Merge branch 'master' into kus3

USERS.md

@@ -70,6 +70,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Generali Deutschland AG](https://www.generali.de/)
 1. [Gitpod](https://www.gitpod.io)
 1. [Gllue](https://gllue.com)
+1. [GLOBIS](https://globis.com)
 1. [Glovo](https://www.glovoapp.com)
 1. [GMETRI](https://gmetri.com/)
 1. [Gojek](https://www.gojek.io/)
@@ -213,4 +214,4 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Trendyol](https://www.trendyol.com/)
 1. [RapidAPI](https://www.rapidapi.com/)
 1. [Pismo](https://pismo.io/)
-1. [South China Morning Post (SCMP)](https://www.scmp.com/)
+1. [South China Morning Post (SCMP)](https://www.scmp.com/)

cmd/argocd/commands/app.go

@@ -48,6 +48,7 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/cli"
 	"github.com/argoproj/argo-cd/v2/util/errors"
 	"github.com/argoproj/argo-cd/v2/util/git"
+	"github.com/argoproj/argo-cd/v2/util/grpc"
 	argoio "github.com/argoproj/argo-cd/v2/util/io"
 	"github.com/argoproj/argo-cd/v2/util/templates"
 	"github.com/argoproj/argo-cd/v2/util/text/label"
@@ -162,11 +163,27 @@ func NewApplicationCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.
 					Upsert:      &upsert,
 					Validate:    &appOpts.Validate,
 				}
+
+				// Get app before creating to see if it is being updated or no change
+				existing, err := appIf.Get(ctx, &applicationpkg.ApplicationQuery{Name: &app.Name})
+				if grpc.UnwrapGRPCStatus(err).Code() != codes.NotFound {
+					errors.CheckError(err)
+				}
+
 				created, err := appIf.Create(ctx, &appCreateRequest)
 				errors.CheckError(err)
-				fmt.Printf("application '%s' created\n", created.ObjectMeta.Name)
-			}
 
+				var action string
+				if existing == nil {
+					action = "created"
+				} else if !hasAppChanged(existing, created, upsert) {
+					action = "unchanged"
+				} else {
+					action = "updated"
+				}
+
+				fmt.Printf("application '%s' %s\n", created.ObjectMeta.Name, action)
+			}
 		},
 	}
 	command.Flags().StringVar(&appName, "name", "", "A name for the app, ignored if a file is set (DEPRECATED)")
@@ -211,6 +228,37 @@ func getRefreshType(refresh bool, hardRefresh bool) *string {
 	return nil
 }
 
+func hasAppChanged(appReq, appRes *argoappv1.Application, upsert bool) bool {
+	// upsert==false, no change occurred from create command
+	if !upsert {
+		return false
+	}
+
+	// If no project, assume default project
+	if appReq.Spec.Project == "" {
+		appReq.Spec.Project = "default"
+	}
+	// Server will return nils for empty labels, annotations, finalizers
+	if len(appReq.Labels) == 0 {
+		appReq.Labels = nil
+	}
+	if len(appReq.Annotations) == 0 {
+		appReq.Annotations = nil
+	}
+	if len(appReq.Finalizers) == 0 {
+		appReq.Finalizers = nil
+	}
+
+	if reflect.DeepEqual(appRes.Spec, appReq.Spec) &&
+		reflect.DeepEqual(appRes.Labels, appReq.Labels) &&
+		reflect.DeepEqual(appRes.ObjectMeta.Annotations, appReq.Annotations) &&
+		reflect.DeepEqual(appRes.Finalizers, appReq.Finalizers) {
+		return false
+	}
+
+	return true
+}
+
 // NewApplicationGetCommand returns a new instance of an `argocd app get` command
 func NewApplicationGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (

cmd/argocd/commands/app_test.go

@@ -6,20 +6,16 @@ import (
 	"testing"
 	"time"
 
+	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/gitops-engine/pkg/health"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
-	"github.com/argoproj/gitops-engine/pkg/health"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
-
 	"github.com/stretchr/testify/assert"
-
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
 func Test_getInfos(t *testing.T) {
@@ -1158,3 +1154,85 @@ func TestCheckResourceStatus(t *testing.T) {
 		assert.True(t, res)
 	})
 }
+
+func Test_hasAppChanged(t *testing.T) {
+	type args struct {
+		appReq *argoappv1.Application
+		appRes *argoappv1.Application
+		upsert bool
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "App has changed - Labels, Annotations, Finalizers empty",
+			args: args{
+				appReq: testApp("foo", "default", map[string]string{}, map[string]string{}, []string{}),
+				appRes: testApp("foo", "foo", nil, nil, nil),
+				upsert: true,
+			},
+			want: true,
+		},
+		{
+			name: "App unchanged - Labels, Annotations, Finalizers populated",
+			args: args{
+				appReq: testApp("foo", "default", map[string]string{"foo": "bar"}, map[string]string{"foo": "bar"}, []string{"foo"}),
+				appRes: testApp("foo", "default", map[string]string{"foo": "bar"}, map[string]string{"foo": "bar"}, []string{"foo"}),
+				upsert: true,
+			},
+			want: false,
+		},
+		{
+			name: "Apps unchanged - Using empty maps/list locally versus server returning nil",
+			args: args{
+				appReq: testApp("foo", "default", map[string]string{}, map[string]string{}, []string{}),
+				appRes: testApp("foo", "default", nil, nil, nil),
+				upsert: true,
+			},
+			want: false,
+		},
+		{
+			name: "App unchanged - Using empty project locally versus server returning default",
+			args: args{
+				appReq: testApp("foo", "", map[string]string{}, map[string]string{}, []string{}),
+				appRes: testApp("foo", "default", nil, nil, nil),
+			},
+			want: false,
+		},
+		{
+			name: "App unchanged - From upsert=false",
+			args: args{
+				appReq: testApp("foo", "foo", map[string]string{}, map[string]string{}, []string{}),
+				appRes: testApp("foo", "default", nil, nil, nil),
+				upsert: false,
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := hasAppChanged(tt.args.appReq, tt.args.appRes, tt.args.upsert); got != tt.want {
+				t.Errorf("hasAppChanged() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func testApp(name, project string, labels map[string]string, annotations map[string]string, finalizers []string) *argoappv1.Application {
+	return &argoappv1.Application{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        name,
+			Labels:      labels,
+			Annotations: annotations,
+			Finalizers:  finalizers,
+		},
+		Spec: argoappv1.ApplicationSpec{
+			Source: argoappv1.ApplicationSource{
+				RepoURL: "https://github.com/argoproj/argocd-example-apps.git",
+			},
+			Project: project,
+		},
+	}
+}

docs/developer-guide/toolchain-guide.md

@@ -24,8 +24,7 @@ You will need at least the following things in your toolchain in order to develo
 
 * A Kubernetes cluster. You won't need a fully blown multi-master, multi-node cluster, but you will need something like K3S, Minikube or microk8s. You will also need a working Kubernetes client (`kubectl`) configuration in your development environment. The configuration must reside in `~/.kube/config` and the API server URL must point to the IP address of your local machine (or VM), and **not** to `localhost` or `127.0.0.1` if you are using the virtualized development toolchain (see below)
 
-* You will also need a working Docker runtime environment, to be able to build and run images.
-The Docker version must be fairly recent, and support multi-stage builds. You should not work as root. Make your local user a member of the `docker` group to be able to control the Docker service on your machine.
+* You will also need a working Docker runtime environment, to be able to build and run images. The Docker version must be 17.05.0 or higher, to support multi-stage builds. 
 
 * Obviously, you will need a `git` client for pulling source code and pushing back your changes.
 

docs/developer-guide/ui-extensions.md

@@ -35,14 +35,17 @@ registerResourceExtension(component: ExtensionComponent, group: string, kind: st
 
 * `component: ExtensionComponent` is a React component that receives the following properties:
 
+    * application: Application - Argo CD Application resource;
     * resource: State - the kubernetes resource object;
     * tree: ApplicationTree - includes list of all resources that comprise the application;
 
     See properties interfaces in [models.ts](https://github.com/argoproj/argo-cd/blob/master/ui/src/app/shared/models.ts)
 
-* `group: string` - the glob expression that matches the group of the resource;
+* `group: string` - the glob expression that matches the group of the resource; note: use globstar (`**`) to match all groups including empty string;
 * `kind: string` - the glob expression that matches the kind of the resource;
 * `tabTitle: string` - the extension tab title.
+* `opts: Object` - additional options:
+  * `icon: string` - the class name the represents the icon from the [https://fontawesome.com/](https://fontawesome.com/) library (e.g. 'fa-calendar-alt');
 
 Below is an example of a resource tab extension:
 

docs/operator-manual/application.yaml

@@ -92,6 +92,12 @@ spec:
         - code: false
           name: foo
           value: bar
+      # Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during
+      # manifest generation. This takes precedence over the `include` field.
+      exclude: string
+      # Include contains a glob pattern to match paths against that should be explicitly included during manifest
+      # generation. If this field is set, only matching manifests will be included.
+      include: string
 
     # plugin specific config
     plugin:

docs/operator-manual/ingress.md

@@ -427,14 +427,14 @@ Once we create this service, we can configure the Ingress to conditionally route
               name: argogrpc
               port:
                 number: 443
-          pathType: ImplementationSpecific
+          pathType: Prefix
         - path: /
           backend:
             service:
               name: argocd-server
               port:
                 number: 443
-          pathType: ImplementationSpecific
+          pathType: Prefix
     tls:
     - hosts:
       - argocd.argoproj.io

docs/operator-manual/metrics.md

@@ -67,8 +67,10 @@ Scraped at the `argocd-server-metrics:8083/metrics` endpoint.
 | Metric | Type | Description |
 |--------|:----:|-------------|
 | `argocd_redis_request_duration` | histogram | Redis requests duration. |
-| `argocd_redis_request_total` | counter | Number of kubernetes requests executed during application reconciliation. |
-
+| `argocd_redis_request_total` | counter | Number of kubernetes requests executed during application
+reconciliation. |
+| `grpc_server_handled_total` | counter | Total number of RPCs completed on the server, regardless of success or failure. |
+| `grpc_server_msg_sent_total` | counter | Total number of gRPC stream messages sent by the server. |
 ## Repo Server Metrics
 Metrics about the Repo Server.
 Scraped at the `argocd-repo-server:8084/metrics` endpoint.

docs/operator-manual/web_based_terminal.md

@@ -12,7 +12,7 @@ Kubernetes), then the user effectively has the same privileges as that ServiceAc
 
 ## Enabling the terminal
 
-1. Set the `exec.enabled` key to `true` on the `argocd-cm` ConfigMap.
+1. Set the `exec.enabled` key to `"true"` on the `argocd-cm` ConfigMap.
 
 2. Patch the `argocd-server` Role (if using namespaced Argo) or ClusterRole (if using clustered Argo) to allow `argocd-server`
 to exec into pods

docs/requirements.txt

@@ -2,4 +2,5 @@ mkdocs==1.2.3
 mkdocs-material==7.1.7
 markdown_include==0.6.0
 pygments==2.7.4
-jinja2===3.0.3
+jinja2==3.0.3
+markdown==3.3.7

manifests/base/dex/argocd-dex-server-deployment.yaml

@@ -37,7 +37,7 @@ spec:
             type: RuntimeDefault
       containers:
       - name: dex
-        image: ghcr.io/dexidp/dex:v2.30.2
+        image: ghcr.io/dexidp/dex:v2.32.0
         imagePullPolicy: Always
         command: [/shared/argocd-dex, rundex]
         env:

manifests/ha/base/redis-ha/chart/upstream.yaml

@@ -770,7 +770,7 @@ spec:
               topologyKey: kubernetes.io/hostname
       initContainers:
       - name: config-init
-        image: haproxy:2.0.25-alpine
+        image: haproxy:2.0.29-alpine
         imagePullPolicy: IfNotPresent
         resources:
           {}
@@ -790,7 +790,7 @@ spec:
         runAsUser: 1000
       containers:
       - name: haproxy
-        image: haproxy:2.0.25-alpine
+        image: haproxy:2.0.29-alpine
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
@@ -878,7 +878,7 @@ spec:
       automountServiceAccountToken: false
       initContainers:
       - name: config-init
-        image: redis:7.0.0-alpine
+        image: redis:7.0.3-alpine
         imagePullPolicy: IfNotPresent
         resources:
           {}
@@ -906,7 +906,7 @@ spec:
 
       containers:
       - name: redis
-        image: redis:7.0.0-alpine
+        image: redis:7.0.3-alpine
         imagePullPolicy: IfNotPresent
         command:
         - redis-server
@@ -947,7 +947,7 @@ spec:
         lifecycle:
           {}
       - name: sentinel
-        image: redis:7.0.0-alpine
+        image: redis:7.0.3-alpine
         imagePullPolicy: IfNotPresent
         command:
           - redis-sentinel

manifests/ha/base/redis-ha/chart/values.yaml

@@ -9,12 +9,12 @@ redis-ha:
   haproxy:
     enabled: true
     image:
-      tag: 2.0.25-alpine
+      tag: 2.0.29-alpine
     timeout:
       server: 6m
       client: 6m
     checkInterval: 3s
   image:
-    tag: 7.0.0-alpine
+    tag: 7.0.3-alpine
   sentinel:
     bind: "0.0.0.0"

manifests/ha/base/redis-ha/kustomization.yaml

@@ -281,3 +281,16 @@ patchesJson6902:
     name: argocd-redis-ha-haproxy
   path: overlays/haproxy-service-selector.yaml
 
+# add container-level security contexts
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: argocd-redis-ha-haproxy
+  path: overlays/deployment-containers-securityContext.yaml
+- target:
+    group: apps
+    version: v1
+    kind: StatefulSet
+    name: argocd-redis-ha-server
+  path: overlays/statefulset-containers-securityContext.yaml

manifests/ha/base/redis-ha/overlays/deployment-containers-securityContext.yaml

@@ -0,0 +1,18 @@
+- op: add
+  path: /spec/template/spec/initContainers/0/securityContext
+  value:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - ALL
+    seccompProfile:
+      type: RuntimeDefault
+- op: add
+  path: /spec/template/spec/containers/0/securityContext
+  value:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - ALL
+    seccompProfile:
+      type: RuntimeDefault