 12 | registries: 13 | {{- toYaml . | nindent 6 }} 14 | {{- end }} 15 | {{- end }} 16 | --- 17 | apiVersion: v1 18 | kind: ConfigMap 19 | metadata: 20 | labels: 21 | app.kubernetes.io/name: argocd-image-updater-ssh-config 22 | app.kubernetes.io/part-of: argocd-image-updater 23 | name: argocd-image-updater-ssh-config 24 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Returns the supplied image tag if defined, then the global tag, then the chart version 5 | @param .root The root scope 6 | @param .image Image structure with .repository and .tag fields 7 | */}} 8 | {{- define "argo-cd.image" -}} 9 | {{- $repository := default .root.Values.global.image.repository .image.repository }} 10 | {{- if .image.tag -}} 11 | {{- $repository }}:{{- .image.tag -}} 12 | {{- else -}} 13 | {{- $imageFromChartVersion := print "v" (regexReplaceAllLiteral "\\.[0-9]+$" .root.Chart.Version "") }} 14 | {{- $repository }}:{{- default $imageFromChartVersion .root.Values.global.image.tag -}} 15 | {{- end -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/applicationset-controller/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.applicationsetController.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: applicationset-controller 7 | app.kubernetes.io/name: argocd-applicationset-controller 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-applicationset-controller 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | ports: 13 | - name: webhook 14 | port: 7000 15 | protocol: TCP 16 | targetPort: webhook 17 | - name: metrics 18 | port: 8080 19 | protocol: TCP 20 | targetPort: metrics 21 | selector: 22 | app.kubernetes.io/name: argocd-applicationset-controller 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/dex/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.server.enabled .Values.dex.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: argocd-dex-server-network-policy 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | ingress: 9 | - from: 10 | - podSelector: 11 | matchLabels: 12 | app.kubernetes.io/name: argocd-server 13 | ports: 14 | - port: 5556 15 | protocol: TCP 16 | - port: 5557 17 | protocol: TCP 18 | - from: 19 | - namespaceSelector: {} 20 | ports: 21 | - port: 5558 22 | protocol: TCP 23 | podSelector: 24 | matchLabels: 25 | app.kubernetes.io/name: argocd-dex-server 26 | policyTypes: 27 | - Ingress 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/notifications-controller/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.notificationsController.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: notifications-controller 7 | app.kubernetes.io/name: argocd-notifications-controller 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-notifications-controller-network-policy 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | ingress: 13 | - from: 14 | - namespaceSelector: {} 15 | ports: 16 | - port: 9001 17 | protocol: TCP 18 | podSelector: 19 | matchLabels: 20 | app.kubernetes.io/name: argocd-notifications-controller 21 | policyTypes: 22 | - Ingress 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/dex/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.server.enabled .Values.dex.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: dex-server 7 | app.kubernetes.io/name: argocd-dex-server 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-dex-server 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | ports: 13 | - appProtocol: TCP 14 | name: http 15 | port: 5556 16 | protocol: TCP 17 | targetPort: 5556 18 | - name: grpc 19 | port: 5557 20 | protocol: TCP 21 | targetPort: 5557 22 | - name: metrics 23 | port: 5558 24 | protocol: TCP 25 | targetPort: 5558 26 | selector: 27 | app.kubernetes.io/name: argocd-dex-server 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/notifications-controller/config.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.notificationsController.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: notifications-controller 7 | app.kubernetes.io/name: argocd-notifications-controller 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-notifications-cm 10 | namespace: {{ .Release.Namespace }} 11 | --- 12 | apiVersion: v1 13 | kind: Secret 14 | metadata: 15 | labels: 16 | app.kubernetes.io/component: notifications-controller 17 | app.kubernetes.io/name: argocd-notifications-controller 18 | app.kubernetes.io/part-of: argocd 19 | name: argocd-notifications-secret 20 | namespace: {{ .Release.Namespace }} 21 | type: Opaque 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/redis-ha/haproxy-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: argocd-redis-ha-proxy-network-policy 5 | namespace: {{ .Release.Namespace }} 6 | spec: 7 | ingress: 8 | - from: 9 | - podSelector: 10 | matchLabels: 11 | app.kubernetes.io/name: argocd-server 12 | - podSelector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-repo-server 15 | - podSelector: 16 | matchLabels: 17 | app.kubernetes.io/name: argocd-application-controller 18 | ports: 19 | - port: 6379 20 | protocol: TCP 21 | - port: 26379 22 | protocol: TCP 23 | podSelector: 24 | matchLabels: 25 | app.kubernetes.io/name: argocd-redis-ha-haproxy 26 | policyTypes: 27 | - Ingress 28 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | In order to access the server UI you have the following options: 2 | 3 | 1. kubectl port-forward service/argocd-server -n {{ .Release.Namespace }} 8080:443 4 | 5 | and then open the browser on http://localhost:8080 and accept the certificate 6 | 7 | 2. enable ingress in the values file `server.ingress.enabled` 8 | 9 | After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: 10 | 11 | kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d 12 | 13 | (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli) 14 | -------------------------------------------------------------------------------- /charts/argo-cd/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | version: 3.0.20-ak.0.0 3 | appVersion: 3.0.20 4 | description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. 5 | name: argo-cd 6 | home: https://charts.akuity.io 7 | icon: https://argoproj.github.io/argo-cd/assets/logo.png 8 | keywords: 9 | - argoproj 10 | - argocd 11 | - gitops 12 | maintainers: 13 | - name: jessesuen 14 | email: jesse@akuity.io 15 | - name: wanghong230 16 | email: hong@akuity.io 17 | - name: 34fathombelow 18 | email: justin@akuity.io 19 | 20 | dependencies: 21 | - name: argo-cd-extensions 22 | version: 0.0.4 23 | repository: https://charts.akuity.io 24 | condition: extensions.enabled 25 | - name: argocd-image-updater 26 | version: 0.1.2 27 | repository: https://charts.akuity.io 28 | condition: imageUpdater.enabled 29 | -------------------------------------------------------------------------------- /charts/argo-cd-extensions/README.md: -------------------------------------------------------------------------------- 1 | # argo-cd-extensions 2 | 3 | ![Version: 0.0.4](https://img.shields.io/badge/Version-0.0.4-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) 4 | 5 | A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | terrytangyuan | | | 14 | | jessesuen | | | 15 | | wanghong230 | | | 16 | 17 | ## Values 18 | 19 | | Key | Type | Default | Description | 20 | |-----|------|---------|-------------| 21 | | extensions[0] | string | `"argo-rollouts"` | | 22 | 23 | ---------------------------------------------- 24 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 25 | -------------------------------------------------------------------------------- /charts/argo-cd-extensions/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-server 6 | app.kubernetes.io/part-of: argocd 7 | app.kubernetes.io/component: server 8 | name: argocd-server-extensions 9 | rules: 10 | - apiGroups: 11 | - argoproj.io 12 | resources: 13 | - argocdextensions 14 | verbs: 15 | - create 16 | - get 17 | - list 18 | - watch 19 | - update 20 | - delete 21 | - patch 22 | 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: RoleBinding 26 | metadata: 27 | labels: 28 | app.kubernetes.io/name: argocd-server 29 | app.kubernetes.io/part-of: argocd 30 | app.kubernetes.io/component: server 31 | name: argocd-server-extensions 32 | roleRef: 33 | apiGroup: rbac.authorization.k8s.io 34 | kind: Role 35 | name: argocd-server-extensions 36 | subjects: 37 | - kind: ServiceAccount 38 | name: argocd-server 39 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/repo-server/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: argocd-repo-server-network-policy 5 | namespace: {{ .Release.Namespace }} 6 | spec: 7 | ingress: 8 | - from: 9 | - podSelector: 10 | matchLabels: 11 | app.kubernetes.io/name: argocd-server 12 | - podSelector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-application-controller 15 | - podSelector: 16 | matchLabels: 17 | app.kubernetes.io/name: argocd-notifications-controller 18 | - podSelector: 19 | matchLabels: 20 | app.kubernetes.io/name: argocd-applicationset-controller 21 | ports: 22 | - port: 8081 23 | protocol: TCP 24 | - from: 25 | - namespaceSelector: {} 26 | ports: 27 | - port: 8084 28 | podSelector: 29 | matchLabels: 30 | app.kubernetes.io/name: argocd-repo-server 31 | policyTypes: 32 | - Ingress 33 | -------------------------------------------------------------------------------- /docs/argo-cd-example/values.yaml: -------------------------------------------------------------------------------- 1 | config: 2 | argocd: 3 | url: https://cd.example.com 4 | admin.enabled: 'false' 5 | dex.config: | 6 | connectors: 7 | - type: github 8 | id: github 9 | name: GitHub 10 | config: 11 | clientID: $dex.github.clientID 12 | clientSecret: $dex.github.clientSecret 13 | orgs: 14 | - name: example-org 15 | teamNameField: slug 16 | useLoginAsID: true 17 | kustomize.buildOptions: --enable-helm 18 | rbac: 19 | policy.csv: | 20 | g, example-org:example-team, role:admin 21 | policy.default: role:readonly 22 | 23 | server: 24 | insecure: true 25 | ingress: 26 | enabled: true 27 | className: contour 28 | host: cd.example.com 29 | tls: 30 | enabled: true 31 | secretName: argocd-tls 32 | annotations: 33 | cert-manager.io/cluster-issuer: letsencrypt-prod 34 | ingress.kubernetes.io/force-ssl-redirect: "true" 35 | kubernetes.io/tls-acme: "true" 36 | -------------------------------------------------------------------------------- /charts/argo-events/crds/eventsource-crd.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: eventsources.argoproj.io 5 | spec: 6 | group: argoproj.io 7 | names: 8 | kind: EventSource 9 | listKind: EventSourceList 10 | plural: eventsources 11 | shortNames: 12 | - es 13 | singular: eventsource 14 | scope: Namespaced 15 | versions: 16 | - name: v1alpha1 17 | schema: 18 | openAPIV3Schema: 19 | properties: 20 | apiVersion: 21 | type: string 22 | kind: 23 | type: string 24 | metadata: 25 | type: object 26 | spec: 27 | type: object 28 | x-kubernetes-preserve-unknown-fields: true 29 | status: 30 | type: object 31 | x-kubernetes-preserve-unknown-fields: true 32 | required: 33 | - metadata 34 | - spec 35 | type: object 36 | served: true 37 | storage: true 38 | subresources: 39 | status: {} -------------------------------------------------------------------------------- /charts/argo-rollouts/notifications/on-rollout-paused: -------------------------------------------------------------------------------- 1 | trigger.on-rollout-paused: | 2 | - send: [rollout-paused] 3 | template.rollout-paused: | 4 | message: Rollout {{.rollout.metadata.name}} has been paused. 5 | email: 6 | subject: Rollout {{.rollout.metadata.name}} has been paused. 7 | slack: 8 | attachments: | 9 | [{ 10 | "title": "{{ .rollout.metadata.name}}", 11 | "color": "#18be52", 12 | "fields": [ 13 | { 14 | "title": "Strategy", 15 | "value": "{{if .rollout.spec.strategy.blueGreen}}BlueGreen{{end}}{{if .rollout.spec.strategy.canary}}Canary{{end}}", 16 | "short": true 17 | } 18 | {{range $index, $c := .rollout.spec.template.spec.containers}} 19 | {{if not $index}},{{end}} 20 | {{if $index}},{{end}} 21 | { 22 | "title": "{{$c.name}}", 23 | "value": "{{$c.image}}", 24 | "short": true 25 | } 26 | {{end}} 27 | ] 28 | }] 29 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/server/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: argo-server 6 | {{- if .Values.server.ingress.annotations }} 7 | annotations: 8 | {{- range $key, $value := .Values.server.ingress.annotations }} 9 | {{ $key }}: {{ $value | quote }} 10 | {{- end }} 11 | {{- end }} 12 | spec: 13 | {{- with .Values.server.ingress.className }} 14 | ingressClassName: {{ . }} 15 | {{- end }} 16 | rules: 17 | - host: {{ .Values.server.ingress.host }} 18 | http: 19 | paths: 20 | - backend: 21 | service: 22 | name: argo-server 23 | port: 24 | name: web 25 | path: / 26 | pathType: Prefix 27 | {{- if .Values.server.ingress.tls.enabled }} 28 | tls: 29 | - hosts: 30 | - {{ .Values.server.ingress.host }} 31 | {{- with .Values.server.ingress.tls.secretName }} 32 | secretName: {{ . }} 33 | {{- end }} 34 | {{- end }} 35 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-rollouts/notifications/on-rollout-aborted: -------------------------------------------------------------------------------- 1 | trigger.on-rollout-aborted: | 2 | - send: [rollout-aborted] 3 | template.rollout-aborted: | 4 | message: Rollout {{.rollout.metadata.name}} has been aborted. 5 | email: 6 | subject: Rollout {{.rollout.metadata.name}} has been aborted. 7 | slack: 8 | attachments: | 9 | [{ 10 | "title": "{{ .rollout.metadata.name}}", 11 | "color": "#E01E5A", 12 | "fields": [ 13 | { 14 | "title": "Strategy", 15 | "value": "{{if .rollout.spec.strategy.blueGreen}}BlueGreen{{end}}{{if .rollout.spec.strategy.canary}}Canary{{end}}", 16 | "short": true 17 | } 18 | {{range $index, $c := .rollout.spec.template.spec.containers}} 19 | {{if not $index}},{{end}} 20 | {{if $index}},{{end}} 21 | { 22 | "title": "{{$c.name}}", 23 | "value": "{{$c.image}}", 24 | "short": true 25 | } 26 | {{end}} 27 | ] 28 | }] 29 | -------------------------------------------------------------------------------- /charts/argo-rollouts/notifications/on-rollout-updated: -------------------------------------------------------------------------------- 1 | trigger.on-rollout-updated: | 2 | - send: [rollout-updated] 3 | template.rollout-updated: | 4 | message: Rollout {{.rollout.metadata.name}} has been updated. 5 | email: 6 | subject: Rollout {{.rollout.metadata.name}} has been updated. 7 | slack: 8 | attachments: | 9 | [{ 10 | "title": "{{ .rollout.metadata.name}}", 11 | "color": "#18be52", 12 | "fields": [ 13 | { 14 | "title": "Strategy", 15 | "value": "{{if .rollout.spec.strategy.blueGreen}}BlueGreen{{end}}{{if .rollout.spec.strategy.canary}}Canary{{end}}", 16 | "short": true 17 | } 18 | {{range $index, $c := .rollout.spec.template.spec.containers}} 19 | {{if not $index}},{{end}} 20 | {{if $index}},{{end}} 21 | { 22 | "title": "{{$c.name}}", 23 | "value": "{{$c.image}}", 24 | "short": true 25 | } 26 | {{end}} 27 | ] 28 | }] 29 | -------------------------------------------------------------------------------- /charts/argo-rollouts/notifications/on-rollout-completed: -------------------------------------------------------------------------------- 1 | trigger.on-rollout-completed: | 2 | - send: [rollout-completed] 3 | template.rollout-completed: | 4 | message: Rollout {{.rollout.metadata.name}} has been completed. 5 | email: 6 | subject: Rollout {{.rollout.metadata.name}} has been completed. 7 | slack: 8 | attachments: | 9 | [{ 10 | "title": "{{ .rollout.metadata.name}}", 11 | "color": "#18be52", 12 | "fields": [ 13 | { 14 | "title": "Strategy", 15 | "value": "{{if .rollout.spec.strategy.blueGreen}}BlueGreen{{end}}{{if .rollout.spec.strategy.canary}}Canary{{end}}", 16 | "short": true 17 | } 18 | {{range $index, $c := .rollout.spec.template.spec.containers}} 19 | {{if not $index}},{{end}} 20 | {{if $index}},{{end}} 21 | { 22 | "title": "{{$c.name}}", 23 | "value": "{{$c.image}}", 24 | "short": true 25 | } 26 | {{end}} 27 | ] 28 | }] 29 | -------------------------------------------------------------------------------- /charts/argo-rollouts/notifications/on-analysis-run-failed: -------------------------------------------------------------------------------- 1 | trigger.on-analysis-run-failed: | 2 | - send: [analysis-run-failed] 3 | template.analysis-run-failed: | 4 | message: Rollout {{.rollout.metadata.name}}'s analysis run failed. 5 | email: 6 | subject: Rollout {{.rollout.metadata.name}}'s analysis run failed. 7 | slack: 8 | attachments: | 9 | [{ 10 | "title": "{{ .rollout.metadata.name}}", 11 | "color": "#E01E5A", 12 | "fields": [ 13 | { 14 | "title": "Strategy", 15 | "value": "{{if .rollout.spec.strategy.blueGreen}}BlueGreen{{end}}{{if .rollout.spec.strategy.canary}}Canary{{end}}", 16 | "short": true 17 | } 18 | {{range $index, $c := .rollout.spec.template.spec.containers}} 19 | {{if not $index}},{{end}} 20 | {{if $index}},{{end}} 21 | { 22 | "title": "{{$c.name}}", 23 | "value": "{{$c.image}}", 24 | "short": true 25 | } 26 | {{end}} 27 | ] 28 | }] 29 | -------------------------------------------------------------------------------- /docs/argo-cd-install/README.md: -------------------------------------------------------------------------------- 1 | # Argo CD Initial Install 2 | 3 | This kustomization is used for an initial vanilla install of Argo CD using Akuity helm chart. It is installed using the following command: 4 | 5 | ```shell 6 | kustomize build --enable-helm https://github.com/akuity/helm-charts//docs/argo-cd-install | kubectl apply -n argocd -f - 7 | ``` 8 | 9 | If you wish to change the version which is installed, or the namespace, you will need to clone the repo and edit the `kustomization.yaml` 10 | 11 | ```shell 12 | git clone https://github.com/akuity/helm-charts 13 | cd docs/argo-cd-install 14 | # modify kustomization.yaml 15 | ``` 16 | 17 | ```yaml 18 | helmCharts: 19 | - name: argo-cd 20 | repo: https://charts.akuity.io 21 | includeCRDs: true 22 | valuesFile: values.yaml 23 | namespace: argocd # modify to different namespace 24 | version: 1.0.2 # pin to specific version 25 | ``` 26 | 27 | Once modified run kustomize build from your local workspace to apply the changes: 28 | 29 | ```shell 30 | kustomize build --enable-helm . | kubectl apply -n argocd -f - 31 | ``` 32 | -------------------------------------------------------------------------------- /charts/argo-rollouts/notifications/on-analysis-run-running: -------------------------------------------------------------------------------- 1 | trigger.on-analysis-run-running: | 2 | - send: [analysis-run-running] 3 | template.analysis-run-running: | 4 | message: Rollout {{.rollout.metadata.name}}'s analysis run is running. 5 | email: 6 | subject: Rollout {{.rollout.metadata.name}}'s analysis run is running. 7 | slack: 8 | attachments: | 9 | [{ 10 | "title": "{{ .rollout.metadata.name}}", 11 | "color": "#18be52", 12 | "fields": [ 13 | { 14 | "title": "Strategy", 15 | "value": "{{if .rollout.spec.strategy.blueGreen}}BlueGreen{{end}}{{if .rollout.spec.strategy.canary}}Canary{{end}}", 16 | "short": true 17 | } 18 | {{range $index, $c := .rollout.spec.template.spec.containers}} 19 | {{if not $index}},{{end}} 20 | {{if $index}},{{end}} 21 | { 22 | "title": "{{$c.name}}", 23 | "value": "{{$c.image}}", 24 | "short": true 25 | } 26 | {{end}} 27 | ] 28 | }] 29 | -------------------------------------------------------------------------------- /charts/argo-rollouts/notifications/on-analysis-run-error: -------------------------------------------------------------------------------- 1 | trigger.on-analysis-run-error: | 2 | - send: [analysis-run-error] 3 | template.analysis-run-error: | 4 | message: Rollout {{.rollout.metadata.name}}'s analysis run is in error state. 5 | email: 6 | subject: Rollout {{.rollout.metadata.name}}'s analysis run is in error state. 7 | slack: 8 | attachments: | 9 | [{ 10 | "title": "{{ .rollout.metadata.name}}", 11 | "color": "#ECB22E", 12 | "fields": [ 13 | { 14 | "title": "Strategy", 15 | "value": "{{if .rollout.spec.strategy.blueGreen}}BlueGreen{{end}}{{if .rollout.spec.strategy.canary}}Canary{{end}}", 16 | "short": true 17 | } 18 | {{range $index, $c := .rollout.spec.template.spec.containers}} 19 | {{if not $index}},{{end}} 20 | {{if $index}},{{end}} 21 | { 22 | "title": "{{$c.name}}", 23 | "value": "{{$c.image}}", 24 | "short": true 25 | } 26 | {{end}} 27 | ] 28 | }] 29 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/redis-ha/redis-ha-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: argocd-redis-ha-server-network-policy 5 | namespace: {{ .Release.Namespace }} 6 | spec: 7 | ingress: 8 | - from: 9 | - podSelector: 10 | matchLabels: 11 | app.kubernetes.io/name: argocd-redis-ha-haproxy 12 | - podSelector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-redis-ha 15 | ports: 16 | - port: 6379 17 | protocol: TCP 18 | - port: 26379 19 | protocol: TCP 20 | podSelector: 21 | matchLabels: 22 | app.kubernetes.io/name: argocd-redis-ha 23 | policyTypes: 24 | - Ingress 25 | {{- if .Values.redis.networkPolicy.egress.enabled }} 26 | - Egress 27 | egress: 28 | - ports: 29 | - port: 6379 30 | protocol: TCP 31 | - port: 26379 32 | protocol: TCP 33 | to: 34 | - podSelector: 35 | matchLabels: 36 | app.kubernetes.io/name: argocd-redis-ha 37 | - ports: 38 | - port: 53 39 | protocol: UDP 40 | - port: 53 41 | protocol: TCP 42 | {{- end }} 43 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/application-controller/cluster-rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterRoles.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: application-controller 7 | app.kubernetes.io/name: argocd-application-controller 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-application-controller 10 | rules: 11 | - apiGroups: 12 | - '*' 13 | resources: 14 | - '*' 15 | verbs: 16 | - '*' 17 | - nonResourceURLs: 18 | - '*' 19 | verbs: 20 | - '*' 21 | 22 | --- 23 | apiVersion: rbac.authorization.k8s.io/v1 24 | kind: ClusterRoleBinding 25 | metadata: 26 | labels: 27 | app.kubernetes.io/component: application-controller 28 | app.kubernetes.io/name: argocd-application-controller 29 | app.kubernetes.io/part-of: argocd 30 | name: argocd-application-controller 31 | roleRef: 32 | apiGroup: rbac.authorization.k8s.io 33 | kind: ClusterRole 34 | name: argocd-application-controller 35 | subjects: 36 | - kind: ServiceAccount 37 | name: argocd-application-controller 38 | namespace: {{ .Release.Namespace }} 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /.github/workflows/chart-publish.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Chart Publish 3 | on: 4 | push: 5 | branches: 6 | - master 7 | jobs: 8 | publish: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout 12 | uses: actions/checkout@v4 13 | with: 14 | fetch-depth: 0 15 | 16 | - name: Install Helm 17 | uses: azure/setup-helm@v4.2.0 18 | 19 | - name: Add dependency chart repos 20 | run: | 21 | helm repo add akuity https://charts.akuity.io 22 | - name: Configure Git 23 | run: | 24 | git config user.name "$GITHUB_ACTOR" 25 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 26 | 27 | ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases. 28 | - name: Fetch current Chart Index 29 | run: | 30 | git checkout origin/gh-pages index.yaml 31 | 32 | - name: Run chart-releaser 33 | uses: helm/chart-releaser-action@v1.6.0 34 | env: 35 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 36 | CR_SKIP_EXISTING: "true" 37 | CR_INDEX_PATH: "./index.yaml" 38 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: argocd-image-updater 7 | app.kubernetes.io/part-of: argocd-image-updater 8 | name: argocd-image-updater 9 | rules: 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - secrets 14 | - configmaps 15 | verbs: 16 | - get 17 | - list 18 | - watch 19 | - apiGroups: 20 | - argoproj.io 21 | resources: 22 | - applications 23 | verbs: 24 | - get 25 | - list 26 | - update 27 | - patch 28 | - apiGroups: 29 | - "" 30 | resources: 31 | - events 32 | verbs: 33 | - create 34 | --- 35 | apiVersion: rbac.authorization.k8s.io/v1 36 | kind: RoleBinding 37 | metadata: 38 | labels: 39 | app.kubernetes.io/component: controller 40 | app.kubernetes.io/name: argocd-image-updater 41 | app.kubernetes.io/part-of: argocd-image-updater 42 | name: argocd-image-updater 43 | roleRef: 44 | apiGroup: rbac.authorization.k8s.io 45 | kind: Role 46 | name: argocd-image-updater 47 | subjects: 48 | - kind: ServiceAccount 49 | name: argocd-image-updater 50 | -------------------------------------------------------------------------------- /.github/configs/lintconf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | rules: 3 | braces: 4 | min-spaces-inside: 0 5 | max-spaces-inside: 0 6 | min-spaces-inside-empty: -1 7 | max-spaces-inside-empty: -1 8 | brackets: 9 | min-spaces-inside: 0 10 | max-spaces-inside: 0 11 | min-spaces-inside-empty: -1 12 | max-spaces-inside-empty: -1 13 | colons: 14 | max-spaces-before: 0 15 | max-spaces-after: 1 16 | commas: 17 | max-spaces-before: 0 18 | min-spaces-after: 1 19 | max-spaces-after: 1 20 | comments: 21 | require-starting-space: true 22 | min-spaces-from-content: 1 23 | document-end: disable 24 | document-start: disable # No --- to start a file 25 | empty-lines: 26 | max: 2 27 | max-start: 0 28 | max-end: 0 29 | hyphens: 30 | max-spaces-after: 1 31 | indentation: 32 | spaces: consistent 33 | indent-sequences: whatever # - list indentation will handle both indentation and without 34 | check-multi-line-strings: false 35 | key-duplicates: enable 36 | line-length: disable # Lines can be any length 37 | new-line-at-end-of-file: enable 38 | new-lines: 39 | type: unix 40 | trailing-spaces: enable 41 | truthy: 42 | level: warning 43 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/argocd-server/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: argocd-server 6 | labels: 7 | app.kubernetes.io/component: server 8 | app.kubernetes.io/name: argocd-server 9 | app.kubernetes.io/part-of: argocd 10 | {{- if .Values.server.ingress.annotations }} 11 | annotations: 12 | {{- range $key, $value := .Values.server.ingress.annotations }} 13 | {{ $key }}: {{ $value | quote }} 14 | {{- end }} 15 | {{- end }} 16 | spec: 17 | {{- with .Values.server.ingress.className }} 18 | ingressClassName: {{ . }} 19 | {{- end }} 20 | rules: 21 | - host: {{ .Values.server.ingress.host }} 22 | http: 23 | paths: 24 | - backend: 25 | service: 26 | name: argocd-server 27 | port: 28 | number: {{ ternary "80" "443" .Values.server.insecure }} 29 | path: / 30 | pathType: Prefix 31 | {{- if .Values.server.ingress.tls.enabled }} 32 | tls: 33 | - hosts: 34 | - {{ .Values.server.ingress.host }} 35 | {{- with .Values.server.ingress.tls.secretName }} 36 | secretName: {{ . }} 37 | {{- end }} 38 | {{- end }} 39 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-cd/templates/redis-ha/redis-ha-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: redis 6 | app.kubernetes.io/name: argocd-redis-ha 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-redis-ha 9 | namespace: {{ .Release.Namespace }} 10 | secrets: 11 | - name: argocd-redis 12 | --- 13 | apiVersion: rbac.authorization.k8s.io/v1 14 | kind: Role 15 | metadata: 16 | labels: 17 | app.kubernetes.io/component: redis 18 | app.kubernetes.io/name: argocd-redis-ha 19 | app.kubernetes.io/part-of: argocd 20 | name: argocd-redis-ha 21 | namespace: {{ .Release.Namespace }} 22 | rules: 23 | - apiGroups: 24 | - "" 25 | resources: 26 | - endpoints 27 | verbs: 28 | - get 29 | --- 30 | apiVersion: rbac.authorization.k8s.io/v1 31 | kind: RoleBinding 32 | metadata: 33 | labels: 34 | app.kubernetes.io/component: redis 35 | app.kubernetes.io/name: argocd-redis-ha 36 | app.kubernetes.io/part-of: argocd 37 | name: argocd-redis-ha 38 | namespace: {{ .Release.Namespace }} 39 | roleRef: 40 | apiGroup: rbac.authorization.k8s.io 41 | kind: Role 42 | name: argocd-redis-ha 43 | subjects: 44 | - kind: ServiceAccount 45 | name: argocd-redis-ha 46 | -------------------------------------------------------------------------------- /charts/argo-events/crds/sensor-crd.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: sensors.argoproj.io 5 | spec: 6 | group: argoproj.io 7 | names: 8 | kind: Sensor 9 | listKind: SensorList 10 | plural: sensors 11 | shortNames: 12 | - sn 13 | singular: sensor 14 | scope: Namespaced 15 | versions: 16 | - name: v1alpha1 17 | schema: 18 | openAPIV3Schema: 19 | properties: 20 | apiVersion: 21 | type: string 22 | kind: 23 | type: string 24 | metadata: 25 | type: object 26 | spec: 27 | type: object 28 | x-kubernetes-preserve-unknown-fields: true 29 | status: 30 | type: object 31 | x-kubernetes-preserve-unknown-fields: true 32 | required: 33 | - metadata 34 | - spec 35 | type: object 36 | served: true 37 | storage: true 38 | subresources: 39 | status: {} 40 | -------------------------------------------------------------------------------- /charts/argo-events/crds/eventbus-crd.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: eventbus.argoproj.io 5 | spec: 6 | group: argoproj.io 7 | names: 8 | kind: EventBus 9 | listKind: EventBusList 10 | plural: eventbus 11 | shortNames: 12 | - eb 13 | singular: eventbus 14 | scope: Namespaced 15 | versions: 16 | - name: v1alpha1 17 | schema: 18 | openAPIV3Schema: 19 | properties: 20 | apiVersion: 21 | type: string 22 | kind: 23 | type: string 24 | metadata: 25 | type: object 26 | spec: 27 | type: object 28 | x-kubernetes-preserve-unknown-fields: true 29 | status: 30 | type: object 31 | x-kubernetes-preserve-unknown-fields: true 32 | required: 33 | - metadata 34 | - spec 35 | type: object 36 | served: true 37 | storage: true 38 | subresources: 39 | status: {} 40 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/dex/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.server.enabled .Values.dex.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: dex-server 7 | app.kubernetes.io/name: argocd-dex-server 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-dex-server 10 | namespace: {{ .Release.Namespace }} 11 | 12 | --- 13 | apiVersion: rbac.authorization.k8s.io/v1 14 | kind: Role 15 | metadata: 16 | labels: 17 | app.kubernetes.io/component: dex-server 18 | app.kubernetes.io/name: argocd-dex-server 19 | app.kubernetes.io/part-of: argocd 20 | name: argocd-dex-server 21 | namespace: {{ .Release.Namespace }} 22 | rules: 23 | - apiGroups: 24 | - "" 25 | resources: 26 | - secrets 27 | - configmaps 28 | verbs: 29 | - get 30 | - list 31 | - watch 32 | 33 | --- 34 | apiVersion: rbac.authorization.k8s.io/v1 35 | kind: RoleBinding 36 | metadata: 37 | labels: 38 | app.kubernetes.io/component: dex-server 39 | app.kubernetes.io/name: argocd-dex-server 40 | app.kubernetes.io/part-of: argocd 41 | name: argocd-dex-server 42 | namespace: {{ .Release.Namespace }} 43 | roleRef: 44 | apiGroup: rbac.authorization.k8s.io 45 | kind: Role 46 | name: argocd-dex-server 47 | subjects: 48 | - kind: ServiceAccount 49 | name: argocd-dex-server 50 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/dashboard/dashboard-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.dashboard.enabled .Values.dashboard.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: argo-rollouts-dashboard 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app.kubernetes.io/component: argo-rollouts-dashboard 9 | app.kubernetes.io/name: argo-rollouts-dashboard 10 | app.kubernetes.io/part-of: argo-rollouts 11 | {{- if .Values.dashboard.ingress.annotations }} 12 | annotations: 13 | {{- range $key, $value := .Values.dashboard.ingress.annotations }} 14 | {{ $key }}: {{ $value | quote }} 15 | {{- end }} 16 | {{- end }} 17 | spec: 18 | {{- with .Values.dashboard.ingress.className }} 19 | ingressClassName: {{ . }} 20 | {{- end }} 21 | rules: 22 | - host: {{ .Values.dashboard.ingress.host }} 23 | http: 24 | paths: 25 | - backend: 26 | service: 27 | name: argo-rollouts-dashboard 28 | port: 29 | number: 3100 30 | path: / 31 | pathType: Prefix 32 | {{- if .Values.dashboard.ingress.tls.enabled }} 33 | tls: 34 | - hosts: 35 | - {{ .Values.dashboard.ingress.host }} 36 | {{- with .Values.dashboard.ingress.tls.secretName }} 37 | secretName: {{ . }} 38 | {{- end }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | # -- Default image repository 3 | repository: quay.io/argoprojlabs/argocd-image-updater 4 | # -- Default image pull policy 5 | pullPolicy: Always 6 | # -- Default image tag 7 | tag: v0.12.0 8 | 9 | 10 | # -- Extra arguments for argocd-image-updater not defined in config.argocd 11 | extraArgs: [] 12 | # - --disable-kubernetes 13 | # - --dry-run 14 | # - --health-port 8080 15 | # - --interval 2m 16 | # - --kubeconfig ~/.kube/config 17 | # - --match-application-name staging-* 18 | # - --max-concurrency 5 19 | # - --once 20 | # - --registries-conf-path /app/config/registries.conf 21 | 22 | config: 23 | # -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) 24 | registries: [] 25 | # - name: Docker Hub 26 | # api_url: https://registry-1.docker.io 27 | # ping: yes 28 | # credentials: secret:foo/bar#creds 29 | # defaultns: library 30 | # - name: Google Container Registry 31 | # api_url: https://gcr.io 32 | # prefix: gcr.io 33 | # ping: no 34 | # credentials: pullsecret:foo/bar 35 | # - name: RedHat Quay 36 | # api_url: https://quay.io 37 | # ping: no 38 | # prefix: quay.io 39 | # credentials: env:REGISTRY_SECRET 40 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/dashboard/dashboard-deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dashboard.enabled -}} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: argo-rollouts-dashboard 7 | app.kubernetes.io/name: argo-rollouts-dashboard 8 | app.kubernetes.io/part-of: argo-rollouts 9 | name: argo-rollouts-dashboard 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | replicas: 1 13 | selector: 14 | matchLabels: 15 | app.kubernetes.io/name: argo-rollouts-dashboard 16 | template: 17 | metadata: 18 | labels: 19 | app.kubernetes.io/name: argo-rollouts-dashboard 20 | spec: 21 | serviceAccountName: argo-rollouts-dashboard 22 | containers: 23 | - name: argo-rollouts-dashboard 24 | image: {{ .Values.dashboard.image.repository }}:{{ .Values.dashboard.image.tag | default (print "v" .Chart.AppVersion) }} 25 | ports: 26 | - containerPort: 3100 27 | {{ with .Values.dashboard.image.pullPolicy }} 28 | imagePullPolicy: {{ . }} 29 | {{- end}} 30 | {{- with .Values.dashboard.extraArgs }} 31 | cmd: 32 | {{- . | toYaml | nindent 10 }} 33 | {{- end }} 34 | {{- with .Values.dashboard.resources }} 35 | resources: 36 | {{- toYaml . | nindent 12 }} 37 | {{- end }} 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /.github/workflows/image-publish.yml: -------------------------------------------------------------------------------- 1 | name: Image Publish 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | sourceImg: 7 | description: 'The source image, e.g. argoproj/argocd:v2.1.1' 8 | required: true 9 | targetImg: 10 | description: 'The target image, e.g. akuity/argocd:v0.0.1' 11 | required: true 12 | 13 | defaults: 14 | run: 15 | shell: bash 16 | 17 | jobs: 18 | build-linux-amd64: 19 | name: Build & push linux/amd64 20 | runs-on: ubuntu-20.04 21 | strategy: 22 | matrix: 23 | platform: [ linux/amd64 ] 24 | target: [ argocd ] 25 | steps: 26 | - uses: actions/checkout@v4 27 | 28 | - name: Set up Docker Buildx 29 | uses: docker/setup-buildx-action@v3 30 | 31 | - name: Docker Login 32 | uses: docker/login-action@v3 33 | with: 34 | registry: quay.io 35 | username: ${{ secrets.QUAYIO_USERNAME }} 36 | password: ${{ secrets.QUAYIO_PASSWORD }} 37 | 38 | - name: Docker Push 39 | env: 40 | DOCKERIO_ORG: "quay.io" 41 | run: | 42 | SOURCE_IMG=${{ github.event.inputs.sourceImg }} 43 | TARGET_IMG=${{ github.event.inputs.targetImg }} 44 | docker pull ${DOCKERIO_ORG}/${SOURCE_IMG} 45 | docker tag ${DOCKERIO_ORG}/${SOURCE_IMG} ${DOCKERIO_ORG}/${TARGET_IMG} 46 | docker push ${DOCKERIO_ORG}/${TARGET_IMG} 47 | -------------------------------------------------------------------------------- /charts/argo-events/templates/argo-events-rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.clusterRoles.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: argo-events-role 6 | rules: 7 | - apiGroups: 8 | - argoproj.io 9 | resources: 10 | - sensors 11 | - sensors/finalizers 12 | - sensors/status 13 | - eventsources 14 | - eventsources/finalizers 15 | - eventsources/status 16 | - eventbus 17 | - eventbus/finalizers 18 | - eventbus/status 19 | verbs: 20 | - create 21 | - delete 22 | - deletecollection 23 | - get 24 | - list 25 | - patch 26 | - update 27 | - watch 28 | - apiGroups: 29 | - "" 30 | resources: 31 | - pods 32 | - pods/exec 33 | - configmaps 34 | - secrets 35 | - services 36 | - persistentvolumeclaims 37 | verbs: 38 | - create 39 | - get 40 | - list 41 | - watch 42 | - update 43 | - patch 44 | - delete 45 | - apiGroups: 46 | - apps 47 | resources: 48 | - deployments 49 | - statefulsets 50 | verbs: 51 | - create 52 | - get 53 | - list 54 | - watch 55 | - update 56 | - patch 57 | - delete 58 | --- 59 | apiVersion: rbac.authorization.k8s.io/v1 60 | kind: RoleBinding 61 | metadata: 62 | name: argo-events-role-binding 63 | 64 | roleRef: 65 | apiGroup: rbac.authorization.k8s.io 66 | kind: Role 67 | name: argo-events-role 68 | subjects: 69 | - kind: ServiceAccount 70 | name: argo-events-sa 71 | namespace: {{ .Release.Namespace }} 72 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-rollouts/notifications/on-scaling-replica-set: -------------------------------------------------------------------------------- 1 | trigger.on-scaling-replica-set: | 2 | - send: [scaling-replicaset] 3 | template.scaling-replicaset: | 4 | message: Scaling Rollout {{.rollout.metadata.name}}'s replicaset to {{.rollout.spec.replicas}}. 5 | email: 6 | subject: Scaling Rollout {{.rollout.metadata.name}}'s replcaset to {{.rollout.spec.replicas}}. 7 | slack: 8 | attachments: | 9 | [{ 10 | "title": "{{ .rollout.metadata.name}}", 11 | "color": "#18be52", 12 | "fields": [ 13 | { 14 | "title": "Strategy", 15 | "value": "{{if .rollout.spec.strategy.blueGreen}}BlueGreen{{end}}{{if .rollout.spec.strategy.canary}}Canary{{end}}", 16 | "short": true 17 | }, 18 | { 19 | "title": "Desired replica", 20 | "value": "{{.rollout.spec.replicas}}", 21 | "short": true 22 | }, 23 | { 24 | "title": "Updated replicas", 25 | "value": "{{.rollout.status.updatedReplicas}}", 26 | "short": true 27 | } 28 | {{range $index, $c := .rollout.spec.template.spec.containers}} 29 | {{if not $index}},{{end}} 30 | {{if $index}},{{end}} 31 | { 32 | "title": "{{$c.name}}", 33 | "value": "{{$c.image}}", 34 | "short": true 35 | } 36 | {{end}} 37 | ] 38 | }] 39 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/redis-ha/haproxy-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: redis 6 | app.kubernetes.io/name: argocd-redis-ha-haproxy 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-redis-ha-haproxy 9 | namespace: {{ .Release.Namespace }} 10 | 11 | --- 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: Role 14 | metadata: 15 | labels: 16 | app.kubernetes.io/component: redis 17 | app.kubernetes.io/name: argocd-redis-ha 18 | app.kubernetes.io/part-of: argocd 19 | name: argocd-redis-ha-haproxy 20 | namespace: {{ .Release.Namespace }} 21 | rules: 22 | - apiGroups: 23 | - "" 24 | resources: 25 | - secrets 26 | verbs: 27 | - create 28 | - apiGroups: 29 | - "" 30 | resourceNames: 31 | - argocd-redis 32 | resources: 33 | - secrets 34 | verbs: 35 | - get 36 | - apiGroups: 37 | - "" 38 | resources: 39 | - endpoints 40 | verbs: 41 | - get 42 | 43 | --- 44 | apiVersion: rbac.authorization.k8s.io/v1 45 | kind: RoleBinding 46 | metadata: 47 | labels: 48 | app.kubernetes.io/component: redis 49 | app.kubernetes.io/name: argocd-redis-ha 50 | app.kubernetes.io/part-of: argocd 51 | name: argocd-redis-ha-haproxy 52 | namespace: {{ .Release.Namespace }} 53 | roleRef: 54 | apiGroup: rbac.authorization.k8s.io 55 | kind: Role 56 | name: argocd-redis-ha-haproxy 57 | subjects: 58 | - kind: ServiceAccount 59 | name: argocd-redis-ha-haproxy 60 | -------------------------------------------------------------------------------- /charts/argo-rollouts/notifications/on-rollout-step-completed: -------------------------------------------------------------------------------- 1 | trigger.on-rollout-step-completed: | 2 | - send: [rollout-step-completed] 3 | template.rollout-step-completed: | 4 | message: Rollout {{.rollout.metadata.name}} step number {{ add .rollout.status.currentStepIndex 1}}/{{len .rollout.spec.strategy.canary.steps}} has been completed. 5 | email: 6 | subject: Rollout {{.rollout.metadata.name}} step number {{ add .rollout.status.currentStepIndex 1}}/{{len .rollout.spec.strategy.canary.steps}} has been completed. 7 | slack: 8 | attachments: | 9 | [{ 10 | "title": "{{ .rollout.metadata.name}}", 11 | "color": "#18be52", 12 | "fields": [ 13 | { 14 | "title": "Strategy", 15 | "value": "{{if .rollout.spec.strategy.blueGreen}}BlueGreen{{end}}{{if .rollout.spec.strategy.canary}}Canary{{end}}", 16 | "short": true 17 | }, 18 | { 19 | "title": "Step completed", 20 | "value": "{{add .rollout.status.currentStepIndex 1}}/{{len .rollout.spec.strategy.canary.steps}}", 21 | "short": true 22 | } 23 | {{range $index, $c := .rollout.spec.template.spec.containers}} 24 | {{if not $index}},{{end}} 25 | {{if $index}},{{end}} 26 | { 27 | "title": "{{$c.name}}", 28 | "value": "{{$c.image}}", 29 | "short": true 30 | } 31 | {{end}} 32 | ] 33 | }] 34 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/dashboard/dashboard-clusterrole-readonly.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dashboard.clusterRole.readOnly -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: argo-rollouts-dashboard 7 | app.kubernetes.io/name: argo-rollouts-dashboard 8 | app.kubernetes.io/part-of: argo-rollouts 9 | name: argo-rollouts-dashboard 10 | rules: 11 | - apiGroups: 12 | - argoproj.io 13 | resources: 14 | - rollouts 15 | - rollouts/status 16 | - rollouts/finalizers 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - apiGroups: 22 | - argoproj.io 23 | resources: 24 | - analysisruns 25 | - analysisruns/finalizers 26 | - experiments 27 | - experiments/finalizers 28 | verbs: 29 | - get 30 | - list 31 | - watch 32 | - apiGroups: 33 | - argoproj.io 34 | resources: 35 | - analysistemplates 36 | - clusteranalysistemplates 37 | verbs: 38 | - get 39 | - list 40 | - watch 41 | - apiGroups: 42 | - apps 43 | resources: 44 | - deployments 45 | verbs: 46 | - get 47 | - list 48 | - watch 49 | - apiGroups: 50 | - apps 51 | resources: 52 | - replicasets 53 | verbs: 54 | - get 55 | - list 56 | - watch 57 | - apiGroups: 58 | - "" 59 | resources: 60 | - pods 61 | verbs: 62 | - list 63 | - watch 64 | {{- end }} 65 | -------------------------------------------------------------------------------- /hack/compare-image-updater.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script to compare against upstream version for differences 3 | 4 | set -euo pipefail 5 | 6 | PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/..; pwd) 7 | chart_root="${PROJECT_ROOT}/charts/argocd-image-updater" 8 | upstream_version=v$(grep appVersion ${chart_root}/Chart.yaml | awk '{print $2}') 9 | 10 | mytmpdir=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir') 11 | 12 | helm dependency update ${chart_root} 2>&1 >/dev/null 13 | helm template \ 14 | --include-crds \ 15 | --set global.image.repository=quay.io/argoprojlabs/argocd-image-updater \ 16 | --set global.image.tag=${upstream_version} \ 17 | --namespace argocd ${chart_root} | grep -v imagePullPolicy > $mytmpdir/helm.yaml 18 | 19 | echo """ 20 | apiVersion: kustomize.config.k8s.io/v1beta1 21 | kind: Kustomization 22 | resources: 23 | - helm.yaml 24 | """ > $mytmpdir/kustomization.yaml 25 | 26 | kustomize build $mytmpdir > "$mytmpdir/helm-$upstream_version.yaml" 27 | 28 | curl --silent https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/${upstream_version}/manifests/install.yaml | \ 29 | grep -v imagePullPolicy | \ 30 | grep -v "This is an auto-generated file" > "$mytmpdir/upstream-$upstream_version.yaml" 31 | 32 | echo "----------------------------------------------------------" 33 | echo "Helm and upstream output is located in: $mytmpdir" 34 | echo "----------------------------------------------------------" 35 | 36 | set -x 37 | diff "$mytmpdir/helm-$upstream_version.yaml" "$mytmpdir/upstream-$upstream_version.yaml" 38 | set +x 39 | -------------------------------------------------------------------------------- /charts/argo-events/values.yaml: -------------------------------------------------------------------------------- 1 | ## Argo Events configuration 2 | ## Ref: https://github.com/argoproj/argo-events 3 | 4 | global: 5 | image: 6 | # -- If defined, a repository applied to all argo events deployments 7 | repository: quay.io/argoproj/argo-events 8 | # -- If defined, a tag applied to all argo events deployments 9 | tag: v1.7.3 10 | # -- If defined, an image pull policy will be applied to all argo events deployments 11 | pullPolicy: # IfNotPresent 12 | 13 | # -- Installs necessary ClusterRoles to allow Argo Events to deploy to the same cluster Argo Events is installed in 14 | clusterRoles: 15 | enabled: true 16 | 17 | # -- Argo Events controller configuration 18 | controller: 19 | replicas: 1 20 | 21 | image: 22 | repository: # defaults to global.image.repository 23 | tag: # defaults to global.image.tag 24 | pullPolicy: # IfNotPresent 25 | 26 | # -- Additional command line arguments to pass 27 | extraArgs: 28 | # - --loglevel 29 | # - debug 30 | 31 | natsStreamingImage: 32 | repository: nats-streaming 33 | tag: "0.22.1" 34 | 35 | natsMetricsExporterImage: 36 | repository: natsio/prometheus-nats-exporter 37 | tag: "0.9.1" 38 | 39 | natsConfigReloaderImage: 40 | repository: natsio/nats-server-config-reloader 41 | tag: "0.7.0" 42 | 43 | resources: 44 | # limits: 45 | # cpu: 100m 46 | # memory: 128Mi 47 | # requests: 48 | # cpu: 50m 49 | # memory: 64Mi 50 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/README.md: -------------------------------------------------------------------------------- 1 | # argocd-image-updater 2 | 3 | ![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.12.0](https://img.shields.io/badge/AppVersion-0.12.0-informational?style=flat-square) 4 | 5 | A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | terrytangyuan | | | 14 | | jessesuen | | | 15 | | wanghong230 | | | 16 | 17 | ## Values 18 | 19 | | Key | Type | Default | Description | 20 | |-----|------|---------|-------------| 21 | | config.registries | list | `[]` | ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | 22 | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in config.argocd | 23 | | image.pullPolicy | string | `"Always"` | Default image pull policy | 24 | | image.repository | string | `"quay.io/argoprojlabs/argocd-image-updater"` | Default image repository | 25 | | image.tag | string | `"v0.12.0"` | Default image tag | 26 | 27 | ---------------------------------------------- 28 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 29 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/server/cluster-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: argo-server 5 | --- 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | kind: ClusterRole 8 | metadata: 9 | name: argo-server-cluster-role 10 | rules: 11 | - apiGroups: 12 | - "" 13 | resources: 14 | - configmaps 15 | verbs: 16 | - get 17 | - watch 18 | - list 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - secrets 23 | verbs: 24 | - get 25 | - create 26 | - apiGroups: 27 | - "" 28 | resources: 29 | - pods 30 | - pods/exec 31 | - pods/log 32 | verbs: 33 | - get 34 | - list 35 | - watch 36 | - delete 37 | - apiGroups: 38 | - "" 39 | resources: 40 | - events 41 | verbs: 42 | - watch 43 | - create 44 | - patch 45 | - apiGroups: 46 | - "" 47 | resources: 48 | - serviceaccounts 49 | verbs: 50 | - get 51 | - list 52 | - watch 53 | - apiGroups: 54 | - argoproj.io 55 | resources: 56 | - eventsources 57 | - sensors 58 | - workflows 59 | - workfloweventbindings 60 | - workflowtemplates 61 | - cronworkflows 62 | - clusterworkflowtemplates 63 | verbs: 64 | - create 65 | - get 66 | - list 67 | - watch 68 | - update 69 | - patch 70 | - delete 71 | --- 72 | apiVersion: rbac.authorization.k8s.io/v1 73 | kind: ClusterRoleBinding 74 | metadata: 75 | name: argo-server-binding 76 | roleRef: 77 | apiGroup: rbac.authorization.k8s.io 78 | kind: ClusterRole 79 | name: argo-server-cluster-role 80 | subjects: 81 | - kind: ServiceAccount 82 | name: argo-server 83 | namespace: {{ .Release.Namespace }} 84 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/dashboard/dashboard-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.dashboard.clusterRole.readOnly -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: argo-rollouts-dashboard 7 | app.kubernetes.io/name: argo-rollouts-dashboard 8 | app.kubernetes.io/part-of: argo-rollouts 9 | name: argo-rollouts-dashboard 10 | rules: 11 | - apiGroups: 12 | - argoproj.io 13 | resources: 14 | - rollouts 15 | - rollouts/status 16 | - rollouts/finalizers 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - update 22 | - patch 23 | - apiGroups: 24 | - argoproj.io 25 | resources: 26 | - analysisruns 27 | - analysisruns/finalizers 28 | - experiments 29 | - experiments/finalizers 30 | verbs: 31 | - create 32 | - get 33 | - list 34 | - watch 35 | - apiGroups: 36 | - argoproj.io 37 | resources: 38 | - analysistemplates 39 | - clusteranalysistemplates 40 | verbs: 41 | - get 42 | - list 43 | - watch 44 | - apiGroups: 45 | - apps 46 | resources: 47 | - deployments 48 | verbs: 49 | - get 50 | - update 51 | - list 52 | - watch 53 | - patch 54 | - apiGroups: 55 | - apps 56 | resources: 57 | - replicasets 58 | verbs: 59 | - get 60 | - list 61 | - watch 62 | - apiGroups: 63 | - "" 64 | resources: 65 | - pods 66 | verbs: 67 | - list 68 | - watch 69 | {{- end }} 70 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/argocd-server/cluster-rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.server.enabled .Values.clusterRoles.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: server 7 | app.kubernetes.io/name: argocd-server 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-server 10 | rules: 11 | - apiGroups: 12 | - '*' 13 | resources: 14 | - '*' 15 | verbs: 16 | - delete 17 | - get 18 | - patch 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - events 23 | verbs: 24 | - list 25 | - apiGroups: 26 | - "" 27 | resources: 28 | - pods 29 | - pods/log 30 | verbs: 31 | - get 32 | - apiGroups: 33 | - argoproj.io 34 | resources: 35 | - applications 36 | - applicationsets 37 | verbs: 38 | - get 39 | - list 40 | - watch 41 | - apiGroups: 42 | - batch 43 | resources: 44 | - jobs 45 | verbs: 46 | - create # supports triggering jobs from UI 47 | - apiGroups: 48 | - argoproj.io 49 | resources: 50 | - workflows 51 | verbs: 52 | - create # supports triggering workflows from UI 53 | --- 54 | apiVersion: rbac.authorization.k8s.io/v1 55 | kind: ClusterRoleBinding 56 | metadata: 57 | labels: 58 | app.kubernetes.io/component: server 59 | app.kubernetes.io/name: argocd-server 60 | app.kubernetes.io/part-of: argocd 61 | name: argocd-server 62 | roleRef: 63 | apiGroup: rbac.authorization.k8s.io 64 | kind: ClusterRole 65 | name: argocd-server 66 | subjects: 67 | - kind: ServiceAccount 68 | name: argocd-server 69 | namespace: {{ .Release.Namespace }} 70 | {{- end }} 71 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/argocd-server/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: server 7 | app.kubernetes.io/name: argocd-server 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-server 10 | namespace: {{ .Release.Namespace }} 11 | 12 | --- 13 | apiVersion: rbac.authorization.k8s.io/v1 14 | kind: Role 15 | metadata: 16 | labels: 17 | app.kubernetes.io/component: server 18 | app.kubernetes.io/name: argocd-server 19 | app.kubernetes.io/part-of: argocd 20 | name: argocd-server 21 | namespace: {{ .Release.Namespace }} 22 | rules: 23 | - apiGroups: 24 | - "" 25 | resources: 26 | - secrets 27 | - configmaps 28 | verbs: 29 | - create 30 | - get 31 | - list 32 | - watch 33 | - update 34 | - patch 35 | - delete 36 | - apiGroups: 37 | - argoproj.io 38 | resources: 39 | - applications 40 | - appprojects 41 | - applicationsets 42 | verbs: 43 | - create 44 | - get 45 | - list 46 | - watch 47 | - update 48 | - delete 49 | - patch 50 | - apiGroups: 51 | - "" 52 | resources: 53 | - events 54 | verbs: 55 | - create 56 | - list 57 | 58 | --- 59 | apiVersion: rbac.authorization.k8s.io/v1 60 | kind: RoleBinding 61 | metadata: 62 | labels: 63 | app.kubernetes.io/component: server 64 | app.kubernetes.io/name: argocd-server 65 | app.kubernetes.io/part-of: argocd 66 | name: argocd-server 67 | namespace: {{ .Release.Namespace }} 68 | roleRef: 69 | apiGroup: rbac.authorization.k8s.io 70 | kind: Role 71 | name: argocd-server 72 | subjects: 73 | - kind: ServiceAccount 74 | name: argocd-server 75 | {{- end }} 76 | -------------------------------------------------------------------------------- /hack/compare-events.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script to compare against upstream version for differences 3 | 4 | set -euo pipefail 5 | 6 | PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/..; pwd) 7 | chart_root="${PROJECT_ROOT}/charts/argo-events" 8 | upstream_version=v$(grep appVersion ${chart_root}/Chart.yaml | awk '{print $2}') 9 | 10 | helm_tmpdir=$(mktemp -d 2>/dev/null || mktemp -d -t 'helm') 11 | helm dependency update ${chart_root} 2>&1 >/dev/null 12 | helm template \ 13 | --include-crds \ 14 | --set global.image.repository=quay.io/argoproj/argo-events \ 15 | --set global.image.tag=${upstream_version} \ 16 | --set global.image.pullPolicy=Always \ 17 | --namespace argo-events ${chart_root} | grep -v imagePullPolicy > $helm_tmpdir/helm.yaml 18 | 19 | echo """ 20 | apiVersion: kustomize.config.k8s.io/v1beta1 21 | kind: Kustomization 22 | 23 | namespace: argo-events 24 | resources: 25 | - helm.yaml 26 | """ > $helm_tmpdir/kustomization.yaml 27 | 28 | upstream_tmpdir=$(mktemp -d 2>/dev/null || mktemp -d -t 'upstream') 29 | echo """ 30 | apiVersion: kustomize.config.k8s.io/v1beta1 31 | kind: Kustomization 32 | 33 | namespace: argo-events 34 | resources: 35 | - https://raw.githubusercontent.com/argoproj/argo-events/${upstream_version}/manifests/install.yaml 36 | """ > $upstream_tmpdir/kustomization.yaml 37 | 38 | diff_dir=$(mktemp -d 2>/dev/null || mktemp -d -t 'diff') 39 | helm_out=$(kustomize build $helm_tmpdir > $diff_dir/helm.yaml) 40 | upstream_out=$(kustomize build $upstream_tmpdir \ 41 | | grep -v imagePullPolicy \ 42 | | grep -v "^data: null$" \ 43 | > $diff_dir/upstream.yaml) 44 | diff $diff_dir/upstream.yaml $diff_dir/helm.yaml 45 | 46 | echo "Helm template output is located in: $diff_dir/helm.yaml" 47 | echo "Upstream output is located in: $diff_dir/upstream.yaml" 48 | -------------------------------------------------------------------------------- /.github/workflows/lint-and-test.yml: -------------------------------------------------------------------------------- 1 | ## Reference: https://github.com/helm/chart-testing-action 2 | --- 3 | name: Linting and Testing 4 | on: 5 | push: 6 | branches: 7 | - master 8 | pull_request: 9 | branches: 10 | - master 11 | jobs: 12 | chart-test: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v4 17 | with: 18 | fetch-depth: 0 19 | 20 | - name: Set up Helm 21 | uses: azure/setup-helm@v4.2.0 22 | 23 | - name: Set up python 24 | uses: actions/setup-python@v5 25 | with: 26 | python-version: 3.13 27 | 28 | - name: Setup Chart Linting 29 | id: lint 30 | uses: helm/chart-testing-action@v2.6.1 31 | 32 | - name: List changed charts 33 | id: list-changed 34 | run: | 35 | ## If executed with debug this won't work anymore. 36 | changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed) 37 | charts=$(echo "$changed" | tr '\n' ' ' | xargs) 38 | if [[ -n "$changed" ]]; then 39 | echo "::set-output name=changed::true" 40 | echo "::set-output name=changed_charts::$charts" 41 | fi 42 | - name: Run chart-testing (lint) 43 | run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml 44 | 45 | - name: Create kind cluster 46 | uses: helm/kind-action@v1.10.0 47 | if: steps.list-changed.outputs.changed == 'true' 48 | with: 49 | config: ./.github/configs/kind-config.yaml 50 | 51 | - name: Run chart-testing (install) 52 | run: ct install --config ./.github/configs/ct-install.yaml 53 | if: steps.list-changed.outputs.changed == 'true' 54 | -------------------------------------------------------------------------------- /charts/argo-cd/ci/test-values.yaml: -------------------------------------------------------------------------------- 1 | # typical configuration 2 | config: 3 | argocd: 4 | url: https://cd.company.com 5 | admin.enabled: 'false' 6 | statusbadge.enabled: 'true' 7 | users.anonymous.enabled: 'true' 8 | dex.config: | 9 | connectors: 10 | - type: github 11 | id: github 12 | name: GitHub 13 | config: 14 | clientID: $dex.github.clientID 15 | clientSecret: $dex.github.clientSecret 16 | orgs: 17 | - name: company 18 | teamNameField: slug 19 | useLoginAsID: true 20 | rbac: 21 | policy.csv: | 22 | g, company:admins, role:admin 23 | policy.default: role:readonly 24 | params: 25 | server.tls.minversion: "1.2" 26 | server.tls.maxversion: "1.3" 27 | secret: 28 | dex.github.clientID: 1345679a31682dc6bbcc 29 | dex.github.clientSecret: aaabbbcccdddeeefffggghhhiiijjjkkklllmm 30 | server.secretkey: J3bcC2LjNYbCGf8s2sScN7JpPVUiduiiogDK7uvtLAU= 31 | # bcrypt of the string: "password" 32 | admin.password: $2a$04$PJ/GxgRlyVyx/bvKQhlYouPRumbizCm89xy31u/eLbWapmUoFEn1K 33 | admin.passwordMtime: "2021-10-21T09:00:07Z" 34 | 35 | server: 36 | insecure: false 37 | ingress: 38 | enabled: true 39 | host: cd.company.com 40 | className: alb 41 | annotations: 42 | alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443},{"HTTP":80}]' 43 | alb.ingress.kubernetes.io/scheme: internet-facing 44 | alb.ingress.kubernetes.io/ssl-redirect: '443' 45 | tls: 46 | enabled: true 47 | secretName: my-tls-secret 48 | 49 | disasterRecovery: 50 | enabled: true 51 | backupSchedule: "0 1 * * *" 52 | bucketName: my-backup-bucket 53 | instanceName: argocd-prod 54 | aws: 55 | region: us-west-2 56 | roleARN: "arn:aws:iam::012345678910:role/argocd-dr" 57 | 58 | extensions: 59 | enabled: true 60 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/redis-ha/redis-ha-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: redis 6 | app.kubernetes.io/name: argocd-redis-ha 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-redis-ha-health-configmap 9 | namespace: {{ .Release.Namespace }} 10 | data: 11 | redis_liveness.sh: | 12 | response=$( 13 | redis-cli \ 14 | -a "${AUTH}" --no-auth-warning \ 15 | -h localhost \ 16 | -p 6379 \ 17 | ping 18 | ) 19 | echo "response=$response" 20 | case $response in 21 | PONG|LOADING*) ;; 22 | *) exit 1 ;; 23 | esac 24 | exit 0 25 | redis_readiness.sh: | 26 | response=$( 27 | redis-cli \ 28 | -a "${AUTH}" --no-auth-warning \ 29 | -h localhost \ 30 | -p 6379 \ 31 | ping 32 | ) 33 | if [ "$response" != "PONG" ] ; then 34 | echo "ping=$response" 35 | exit 1 36 | fi 37 | 38 | response=$( 39 | redis-cli \ 40 | -a "${AUTH}" --no-auth-warning \ 41 | -h localhost \ 42 | -p 6379 \ 43 | role 44 | ) 45 | role=$( echo "$response" | sed "1!d" ) 46 | if [ "$role" = "master" ]; then 47 | echo "role=$role" 48 | exit 0 49 | elif [ "$role" = "slave" ]; then 50 | repl=$( echo "$response" | sed "4!d" ) 51 | echo "role=$role; repl=$repl" 52 | if [ "$repl" = "connected" ]; then 53 | exit 0 54 | else 55 | exit 1 56 | fi 57 | else 58 | echo "role=$role" 59 | exit 1 60 | fi 61 | sentinel_liveness.sh: | 62 | response=$( 63 | redis-cli \ 64 | -h localhost \ 65 | -p 26379 \ 66 | ping 67 | ) 68 | if [ "$response" != "PONG" ]; then 69 | echo "$response" 70 | exit 1 71 | fi 72 | echo "response=$response" 73 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/application-controller/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: application-controller 6 | app.kubernetes.io/name: argocd-application-controller 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-application-controller 9 | namespace: {{ .Release.Namespace }} 10 | 11 | --- 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: Role 14 | metadata: 15 | labels: 16 | app.kubernetes.io/component: application-controller 17 | app.kubernetes.io/name: argocd-application-controller 18 | app.kubernetes.io/part-of: argocd 19 | name: argocd-application-controller 20 | namespace: {{ .Release.Namespace }} 21 | rules: 22 | - apiGroups: 23 | - "" 24 | resources: 25 | - secrets 26 | - configmaps 27 | verbs: 28 | - get 29 | - list 30 | - watch 31 | - apiGroups: 32 | - argoproj.io 33 | resources: 34 | - applications 35 | - applicationsets 36 | - appprojects 37 | verbs: 38 | - create 39 | - get 40 | - list 41 | - watch 42 | - update 43 | - patch 44 | - delete 45 | - apiGroups: 46 | - "" 47 | resources: 48 | - events 49 | verbs: 50 | - create 51 | - list 52 | - apiGroups: 53 | - apps 54 | resources: 55 | - deployments 56 | verbs: 57 | - get 58 | - list 59 | - watch 60 | 61 | --- 62 | apiVersion: rbac.authorization.k8s.io/v1 63 | kind: RoleBinding 64 | metadata: 65 | labels: 66 | app.kubernetes.io/component: application-controller 67 | app.kubernetes.io/name: argocd-application-controller 68 | app.kubernetes.io/part-of: argocd 69 | name: argocd-application-controller 70 | namespace: {{ .Release.Namespace }} 71 | roleRef: 72 | apiGroup: rbac.authorization.k8s.io 73 | kind: Role 74 | name: argocd-application-controller 75 | subjects: 76 | - kind: ServiceAccount 77 | name: argocd-application-controller 78 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/server/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: argo-server 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: argo-server 9 | template: 10 | metadata: 11 | labels: 12 | app: argo-server 13 | spec: 14 | containers: 15 | - args: 16 | - server 17 | {{- with .Values.server.extraArgs }} 18 | {{- toYaml . | nindent 8 }} 19 | {{- end }} 20 | {{- if not .Values.server.secure }} 21 | - --secure=false 22 | {{- end }} 23 | image: {{ .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }} 24 | name: argo-server 25 | ports: 26 | - containerPort: 2746 27 | name: web 28 | readinessProbe: 29 | httpGet: 30 | path: / 31 | port: 2746 32 | {{- if not .Values.server.secure }} 33 | scheme: HTTP 34 | {{- else }} 35 | scheme: HTTPS 36 | {{- end }} 37 | initialDelaySeconds: 10 38 | periodSeconds: 20 39 | securityContext: 40 | allowPrivilegeEscalation: false 41 | capabilities: 42 | drop: 43 | - ALL 44 | readOnlyRootFilesystem: true 45 | runAsNonRoot: true 46 | volumeMounts: 47 | - mountPath: /tmp 48 | name: tmp 49 | env: 50 | {{- with .Values.server.extraEnv }} 51 | {{- toYaml . | nindent 8 }} 52 | {{- end }} 53 | {{- with .Values.server.resources }} 54 | resources: 55 | {{- toYaml . | nindent 10 }} 56 | {{- end }} 57 | nodeSelector: 58 | kubernetes.io/os: linux 59 | securityContext: 60 | runAsNonRoot: true 61 | serviceAccountName: argo-server 62 | volumes: 63 | - emptyDir: {} 64 | name: tmp 65 | -------------------------------------------------------------------------------- /charts/argo-events/README.md: -------------------------------------------------------------------------------- 1 | # argo-events 2 | 3 | ![Version: 1.7.3-ak.0.0](https://img.shields.io/badge/Version-1.7.3--ak.0.0-informational?style=flat-square) ![AppVersion: 1.7.3](https://img.shields.io/badge/AppVersion-1.7.3-informational?style=flat-square) 4 | 5 | A Helm chart to install Argo-Events in k8s Cluster 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | terrytangyuan | | | 14 | | jessesuen | | | 15 | | wanghong230 | | | 16 | | gdsoumya | | | 17 | 18 | ## Source Code 19 | 20 | * 21 | 22 | ## Values 23 | 24 | | Key | Type | Default | Description | 25 | |-----|------|---------|-------------| 26 | | clusterRoles | object | `{"enabled":true}` | Installs necessary ClusterRoles to allow Argo Events to deploy to the same cluster Argo Events is installed in | 27 | | controller | object | `{"extraArgs":null,"image":{"pullPolicy":null,"repository":null,"tag":null},"natsConfigReloaderImage":{"repository":"natsio/nats-server-config-reloader","tag":"0.7.0"},"natsMetricsExporterImage":{"repository":"natsio/prometheus-nats-exporter","tag":"0.9.1"},"natsStreamingImage":{"repository":"nats-streaming","tag":"0.22.1"},"replicas":1,"resources":null}` | Argo Events controller configuration | 28 | | controller.extraArgs | string | `nil` | Additional command line arguments to pass | 29 | | global.image.pullPolicy | string | `nil` | If defined, an image pull policy will be applied to all argo events deployments | 30 | | global.image.repository | string | `"quay.io/argoproj/argo-events"` | If defined, a repository applied to all argo events deployments | 31 | | global.image.tag | string | `"v1.7.3"` | If defined, a tag applied to all argo events deployments | 32 | 33 | ---------------------------------------------- 34 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 35 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/notifications-controller/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.notificationsController.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: notifications-controller 7 | app.kubernetes.io/name: argocd-notifications-controller 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-notifications-controller 10 | namespace: {{ .Release.Namespace }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: Role 14 | name: argocd-notifications-controller 15 | subjects: 16 | - kind: ServiceAccount 17 | name: argocd-notifications-controller 18 | 19 | --- 20 | apiVersion: v1 21 | kind: ServiceAccount 22 | metadata: 23 | labels: 24 | app.kubernetes.io/component: notifications-controller 25 | app.kubernetes.io/name: argocd-notifications-controller 26 | app.kubernetes.io/part-of: argocd 27 | name: argocd-notifications-controller 28 | namespace: {{ .Release.Namespace }} 29 | 30 | --- 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | kind: Role 33 | metadata: 34 | labels: 35 | app.kubernetes.io/component: notifications-controller 36 | app.kubernetes.io/name: argocd-notifications-controller 37 | app.kubernetes.io/part-of: argocd 38 | name: argocd-notifications-controller 39 | namespace: {{ .Release.Namespace }} 40 | rules: 41 | - apiGroups: 42 | - argoproj.io 43 | resources: 44 | - applications 45 | - appprojects 46 | verbs: 47 | - get 48 | - list 49 | - watch 50 | - update 51 | - patch 52 | - apiGroups: 53 | - "" 54 | resources: 55 | - configmaps 56 | - secrets 57 | verbs: 58 | - list 59 | - watch 60 | - apiGroups: 61 | - "" 62 | resourceNames: 63 | - argocd-notifications-cm 64 | resources: 65 | - configmaps 66 | verbs: 67 | - get 68 | - apiGroups: 69 | - "" 70 | resourceNames: 71 | - argocd-notifications-secret 72 | resources: 73 | - secrets 74 | verbs: 75 | - get 76 | {{- end }} 77 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: argo-rollouts 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app.kubernetes.io/component: rollouts-controller 8 | app.kubernetes.io/name: argo-rollouts 9 | app.kubernetes.io/part-of: argo-rollouts 10 | spec: 11 | replicas: 1 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: argo-rollouts 15 | template: 16 | metadata: 17 | labels: 18 | app.kubernetes.io/name: argo-rollouts 19 | spec: 20 | serviceAccountName: argo-rollouts 21 | containers: 22 | - name: argo-rollouts 23 | image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default (print "v" .Chart.AppVersion) }} 24 | {{ with .Values.controller.image.pullPolicy }} 25 | imagePullPolicy: {{ . }} 26 | {{- end}} 27 | {{- with .Values.controller.extraArgs }} 28 | args: 29 | {{- . | toYaml | nindent 8 }} 30 | {{- end }} 31 | {{- with .Values.controller.resources }} 32 | resources: 33 | {{- toYaml . | nindent 10 }} 34 | {{- end }} 35 | ports: 36 | - containerPort: 8090 37 | name: metrics 38 | - containerPort: 8080 39 | name: healthz 40 | livenessProbe: 41 | httpGet: 42 | path: /healthz 43 | port: healthz 44 | initialDelaySeconds: 30 45 | periodSeconds: 20 46 | failureThreshold: 3 47 | successThreshold: 1 48 | timeoutSeconds: 10 49 | readinessProbe: 50 | httpGet: 51 | path: /metrics 52 | port: metrics 53 | initialDelaySeconds: 10 54 | periodSeconds: 5 55 | failureThreshold: 3 56 | successThreshold: 1 57 | timeoutSeconds: 4 58 | securityContext: 59 | runAsNonRoot: true 60 | strategy: 61 | type: Recreate 62 | -------------------------------------------------------------------------------- /charts/argo-workflows/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | image: 3 | # -- The default image tag applied to all Argo Workflows deployments. 4 | tag: v3.5.7-ak.0 5 | 6 | # -- Controller customizes the deployment of Argo Workflows controller. 7 | controller: 8 | image: 9 | # -- Image repository. 10 | repository: quay.io/akuity/workflow-controller 11 | # -- Overrides the image tag whose default is `global.image.tag`. 12 | tag: "" 13 | # -- Customizes the controller pod's resources. 14 | resources: {} 15 | 16 | # -- Extra environment variables to provide to the controller container. 17 | extraEnv: [] 18 | 19 | # -- Extra arguments to be added to the controller. 20 | extraArgs: [] 21 | # -- Number of replicas. 22 | replicas: 1 23 | 24 | # -- Executor controls how the init and wait container should be customized. 25 | executor: 26 | image: 27 | # -- Image repository. 28 | repository: quay.io/akuity/argoexec 29 | # -- Overrides the image tag whose default is `global.image.tag`. 30 | tag: "" 31 | 32 | # -- Server customizes the deployment of Argo Server 33 | server: 34 | secure: true 35 | image: 36 | # -- Image repository. 37 | repository: quay.io/akuity/argocli 38 | # -- Overrides the image tag whose default is `global.image.tag`. 39 | tag: "" 40 | 41 | # -- Extra environment variables to provide to the argo-server container. 42 | extraEnv: [] 43 | 44 | # -- Extra arguments to provide to the Argo Server binary. 45 | extraArgs: [] 46 | 47 | # -- Server service configuration 48 | service: 49 | type: # NodePort or ClusterIP 50 | 51 | # -- Configuration of the creation of Ingress object 52 | ingress: 53 | enabled: false 54 | 55 | host: argo-workflows.example.com 56 | annotations: {} 57 | className: "" 58 | 59 | tls: 60 | enabled: false 61 | secretName: 62 | 63 | # -- Configurations for workflow controller configmap. For a list of available configuration settings, see: https://github.com/argoproj/argo-workflows/blob/master/docs/workflow-controller-configmap.yaml 64 | config: 65 | -------------------------------------------------------------------------------- /hack/compare-workflows.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script to compare against upstream version for differences 3 | 4 | set -euo pipefail 5 | 6 | PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/..; pwd) 7 | chart_root="${PROJECT_ROOT}/charts/argo-workflows" 8 | upstream_version=v$(grep appVersion ${chart_root}/Chart.yaml | awk '{print $2}') 9 | akuity_version=v$(grep version charts/argo-workflows/Chart.yaml | awk '{print $2}' | cut -d"." -f1-4) 10 | 11 | helm_tmpdir=$(mktemp -d 2>/dev/null || mktemp -d -t 'helm') 12 | helm dependency update ${chart_root} 2>&1 >/dev/null 13 | helm template \ 14 | --include-crds \ 15 | --namespace argo ${chart_root} | grep -v imagePullPolicy > $helm_tmpdir/helm.yaml 16 | 17 | echo """ 18 | apiVersion: kustomize.config.k8s.io/v1beta1 19 | kind: Kustomization 20 | 21 | namespace: argo 22 | resources: 23 | - helm.yaml 24 | """ > $helm_tmpdir/kustomization.yaml 25 | 26 | 27 | upstream_tmpdir=$(mktemp -d 2>/dev/null || mktemp -d -t 'upstream') 28 | echo """ 29 | apiVersion: kustomize.config.k8s.io/v1beta1 30 | kind: Kustomization 31 | 32 | namespace: argo 33 | resources: 34 | - https://github.com/argoproj/argo-workflows/releases/download/${upstream_version}/install.yaml 35 | 36 | images: 37 | - name: quay.io/argoproj/argoexec 38 | newName: quay.io/akuity/argoexec 39 | newTag: ${akuity_version} 40 | - name: quay.io/argoproj/workflow-controller 41 | newName: quay.io/akuity/workflow-controller 42 | newTag: ${akuity_version} 43 | - name: quay.io/argoproj/argocli 44 | newName: quay.io/akuity/argocli 45 | newTag: ${akuity_version} 46 | 47 | """ > $upstream_tmpdir/kustomization.yaml 48 | 49 | diff_dir=$(mktemp -d 2>/dev/null || mktemp -d -t 'diff') 50 | echo "Helm template output is located in: $diff_dir/helm.yaml" 51 | echo "Upstream output is located in: $diff_dir/upstream.yaml" 52 | 53 | helm_out=$(kustomize build $helm_tmpdir > $diff_dir/helm.yaml) 54 | upstream_out=$(kustomize build $upstream_tmpdir \ 55 | | grep -v imagePullPolicy \ 56 | | grep -v "^data: null$" \ 57 | > $diff_dir/upstream.yaml) 58 | diff $diff_dir/upstream.yaml $diff_dir/helm.yaml 59 | -------------------------------------------------------------------------------- /charts/argo-rollouts/DOCS.md: -------------------------------------------------------------------------------- 1 | # argo-rollouts 2 | 3 | ![Version: 0.0.17](https://img.shields.io/badge/Version-0.0.17-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Argo Rollouts 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | terrytangyuan | | | 14 | | jessesuen | | | 15 | | wanghong230 | | | 16 | 17 | ## Values 18 | 19 | | Key | Type | Default | Description | 20 | |-----|------|---------|-------------| 21 | | controller.extraArgs | string | `nil` | | 22 | | controller.image.pullPolicy | string | `nil` | | 23 | | controller.image.repository | string | `"quay.io/argoproj/argo-rollouts"` | | 24 | | controller.image.tag | string | `""` | | 25 | | controller.resources | string | `nil` | | 26 | | controller.serviceAccount.create | bool | `true` | | 27 | | dashboard.enabled | bool | `false` | Enables the rollout dashboard | 28 | | dashboard.image.pullPolicy | string | `nil` | | 29 | | dashboard.image.repository | string | `"quay.io/argoproj/kubectl-argo-rollouts"` | | 30 | | dashboard.image.tag | string | `""` | | 31 | | dashboard.ingress.annotations | object | `{}` | | 32 | | dashboard.ingress.className | string | `""` | | 33 | | dashboard.ingress.enabled | bool | `false` | Enable creation of Ingress object | 34 | | dashboard.ingress.host | string | `"rollouts.example.com"` | | 35 | | dashboard.ingress.tls.enabled | bool | `false` | | 36 | | dashboard.ingress.tls.secretName | string | `""` | | 37 | | dashboard.resources | string | `nil` | | 38 | | notifications.createSecret | bool | `true` | Creates the notification Secret. Disable this if you create the secret in another way (e.g. SealedSecret) | 39 | | notifications.enabled | bool | `false` | Includes the notifications ConfigMap with predefined notification templates | 40 | 41 | ---------------------------------------------- 42 | Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) 43 | -------------------------------------------------------------------------------- /charts/argo-events/templates/controller-manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: {{ .Release.Namespace }} 6 | spec: 7 | replicas: {{ .Values.controller.replicas }} 8 | selector: 9 | matchLabels: 10 | app: controller-manager 11 | template: 12 | metadata: 13 | labels: 14 | app: controller-manager 15 | spec: 16 | containers: 17 | - args: 18 | - controller 19 | {{- with .Values.controller.extraArgs }} 20 | {{- . | toYaml | nindent 8 }} 21 | {{- end }} 22 | {{- with .Values.controller.resources }} 23 | resources: 24 | {{- toYaml . | nindent 10 }} 25 | {{- end }} 26 | env: 27 | - name: ARGO_EVENTS_IMAGE 28 | value: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} 29 | - name: NAMESPACE 30 | valueFrom: 31 | fieldRef: 32 | fieldPath: metadata.namespace 33 | image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} 34 | imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.controller.image.pullPolicy }} 35 | livenessProbe: 36 | httpGet: 37 | path: /healthz 38 | port: 8081 39 | initialDelaySeconds: 3 40 | periodSeconds: 3 41 | name: controller-manager 42 | readinessProbe: 43 | httpGet: 44 | path: /readyz 45 | port: 8081 46 | initialDelaySeconds: 3 47 | periodSeconds: 3 48 | volumeMounts: 49 | - mountPath: /etc/argo-events 50 | name: controller-config-volume 51 | securityContext: 52 | runAsNonRoot: true 53 | runAsUser: 9731 54 | serviceAccountName: argo-events-sa 55 | volumes: 56 | - configMap: 57 | name: argo-events-controller-config 58 | name: controller-config-volume 59 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/controller/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: workflow-controller 5 | spec: 6 | replicas: {{ .Values.controller.replicas }} 7 | selector: 8 | matchLabels: 9 | app: workflow-controller 10 | template: 11 | metadata: 12 | labels: 13 | app: workflow-controller 14 | spec: 15 | containers: 16 | - args: 17 | - --executor-image 18 | - {{ .Values.executor.image.repository }}:{{ default .Values.global.image.tag .Values.executor.image.tag }} 19 | {{- with .Values.controller.extraArgs }} 20 | {{- toYaml . | nindent 10 }} 21 | {{- end }} 22 | command: 23 | - workflow-controller 24 | env: 25 | - name: LEADER_ELECTION_IDENTITY 26 | valueFrom: 27 | fieldRef: 28 | apiVersion: v1 29 | fieldPath: metadata.name 30 | {{- with .Values.controller.extraEnv }} 31 | {{- toYaml . | nindent 8 }} 32 | {{- end }} 33 | {{- with .Values.controller.resources }} 34 | resources: 35 | {{- toYaml . | nindent 10 }} 36 | {{- end }} 37 | image: {{ .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} 38 | livenessProbe: 39 | failureThreshold: 3 40 | httpGet: 41 | path: /healthz 42 | port: 6060 43 | initialDelaySeconds: 90 44 | periodSeconds: 60 45 | timeoutSeconds: 30 46 | name: workflow-controller 47 | ports: 48 | - containerPort: 9090 49 | name: metrics 50 | - containerPort: 6060 51 | securityContext: 52 | allowPrivilegeEscalation: false 53 | capabilities: 54 | drop: 55 | - ALL 56 | readOnlyRootFilesystem: true 57 | runAsNonRoot: true 58 | nodeSelector: 59 | kubernetes.io/os: linux 60 | priorityClassName: workflow-controller 61 | securityContext: 62 | runAsNonRoot: true 63 | serviceAccountName: argo 64 | -------------------------------------------------------------------------------- /hack/compare-rollouts.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script to compare against upstream version for differences 3 | 4 | set -euo pipefail 5 | 6 | PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/..; pwd) 7 | chart_root="${PROJECT_ROOT}/charts/argo-rollouts" 8 | upstream_version=v$(grep appVersion ${chart_root}/Chart.yaml | awk '{print $2}') 9 | 10 | helm_tmpdir="$(mktemp -d 2>/dev/null || mktemp -d -t 'helm')" 11 | 12 | helm template \ 13 | --include-crds=true \ 14 | --set controller.image.repository=quay.io/argoproj/argo-rollouts \ 15 | --set controller.image.tag=${upstream_version} \ 16 | --set controller.image.pullPolicy=Always \ 17 | --set dashboard.enabled=true \ 18 | --set dashboard.image.repository=quay.io/argoproj/kubectl-argo-rollouts \ 19 | --set dashboard.image.tag=${upstream_version} \ 20 | --set dashboard.image.pullPolicy=Always \ 21 | --set notifications.enabled=true \ 22 | --namespace argo-rollouts ${chart_root} > $helm_tmpdir/helm.yaml 23 | 24 | echo """ 25 | apiVersion: kustomize.config.k8s.io/v1beta1 26 | kind: Kustomization 27 | resources: 28 | - helm.yaml 29 | """ > $helm_tmpdir/kustomization.yaml 30 | 31 | upstream_tmpdir="$(mktemp -d 2>/dev/null || mktemp -d -t 'upstream')" 32 | echo """ 33 | apiVersion: kustomize.config.k8s.io/v1beta1 34 | kind: Kustomization 35 | 36 | namespace: argo-rollouts 37 | resources: 38 | - https://github.com/argoproj/argo-rollouts/releases/download/${upstream_version}/install.yaml 39 | - https://github.com/argoproj/argo-rollouts/releases/download/${upstream_version}/dashboard-install.yaml 40 | - https://github.com/argoproj/argo-rollouts/releases/download/${upstream_version}/notifications-install.yaml 41 | """ > "$upstream_tmpdir/kustomization.yaml" 42 | 43 | diff_dir="$(mktemp -d 2>/dev/null || mktemp -d -t 'diff')" 44 | kustomize build "$helm_tmpdir" | grep -v "^data: null$" > "$diff_dir/helm.yaml" 45 | kustomize build "$upstream_tmpdir" | grep -v "^data: null$" > "$diff_dir/upstream.yaml" 46 | 47 | diff "$diff_dir/upstream.yaml" "$diff_dir/helm.yaml" && echo "No diff" 48 | 49 | echo "Helm template output is located in: $diff_dir/helm.yaml" 50 | echo "Upstream output is located in: $diff_dir/upstream.yaml" 51 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/redis-ha/redis-ha-announce-svcs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | labels: 6 | app.kubernetes.io/component: redis 7 | app.kubernetes.io/name: argocd-redis-ha 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-redis-ha-announce-0 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | ports: 13 | - name: tcp-server 14 | port: 6379 15 | protocol: TCP 16 | targetPort: redis 17 | - name: tcp-sentinel 18 | port: 26379 19 | protocol: TCP 20 | targetPort: sentinel 21 | publishNotReadyAddresses: true 22 | selector: 23 | app.kubernetes.io/name: argocd-redis-ha 24 | statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-0 25 | type: ClusterIP 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | annotations: 31 | labels: 32 | app.kubernetes.io/component: redis 33 | app.kubernetes.io/name: argocd-redis-ha 34 | app.kubernetes.io/part-of: argocd 35 | name: argocd-redis-ha-announce-1 36 | namespace: {{ .Release.Namespace }} 37 | spec: 38 | ports: 39 | - name: tcp-server 40 | port: 6379 41 | protocol: TCP 42 | targetPort: redis 43 | - name: tcp-sentinel 44 | port: 26379 45 | protocol: TCP 46 | targetPort: sentinel 47 | publishNotReadyAddresses: true 48 | selector: 49 | app.kubernetes.io/name: argocd-redis-ha 50 | statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-1 51 | type: ClusterIP 52 | --- 53 | apiVersion: v1 54 | kind: Service 55 | metadata: 56 | annotations: 57 | labels: 58 | app.kubernetes.io/component: redis 59 | app.kubernetes.io/name: argocd-redis-ha 60 | app.kubernetes.io/part-of: argocd 61 | name: argocd-redis-ha-announce-2 62 | namespace: {{ .Release.Namespace }} 63 | spec: 64 | ports: 65 | - name: tcp-server 66 | port: 6379 67 | protocol: TCP 68 | targetPort: redis 69 | - name: tcp-sentinel 70 | port: 26379 71 | protocol: TCP 72 | targetPort: sentinel 73 | publishNotReadyAddresses: true 74 | selector: 75 | app.kubernetes.io/name: argocd-redis-ha 76 | statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-2 77 | type: ClusterIP 78 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-aggregate-roles.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: argo-rollouts-aggregate-to-view 5 | labels: 6 | rbac.authorization.k8s.io/aggregate-to-view: "true" 7 | app.kubernetes.io/component: aggregate-cluster-role 8 | app.kubernetes.io/name: argo-rollouts-aggregate-to-view 9 | app.kubernetes.io/part-of: argo-rollouts 10 | rules: 11 | - apiGroups: 12 | - argoproj.io 13 | resources: 14 | - rollouts 15 | - rollouts/scale 16 | - experiments 17 | - analysistemplates 18 | - clusteranalysistemplates 19 | - analysisruns 20 | verbs: 21 | - get 22 | - list 23 | - watch 24 | 25 | --- 26 | apiVersion: rbac.authorization.k8s.io/v1 27 | kind: ClusterRole 28 | metadata: 29 | name: argo-rollouts-aggregate-to-edit 30 | labels: 31 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 32 | app.kubernetes.io/component: aggregate-cluster-role 33 | app.kubernetes.io/name: argo-rollouts-aggregate-to-edit 34 | app.kubernetes.io/part-of: argo-rollouts 35 | rules: 36 | - apiGroups: 37 | - argoproj.io 38 | resources: 39 | - rollouts 40 | - rollouts/scale 41 | - rollouts/status 42 | - experiments 43 | - analysistemplates 44 | - clusteranalysistemplates 45 | - analysisruns 46 | verbs: 47 | - create 48 | - delete 49 | - deletecollection 50 | - get 51 | - list 52 | - patch 53 | - update 54 | - watch 55 | 56 | --- 57 | apiVersion: rbac.authorization.k8s.io/v1 58 | kind: ClusterRole 59 | metadata: 60 | name: argo-rollouts-aggregate-to-admin 61 | labels: 62 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 63 | app.kubernetes.io/component: aggregate-cluster-role 64 | app.kubernetes.io/name: argo-rollouts-aggregate-to-admin 65 | app.kubernetes.io/part-of: argo-rollouts 66 | rules: 67 | - apiGroups: 68 | - argoproj.io 69 | resources: 70 | - rollouts 71 | - rollouts/scale 72 | - rollouts/status 73 | - experiments 74 | - analysistemplates 75 | - clusteranalysistemplates 76 | - analysisruns 77 | verbs: 78 | - create 79 | - delete 80 | - deletecollection 81 | - get 82 | - list 83 | - patch 84 | - update 85 | - watch 86 | -------------------------------------------------------------------------------- /charts/argo-events/DOCS.md: -------------------------------------------------------------------------------- 1 | # argo-events 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.6.3](https://img.shields.io/badge/AppVersion-1.6.3-informational?style=flat-square) 4 | 5 | A Helm chart to install Argo-Events in k8s Cluster 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | terrytangyuan | | | 14 | | jessesuen | | | 15 | | wanghong230 | | | 16 | | gdsoumya | | | 17 | 18 | ## Source Code 19 | 20 | * 21 | 22 | ## Values 23 | 24 | | Key | Type | Default | Description | 25 | |-----|------|---------|-------------| 26 | | clusterRoles | object | `{"enabled":true}` | Installs necessary ClusterRoles to allow Argo Events to deploy to the same cluster Argo Events is installed in | 27 | | eventbusController | object | `{"extraArgs":null,"image":{"pullPolicy":null,"repository":null,"tag":null},"natsMetricsExporterImage":{"repository":"natsio/prometheus-nats-exporter","tag":"0.8.0"},"natsStreamingImage":{"repository":"nats-streaming","tag":"0.22.1"},"replicas":1,"resources":null}` | Argo Event Bus configuration | 28 | | eventbusController.extraArgs | string | `nil` | Additional command line arguments to pass | 29 | | eventsourceController | object | `{"eventsourceImage":{"repository":null,"tag":null},"extraArgs":null,"image":{"pullPolicy":null,"repository":null,"tag":null},"replicas":1,"resources":null}` | Argo Event Source configuration | 30 | | eventsourceController.extraArgs | string | `nil` | Additional command line arguments to pass | 31 | | global.image.pullPolicy | string | `nil` | If defined, an image pull policy will be applied to all argo events deployments | 32 | | global.image.repository | string | `"quay.io/argoproj/argo-events"` | If defined, a repository applied to all argo events deployments | 33 | | global.image.tag | string | `"v1.6.3"` | If defined, a tag applied to all argo events deployments | 34 | | sensorController | object | `{"extraArgs":null,"image":{"pullPolicy":null,"repository":null,"tag":null},"replicas":1,"resources":null,"sensorImage":{"repository":null,"tag":null}}` | Argo Sensor configuration | 35 | | sensorController.extraArgs | string | `nil` | Additional command line arguments to pass | 36 | 37 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/controller/aggregate-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 6 | name: argo-aggregate-to-admin 7 | rules: 8 | - apiGroups: 9 | - argoproj.io 10 | resources: 11 | - workflows 12 | - workflows/finalizers 13 | - workfloweventbindings 14 | - workfloweventbindings/finalizers 15 | - workflowtemplates 16 | - workflowtemplates/finalizers 17 | - cronworkflows 18 | - cronworkflows/finalizers 19 | - clusterworkflowtemplates 20 | - clusterworkflowtemplates/finalizers 21 | - workflowtasksets 22 | - workflowtasksets/finalizers 23 | - workflowtaskresults 24 | - workflowtaskresults/finalizers 25 | verbs: 26 | - create 27 | - delete 28 | - deletecollection 29 | - get 30 | - list 31 | - patch 32 | - update 33 | - watch 34 | --- 35 | apiVersion: rbac.authorization.k8s.io/v1 36 | kind: ClusterRole 37 | metadata: 38 | labels: 39 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 40 | name: argo-aggregate-to-edit 41 | rules: 42 | - apiGroups: 43 | - argoproj.io 44 | resources: 45 | - workflows 46 | - workflows/finalizers 47 | - workfloweventbindings 48 | - workfloweventbindings/finalizers 49 | - workflowtemplates 50 | - workflowtemplates/finalizers 51 | - cronworkflows 52 | - cronworkflows/finalizers 53 | - clusterworkflowtemplates 54 | - clusterworkflowtemplates/finalizers 55 | - workflowtaskresults 56 | - workflowtaskresults/finalizers 57 | verbs: 58 | - create 59 | - delete 60 | - deletecollection 61 | - get 62 | - list 63 | - patch 64 | - update 65 | - watch 66 | --- 67 | apiVersion: rbac.authorization.k8s.io/v1 68 | kind: ClusterRole 69 | metadata: 70 | labels: 71 | rbac.authorization.k8s.io/aggregate-to-view: "true" 72 | name: argo-aggregate-to-view 73 | rules: 74 | - apiGroups: 75 | - argoproj.io 76 | resources: 77 | - workflows 78 | - workflows/finalizers 79 | - workfloweventbindings 80 | - workfloweventbindings/finalizers 81 | - workflowtemplates 82 | - workflowtemplates/finalizers 83 | - cronworkflows 84 | - cronworkflows/finalizers 85 | - clusterworkflowtemplates 86 | - clusterworkflowtemplates/finalizers 87 | - workflowtaskresults 88 | - workflowtaskresults/finalizers 89 | verbs: 90 | - get 91 | - list 92 | - watch 93 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/applicationset-controller/cluster-rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterRoles.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: argocd-applicationset-controller 7 | app.kubernetes.io/part-of: argocd 8 | app.kubernetes.io/component: applicationset-controller 9 | name: argocd-applicationset-controller 10 | rules: 11 | - apiGroups: 12 | - argoproj.io 13 | resources: 14 | - applications 15 | - applicationsets 16 | - applicationsets/finalizers 17 | verbs: 18 | - create 19 | - delete 20 | - get 21 | - list 22 | - patch 23 | - update 24 | - watch 25 | - apiGroups: 26 | - argoproj.io 27 | resources: 28 | - applicationsets/status 29 | verbs: 30 | - get 31 | - patch 32 | - update 33 | - apiGroups: 34 | - argoproj.io 35 | resources: 36 | - appprojects 37 | verbs: 38 | - get 39 | - list 40 | - watch 41 | - apiGroups: 42 | - "" 43 | resources: 44 | - events 45 | verbs: 46 | - create 47 | - get 48 | - list 49 | - patch 50 | - watch 51 | - apiGroups: 52 | - "" 53 | resources: 54 | - configmaps 55 | verbs: 56 | - create 57 | - update 58 | - delete 59 | - get 60 | - list 61 | - patch 62 | - watch 63 | - apiGroups: 64 | - "" 65 | resources: 66 | - secrets 67 | verbs: 68 | - get 69 | - list 70 | - watch 71 | - apiGroups: 72 | - apps 73 | - extensions 74 | resources: 75 | - deployments 76 | verbs: 77 | - get 78 | - list 79 | - watch 80 | - apiGroups: 81 | - coordination.k8s.io 82 | resources: 83 | - leases 84 | verbs: 85 | - create 86 | - delete 87 | - get 88 | - list 89 | - patch 90 | - update 91 | - watch 92 | 93 | --- 94 | apiVersion: rbac.authorization.k8s.io/v1 95 | kind: ClusterRoleBinding 96 | metadata: 97 | labels: 98 | app.kubernetes.io/name: argocd-applicationset-controller 99 | app.kubernetes.io/part-of: argocd 100 | app.kubernetes.io/component: applicationset-controller 101 | name: argocd-applicationset-controller 102 | roleRef: 103 | apiGroup: rbac.authorization.k8s.io 104 | kind: ClusterRole 105 | name: argocd-applicationset-controller 106 | subjects: 107 | - kind: ServiceAccount 108 | name: argocd-applicationset-controller 109 | namespace: {{ .Release.Namespace }} 110 | {{- end }} 111 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/applicationset-controller/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.applicationsetController.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: applicationset-controller 7 | app.kubernetes.io/name: argocd-applicationset-controller 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-applicationset-controller 10 | namespace: {{ .Release.Namespace }} 11 | rules: 12 | - apiGroups: 13 | - argoproj.io 14 | resources: 15 | - applications 16 | - applicationsets 17 | - applicationsets/finalizers 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - argoproj.io 28 | resources: 29 | - appprojects 30 | verbs: 31 | - get 32 | - list 33 | - watch 34 | - apiGroups: 35 | - argoproj.io 36 | resources: 37 | - applicationsets/status 38 | verbs: 39 | - get 40 | - patch 41 | - update 42 | - apiGroups: 43 | - "" 44 | resources: 45 | - events 46 | verbs: 47 | - create 48 | - get 49 | - list 50 | - patch 51 | - watch 52 | - apiGroups: 53 | - "" 54 | resources: 55 | - secrets 56 | - configmaps 57 | verbs: 58 | - get 59 | - list 60 | - watch 61 | - apiGroups: 62 | - apps 63 | - extensions 64 | resources: 65 | - deployments 66 | verbs: 67 | - get 68 | - list 69 | - watch 70 | 71 | --- 72 | apiVersion: rbac.authorization.k8s.io/v1 73 | kind: RoleBinding 74 | metadata: 75 | labels: 76 | app.kubernetes.io/component: applicationset-controller 77 | app.kubernetes.io/name: argocd-applicationset-controller 78 | app.kubernetes.io/part-of: argocd 79 | name: argocd-applicationset-controller 80 | namespace: {{ .Release.Namespace }} 81 | roleRef: 82 | apiGroup: rbac.authorization.k8s.io 83 | kind: Role 84 | name: argocd-applicationset-controller 85 | subjects: 86 | - kind: ServiceAccount 87 | name: argocd-applicationset-controller 88 | namespace: {{ .Release.Namespace }} 89 | --- 90 | apiVersion: v1 91 | kind: ServiceAccount 92 | metadata: 93 | labels: 94 | app.kubernetes.io/component: applicationset-controller 95 | app.kubernetes.io/name: argocd-applicationset-controller 96 | app.kubernetes.io/part-of: argocd 97 | name: argocd-applicationset-controller 98 | namespace: {{ .Release.Namespace }} 99 | {{- end }} 100 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/DOCS.md: -------------------------------------------------------------------------------- 1 | # argocd-image-updater 2 | 3 | A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD 4 | 5 | To regenerate this document, from the root of this chart directory run: 6 | ```shell 7 | docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest 8 | ``` 9 | 10 | ## Installation 11 | 12 | ```console 13 | helm repo add argo https://argoproj.github.io/argo-helm 14 | helm install argocd-image-updater argo/argocd-image-updater 15 | ``` 16 | 17 | You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). 18 | 19 | ## TODO 20 | 21 | - Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something. 22 | 23 | ## Prerequisites 24 | 25 | * Helm v3.0.0+ 26 | 27 | ## Configuration options 28 | 29 | In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). 30 | 31 | All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: 32 | 33 | ```yaml 34 | config: 35 | argocd: 36 | grpcWeb: false 37 | serverAddress: "http://argocd.argo" 38 | insecure: true 39 | plaintext: true 40 | ``` 41 | 42 | Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. 43 | 44 | ### Registries 45 | 46 | ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): 47 | 48 | - Docker Hub 49 | - Google Container Registry 50 | - RedHat Quay 51 | - GitHub Container Registry 52 | - GitHub Docker Packages 53 | 54 | If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. 55 | 56 | The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. 57 | -------------------------------------------------------------------------------- /charts/argo-rollouts/values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | image: 3 | repository: quay.io/argoproj/argo-rollouts 4 | tag: "" # default is the chart appVersion. 5 | pullPolicy: # IfNotPresent 6 | 7 | serviceAccount: 8 | # -- Create the service account. Set to false if service account created in another way 9 | create: true 10 | 11 | resources: 12 | # limits: 13 | # cpu: 100m 14 | # memory: 128Mi 15 | # requests: 16 | # cpu: 50m 17 | # memory: 64Mi 18 | 19 | extraArgs: 20 | # - --aws-verify-target-group 21 | 22 | clusterRole: 23 | # -- readOnly will only grant cluster-level read privileges to the controller but not write. This allows write privileges to be managed separately to selective namespaces (e.g. using a different ClusterRole and ClusterRoleBinding/RoleBinding). This will typically be used in conjunction with writeRole.enabled option to grant the controller write privileges at namespace granularity. 24 | readOnly: false 25 | 26 | # -- readSecrets set to false will remove the controller's privilege to read secrets. This may be desired if the controller does not need access to Secrets (e.g. analysis is not used, or Secret privileges are granted at a namespace level). 27 | readSecrets: true 28 | 29 | writeRole: 30 | # -- writeRole.enabled creates a separate 'argo-rollouts-write' ClusterRole with write privileges. This ClusterRole can then be bound to namespaces using RoleBindings to allow the argo-rollouts ServiceAccount to have write permissions to individual namespaces. 31 | enabled: false 32 | 33 | # -- readSecrets set to false will remove the privilege to read secrets from the 'argo-rollouts-write' ClusterRole 34 | readSecrets: true 35 | 36 | notifications: 37 | # -- Includes the notifications ConfigMap with predefined notification templates 38 | enabled: false 39 | # -- Creates the notification Secret. Disable this if you create the secret in another way (e.g. SealedSecret) 40 | createSecret: true 41 | 42 | dashboard: 43 | # -- Enables the rollout dashboard 44 | enabled: false 45 | 46 | image: 47 | repository: quay.io/argoproj/kubectl-argo-rollouts 48 | tag: "" # default is the chart appVersion. 49 | pullPolicy: # IfNotPresent 50 | 51 | resources: 52 | # limits: 53 | # cpu: 100m 54 | # memory: 128Mi 55 | # requests: 56 | # cpu: 50m 57 | # memory: 64Mi 58 | 59 | ingress: 60 | # -- Enable creation of Ingress object 61 | enabled: false 62 | 63 | host: rollouts.example.com 64 | annotations: {} 65 | className: "" 66 | 67 | tls: 68 | enabled: false 69 | secretName: "" 70 | 71 | clusterRole: 72 | # -- readOnly will only grant cluster-level read privileges to the dashboard but not write 73 | readOnly: false 74 | -------------------------------------------------------------------------------- /hack/compare-cd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script to compare against upstream version for differences 3 | 4 | set -euo pipefail 5 | 6 | PROJECT_ROOT="$(cd "$(dirname ${BASH_SOURCE})/.."; pwd)" 7 | chart_root="${PROJECT_ROOT}/charts/argo-cd" 8 | upstream_version="$(grep appVersion "$chart_root/Chart.yaml" | awk '{print $2}')" 9 | 10 | helm_tmpdir="$(mktemp -d 2>/dev/null || mktemp -d -t 'helm')" 11 | helm dependency update "$chart_root" 2>&1 >/dev/null 12 | helm template \ 13 | --include-crds \ 14 | --set global.image.repository=quay.io/argoproj/argocd \ 15 | --set global.image.tag="v$upstream_version" \ 16 | --set global.image.pullPolicy=Always \ 17 | --set redis.config=null \ 18 | --namespace foo "$chart_root" | grep -v imagePullPolicy > "$helm_tmpdir/helm.yaml" 19 | 20 | echo """ 21 | apiVersion: kustomize.config.k8s.io/v1beta1 22 | kind: Kustomization 23 | 24 | # purposely do not use namespace override in helm version. This will detect places where we forgot to set it to {{ .Release.Namespace }} 25 | # namespace: foo 26 | 27 | resources: 28 | - helm.yaml 29 | 30 | patches: 31 | # kustomize namespace override will add the namespace to subjects. mimic this behavior 32 | - target: 33 | kind: RoleBinding 34 | patch: |- 35 | - op: add 36 | path: /subjects/0/namespace 37 | value: foo 38 | """ > "$helm_tmpdir/kustomization.yaml" 39 | 40 | upstream_tmpdir="$(mktemp -d 2>/dev/null || mktemp -d -t 'upstream')" 41 | echo """ 42 | apiVersion: kustomize.config.k8s.io/v1beta1 43 | kind: Kustomization 44 | 45 | namespace: foo 46 | 47 | images: 48 | - name: public.ecr.aws/docker/library/redis 49 | newName: quay.io/akuity/redis 50 | newTag: 7.2.12-alpine 51 | 52 | resources: 53 | - https://raw.githubusercontent.com/argoproj/argo-cd/v${upstream_version}/manifests/ha/install.yaml 54 | 55 | patches: 56 | - patch: |- 57 | apiVersion: v1 58 | kind: ConfigMap 59 | metadata: 60 | name: argocd-cm 61 | data: 62 | application.resourceTrackingMethod: annotation 63 | - target: 64 | kind: ClusterRoleBinding 65 | patch: |- 66 | - op: replace 67 | path: /subjects/0/namespace 68 | value: foo 69 | 70 | """ > "$upstream_tmpdir/kustomization.yaml" 71 | 72 | diff_dir="$(mktemp -d 2>/dev/null || mktemp -d -t 'diff')" 73 | kustomize build "$helm_tmpdir" | grep -v "^data: null$" > "$diff_dir/helm_$upstream_version.yaml" 74 | kustomize build "$upstream_tmpdir" | grep -v "^data: null$" | grep -v imagePullPolicy > "$diff_dir/upstream_$upstream_version.yaml" 75 | 76 | echo "----------------------------------------------------------" 77 | echo "Helm and upstream output is located in: $diff_dir" 78 | echo "----------------------------------------------------------" 79 | 80 | set -x 81 | diff "$diff_dir/helm_$upstream_version.yaml" "$diff_dir/upstream_$upstream_version.yaml" 82 | set +x 83 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/controller/cluster-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: argo 5 | --- 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | kind: RoleBinding 8 | metadata: 9 | name: argo-binding 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: Role 13 | name: argo-role 14 | subjects: 15 | - kind: ServiceAccount 16 | name: argo 17 | --- 18 | apiVersion: rbac.authorization.k8s.io/v1 19 | kind: ClusterRoleBinding 20 | metadata: 21 | name: argo-binding 22 | roleRef: 23 | apiGroup: rbac.authorization.k8s.io 24 | kind: ClusterRole 25 | name: argo-cluster-role 26 | subjects: 27 | - kind: ServiceAccount 28 | name: argo 29 | namespace: {{ .Release.Namespace }} 30 | --- 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | kind: Role 33 | metadata: 34 | name: argo-role 35 | rules: 36 | - apiGroups: 37 | - coordination.k8s.io 38 | resources: 39 | - leases 40 | verbs: 41 | - create 42 | - get 43 | - update 44 | - apiGroups: 45 | - "" 46 | resources: 47 | - secrets 48 | verbs: 49 | - get 50 | --- 51 | apiVersion: rbac.authorization.k8s.io/v1 52 | kind: ClusterRole 53 | metadata: 54 | name: argo-cluster-role 55 | rules: 56 | - apiGroups: 57 | - "" 58 | resources: 59 | - pods 60 | - pods/exec 61 | verbs: 62 | - create 63 | - get 64 | - list 65 | - watch 66 | - update 67 | - patch 68 | - delete 69 | - apiGroups: 70 | - "" 71 | resources: 72 | - configmaps 73 | verbs: 74 | - get 75 | - watch 76 | - list 77 | - apiGroups: 78 | - "" 79 | resources: 80 | - persistentvolumeclaims 81 | - persistentvolumeclaims/finalizers 82 | verbs: 83 | - create 84 | - update 85 | - delete 86 | - get 87 | - apiGroups: 88 | - argoproj.io 89 | resources: 90 | - workflows 91 | - workflows/finalizers 92 | - workflowtasksets 93 | - workflowtasksets/finalizers 94 | - workflowartifactgctasks 95 | verbs: 96 | - get 97 | - list 98 | - watch 99 | - update 100 | - patch 101 | - delete 102 | - create 103 | - apiGroups: 104 | - argoproj.io 105 | resources: 106 | - workflowtemplates 107 | - workflowtemplates/finalizers 108 | - clusterworkflowtemplates 109 | - clusterworkflowtemplates/finalizers 110 | verbs: 111 | - get 112 | - list 113 | - watch 114 | - apiGroups: 115 | - argoproj.io 116 | resources: 117 | - workflowtaskresults 118 | verbs: 119 | - list 120 | - watch 121 | - deletecollection 122 | - apiGroups: 123 | - "" 124 | resources: 125 | - serviceaccounts 126 | verbs: 127 | - get 128 | - list 129 | - apiGroups: 130 | - argoproj.io 131 | resources: 132 | - cronworkflows 133 | - cronworkflows/finalizers 134 | verbs: 135 | - get 136 | - list 137 | - watch 138 | - update 139 | - patch 140 | - delete 141 | - apiGroups: 142 | - "" 143 | resources: 144 | - events 145 | verbs: 146 | - create 147 | - patch 148 | - apiGroups: 149 | - policy 150 | resources: 151 | - poddisruptionbudgets 152 | verbs: 153 | - create 154 | - get 155 | - delete -------------------------------------------------------------------------------- /charts/argo-workflows/README.md: -------------------------------------------------------------------------------- 1 | # argo-workflows 2 | 3 | ![Version: 3.5.7-ak.0.0](https://img.shields.io/badge/Version-3.5.7--ak.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.5.7](https://img.shields.io/badge/AppVersion-3.5.7-informational?style=flat-square) 4 | 5 | A Helm chart for Argo Workflows 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | jessesuen | | | 14 | | 34fathombelow | | | 15 | 16 | ## Source Code 17 | 18 | * 19 | 20 | ## Values 21 | 22 | | Key | Type | Default | Description | 23 | |-----|------|---------|-------------| 24 | | config | string | `nil` | Configurations for workflow controller configmap. For a list of available configuration settings, see: https://github.com/argoproj/argo-workflows/blob/master/docs/workflow-controller-configmap.yaml | 25 | | controller | object | `{"extraArgs":[],"extraEnv":[],"image":{"repository":"quay.io/akuity/workflow-controller","tag":""},"replicas":1,"resources":{}}` | Controller customizes the deployment of Argo Workflows controller. | 26 | | controller.extraArgs | list | `[]` | Extra arguments to be added to the controller. | 27 | | controller.extraEnv | list | `[]` | Extra environment variables to provide to the controller container. | 28 | | controller.image.repository | string | `"quay.io/akuity/workflow-controller"` | Image repository. | 29 | | controller.image.tag | string | `""` | Overrides the image tag whose default is `global.image.tag`. | 30 | | controller.replicas | int | `1` | Number of replicas. | 31 | | controller.resources | object | `{}` | Customizes the controller pod's resources. | 32 | | executor | object | `{"image":{"repository":"quay.io/akuity/argoexec","tag":""}}` | Executor controls how the init and wait container should be customized. | 33 | | executor.image.repository | string | `"quay.io/akuity/argoexec"` | Image repository. | 34 | | executor.image.tag | string | `""` | Overrides the image tag whose default is `global.image.tag`. | 35 | | global.image.tag | string | `"v3.5.6-ak.0"` | The default image tag applied to all Argo Workflows deployments. | 36 | | server | object | `{"extraArgs":[],"extraEnv":[],"image":{"repository":"quay.io/akuity/argocli","tag":""},"ingress":{"annotations":{},"className":"","enabled":false,"host":"argo-workflows.example.com","tls":{"enabled":false,"secretName":null}},"secure":true,"service":{"type":null}}` | Server customizes the deployment of Argo Server | 37 | | server.extraArgs | list | `[]` | Extra arguments to provide to the Argo Server binary. | 38 | | server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container. | 39 | | server.image.repository | string | `"quay.io/akuity/argocli"` | Image repository. | 40 | | server.image.tag | string | `""` | Overrides the image tag whose default is `global.image.tag`. | 41 | | server.ingress | object | `{"annotations":{},"className":"","enabled":false,"host":"argo-workflows.example.com","tls":{"enabled":false,"secretName":null}}` | Configuration of the creation of Ingress object | 42 | | server.service | object | `{"type":null}` | Server service configuration | 43 | 44 | ---------------------------------------------- 45 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 46 | -------------------------------------------------------------------------------- /charts/argo-rollouts/README.md: -------------------------------------------------------------------------------- 1 | # argo-rollouts 2 | 3 | ![Version: 1.4.1-ak.0.0](https://img.shields.io/badge/Version-1.4.1--ak.0.0-informational?style=flat-square) ![AppVersion: 1.4.1](https://img.shields.io/badge/AppVersion-1.4.1-informational?style=flat-square) 4 | 5 | A Helm chart for Argo Rollouts 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | terrytangyuan | | | 14 | | jessesuen | | | 15 | | wanghong230 | | | 16 | 17 | ## Values 18 | 19 | | Key | Type | Default | Description | 20 | |-----|------|---------|-------------| 21 | | controller.clusterRole.readOnly | bool | `false` | readOnly will only grant cluster-level read privileges to the controller but not write. This allows write privileges to be managed separately to selective namespaces (e.g. using a different ClusterRole and ClusterRoleBinding/RoleBinding). This will typically be used in conjunction with writeRole.enabled option to grant the controller write privileges at namespace granularity. | 22 | | controller.clusterRole.readSecrets | bool | `true` | readSecrets set to false will remove the controller's privilege to read secrets. This may be desired if the controller does not need access to Secrets (e.g. analysis is not used, or Secret privileges are granted at a namespace level). | 23 | | controller.clusterRole.writeRole.enabled | bool | `false` | writeRole.enabled creates a separate 'argo-rollouts-write' ClusterRole with write privileges. This ClusterRole can then be bound to namespaces using RoleBindings to allow the argo-rollouts ServiceAccount to have write permissions to individual namespaces. | 24 | | controller.clusterRole.writeRole.readSecrets | bool | `true` | readSecrets set to false will remove the privilege to read secrets from the 'argo-rollouts-write' ClusterRole | 25 | | controller.extraArgs | string | `nil` | | 26 | | controller.image.pullPolicy | string | `nil` | | 27 | | controller.image.repository | string | `"quay.io/argoproj/argo-rollouts"` | | 28 | | controller.image.tag | string | `""` | | 29 | | controller.resources | string | `nil` | | 30 | | controller.serviceAccount.create | bool | `true` | Create the service account. Set to false if service account created in another way | 31 | | dashboard.clusterRole.readOnly | bool | `false` | readOnly will only grant cluster-level read privileges to the dashboard but not write | 32 | | dashboard.enabled | bool | `false` | Enables the rollout dashboard | 33 | | dashboard.image.pullPolicy | string | `nil` | | 34 | | dashboard.image.repository | string | `"quay.io/argoproj/kubectl-argo-rollouts"` | | 35 | | dashboard.image.tag | string | `""` | | 36 | | dashboard.ingress.annotations | object | `{}` | | 37 | | dashboard.ingress.className | string | `""` | | 38 | | dashboard.ingress.enabled | bool | `false` | Enable creation of Ingress object | 39 | | dashboard.ingress.host | string | `"rollouts.example.com"` | | 40 | | dashboard.ingress.tls.enabled | bool | `false` | | 41 | | dashboard.ingress.tls.secretName | string | `""` | | 42 | | dashboard.resources | string | `nil` | | 43 | | notifications.createSecret | bool | `true` | Creates the notification Secret. Disable this if you create the secret in another way (e.g. SealedSecret) | 44 | | notifications.enabled | bool | `false` | Includes the notifications ConfigMap with predefined notification templates | 45 | 46 | ---------------------------------------------- 47 | Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) 48 | -------------------------------------------------------------------------------- /charts/argo-events/templates/argo-events-cluster-rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterRoles.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 7 | name: argo-events-aggregate-to-admin 8 | rules: 9 | - apiGroups: 10 | - argoproj.io 11 | resources: 12 | - sensors 13 | - sensors/finalizers 14 | - sensors/status 15 | - eventsources 16 | - eventsources/finalizers 17 | - eventsources/status 18 | - eventbus 19 | - eventbus/finalizers 20 | - eventbus/status 21 | verbs: 22 | - create 23 | - delete 24 | - deletecollection 25 | - get 26 | - list 27 | - patch 28 | - update 29 | - watch 30 | --- 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | kind: ClusterRole 33 | metadata: 34 | labels: 35 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 36 | name: argo-events-aggregate-to-edit 37 | rules: 38 | - apiGroups: 39 | - argoproj.io 40 | resources: 41 | - sensors 42 | - sensors/finalizers 43 | - sensors/status 44 | - eventsources 45 | - eventsources/finalizers 46 | - eventsources/status 47 | - eventbus 48 | - eventbus/finalizers 49 | - eventbus/status 50 | verbs: 51 | - create 52 | - delete 53 | - deletecollection 54 | - get 55 | - list 56 | - patch 57 | - update 58 | - watch 59 | --- 60 | apiVersion: rbac.authorization.k8s.io/v1 61 | kind: ClusterRole 62 | metadata: 63 | labels: 64 | rbac.authorization.k8s.io/aggregate-to-view: "true" 65 | name: argo-events-aggregate-to-view 66 | rules: 67 | - apiGroups: 68 | - argoproj.io 69 | resources: 70 | - sensors 71 | - sensors/finalizers 72 | - sensors/status 73 | - eventsources 74 | - eventsources/finalizers 75 | - eventsources/status 76 | - eventbus 77 | - eventbus/finalizers 78 | - eventbus/status 79 | verbs: 80 | - get 81 | - list 82 | - watch 83 | --- 84 | apiVersion: rbac.authorization.k8s.io/v1 85 | kind: ClusterRole 86 | metadata: 87 | name: argo-events-role 88 | rules: 89 | - apiGroups: 90 | - "" 91 | resources: 92 | - events 93 | verbs: 94 | - create 95 | - patch 96 | - apiGroups: 97 | - coordination.k8s.io 98 | resources: 99 | - leases 100 | verbs: 101 | - get 102 | - list 103 | - watch 104 | - create 105 | - update 106 | - patch 107 | - delete 108 | - apiGroups: 109 | - argoproj.io 110 | resources: 111 | - sensors 112 | - sensors/finalizers 113 | - sensors/status 114 | - eventsources 115 | - eventsources/finalizers 116 | - eventsources/status 117 | - eventbus 118 | - eventbus/finalizers 119 | - eventbus/status 120 | verbs: 121 | - create 122 | - delete 123 | - deletecollection 124 | - get 125 | - list 126 | - patch 127 | - update 128 | - watch 129 | - apiGroups: 130 | - "" 131 | resources: 132 | - pods 133 | - pods/exec 134 | - configmaps 135 | - secrets 136 | - services 137 | - persistentvolumeclaims 138 | verbs: 139 | - create 140 | - get 141 | - list 142 | - watch 143 | - update 144 | - patch 145 | - delete 146 | - apiGroups: 147 | - apps 148 | resources: 149 | - deployments 150 | - statefulsets 151 | verbs: 152 | - create 153 | - get 154 | - list 155 | - watch 156 | - update 157 | - patch 158 | - delete 159 | --- 160 | apiVersion: rbac.authorization.k8s.io/v1 161 | kind: ClusterRoleBinding 162 | metadata: 163 | name: argo-events-binding 164 | roleRef: 165 | apiGroup: rbac.authorization.k8s.io 166 | kind: ClusterRole 167 | name: argo-events-role 168 | subjects: 169 | - kind: ServiceAccount 170 | name: argo-events-sa 171 | namespace: {{ .Release.Namespace }} 172 | {{- end }} -------------------------------------------------------------------------------- /charts/argo-events/templates/controller-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | controller-config.yaml: | 4 | eventBus: 5 | nats: 6 | versions: 7 | - version: 0.22.1 8 | natsStreamingImage: {{ .Values.controller.natsStreamingImage.repository }}:{{ .Values.controller.natsStreamingImage.tag }} 9 | metricsExporterImage: {{ .Values.controller.natsMetricsExporterImage.repository }}:{{ .Values.controller.natsMetricsExporterImage.tag }} 10 | jetstream: 11 | # Default JetStream settings, could be overridden by EventBus JetStream specs 12 | settings: | 13 | # https://docs.nats.io/running-a-nats-service/configuration#jetstream 14 | # Only configure "max_memory_store" or "max_file_store", do not set "store_dir" as it has been hardcoded. 15 | # e.g. 1G. -1 means no limit, up to 75% of available memory 16 | max_memory_store: -1 17 | # e.g. 20G. -1 means no limit, Up to 1TB if available 18 | max_file_store: 1TB 19 | streamConfig: | 20 | # The default properties of the streams to be created in this JetStream service 21 | maxMsgs: 50000 22 | maxAge: 168h 23 | maxBytes: -1 24 | replicas: 3 25 | duplicates: 300s 26 | versions: 27 | - version: latest 28 | natsImage: nats:2.9.1 29 | metricsExporterImage: {{ .Values.controller.natsMetricsExporterImage.repository }}:{{ .Values.controller.natsMetricsExporterImage.tag }} 30 | configReloaderImage: {{ .Values.controller.natsConfigReloaderImage.repository }}:{{ .Values.controller.natsConfigReloaderImage.tag }} 31 | startCommand: /nats-server 32 | - version: 2.8.1 33 | natsImage: nats:2.8.1 34 | metricsExporterImage: {{ .Values.controller.natsMetricsExporterImage.repository }}:{{ .Values.controller.natsMetricsExporterImage.tag }} 35 | configReloaderImage: {{ .Values.controller.natsConfigReloaderImage.repository }}:{{ .Values.controller.natsConfigReloaderImage.tag }} 36 | startCommand: /nats-server 37 | - version: 2.8.1-alpine 38 | natsImage: nats:2.8.1-alpine 39 | metricsExporterImage: {{ .Values.controller.natsMetricsExporterImage.repository }}:{{ .Values.controller.natsMetricsExporterImage.tag }} 40 | configReloaderImage: {{ .Values.controller.natsConfigReloaderImage.repository }}:{{ .Values.controller.natsConfigReloaderImage.tag }} 41 | startCommand: nats-server 42 | - version: 2.8.2 43 | natsImage: nats:2.8.2 44 | metricsExporterImage: {{ .Values.controller.natsMetricsExporterImage.repository }}:{{ .Values.controller.natsMetricsExporterImage.tag }} 45 | configReloaderImage: {{ .Values.controller.natsConfigReloaderImage.repository }}:{{ .Values.controller.natsConfigReloaderImage.tag }} 46 | startCommand: /nats-server 47 | - version: 2.8.2-alpine 48 | natsImage: nats:2.8.2-alpine 49 | metricsExporterImage: {{ .Values.controller.natsMetricsExporterImage.repository }}:{{ .Values.controller.natsMetricsExporterImage.tag }} 50 | configReloaderImage: {{ .Values.controller.natsConfigReloaderImage.repository }}:{{ .Values.controller.natsConfigReloaderImage.tag }} 51 | startCommand: nats-server 52 | - version: 2.9.1 53 | natsImage: nats:2.9.1 54 | metricsExporterImage: {{ .Values.controller.natsMetricsExporterImage.repository }}:{{ .Values.controller.natsMetricsExporterImage.tag }} 55 | configReloaderImage: {{ .Values.controller.natsConfigReloaderImage.repository }}:{{ .Values.controller.natsConfigReloaderImage.tag }} 56 | startCommand: /nats-server 57 | kind: ConfigMap 58 | metadata: 59 | name: argo-events-controller-config 60 | namespace: {{ .Release.Namespace }} 61 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/notifications-controller/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.notificationsController.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: notifications-controller 7 | app.kubernetes.io/name: argocd-notifications-controller 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-notifications-controller 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-notifications-controller 15 | strategy: 16 | type: Recreate 17 | template: 18 | metadata: 19 | labels: 20 | app.kubernetes.io/name: argocd-notifications-controller 21 | spec: 22 | containers: 23 | - args: 24 | - /usr/local/bin/argocd-notifications 25 | env: 26 | - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT 27 | valueFrom: 28 | configMapKeyRef: 29 | key: notificationscontroller.log.format 30 | name: argocd-cmd-params-cm 31 | optional: true 32 | - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL 33 | valueFrom: 34 | configMapKeyRef: 35 | key: notificationscontroller.log.level 36 | name: argocd-cmd-params-cm 37 | optional: true 38 | - name: ARGOCD_LOG_FORMAT_TIMESTAMP 39 | valueFrom: 40 | configMapKeyRef: 41 | name: argocd-cmd-params-cm 42 | key: log.format.timestamp 43 | optional: true 44 | - name: ARGOCD_APPLICATION_NAMESPACES 45 | valueFrom: 46 | configMapKeyRef: 47 | key: application.namespaces 48 | name: argocd-cmd-params-cm 49 | optional: true 50 | - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED 51 | valueFrom: 52 | configMapKeyRef: 53 | key: notificationscontroller.selfservice.enabled 54 | name: argocd-cmd-params-cm 55 | optional: true 56 | - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT 57 | valueFrom: 58 | configMapKeyRef: 59 | key: notificationscontroller.repo.server.plaintext 60 | name: argocd-cmd-params-cm 61 | optional: true 62 | image: {{ include "argo-cd.image" (dict "root" . "image" .Values.controller.image ) }} 63 | imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.controller.image.pullPolicy }} 64 | livenessProbe: 65 | tcpSocket: 66 | port: 9001 67 | name: argocd-notifications-controller 68 | securityContext: 69 | allowPrivilegeEscalation: false 70 | capabilities: 71 | drop: 72 | - ALL 73 | readOnlyRootFilesystem: true 74 | volumeMounts: 75 | - mountPath: /app/config/tls 76 | name: tls-certs 77 | - mountPath: /app/config/reposerver/tls 78 | name: argocd-repo-server-tls 79 | workingDir: /app 80 | nodeSelector: 81 | kubernetes.io/os: linux 82 | securityContext: 83 | runAsNonRoot: true 84 | seccompProfile: 85 | type: RuntimeDefault 86 | serviceAccountName: argocd-notifications-controller 87 | volumes: 88 | - configMap: 89 | name: argocd-tls-certs-cm 90 | name: tls-certs 91 | - name: argocd-repo-server-tls 92 | secret: 93 | items: 94 | - key: tls.crt 95 | path: tls.crt 96 | - key: tls.key 97 | path: tls.key 98 | - key: ca.crt 99 | path: ca.crt 100 | optional: true 101 | secretName: argocd-repo-server-tls 102 | {{- end }} 103 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | ## Local Development and Testing 4 | 5 | ### Pre-commit Hook and Lint Checks 6 | 7 | We use [helm-docs](https://github.com/norwoodj/helm-docs) to automatically generate reference for the charts and we use a [pre-commit](https://pre-commit.com/) hook to make sure we always update the docs when there are any changes in `values.yaml`. 8 | 9 | To install `pre-commit`, run: 10 | 11 | ``` 12 | brew install pre-commit 13 | pre-commit install 14 | ``` 15 | 16 | Install the lint checker tools via `brew install chart-testing yamllint` and then run: 17 | 18 | ``` 19 | ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml 20 | ``` 21 | 22 | ### Argo CD 23 | 24 | Installing dependencies first: 25 | 26 | ``` 27 | cd charts/argo-cd 28 | helm dependency update 29 | ``` 30 | 31 | Installing Argo CD with k3d and Helm: 32 | 33 | ``` 34 | $ k3d cluster create argo-helm -a 3 35 | $ kubectl create ns argocd 36 | $ helm install argo-cd charts/argo-cd -n argocd 37 | ... 38 | > NAME: argo-cd 39 | LAST DEPLOYED: Thu Jul 14 18:29:32 2022 40 | NAMESPACE: argocd 41 | STATUS: deployed 42 | REVISION: 1 43 | TEST SUITE: None 44 | NOTES: 45 | 46 | $ kubectl get pods -n argocd 47 | NAME READY STATUS RESTARTS AGE 48 | argocd-redis-ha-haproxy-5b75bb98dc-2vgvp 1/1 Running 0 5m47s 49 | argocd-redis-ha-haproxy-5b75bb98dc-hmrb5 1/1 Running 0 5m47s 50 | argocd-redis-ha-haproxy-5b75bb98dc-kvhq8 1/1 Running 0 5m47s 51 | argocd-redis-ha-server-0 2/2 Running 0 5m47s 52 | argocd-repo-server-779b547c5f-ffsfq 1/1 Running 0 5m47s 53 | argocd-dex-server-6574d6b46b-7n8ms 1/1 Running 0 5m47s 54 | argocd-repo-server-779b547c5f-j9l5t 1/1 Running 0 5m47s 55 | argocd-application-controller-0 1/1 Running 0 5m47s 56 | argocd-server-58b75bdd9c-b8brr 1/1 Running 0 5m47s 57 | argocd-server-58b75bdd9c-g92bm 1/1 Running 0 5m47s 58 | argocd-redis-ha-server-1 2/2 Running 0 4m15s 59 | argocd-redis-ha-server-2 2/2 Running 0 2m59s 60 | 61 | $ helm uninstall argo-cd 62 | ``` 63 | 64 | Installing Argo CD with k3d and chart-testing: 65 | 66 | ``` 67 | k3d cluster create argo-helm -a 3 68 | ct install --config ./.github/configs/ct-install.yaml 69 | .. 70 | Creating namespace 'argo-cd-ygkz4nt0fq'... 71 | namespace/argo-cd-ygkz4nt0fq created 72 | ... 73 | Deleting namespace 'argo-cd-ygkz4nt0fq'... 74 | namespace "argo-cd-ygkz4nt0fq" deleted 75 | .. 76 | Namespace 'argo-cd-ygkz4nt0fq' terminated. 77 | ------------------------------------------------------------------------------------------------------------------------ 78 | ✔︎ argo-cd => (version: "2.4.7-ak.0.0", path: "charts/argo-cd") 79 | ------------------------------------------------------------------------------------------------------------------------ 80 | All charts installed successfully 81 | ``` 82 | 83 | ### Argo Workflows 84 | 85 | Installing Argo Workflows: 86 | 87 | ``` 88 | helm install argo-workflows charts/argo-workflows -n argo 89 | ``` 90 | 91 | ``` 92 | > NAME: argo-workflows 93 | LAST DEPLOYED: Mon Dec 13 15:59:15 2021 94 | NAMESPACE: argo 95 | STATUS: deployed 96 | REVISION: 1 97 | TEST SUITE: None 98 | NOTES: 99 | 1. Get Argo Server external IP/domain by running: 100 | 101 | kubectl --namespace argo get services -o wide | grep argo-server 102 | 103 | 2. Submit the hello-world workflow by running: 104 | 105 | argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch 106 | ``` 107 | 108 | Accessing UI via https://localhost:2746/: 109 | ``` 110 | kubectl port-forward svc/argo-server 2746:2746 -n argo 111 | ``` 112 | 113 | Uninstalling Argo Workflows: 114 | 115 | ``` 116 | helm uninstall argo-workflows 117 | ``` 118 | -------------------------------------------------------------------------------- /charts/argo-workflows/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Create argo workflows server name and version as used by the chart label. 5 | */}} 6 | {{- define "argo-workflows.server.fullname" -}} 7 | {{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} 8 | {{- end -}} 9 | 10 | {{/* 11 | Create controller name and version as used by the chart label. 12 | */}} 13 | {{- define "argo-workflows.controller.fullname" -}} 14 | {{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} 15 | {{- end -}} 16 | 17 | {{/* 18 | Expand the name of the chart. 19 | */}} 20 | {{- define "argo-workflows.name" -}} 21 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | 24 | {{/* 25 | Create a default fully qualified app name. 26 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 27 | */}} 28 | {{- define "argo-workflows.fullname" -}} 29 | {{- if .Values.fullnameOverride -}} 30 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 31 | {{- else -}} 32 | {{- $name := default .Chart.Name .Values.nameOverride -}} 33 | {{- if contains $name .Release.Name -}} 34 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 35 | {{- else -}} 36 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 37 | {{- end -}} 38 | {{- end -}} 39 | {{- end -}} 40 | 41 | {{/* 42 | Create chart name and version as used by the chart label. 43 | */}} 44 | {{- define "argo-workflows.chart" -}} 45 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 46 | {{- end -}} 47 | 48 | {{/* 49 | Common labels 50 | */}} 51 | {{- define "argo-workflows.labels" -}} 52 | helm.sh/chart: {{ include "argo-workflows.chart" .context }} 53 | {{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }} 54 | app.kubernetes.io/managed-by: {{ .context.Release.Service }} 55 | app.kubernetes.io/part-of: argo-workflows 56 | {{- end }} 57 | 58 | {{/* 59 | Selector labels 60 | */}} 61 | {{- define "argo-workflows.selectorLabels" -}} 62 | {{- if .name -}} 63 | app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }} 64 | {{ end -}} 65 | app.kubernetes.io/instance: {{ .context.Release.Name }} 66 | {{- if .component }} 67 | app.kubernetes.io/component: {{ .component }} 68 | {{- end }} 69 | {{- end }} 70 | 71 | {{/* 72 | Create the name of the server service account to use 73 | */}} 74 | {{- define "argo-workflows.serverServiceAccountName" -}} 75 | {{- if .Values.server.serviceAccount.create -}} 76 | {{ default (include "argo-workflows.server.fullname" .) .Values.server.serviceAccount.name }} 77 | {{- else -}} 78 | {{ default "default" .Values.server.serviceAccount.name }} 79 | {{- end -}} 80 | {{- end -}} 81 | 82 | {{/* 83 | Create the name of the controller service account to use 84 | */}} 85 | {{- define "argo-workflows.controllerServiceAccountName" -}} 86 | {{- if .Values.controller.serviceAccount.create -}} 87 | {{ default (include "argo-workflows.controller.fullname" .) .Values.controller.serviceAccount.name }} 88 | {{- else -}} 89 | {{ default "default" .Values.controller.serviceAccount.name }} 90 | {{- end -}} 91 | {{- end -}} 92 | 93 | {{/* 94 | Return the appropriate apiVersion for ingress 95 | */}} 96 | {{- define "argo-workflows.ingress.apiVersion" -}} 97 | {{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}} 98 | {{- print "extensions/v1beta1" -}} 99 | {{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}} 100 | {{- print "networking.k8s.io/v1beta1" -}} 101 | {{- else -}} 102 | {{- print "networking.k8s.io/v1" -}} 103 | {{- end -}} 104 | {{- end -}} 105 | 106 | {{/* 107 | Return the target Kubernetes version 108 | */}} 109 | {{- define "argo-workflows.kubeVersion" -}} 110 | {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} 111 | {{- end -}} 112 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/dex/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.server.enabled .Values.dex.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: dex-server 7 | app.kubernetes.io/name: argocd-dex-server 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-dex-server 10 | namespace: {{ .Release.Namespace }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: argocd-dex-server 15 | template: 16 | metadata: 17 | labels: 18 | app.kubernetes.io/name: argocd-dex-server 19 | spec: 20 | affinity: 21 | podAntiAffinity: 22 | preferredDuringSchedulingIgnoredDuringExecution: 23 | - podAffinityTerm: 24 | labelSelector: 25 | matchLabels: 26 | app.kubernetes.io/part-of: argocd 27 | topologyKey: kubernetes.io/hostname 28 | weight: 5 29 | containers: 30 | - command: 31 | - /shared/argocd-dex 32 | - rundex 33 | env: 34 | - name: ARGOCD_DEX_SERVER_LOGFORMAT 35 | valueFrom: 36 | configMapKeyRef: 37 | key: dexserver.log.format 38 | name: argocd-cmd-params-cm 39 | optional: true 40 | - name: ARGOCD_DEX_SERVER_LOGLEVEL 41 | valueFrom: 42 | configMapKeyRef: 43 | key: dexserver.log.level 44 | name: argocd-cmd-params-cm 45 | optional: true 46 | - name: ARGOCD_LOG_FORMAT_TIMESTAMP 47 | valueFrom: 48 | configMapKeyRef: 49 | name: argocd-cmd-params-cm 50 | key: log.format.timestamp 51 | optional: true 52 | - name: ARGOCD_DEX_SERVER_DISABLE_TLS 53 | valueFrom: 54 | configMapKeyRef: 55 | key: dexserver.disable.tls 56 | name: argocd-cmd-params-cm 57 | optional: true 58 | image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} 59 | imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.dex.image.pullPolicy }} 60 | name: dex 61 | ports: 62 | - containerPort: 5556 63 | - containerPort: 5557 64 | - containerPort: 5558 65 | securityContext: 66 | allowPrivilegeEscalation: false 67 | capabilities: 68 | drop: 69 | - ALL 70 | readOnlyRootFilesystem: true 71 | runAsNonRoot: true 72 | seccompProfile: 73 | type: RuntimeDefault 74 | volumeMounts: 75 | - mountPath: /shared 76 | name: static-files 77 | - mountPath: /tmp 78 | name: dexconfig 79 | - mountPath: /tls 80 | name: argocd-dex-server-tls 81 | initContainers: 82 | - command: 83 | - /bin/cp 84 | - -n 85 | - /usr/local/bin/argocd 86 | - /shared/argocd-dex 87 | image: {{ include "argo-cd.image" (dict "root" . "image" .Values.global.image ) }} 88 | imagePullPolicy: {{ default .Values.global.image.pullPolicy .Values.dex.image.pullPolicy }} 89 | name: copyutil 90 | securityContext: 91 | allowPrivilegeEscalation: false 92 | capabilities: 93 | drop: 94 | - ALL 95 | readOnlyRootFilesystem: true 96 | runAsNonRoot: true 97 | seccompProfile: 98 | type: RuntimeDefault 99 | volumeMounts: 100 | - mountPath: /shared 101 | name: static-files 102 | - mountPath: /tmp 103 | name: dexconfig 104 | nodeSelector: 105 | kubernetes.io/os: linux 106 | serviceAccountName: argocd-dex-server 107 | volumes: 108 | - emptyDir: {} 109 | name: static-files 110 | - emptyDir: {} 111 | name: dexconfig 112 | - name: argocd-dex-server-tls 113 | secret: 114 | items: 115 | - key: tls.crt 116 | path: tls.crt 117 | - key: tls.key 118 | path: tls.key 119 | - key: ca.crt 120 | path: ca.crt 121 | optional: true 122 | secretName: argocd-dex-server-tls 123 | {{- end }} 124 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-clusterrole-readonly.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controller.clusterRole.readOnly -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: argo-rollouts 6 | labels: 7 | app.kubernetes.io/component: rollouts-controller 8 | app.kubernetes.io/name: argo-rollouts 9 | app.kubernetes.io/part-of: argo-rollouts 10 | rules: 11 | - apiGroups: 12 | - argoproj.io 13 | resources: 14 | - rollouts 15 | - rollouts/status 16 | - rollouts/finalizers 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - apiGroups: 22 | - argoproj.io 23 | resources: 24 | - analysisruns 25 | - analysisruns/finalizers 26 | - experiments 27 | - experiments/finalizers 28 | verbs: 29 | - get 30 | - list 31 | - watch 32 | - apiGroups: 33 | - argoproj.io 34 | resources: 35 | - analysistemplates 36 | - clusteranalysistemplates 37 | verbs: 38 | - get 39 | - list 40 | - watch 41 | # replicaset access needed for managing ReplicaSets 42 | - apiGroups: 43 | - apps 44 | resources: 45 | - replicasets 46 | verbs: 47 | - get 48 | - list 49 | - watch 50 | # deployments and podtemplates read access needed for workload reference support 51 | - apiGroups: 52 | - "" 53 | - apps 54 | resources: 55 | - deployments 56 | - podtemplates 57 | verbs: 58 | - get 59 | - list 60 | - watch 61 | # services patch needed to update selector of canary/stable/active/preview services 62 | # services create needed to create and delete services for experiments 63 | - apiGroups: 64 | - "" 65 | resources: 66 | - services 67 | verbs: 68 | - get 69 | - list 70 | - watch 71 | # secret read access to run analysis templates which reference secrets 72 | - apiGroups: 73 | - "" 74 | resources: 75 | {{ if .Values.controller.clusterRole.readSecrets }} 76 | - secrets 77 | {{- end }} 78 | - configmaps 79 | verbs: 80 | - get 81 | - list 82 | - watch 83 | # pod list/update needed for updating ephemeral data 84 | - apiGroups: 85 | - "" 86 | resources: 87 | - pods 88 | verbs: 89 | - list 90 | - watch 91 | # ingress patch needed for managing ingress annotations, create needed for nginx canary 92 | - apiGroups: 93 | - networking.k8s.io 94 | - extensions 95 | resources: 96 | - ingresses 97 | verbs: 98 | - get 99 | - list 100 | - watch 101 | # job access needed for analysis template job metrics 102 | - apiGroups: 103 | - batch 104 | resources: 105 | - jobs 106 | verbs: 107 | - get 108 | - list 109 | - watch 110 | # virtualservice/destinationrule access needed for using the Istio provider 111 | - apiGroups: 112 | - networking.istio.io 113 | resources: 114 | - virtualservices 115 | - destinationrules 116 | verbs: 117 | - watch 118 | - get 119 | - list 120 | # trafficsplit access needed for using the SMI provider 121 | - apiGroups: 122 | - split.smi-spec.io 123 | resources: 124 | - trafficsplits 125 | verbs: 126 | - watch 127 | - get 128 | # ambassador access needed for Ambassador provider 129 | - apiGroups: 130 | - getambassador.io 131 | - x.getambassador.io 132 | resources: 133 | - mappings 134 | - ambassadormappings 135 | verbs: 136 | - watch 137 | - get 138 | - list 139 | # Endpoints and TargetGroupBindings needed for ALB target group verification 140 | - apiGroups: 141 | - "" 142 | resources: 143 | - endpoints 144 | verbs: 145 | - get 146 | - apiGroups: 147 | - elbv2.k8s.aws 148 | resources: 149 | - targetgroupbindings 150 | verbs: 151 | - list 152 | - get 153 | # AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider 154 | - apiGroups: 155 | - appmesh.k8s.aws 156 | resources: 157 | - virtualservices 158 | verbs: 159 | - watch 160 | - get 161 | - list 162 | # AppMesh virtualnode CRD r/w access needed for using the App Mesh provider 163 | - apiGroups: 164 | - appmesh.k8s.aws 165 | resources: 166 | - virtualnodes 167 | - virtualrouters 168 | verbs: 169 | - watch 170 | - get 171 | - list 172 | - apiGroups: 173 | - traefik.containo.us 174 | resources: 175 | - traefikservices 176 | verbs: 177 | - watch 178 | - get 179 | - apiGroups: 180 | - apisix.apache.org 181 | resources: 182 | - apisixroutes 183 | verbs: 184 | - watch 185 | - get 186 | {{- end }} 187 | -------------------------------------------------------------------------------- /charts/argo-cd-extensions/crds/argocdextension.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.4.1 6 | creationTimestamp: null 7 | name: argocdextensions.argoproj.io 8 | spec: 9 | group: argoproj.io 10 | names: 11 | kind: ArgoCDExtension 12 | listKind: ArgoCDExtensionList 13 | plural: argocdextensions 14 | singular: argocdextension 15 | scope: Namespaced 16 | versions: 17 | - name: v1alpha1 18 | schema: 19 | openAPIV3Schema: 20 | description: ArgoCDExtension is the Schema for the argocdextensions API 21 | properties: 22 | apiVersion: 23 | description: 'APIVersion defines the versioned schema of this representation 24 | of an object. Servers should convert recognized schemas to the latest 25 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 26 | type: string 27 | kind: 28 | description: 'Kind is a string value representing the REST resource this 29 | object represents. Servers may infer this from the endpoint the client 30 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 31 | type: string 32 | metadata: 33 | type: object 34 | spec: 35 | description: ArgoCDExtensionSpec defines the desired state of ArgoCDExtension 36 | properties: 37 | sources: 38 | description: Sources specifies where the extension should come from 39 | items: 40 | description: ExtensionSource specifies where the extension should 41 | be sourced from 42 | properties: 43 | git: 44 | description: Git is specified if the extension should be sourced 45 | from a git repository 46 | properties: 47 | revision: 48 | description: Revision specifies the revision of the Repository 49 | to fetch 50 | type: string 51 | url: 52 | description: URL specifies the Git repository URL to fetch 53 | type: string 54 | type: object 55 | web: 56 | description: Web is specified if the extension should be sourced 57 | from a web file 58 | properties: 59 | url: 60 | description: URK specifies the remote file URL 61 | type: string 62 | type: object 63 | type: object 64 | type: array 65 | required: 66 | - sources 67 | type: object 68 | status: 69 | description: ArgoCDExtensionStatus defines the observed state of ArgoCDExtension 70 | properties: 71 | conditions: 72 | items: 73 | properties: 74 | message: 75 | description: Message contains human-readable message indicating 76 | details about condition 77 | type: string 78 | status: 79 | description: Boolean status describing if the condition is currently 80 | true 81 | type: string 82 | type: 83 | description: Type is an ArgoCDExtension condition type 84 | type: string 85 | required: 86 | - message 87 | - status 88 | - type 89 | type: object 90 | type: array 91 | type: object 92 | type: object 93 | served: true 94 | storage: true 95 | status: 96 | acceptedNames: 97 | kind: "" 98 | plural: "" 99 | conditions: [] 100 | storedVersions: [] 101 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/redis-ha/haproxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: redis 6 | app.kubernetes.io/name: argocd-redis-ha-haproxy 7 | app.kubernetes.io/part-of: argocd 8 | name: argocd-redis-ha-haproxy 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | replicas: 3 12 | revisionHistoryLimit: 1 13 | selector: 14 | matchLabels: 15 | app.kubernetes.io/name: argocd-redis-ha-haproxy 16 | strategy: 17 | type: RollingUpdate 18 | template: 19 | metadata: 20 | annotations: 21 | checksum/config: cd6508bdf9819601c454d0cc491fb77a209e3a88761d92514d105b6681829953 22 | prometheus.io/path: /metrics 23 | prometheus.io/port: "9101" 24 | prometheus.io/scrape: "true" 25 | labels: 26 | app.kubernetes.io/name: argocd-redis-ha-haproxy 27 | name: argocd-redis-ha-haproxy 28 | spec: 29 | affinity: 30 | podAntiAffinity: 31 | requiredDuringSchedulingIgnoredDuringExecution: 32 | - labelSelector: 33 | matchLabels: 34 | app.kubernetes.io/name: argocd-redis-ha-haproxy 35 | topologyKey: kubernetes.io/hostname 36 | containers: 37 | - env: 38 | - name: AUTH 39 | valueFrom: 40 | secretKeyRef: 41 | key: auth 42 | name: argocd-redis 43 | image: {{ .Values.redis.haProxyImage.repository }}:{{ .Values.redis.haProxyImage.tag }} 44 | imagePullPolicy: {{ default .Values.global.image.pullPolicy }} 45 | lifecycle: {} 46 | livenessProbe: 47 | httpGet: 48 | path: /healthz 49 | port: probe 50 | initialDelaySeconds: 5 51 | periodSeconds: 3 52 | name: haproxy 53 | ports: 54 | - containerPort: 8888 55 | name: probe 56 | - containerPort: 6379 57 | name: redis 58 | - containerPort: 9101 59 | name: metrics-port 60 | readinessProbe: 61 | httpGet: 62 | path: /healthz 63 | port: probe 64 | initialDelaySeconds: 5 65 | periodSeconds: 3 66 | securityContext: 67 | allowPrivilegeEscalation: false 68 | capabilities: 69 | drop: 70 | - ALL 71 | readOnlyRootFilesystem: true 72 | seccompProfile: 73 | type: RuntimeDefault 74 | volumeMounts: 75 | - mountPath: /usr/local/etc/haproxy 76 | name: data 77 | - mountPath: /run/haproxy 78 | name: shared-socket 79 | initContainers: 80 | - command: 81 | - argocd 82 | - admin 83 | - redis-initial-password 84 | image: {{ include "argo-cd.image" (dict "root" . "image" .Values ) }} 85 | imagePullPolicy: IfNotPresent 86 | name: secret-init 87 | securityContext: 88 | allowPrivilegeEscalation: false 89 | capabilities: 90 | drop: 91 | - ALL 92 | readOnlyRootFilesystem: true 93 | runAsNonRoot: true 94 | seccompProfile: 95 | type: RuntimeDefault 96 | - args: 97 | - /readonly/haproxy_init.sh 98 | command: 99 | - sh 100 | image: {{ .Values.redis.haProxyImage.repository }}:{{ .Values.redis.haProxyImage.tag }} 101 | imagePullPolicy: {{ default .Values.global.image.pullPolicy }} 102 | name: config-init 103 | securityContext: 104 | allowPrivilegeEscalation: false 105 | capabilities: 106 | drop: 107 | - ALL 108 | readOnlyRootFilesystem: true 109 | seccompProfile: 110 | type: RuntimeDefault 111 | volumeMounts: 112 | - mountPath: /readonly 113 | name: config-volume 114 | readOnly: true 115 | - mountPath: /data 116 | name: data 117 | securityContext: 118 | fsGroup: 99 119 | runAsNonRoot: true 120 | runAsUser: 99 121 | serviceAccountName: argocd-redis-ha-haproxy 122 | automountServiceAccountToken: true 123 | volumes: 124 | - configMap: 125 | name: argocd-redis-ha-configmap 126 | name: config-volume 127 | - emptyDir: {} 128 | name: shared-socket 129 | - emptyDir: {} 130 | name: data 131 | -------------------------------------------------------------------------------- /docs/argo-cd/README.md: -------------------------------------------------------------------------------- 1 | # Argo CD Disaster Recovery 2 | 3 | ## Overview 4 | 5 | This documentation walks through the steps to install Argo CD with disaster recovery capability. 6 | 7 | ## Preparing S3 Bucket, IAM Role and Policy 8 | 9 | * Create an empty S3 bucket. Note that you may also want to [configure the bucket's lifecycle rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html) to control the lifetime of the backups and transition them to another storage class. 10 | * [Create an IAM policy](https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html) `dr-s3-policy` to allow read/write access from the DR CronJob: 11 | 12 | ```json 13 | { 14 | "Version": "2012-10-17", 15 | "Statement": [ 16 | { 17 | "Sid": "", 18 | "Effect": "Allow", 19 | "Action": "s3:ListBucket", 20 | "Resource": "arn:aws:s3:::BUCKETNAME" 21 | }, 22 | { 23 | "Sid": "", 24 | "Effect": "Allow", 25 | "Action": [ 26 | "s3:GetObject", 27 | "s3:PutObject" 28 | ], 29 | "Resource": "arn:aws:s3:::BUCKETNAME/*" 30 | } 31 | ] 32 | } 33 | ``` 34 | * Create an IAM role `argocd-dr` with the above policy attached. 35 | * [Obtain the OIDC ARN and ID](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) via the following: 36 | ``` 37 | # View your cluster's OIDC provider URL 38 | # Example output: https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E 39 | aws eks describe-cluster --name myekscluster --query "cluster.identity.oidc.issuer" --output text 40 | 41 | # List the IAM OIDC providers in your account. 42 | aws iam list-open-id-connect-providers | grep 43 | ``` 44 | * Edit the role's trust relationship to the following with the OIDC ARN and ID obtained previously: 45 | ``` 46 | { 47 | "Version": "2012-10-17", 48 | "Statement": [ 49 | { 50 | "Effect": "Allow", 51 | "Principal": { 52 | "Federated": "arn:aws:iam::xxx:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/" 53 | }, 54 | "Action": "sts:AssumeRoleWithWebIdentity", 55 | "Condition": { 56 | "StringEquals": { 57 | "oidc.eks.us-west-2.amazonaws.com/id/:aud": "sts.amazonaws.com", 58 | "oidc.eks.us-west-2.amazonaws.com/id/:sub": "system:serviceaccount:argocd:argocd-dr" 59 | } 60 | } 61 | } 62 | ] 63 | } 64 | ``` 65 | 66 | ## Backup 67 | 68 | Backup is consisted of a CronJob which takes a snapshot of Argo CD, such as Argo CD configmaps (e.g. argocd-cm, argocd-rbac-cm, argocd-ssh-known-hosts-cm, argocd-tls-certs-cm), secrets, applications, and app projects, then uploads it 69 | to a bucket periodically. 70 | 71 | Backup can be enabled when installing [Argo CD helm chart](https://github.com/akuity/helm-builds) with the following configuration in [values.yaml](https://github.com/akuity/helm-builds/blob/master/charts/argo-cd/values.yaml). 72 | 73 | ``` 74 | # -- Disaster recovery configurations 75 | disasterRecovery: 76 | enabled: true 77 | # -- The schedule to perform backup 78 | backupSchedule: "*/10 * * * *" 79 | # -- Limits the maxium runtime when performing backup. This must be within the backup schedule. For example, we might want to limit this to 9-minutes if we run backups every 10 minutes 80 | activeDeadlineSeconds: 540 81 | bucketName: argocd-test 82 | instanceName: test-argocd 83 | # -- Configurations for AWS 84 | aws: 85 | region: us-west-2 86 | roleARN: "arn:aws:iam::541216676946:role/argocd-dr" 87 | ``` 88 | 89 | Once Argo CD with DR is installed, backups will be saved to the specified bucket, e.g. `s3://argocd-test`. 90 | 91 | ## Recover from a backup 92 | 93 | Before running recovery from a previously saved backup, we need to have a barebone Argo CD up and running first (e.g. via Helm). 94 | 95 | Next, run the following to recover from a previously saved backup: 96 | 97 | ``` 98 | kubectl run s3-recover \ 99 | --image quay.io/akuity/argocd:v2.1.6-ak.0 -t -i --rm=true \ 100 | --serviceaccount argocd-dr \ 101 | --env="BUCKET_NAME=argocd-test" \ 102 | --env="ARGOCD_INSTANCE_NAME=test-argocd" \ 103 | --env="NAMESPACE=argocd" \ 104 | -- argocd-restore.sh 105 | ``` 106 | 107 | If you need to recover from a backup at a specific date time, you use specify an additional environment variable in the form of `DATETIME=/-/` in the, e.g. `2021/09-30/1520`. 108 | -------------------------------------------------------------------------------- /charts/argocd-image-updater/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: argocd-image-updater 7 | app.kubernetes.io/part-of: argocd-image-updater 8 | name: argocd-image-updater 9 | spec: 10 | selector: 11 | matchLabels: 12 | app.kubernetes.io/name: argocd-image-updater 13 | strategy: 14 | type: Recreate 15 | template: 16 | metadata: 17 | labels: 18 | app.kubernetes.io/name: argocd-image-updater 19 | spec: 20 | containers: 21 | - name: {{ .Chart.Name }} 22 | command: 23 | - /usr/local/bin/argocd-image-updater 24 | - run 25 | {{- with .Values.extraArgs }} 26 | {{- toYaml . | nindent 12 }} 27 | {{- end }} 28 | env: 29 | - name: APPLICATIONS_API 30 | valueFrom: 31 | configMapKeyRef: 32 | key: applications_api 33 | name: argocd-image-updater-config 34 | optional: true 35 | - name: ARGOCD_GRPC_WEB 36 | valueFrom: 37 | configMapKeyRef: 38 | key: argocd.grpc_web 39 | name: argocd-image-updater-config 40 | optional: true 41 | - name: ARGOCD_SERVER 42 | valueFrom: 43 | configMapKeyRef: 44 | key: argocd.server_addr 45 | name: argocd-image-updater-config 46 | optional: true 47 | - name: ARGOCD_INSECURE 48 | valueFrom: 49 | configMapKeyRef: 50 | key: argocd.insecure 51 | name: argocd-image-updater-config 52 | optional: true 53 | - name: ARGOCD_PLAINTEXT 54 | valueFrom: 55 | configMapKeyRef: 56 | key: argocd.plaintext 57 | name: argocd-image-updater-config 58 | optional: true 59 | - name: ARGOCD_TOKEN 60 | valueFrom: 61 | secretKeyRef: 62 | key: argocd.token 63 | name: argocd-image-updater-secret 64 | optional: true 65 | - name: IMAGE_UPDATER_LOGLEVEL 66 | valueFrom: 67 | configMapKeyRef: 68 | key: log.level 69 | name: argocd-image-updater-config 70 | optional: true 71 | - name: GIT_COMMIT_USER 72 | valueFrom: 73 | configMapKeyRef: 74 | key: git.user 75 | name: argocd-image-updater-config 76 | optional: true 77 | - name: GIT_COMMIT_EMAIL 78 | valueFrom: 79 | configMapKeyRef: 80 | key: git.email 81 | name: argocd-image-updater-config 82 | optional: true 83 | - name: IMAGE_UPDATER_KUBE_EVENTS 84 | valueFrom: 85 | configMapKeyRef: 86 | key: kube.events 87 | name: argocd-image-updater-config 88 | optional: true 89 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 90 | imagePullPolicy: {{ .Values.image.pullPolicy }} 91 | ports: 92 | - containerPort: 8080 93 | readinessProbe: 94 | httpGet: 95 | path: /healthz 96 | port: 8080 97 | initialDelaySeconds: 3 98 | periodSeconds: 30 99 | livenessProbe: 100 | httpGet: 101 | path: /healthz 102 | port: 8080 103 | initialDelaySeconds: 3 104 | periodSeconds: 30 105 | volumeMounts: 106 | - mountPath: /app/config 107 | name: image-updater-conf 108 | - mountPath: /app/config/ssh 109 | name: ssh-known-hosts 110 | - mountPath: /app/.ssh 111 | name: ssh-config 112 | serviceAccountName: argocd-image-updater 113 | volumes: 114 | - configMap: 115 | items: 116 | - key: registries.conf 117 | path: registries.conf 118 | - key: git.commit-message-template 119 | path: commit.template 120 | name: argocd-image-updater-config 121 | optional: true 122 | name: image-updater-conf 123 | - configMap: 124 | name: argocd-ssh-known-hosts-cm 125 | optional: true 126 | name: ssh-known-hosts 127 | - configMap: 128 | name: argocd-image-updater-ssh-config 129 | optional: true 130 | name: ssh-config 131 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.controller.clusterRole.readOnly -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: argo-rollouts 6 | labels: 7 | app.kubernetes.io/component: rollouts-controller 8 | app.kubernetes.io/name: argo-rollouts 9 | app.kubernetes.io/part-of: argo-rollouts 10 | rules: 11 | - apiGroups: 12 | - argoproj.io 13 | resources: 14 | - rollouts 15 | - rollouts/status 16 | - rollouts/finalizers 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - update 22 | - patch 23 | - apiGroups: 24 | - argoproj.io 25 | resources: 26 | - analysisruns 27 | - analysisruns/finalizers 28 | - experiments 29 | - experiments/finalizers 30 | verbs: 31 | - create 32 | - get 33 | - list 34 | - watch 35 | - update 36 | - patch 37 | - delete 38 | - apiGroups: 39 | - argoproj.io 40 | resources: 41 | - analysistemplates 42 | - clusteranalysistemplates 43 | verbs: 44 | - get 45 | - list 46 | - watch 47 | # replicaset access needed for managing ReplicaSets 48 | - apiGroups: 49 | - apps 50 | resources: 51 | - replicasets 52 | verbs: 53 | - create 54 | - get 55 | - list 56 | - watch 57 | - update 58 | - patch 59 | - delete 60 | # deployments and podtemplates read access needed for workload reference support 61 | - apiGroups: 62 | - "" 63 | - apps 64 | resources: 65 | - deployments 66 | - podtemplates 67 | verbs: 68 | - get 69 | - list 70 | - watch 71 | # services patch needed to update selector of canary/stable/active/preview services 72 | # services create needed to create and delete services for experiments 73 | - apiGroups: 74 | - "" 75 | resources: 76 | - services 77 | verbs: 78 | - get 79 | - list 80 | - watch 81 | - patch 82 | - create 83 | - delete 84 | # secret read access to run analysis templates which reference secrets 85 | - apiGroups: 86 | - "" 87 | resources: 88 | {{ if .Values.controller.clusterRole.readSecrets }} 89 | - secrets 90 | {{- end }} 91 | - configmaps 92 | verbs: 93 | - get 94 | - list 95 | - watch 96 | # pod list/update needed for updating ephemeral data 97 | - apiGroups: 98 | - "" 99 | resources: 100 | - pods 101 | verbs: 102 | - list 103 | - update 104 | - watch 105 | # pods eviction needed for restart 106 | - apiGroups: 107 | - "" 108 | resources: 109 | - pods/eviction 110 | verbs: 111 | - create 112 | # event write needed for emitting events 113 | - apiGroups: 114 | - "" 115 | resources: 116 | - events 117 | verbs: 118 | - create 119 | - update 120 | - patch 121 | # ingress patch needed for managing ingress annotations, create needed for nginx canary 122 | - apiGroups: 123 | - networking.k8s.io 124 | - extensions 125 | resources: 126 | - ingresses 127 | verbs: 128 | - create 129 | - get 130 | - list 131 | - watch 132 | - patch 133 | # job access needed for analysis template job metrics 134 | - apiGroups: 135 | - batch 136 | resources: 137 | - jobs 138 | verbs: 139 | - create 140 | - get 141 | - list 142 | - watch 143 | - update 144 | - patch 145 | - delete 146 | # virtualservice/destinationrule access needed for using the Istio provider 147 | - apiGroups: 148 | - networking.istio.io 149 | resources: 150 | - virtualservices 151 | - destinationrules 152 | verbs: 153 | - watch 154 | - get 155 | - update 156 | - patch 157 | - list 158 | # trafficsplit access needed for using the SMI provider 159 | - apiGroups: 160 | - split.smi-spec.io 161 | resources: 162 | - trafficsplits 163 | verbs: 164 | - create 165 | - watch 166 | - get 167 | - update 168 | - patch 169 | # ambassador access needed for Ambassador provider 170 | - apiGroups: 171 | - getambassador.io 172 | - x.getambassador.io 173 | resources: 174 | - mappings 175 | - ambassadormappings 176 | verbs: 177 | - create 178 | - watch 179 | - get 180 | - update 181 | - list 182 | - delete 183 | # Endpoints and TargetGroupBindings needed for ALB target group verification 184 | - apiGroups: 185 | - "" 186 | resources: 187 | - endpoints 188 | verbs: 189 | - get 190 | - apiGroups: 191 | - elbv2.k8s.aws 192 | resources: 193 | - targetgroupbindings 194 | verbs: 195 | - list 196 | - get 197 | # AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider 198 | - apiGroups: 199 | - appmesh.k8s.aws 200 | resources: 201 | - virtualservices 202 | verbs: 203 | - watch 204 | - get 205 | - list 206 | # AppMesh virtualnode CRD r/w access needed for using the App Mesh provider 207 | - apiGroups: 208 | - appmesh.k8s.aws 209 | resources: 210 | - virtualnodes 211 | - virtualrouters 212 | verbs: 213 | - watch 214 | - get 215 | - list 216 | - update 217 | - patch 218 | - apiGroups: 219 | - traefik.containo.us 220 | resources: 221 | - traefikservices 222 | verbs: 223 | - watch 224 | - get 225 | - update 226 | - apiGroups: 227 | - apisix.apache.org 228 | resources: 229 | - apisixroutes 230 | verbs: 231 | - watch 232 | - get 233 | - update 234 | {{- end }} 235 | -------------------------------------------------------------------------------- /charts/argo-rollouts/templates/controller/argo-rollouts-clusterrole-write.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controller.clusterRole.writeRole.enabled -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: argo-rollouts-write 6 | labels: 7 | app.kubernetes.io/component: rollouts-controller 8 | app.kubernetes.io/name: argo-rollouts 9 | app.kubernetes.io/part-of: argo-rollouts 10 | rules: 11 | - apiGroups: 12 | - argoproj.io 13 | resources: 14 | - rollouts 15 | - rollouts/status 16 | - rollouts/finalizers 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - update 22 | - patch 23 | - apiGroups: 24 | - argoproj.io 25 | resources: 26 | - analysisruns 27 | - analysisruns/finalizers 28 | - experiments 29 | - experiments/finalizers 30 | verbs: 31 | - create 32 | - get 33 | - list 34 | - watch 35 | - update 36 | - patch 37 | - delete 38 | - apiGroups: 39 | - argoproj.io 40 | resources: 41 | - analysistemplates 42 | - clusteranalysistemplates 43 | verbs: 44 | - get 45 | - list 46 | - watch 47 | # replicaset access needed for managing ReplicaSets 48 | - apiGroups: 49 | - apps 50 | resources: 51 | - replicasets 52 | verbs: 53 | - create 54 | - get 55 | - list 56 | - watch 57 | - update 58 | - patch 59 | - delete 60 | # deployments and podtemplates read access needed for workload reference support 61 | - apiGroups: 62 | - "" 63 | - apps 64 | resources: 65 | - deployments 66 | - podtemplates 67 | verbs: 68 | - get 69 | - list 70 | - watch 71 | # services patch needed to update selector of canary/stable/active/preview services 72 | # services create needed to create and delete services for experiments 73 | - apiGroups: 74 | - "" 75 | resources: 76 | - services 77 | verbs: 78 | - get 79 | - list 80 | - watch 81 | - patch 82 | - create 83 | - delete 84 | # secret read access to run analysis templates which reference secrets 85 | - apiGroups: 86 | - "" 87 | resources: 88 | {{ if .Values.controller.clusterRole.writeRole.readSecrets }} 89 | - secrets 90 | {{- end }} 91 | - configmaps 92 | verbs: 93 | - get 94 | - list 95 | - watch 96 | # pod list/update needed for updating ephemeral data 97 | - apiGroups: 98 | - "" 99 | resources: 100 | - pods 101 | verbs: 102 | - list 103 | - update 104 | - watch 105 | # pods eviction needed for restart 106 | - apiGroups: 107 | - "" 108 | resources: 109 | - pods/eviction 110 | verbs: 111 | - create 112 | # event write needed for emitting events 113 | - apiGroups: 114 | - "" 115 | resources: 116 | - events 117 | verbs: 118 | - create 119 | - update 120 | - patch 121 | # ingress patch needed for managing ingress annotations, create needed for nginx canary 122 | - apiGroups: 123 | - networking.k8s.io 124 | - extensions 125 | resources: 126 | - ingresses 127 | verbs: 128 | - create 129 | - get 130 | - list 131 | - watch 132 | - patch 133 | # job access needed for analysis template job metrics 134 | - apiGroups: 135 | - batch 136 | resources: 137 | - jobs 138 | verbs: 139 | - create 140 | - get 141 | - list 142 | - watch 143 | - update 144 | - patch 145 | - delete 146 | # virtualservice/destinationrule access needed for using the Istio provider 147 | - apiGroups: 148 | - networking.istio.io 149 | resources: 150 | - virtualservices 151 | - destinationrules 152 | verbs: 153 | - watch 154 | - get 155 | - update 156 | - patch 157 | - list 158 | # trafficsplit access needed for using the SMI provider 159 | - apiGroups: 160 | - split.smi-spec.io 161 | resources: 162 | - trafficsplits 163 | verbs: 164 | - create 165 | - watch 166 | - get 167 | - update 168 | - patch 169 | # ambassador access needed for Ambassador provider 170 | - apiGroups: 171 | - getambassador.io 172 | - x.getambassador.io 173 | resources: 174 | - mappings 175 | - ambassadormappings 176 | verbs: 177 | - create 178 | - watch 179 | - get 180 | - update 181 | - list 182 | - delete 183 | # Endpoints and TargetGroupBindings needed for ALB target group verification 184 | - apiGroups: 185 | - "" 186 | resources: 187 | - endpoints 188 | verbs: 189 | - get 190 | - apiGroups: 191 | - elbv2.k8s.aws 192 | resources: 193 | - targetgroupbindings 194 | verbs: 195 | - list 196 | - get 197 | # AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider 198 | - apiGroups: 199 | - appmesh.k8s.aws 200 | resources: 201 | - virtualservices 202 | verbs: 203 | - watch 204 | - get 205 | - list 206 | # AppMesh virtualnode CRD r/w access needed for using the App Mesh provider 207 | - apiGroups: 208 | - appmesh.k8s.aws 209 | resources: 210 | - virtualnodes 211 | - virtualrouters 212 | verbs: 213 | - watch 214 | - get 215 | - list 216 | - update 217 | - patch 218 | - apiGroups: 219 | - traefik.containo.us 220 | resources: 221 | - traefikservices 222 | verbs: 223 | - watch 224 | - get 225 | - update 226 | - apiGroups: 227 | - apisix.apache.org 228 | resources: 229 | - apisixroutes 230 | verbs: 231 | - watch 232 | - get 233 | - update 234 | {{- end }} 235 | -------------------------------------------------------------------------------- /charts/argo-cd/templates/config/argocd-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-cm 6 | app.kubernetes.io/part-of: argocd 7 | name: argocd-cm 8 | namespace: {{ .Release.Namespace }} 9 | data: 10 | ### Default configuration for ignoreResourceUpdates. 11 | # The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated 12 | # by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates. 13 | # Ignoring status for all resources. An update will still be sent if the status update causes the health to change. 14 | resource.customizations.ignoreResourceUpdates.all: | 15 | jsonPointers: 16 | - /status 17 | # Some Application fields are generated and not related to the application updates itself 18 | # The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps 19 | resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | 20 | jqPathExpressions: 21 | - '.metadata.annotations."notified.notifications.argoproj.io"' 22 | - '.metadata.annotations."argocd.argoproj.io/refresh"' 23 | - '.metadata.annotations."argocd.argoproj.io/hydrate"' 24 | - '.operation' 25 | resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: | 26 | jqPathExpressions: 27 | - '.metadata.annotations."notified.notifications.argoproj.io"' 28 | # Legacy annotations used on HPA autoscaling/v1 29 | resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: | 30 | jqPathExpressions: 31 | - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"' 32 | - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"' 33 | - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"' 34 | - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"' 35 | # Ignore the cluster-autoscaler status 36 | resource.customizations.ignoreResourceUpdates.ConfigMap: | 37 | jqPathExpressions: 38 | # Ignore the cluster-autoscaler status 39 | - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"' 40 | # Ignore the annotation of the legacy Leases election 41 | - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"' 42 | # Ignore the common scaling annotations 43 | resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: | 44 | jqPathExpressions: 45 | - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"' 46 | - '.metadata.annotations."deployment.kubernetes.io/max-replicas"' 47 | - '.metadata.annotations."rollout.argoproj.io/desired-replicas"' 48 | # Ignores update if EndpointSlice is not excluded globally 49 | resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: | 50 | jsonPointers: 51 | - /metadata 52 | - /endpoints 53 | - /ports 54 | # Ignores update if Endpoints is not excluded globally 55 | resource.customizations.ignoreResourceUpdates.Endpoints: | 56 | jsonPointers: 57 | - /metadata 58 | - /subsets 59 | ### Default configuration for exclusions. 60 | # The exclusion list are K8s resources that we assume will never be declared in Git, 61 | # and are never child objects of managed resources that need to be presented in the resource tree. 62 | # This list contains high volume and high churn metadata objects which we exclude for performance 63 | # reasons, reducing connections and load to the K8s API servers of managed clusters. 64 | resource.exclusions: | 65 | ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter 66 | - apiGroups: 67 | - '' 68 | - discovery.k8s.io 69 | kinds: 70 | - Endpoints 71 | - EndpointSlice 72 | ### Internal Kubernetes resources excluded reduce the number of watched events 73 | - apiGroups: 74 | - coordination.k8s.io 75 | kinds: 76 | - Lease 77 | ### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events 78 | - apiGroups: 79 | - authentication.k8s.io 80 | - authorization.k8s.io 81 | kinds: 82 | - SelfSubjectReview 83 | - TokenReview 84 | - LocalSubjectAccessReview 85 | - SelfSubjectAccessReview 86 | - SelfSubjectRulesReview 87 | - SubjectAccessReview 88 | ### Intermediate Certificate Request excluded reduce the number of watched events 89 | - apiGroups: 90 | - certificates.k8s.io 91 | kinds: 92 | - CertificateSigningRequest 93 | - apiGroups: 94 | - cert-manager.io 95 | kinds: 96 | - CertificateRequest 97 | ### Cilium internal resources excluded reduce the number of watched events and UI Clutter 98 | - apiGroups: 99 | - cilium.io 100 | kinds: 101 | - CiliumIdentity 102 | - CiliumEndpoint 103 | - CiliumEndpointSlice 104 | ### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance 105 | - apiGroups: 106 | - kyverno.io 107 | - reports.kyverno.io 108 | - wgpolicyk8s.io 109 | kinds: 110 | - PolicyReport 111 | - ClusterPolicyReport 112 | - EphemeralReport 113 | - ClusterEphemeralReport 114 | - AdmissionReport 115 | - ClusterAdmissionReport 116 | - BackgroundScanReport 117 | - ClusterBackgroundScanReport 118 | - UpdateRequest 119 | {{- with .Values.config.argocd }} 120 | {{- toYaml . | nindent 2}} 121 | {{- end }} --------------------------------------------------------------------------------