Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: update helm chart to 6.11.1 #79

Closed
wants to merge 27 commits into from
Closed
Show file tree
Hide file tree
Changes from 26 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
6c08745
chore(deps): update ghcr.io/renovatebot/renovate docker tag to v37.33…
argoproj-renovate[bot] May 1, 2024
966b745
feat(argo-workflows): Allow adding additional ServiceAccounts to Role…
dbeilin May 1, 2024
35bc505
chore(deps): update actions/create-github-app-token action to v1.10.0…
argoproj-renovate[bot] May 2, 2024
0882bfc
feat(argo-rollouts): Add podLabels at the controller & dashboard leve…
meeech May 6, 2024
1098ce1
feat(argo-cd): Upgrade argocd to 2.11.0 + crd changes (#2681)
DrFaust92 May 8, 2024
dcdcff2
chore(deps): update actions/checkout action to v4.1.5 (#2683)
argoproj-renovate[bot] May 9, 2024
63306b3
feat(argo-cd): Always install applicationset crd (#2682)
ebuildy May 10, 2024
8e2f3d5
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#2687)
dependabot[bot] May 11, 2024
3693ed4
chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#2686)
dependabot[bot] May 11, 2024
5102613
fix(argo-cd): Always create ApplicationSet as following upstream (#2688)
yu-croco May 13, 2024
87f7176
fix(argo-cd): Fix Service configuration for Argo server (#2690)
pdrastil May 13, 2024
7be9b01
feat(argo-cd): Support ability to set .Values.namespaceOverride (#2679)
andres-vara May 14, 2024
39e1322
chore(argocd-image-updater): Update dependency argoproj-labs/argocd-i…
argoproj-renovate[bot] May 16, 2024
4ce5e9b
chore(deps): update actions/checkout action to v4.1.6 (#2696)
argoproj-renovate[bot] May 16, 2024
66c39a0
fix(argo-cd): Adding checksum for argocd-cm to dex pod (#2695)
etiennnr May 17, 2024
5d3e581
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#2700)
dependabot[bot] May 18, 2024
b95e14a
chore(deps): bump github/codeql-action from 2.13.4 to 3.25.5 (#2699)
dependabot[bot] May 18, 2024
4611a16
fix(argo-workflows): Correct sample of secondsAfterCompletion (#2702)
yu-croco May 19, 2024
f9eb0b3
fix(argo-workflows): Add missing serviceLabels to server service (#2698)
yu-croco May 19, 2024
fcee9a6
fix(argo-cd): Enable Redis authentication in the default installation…
mkilchhofer May 21, 2024
f431e9b
chore(argo-cd): add nodeselector and tolerations to redis-secret-init…
pavankumar-go May 22, 2024
3174f52
chore(argo-cd): add priorityClassName to redis-secret-init job (#2709)
tberreis May 22, 2024
e677641
feat(argo-rollouts): Support revisionHistoryLimit (#2712)
yu-croco May 23, 2024
728b6e7
feat(argo-cd): Make redis secret initialization optional (#2713)
michaelvl May 23, 2024
fa2fb1c
chore(argo-cd): Update dependency argoproj/argo-cd to v2.11.2 (#2715)
argoproj-renovate[bot] May 23, 2024
8a22281
Merge branch 'refs/heads/argo-cd-6.11.1-branch' into CR-23980-update-…
oleksandr-codefresh Jun 18, 2024
b1ff2a3
argo-cd: v2.11-2024.6.18-a171b066e
oleksandr-codefresh Jun 18, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/lint-and-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
options: --user 1001
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Run ah lint
working-directory: ./charts
run: ah lint
Expand All @@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
fetch-depth: 0

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/renovate.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,21 +16,21 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Get token
uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3
uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
id: get_token
with:
app-id: ${{ vars.RENOVATE_APP_ID }}
private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}

- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

- name: Self-hosted Renovate
uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11
with:
configurationFile: .github/configs/renovate-config.js
# renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
renovate-version: 37.278.0
renovate-version: 37.332.0
token: '${{ steps.get_token.outputs.token }}'
env:
LOG_LEVEL: 'debug'
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,12 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
with:
results_file: results.sarif
results_format: sarif
Expand Down Expand Up @@ -68,6 +68,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion charts/argo-cd/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ appVersion: v2.10-2024.6.17-77e06d0f6
kubeVersion: ">=1.23.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 6.7.18-4-cap-2.10-2024.6.17-77e06d0f6
version: 6.11.1-0-cap-2.10-2024.6.17-77e06d0f6
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
Expand Down
49 changes: 46 additions & 3 deletions charts/argo-cd/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,42 @@ For full list of changes please check ArtifactHub [changelog].

Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.

### 6.10.0

This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.

#### How to rotate Redis secret?

Upstream steps in the [FAQ] are not enough, since we chose a different approach.
(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)

Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
* Delete `argocd-redis` secret in the namespace where Argo CD is installed.
```bash
kubectl delete secret argocd-redis -n <argocd namesapce>
```
* **Perform a helm upgrade**
```bash
helm upgrade argocd argo/argo-cd --reuse-values --wait
```
* If you are running Redis in HA mode, restart Redis in HA.
```bash
kubectl rollout restart deployment argocd-redis-ha-haproxy
kubectl rollout restart statefulset argocd-redis-ha-server
```
* If you are running Redis in non-HA mode, restart Redis.
```bash
kubectl rollout restart deployment argocd-redis
```
* Restart other components.
```bash
kubectl rollout restart deployment argocd-server argocd-repo-server
kubectl rollout restart statefulset argocd-application-controller
```

### 6.9.0
ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9).

### 6.4.0

Added support for application controller dynamic cluster distribution.
Expand Down Expand Up @@ -694,6 +730,7 @@ NAME: my-release
| fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` |
| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
| nameOverride | string | `"argocd"` | Provide a name in place of `argocd` |
| namespaceOverride | string | `.Release.Namespace` | Override the namespace |
| openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server |

## Global Configs
Expand Down Expand Up @@ -1117,7 +1154,7 @@ NAME: my-release
| server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route |
| server.service.annotations | object | `{}` | Server service annotations |
| server.service.externalIPs | list | `[]` | Server service external IPs |
| server.service.externalTrafficPolicy | string | `""` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints |
| server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints |
| server.service.labels | object | `{}` | Server service labels |
| server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field |
| server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from |
Expand All @@ -1126,8 +1163,9 @@ NAME: my-release
| server.service.servicePortHttp | int | `80` | Server service http port |
| server.service.servicePortHttpName | string | `"http"` | Server service http port name, can be used to route traffic via istio |
| server.service.servicePortHttps | int | `443` | Server service https port |
| server.service.servicePortHttpsAppProtocol | string | `""` | Server service https port appProtocol |
| server.service.servicePortHttpsName | string | `"https"` | Server service https port name, can be used to route traffic via istio |
| server.service.sessionAffinity | string | `""` | Used to maintain session affinity. Supports `ClientIP` and `None` |
| server.service.sessionAffinity | string | `"None"` | Used to maintain session affinity. Supports `ClientIP` and `None` |
| server.service.type | string | `"ClusterIP"` | Server service type |
| server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| server.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
Expand Down Expand Up @@ -1397,20 +1435,24 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods |
| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job |
| redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job |
| redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job |
| redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job |
| redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name |
| redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job |
| redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job |
| redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job |
| redisSecretInit.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for Redis secret-init Job |
| redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job |
| redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context |
| redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod |
| redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod |
| redisSecretInit.tolerations | list | `[]` (defaults to global.tolerations) | Tolerations to be added to the Redis secret-init Job |

## ApplicationSet

Expand Down Expand Up @@ -1442,7 +1484,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
| applicationSet.dnsConfig | object | `{}` | [DNS configuration] |
| applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods |
| applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller |
| applicationSet.enabled | bool | `true` | Enable ApplicationSet controller |
| applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags |
| applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod |
| applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller |
Expand Down Expand Up @@ -1604,8 +1645,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
Expand Down
38 changes: 38 additions & 0 deletions charts/argo-cd/README.md.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,42 @@ For full list of changes please check ArtifactHub [changelog].

Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.

### 6.10.0

This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.

#### How to rotate Redis secret?

Upstream steps in the [FAQ] are not enough, since we chose a different approach.
(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)

Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
* Delete `argocd-redis` secret in the namespace where Argo CD is installed.
```bash
kubectl delete secret argocd-redis -n <argocd namesapce>
```
* **Perform a helm upgrade**
```bash
helm upgrade argocd argo/argo-cd --reuse-values --wait
```
* If you are running Redis in HA mode, restart Redis in HA.
```bash
kubectl rollout restart deployment argocd-redis-ha-haproxy
kubectl rollout restart statefulset argocd-redis-ha-server
```
* If you are running Redis in non-HA mode, restart Redis.
```bash
kubectl rollout restart deployment argocd-redis
```
* Restart other components.
```bash
kubectl rollout restart deployment argocd-server argocd-repo-server
kubectl rollout restart statefulset argocd-application-controller
```

### 6.9.0
ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9).

### 6.4.0

Added support for application controller dynamic cluster distribution.
Expand Down Expand Up @@ -760,8 +796,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
Expand Down
12 changes: 9 additions & 3 deletions charts/argo-cd/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ
{{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}}
{{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}}
{{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}}
{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}}
{{- if .Values.dex.enabled -}}
{{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}}
{{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}}
Expand All @@ -223,9 +224,6 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ
{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}}
{{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}}
{{- end -}}
{{- if .Values.applicationSet.enabled -}}
{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}}
{{- end -}}
{{- toYaml $presets }}
{{- end -}}

Expand All @@ -240,6 +238,14 @@ Merge Argo Params Configuration with Preset Configuration
{{- end }}
{{- end -}}

{{/*
Expand the namespace of the release.
Allows overriding it for multi-namespace deployments in combined charts.
*/}}
{{- define "argo-cd.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end }}

{{/*
Create event reporter name and version as used by the chart label.
*/}}
Expand Down
6 changes: 0 additions & 6 deletions charts/argo-cd/templates/aggregate-roles.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,7 @@ rules:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
- appprojects
verbs:
- get
Expand All @@ -33,9 +31,7 @@ rules:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
- appprojects
verbs:
- create
Expand All @@ -60,9 +56,7 @@ rules:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
- appprojects
verbs:
- create
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ include "argo-cd.namespace" . }}
{{- end }}
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ metadata:
{{- end }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ include "argo-cd.controller.fullname" . }}-metrics
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }}
{{- with .Values.controller.metrics.service.labels }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
name: {{ template "argo-cd.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . }}
spec:
ingress:
- from:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "argo-cd.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.pdb.labels }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "argo-cd.controller.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
namespace: {{ include "argo-cd.namespace" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: {{ include "argo-cd.controller.serviceAccountName" . }}
namespace: {{ include "argo-cd.namespace" . }}
Loading