From 72fb3b7580c56580b9044dd94172d19bfc9b1152 Mon Sep 17 00:00:00 2001 From: pashakostohrys Date: Thu, 26 Sep 2024 12:38:24 +0300 Subject: [PATCH 1/6] feat: support acr controller in our chart --- .../templates/acr-controller/clusterrole.yaml | 26 +++ .../acr-controller/clusterrolebinding.yaml | 19 ++ .../templates/acr-controller/deployment.yaml | 161 +++++++++++++++++ .../templates/acr-controller/role.yaml | 44 +++++ .../templates/acr-controller/rolebinding.yaml | 17 ++ .../acr-controller/serviceaccount.yaml | 19 ++ .../templates/crds/crd-application.yaml | 12 ++ charts/argo-cd/values.yaml | 171 ++++++++++++++++++ 8 files changed, 469 insertions(+) create mode 100644 charts/argo-cd/templates/acr-controller/clusterrole.yaml create mode 100644 charts/argo-cd/templates/acr-controller/clusterrolebinding.yaml create mode 100644 charts/argo-cd/templates/acr-controller/deployment.yaml create mode 100644 charts/argo-cd/templates/acr-controller/role.yaml create mode 100644 charts/argo-cd/templates/acr-controller/rolebinding.yaml create mode 100644 charts/argo-cd/templates/acr-controller/serviceaccount.yaml diff --git a/charts/argo-cd/templates/acr-controller/clusterrole.yaml b/charts/argo-cd/templates/acr-controller/clusterrole.yaml new file mode 100644 index 000000000..1e4a25627 --- /dev/null +++ b/charts/argo-cd/templates/acr-controller/clusterrole.yaml @@ -0,0 +1,26 @@ +{{- if .Values.acrController.enabled }} +{{- $config := .Values.acrController.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.acr-controller.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.acrController.name "name" .Values.acrController.name) | nindent 4 }} +rules: + {{- if .Values.acrController.clusterRoleRules.enabled }} + {{- toYaml .Values.acrController.clusterRoleRules.rules | nindent 2 }} + {{- else }} + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/acr-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/acr-controller/clusterrolebinding.yaml new file mode 100644 index 000000000..eb6bcca00 --- /dev/null +++ b/charts/argo-cd/templates/acr-controller/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.acrController.enabled }} +{{- $config := .Values.acrController.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.acr-controller.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.acrController.name "name" .Values.acrController.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.acr-controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.acrControllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/acr-controller/deployment.yaml b/charts/argo-cd/templates/acr-controller/deployment.yaml new file mode 100644 index 000000000..46a26e0ad --- /dev/null +++ b/charts/argo-cd/templates/acr-controller/deployment.yaml @@ -0,0 +1,161 @@ +{{- if .Values.acrController.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.acrController.statefulsetAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.acr-controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.acrController.name "name" .Values.acrController.name) | nindent 4 }} +spec: + replicas: {{ .Values.acrController.replicas }} + # TODO: Remove for breaking release as history limit cannot be patched + revisionHistoryLimit: 5 + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.acrController.name) | nindent 6 }} + template: + metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.acrController.name "name" .Values.acrController.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.acrController.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.acrController.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.acrController.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.acrController.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.acrController.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.acrControllerServiceAccountName" . }} + containers: + - args: + - /usr/local/bin/argocd-application-change-revision-controller + {{- with .Values.acrController.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.acrController.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.acrController.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.acrController.image.imagePullPolicy }} + name: {{ .Values.acrController.name }} + env: + {{- with (concat .Values.global.env .Values.acrController.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_SERVER + value: "http://argocd-server:80" + - name: ARGOCD_TOKEN + valueFrom: + secretKeyRef: + key: token + name: argocd-token + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ACR_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: acr.log.format + optional: true + - name: ACR_CONTROLLER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: acr.log.level + optional: true + - name: ACR_CONTROLLER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: acr.listen.address + optional: true + {{- with .Values.acrController.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: health + containerPort: {{ .Values.acrController.containerPorts.health }} + protocol: TCP + livenessProbe: + httpGet: + path: /healthz?full=true + port: health + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: health + initialDelaySeconds: {{ .Values.acrController.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.acrController.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.acrController.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.acrController.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.acrController.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.acrController.resources | nindent 12 }} + {{- with .Values.acrController.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.acrController.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.acrController.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.acrController) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.acrController.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.acrController.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.acrController.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.acrController.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.acrController.hostNetwork }} + hostNetwork: {{ .Values.acrController.hostNetwork }} + {{- end }} + {{- with .Values.acrController.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.acrController.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/templates/acr-controller/role.yaml b/charts/argo-cd/templates/acr-controller/role.yaml new file mode 100644 index 000000000..5e6a9bded --- /dev/null +++ b/charts/argo-cd/templates/acr-controller/role.yaml @@ -0,0 +1,44 @@ +{{- if .Values.acrController.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.acr-controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.acrController.name "name" .Values.acrController.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - applicationsets + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +{{- end }} diff --git a/charts/argo-cd/templates/acr-controller/rolebinding.yaml b/charts/argo-cd/templates/acr-controller/rolebinding.yaml new file mode 100644 index 000000000..a4a57446c --- /dev/null +++ b/charts/argo-cd/templates/acr-controller/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.acrController.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-cd.acr-controller.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.acrController.name "name" .Values.acrController.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.acr-controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.acrControllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-cd/templates/acr-controller/serviceaccount.yaml b/charts/argo-cd/templates/acr-controller/serviceaccount.yaml new file mode 100644 index 000000000..3ded855cc --- /dev/null +++ b/charts/argo-cd/templates/acr-controller/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.acrController.enabled .Values.acrController.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.acrController.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "argo-cd.acrControllerServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- if .Values.acrController.serviceAccount.annotations }} + annotations: + {{- range $key, $value := .Values.acrController.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.acrController.name "name" .Values.acrController.name) | nindent 4 }} + {{- range $key, $value := .Values.acrController.serviceAccount.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/crds/crd-application.yaml b/charts/argo-cd/templates/crds/crd-application.yaml index 686626ba2..fd0ecb11c 100644 --- a/charts/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo-cd/templates/crds/crd-application.yaml @@ -116,6 +116,12 @@ spec: sync: description: Sync contains parameters for the operation properties: + changeRevision: + type: string + changeRevisions: + items: + type: string + type: array dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync @@ -2544,6 +2550,12 @@ spec: sync: description: Sync contains parameters for the operation properties: + changeRevision: + type: string + changeRevisions: + items: + type: string + type: array dryRun: description: DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ddb48f3a8..3bdf5e027 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3907,3 +3907,174 @@ eventReporter: enabled: false # -- List of custom rules for the event reporter's ClusterRole resource rules: [] + +acrController: + # Enabled we need to skip argo-cd chart tests for this component + enabled: false + name: acr-controller + ## Amount of replicas for event reporting sharding + replicas: 1 + ## ACR controller image + image: + # -- Repository to use for the event reporter + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the event reporter + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the event reporter + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to event reporter + extraArgs: [] + + # -- Environment variables to pass to event reporter + env: [] + + # -- envFrom to pass to event reporter + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Additional containers to be added to the event reporter pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the event reporter pod + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the server pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + ## Note: Supports use of custom Helm templates + initContainers: [] + # - name: download-tools + # image: alpine:3 + # command: [sh, -c] + # args: + # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && + # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + + # -- Additional volumeMounts to the event reporter main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin + # name: custom-tools + # subPath: kubelogin + + # -- Additional volumes to the event reporter pod + volumes: [] + # - name: custom-tools + # emptyDir: {} + + # -- Annotations for the event reporter StatefulSet + statefulsetAnnotations: {} + + # -- Annotations to be added to event reporter pods + podAnnotations: {} + + # -- Labels to be added to event reporter pods + podLabels: {} + + # -- Resource limits and requests for the event reporter pods + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + # Event reporter container ports + containerPorts: + health: 8090 + + # -- Host Network for event reporter pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for event reporter pods + dnsPolicy: "ClusterFirst" + + # -- Event reporter container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + # Readiness probe for event reporter + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Priority class for the event reporter pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the event reporter + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + serviceAccount: + # -- Create a service account for the event reporter + create: true + # -- Service account name + name: acr-controller + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the event reporter's ClusterRole resource + enabled: false + # -- List of custom rules for the event reporter's ClusterRole resource + rules: [] From 1c4da57ab52cf0f8a2f33d89c97c8d3badc22836 Mon Sep 17 00:00:00 2001 From: pashakostohrys Date: Thu, 26 Sep 2024 14:48:07 +0300 Subject: [PATCH 2/6] feat: support acr controller in our chart --- charts/argo-cd/templates/_helpers.tpl | 17 +++++++ .../templates/acr-controller/clusterrole.yaml | 16 +++---- .../templates/acr-controller/role.yaml | 44 +++++-------------- 3 files changed, 35 insertions(+), 42 deletions(-) diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index e9ed46d7d..b4701d438 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -285,3 +285,20 @@ Helper template to set argocd server url in event reporter {{- end }} {{- printf "%s:%v" (include "argo-cd.server.fullname" .) $port }} {{- end -}} + +{{/* + Create acr controller name and version as used by the chart label. +*/}} +{{- define "argo-cd.acr-controller.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.acrController.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{/* + Create the name of the acr controller service account to use + */}} +{{- define "argo-cd.acrControllerServiceAccountName" -}} +{{- if .Values.acrController.serviceAccount.create -}} +{{ default (include "argo-cd.event-reporter.fullname" .) .Values.acrController.serviceAccount.name }} +{{- else -}} +{{ default "default" .Values.acrController.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/argo-cd/templates/acr-controller/clusterrole.yaml b/charts/argo-cd/templates/acr-controller/clusterrole.yaml index 1e4a25627..8ce53da85 100644 --- a/charts/argo-cd/templates/acr-controller/clusterrole.yaml +++ b/charts/argo-cd/templates/acr-controller/clusterrole.yaml @@ -12,15 +12,15 @@ rules: {{- toYaml .Values.acrController.clusterRoleRules.rules | nindent 2 }} {{- else }} - apiGroups: - - '*' + - argoproj.io resources: - - '*' + - applications verbs: - - '*' - - nonResourceURLs: - - '*' - verbs: - - '*' - {{- end }} + - get + - list + - watch + - patch + - update +{{- end }} {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/acr-controller/role.yaml b/charts/argo-cd/templates/acr-controller/role.yaml index 5e6a9bded..2259a1fbd 100644 --- a/charts/argo-cd/templates/acr-controller/role.yaml +++ b/charts/argo-cd/templates/acr-controller/role.yaml @@ -7,38 +7,14 @@ metadata: labels: {{- include "argo-cd.labels" (dict "context" . "component" .Values.acrController.name "name" .Values.acrController.name) | nindent 4 }} rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - - applicationsets - verbs: - - create - - get - - list - - watch - - update - - delete - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - watch + - patch + - update {{- end }} From c57039b642e9c10646e20710bf537e18630840b9 Mon Sep 17 00:00:00 2001 From: pashakostohrys Date: Thu, 26 Sep 2024 14:50:47 +0300 Subject: [PATCH 3/6] feat: support acr controller in our chart --- charts/argo-cd/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index b4701d438..8e2fecb94 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -297,7 +297,7 @@ Helper template to set argocd server url in event reporter */}} {{- define "argo-cd.acrControllerServiceAccountName" -}} {{- if .Values.acrController.serviceAccount.create -}} -{{ default (include "argo-cd.event-reporter.fullname" .) .Values.acrController.serviceAccount.name }} +{{ default (include "argo-cd.acr-controller.fullname" .) .Values.acrController.serviceAccount.name }} {{- else -}} {{ default "default" .Values.acrController.serviceAccount.name }} {{- end -}} From 7f53949346b4b0f882b35ec46fa01eab72113576 Mon Sep 17 00:00:00 2001 From: pashakostohrys Date: Thu, 26 Sep 2024 14:53:56 +0300 Subject: [PATCH 4/6] rename event reporter to acr controller --- charts/argo-cd/values.yaml | 48 +++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index d55357934..5e9c29f57 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3957,13 +3957,13 @@ acrController: replicas: 1 ## ACR controller image image: - # -- Repository to use for the event reporter + # -- Repository to use for the acr controller # @default -- `""` (defaults to global.image.repository) repository: "" - # -- Tag to use for the event reporter + # -- Tag to use for the acr controller # @default -- `""` (defaults to global.image.tag) tag: "" - # -- Image pull policy for the event reporter + # -- Image pull policy for the acr controller # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -3971,13 +3971,13 @@ acrController: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- Additional command line arguments to pass to event reporter + # -- Additional command line arguments to pass to acr controller extraArgs: [] - # -- Environment variables to pass to event reporter + # -- Environment variables to pass to acr controller env: [] - # -- envFrom to pass to event reporter + # -- envFrom to pass to acr controller # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: @@ -3985,11 +3985,11 @@ acrController: # - secretRef: # name: secret-name - # -- Additional containers to be added to the event reporter pod + # -- Additional containers to be added to the acr controller pod ## Note: Supports use of custom Helm templates extraContainers: [] - # -- Init containers to add to the event reporter pod + # -- Init containers to add to the acr controller pod ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin ## you could use this (and the same in the server pod) to provide such executable ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins @@ -4005,27 +4005,27 @@ acrController: # - mountPath: /custom-tools # name: custom-tools - # -- Additional volumeMounts to the event reporter main container + # -- Additional volumeMounts to the acr controller main container volumeMounts: [] # - mountPath: /usr/local/bin/kubelogin # name: custom-tools # subPath: kubelogin - # -- Additional volumes to the event reporter pod + # -- Additional volumes to the acr controller pod volumes: [] # - name: custom-tools # emptyDir: {} - # -- Annotations for the event reporter StatefulSet + # -- Annotations for the acr controller StatefulSet statefulsetAnnotations: {} - # -- Annotations to be added to event reporter pods + # -- Annotations to be added to acr controller pods podAnnotations: {} - # -- Labels to be added to event reporter pods + # -- Labels to be added to acr controller pods podLabels: {} - # -- Resource limits and requests for the event reporter pods + # -- Resource limits and requests for the acr controller pods resources: {} # limits: # cpu: 500m @@ -4034,19 +4034,19 @@ acrController: # cpu: 250m # memory: 256Mi - # Event reporter container ports + # ACR controller container ports containerPorts: health: 8090 - # -- Host Network for event reporter pods + # -- Host Network for acr controller pods hostNetwork: false # -- [DNS configuration] dnsConfig: {} - # -- Alternative DNS policy for event reporter pods + # -- Alternative DNS policy for acr controller pods dnsPolicy: "ClusterFirst" - # -- Event reporter container-level security context + # -- acr controller container-level security context # @default -- See [values.yaml] containerSecurityContext: runAsNonRoot: true @@ -4058,7 +4058,7 @@ acrController: drop: - ALL - # Readiness probe for event reporter + # Readiness probe for acr controller ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded @@ -4075,7 +4075,7 @@ acrController: # -- terminationGracePeriodSeconds for container lifecycle hook terminationGracePeriodSeconds: 30 - # -- Priority class for the event reporter pods + # -- Priority class for the acr controller pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" @@ -4091,7 +4091,7 @@ acrController: # @default -- `{}` (defaults to global.affinity preset) affinity: {} - # -- Assign custom [TopologySpreadConstraints] rules to the event reporter + # -- Assign custom [TopologySpreadConstraints] rules to the acr controller # @default -- `[]` (defaults to global.topologySpreadConstraints) ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment @@ -4101,7 +4101,7 @@ acrController: # whenUnsatisfiable: DoNotSchedule serviceAccount: - # -- Create a service account for the event reporter + # -- Create a service account for the acr controller create: true # -- Service account name name: acr-controller @@ -4115,7 +4115,7 @@ acrController: ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off clusterRoleRules: - # -- Enable custom rules for the event reporter's ClusterRole resource + # -- Enable custom rules for the acr controller's ClusterRole resource enabled: false - # -- List of custom rules for the event reporter's ClusterRole resource + # -- List of custom rules for the acr controller's ClusterRole resource rules: [] From 829163fd7c32bc8f994615cae40a5b330a0e2e63 Mon Sep 17 00:00:00 2001 From: pashakostohrys Date: Thu, 26 Sep 2024 14:58:32 +0300 Subject: [PATCH 5/6] change docs --- charts/argo-cd/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 173f8492c..53c82cef2 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v2.12-2024.9.9-ba613c5bd +appVersion: v2.12-2024.9.23-0dc32342c kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd @@ -27,4 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade argo-cd to v2.12-2024.9.9-ba613c5bd with reporting of resources health errors on level with application event + description: Upgrade argo-cd to v2.12-2024.9.23-0dc32342c with and add acr controller support From 7bd41e8f464278ee3d616c6400d3094a5974ffc9 Mon Sep 17 00:00:00 2001 From: pashakostohrys Date: Thu, 26 Sep 2024 15:15:17 +0300 Subject: [PATCH 6/6] change docs --- charts/argo-cd/README.md | 41 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 721bbfb4b..d6e1e5b9c 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -669,6 +669,47 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| +| acrController.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| acrController.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the acr controller's ClusterRole resource | +| acrController.clusterRoleRules.rules | list | `[]` | List of custom rules for the acr controller's ClusterRole resource | +| acrController.containerPorts.health | int | `8090` | | +| acrController.containerSecurityContext | object | See [values.yaml] | acr controller container-level security context | +| acrController.dnsConfig | object | `{}` | [DNS configuration] | +| acrController.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for acr controller pods | +| acrController.enabled | bool | `false` | | +| acrController.env | list | `[]` | Environment variables to pass to acr controller | +| acrController.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to acr controller | +| acrController.extraArgs | list | `[]` | Additional command line arguments to pass to acr controller | +| acrController.extraContainers | list | `[]` | Additional containers to be added to the acr controller pod | +| acrController.hostNetwork | bool | `false` | Host Network for acr controller pods | +| acrController.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the acr controller | +| acrController.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the acr controller | +| acrController.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the acr controller | +| acrController.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| acrController.initContainers | list | `[]` | Init containers to add to the acr controller pod | +| acrController.name | string | `"acr-controller"` | | +| acrController.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| acrController.podAnnotations | object | `{}` | Annotations to be added to acr controller pods | +| acrController.podLabels | object | `{}` | Labels to be added to acr controller pods | +| acrController.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the acr controller pods | +| acrController.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| acrController.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| acrController.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| acrController.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| acrController.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| acrController.replicas | int | `1` | | +| acrController.resources | object | `{}` | Resource limits and requests for the acr controller pods | +| acrController.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| acrController.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| acrController.serviceAccount.create | bool | `true` | Create a service account for the acr controller | +| acrController.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| acrController.serviceAccount.name | string | `"acr-controller"` | Service account name | +| acrController.statefulsetAnnotations | object | `{}` | Annotations for the acr controller StatefulSet | +| acrController.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| acrController.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| acrController.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the acr controller | +| acrController.volumeMounts | list | `[]` | Additional volumeMounts to the acr controller main container | +| acrController.volumes | list | `[]` | Additional volumes to the acr controller pod | | apiVersionOverrides | object | `{}` | | | applicationVersioning.enabled | bool | `true` | enables the Codefresh application versioning feature | | applicationVersioning.useApplicationConfiguration | bool | `true` | use ApplicationConfiguration CRD to manage application versioning |