feat(argo-cd): Upgrade Argo CD to 2.5.0 #1568
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pdrastil
added
the
awaiting-upstream
pdrastil
commented
Oct 22, 2022
| {{/* | ||
| Create Dex server endpoint | ||
| */}} | ||
| {{- define "argo-cd.dex.server" -}} |
There was a problem hiding this comment.
Support for new HTTP / HTTPS for dex server. Tested via OIDC provider config on RC3
pdrastil
force-pushed
the
feature/upgrade
branch
from
0f0781b
to
52e5cc1
Compare
pdrastil
commented
Oct 22, 2022
| ports: | ||
| - name: repo-server | ||
| containerPort: {{ .Values.repoServer.containerPort }} | ||
| protocol: TCP | ||
| {{ if .Values.repoServer.metrics.enabled }} |
There was a problem hiding this comment.
Removed all these guards. Metrics ports are not related to configured metrics Service and can be used via other means like Prometheus service discovery. They are also used by some controllers for liveness / readiness probes.
pdrastil
commented
Oct 22, 2022
| name: gpg-keys | ||
| - mountPath: /app/config/gpg/keys | ||
| name: gpg-keyring | ||
| {{- if .Values.configs.knownHosts }} |
There was a problem hiding this comment.
Not an optional volume. All optional volumes are marked as such via optional: true
|
Synced and tested on RC3. Still waiting for confirmation if new cmd-params for applicationset will be cherry picked to 2.5.0 |
pdrastil
force-pushed
the
feature/upgrade
branch
from
52e5cc1
to
9e2d997
Compare
pdrastil
commented
Oct 22, 2022
6 tasks
pdrastil
force-pushed
the
feature/upgrade
branch
from
9e2d997
to
deeda3f
Compare
|
Hey, thanks a lot for getting this up so early. We are pretty anxious to start using 2.5.0 because of the ability to roll out Applications to namespaces other than I did notice however that the CRD rollouts in the chart are still |
|
@karlschriek Hi - you are welcome. CRDs are always global resource in the cluster. As far as I know inside CRD schema can be namespaced (to allow creation of resources inside each namespace) or global (which means that they behave similar like ClusterRoles). This chart just installs the CRDs as part of it installation, namespaced schema ensures that it can be used anywhere. |
|
Right! Sorry yeah my bad, Cluster CRDs are meant for CRs that don't get
rolled out to a namespace at all but are rolled out as a cluster-wide
resource, has nothing to do with where those types of CRs can be deploy.
Anyway, have rolled out and it looks like it is working. Wil post back here
if I come across any issues related to the chart specifically.
…On Mon, 24 Oct 2022, 14:23 Petr Drastil, ***@***.***> wrote:
@karlschriek <https://github.com/karlschriek> Hi - you are welcome. CRDs
are always global resource in the cluster. As far as I know inside CRD
schema can be namespaced (to allow creation of resources inside each
namespace) or global (which means that they behave similar like
ClusterRoles). This chart just installs the CRDs as part of it
installation, namespaced schema ensures that it can be used anywhere.
—
Reply to this email directly, view it on GitHub
<#1568 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGBE4OFGQMIDLYBEDN6YDOLWEZ5TXANCNFSM6AAAAAARL25HDA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
pdrastil
force-pushed
the
feature/upgrade
branch
6 times, most recently
from
2d3049f
to
ce8f4e1
Compare
pdrastil
requested review from
davidkarlsen,
mr-sour,
yann-soubeyrand,
mbevc1,
mkilchhofer and
yu-croco
as code owners
Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
pdrastil
force-pushed
the
feature/upgrade
branch
from
ce8f4e1
to
01e6097
Compare
pdrastil
removed
the
awaiting-upstream
jmeridth
approved these changes
Oct 25, 2022
hairmare
approved these changes
Oct 25, 2022
mkilchhofer
reviewed
Oct 25, 2022
There was a problem hiding this comment.
Additional to the comment, we should cleanup the default securityContexts as upstream already has default (hardened) security context defined.
And release 2.5 now adds
seccompProfile:
type: RuntimeDefaultAlso the TLS stuff for dex is missing. But I assume you want to do this outside the 2.5 PR and test it again via:
But I did not find a blocker. So I am okay releasing this one and fix the rest afterwards.
Comment on lines
235
to
242
| httpGet: | ||
| path: /healthz | ||
| port: {{ .Values.controller.containerPort }} | ||
| port: metrics | ||
| initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} | ||
| periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} | ||
| timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} | ||
| successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} | ||
| failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} |
There was a problem hiding this comment.
argocd-application-controller livenessprobe is removed in 2.5. Maybe we should treat it as optional via values?
|
@mkilchhofer - See following Ad security contexts - already have local branch with this because it needs more work on all components. |
This was referenced Oct 25, 2022
This was
linked to
issues
Oct 25, 2022
6 tasks
|
Thank you for your work! The argocd-server serviceaccount still needs more permissions when apps are deployed to a different namespace (as per argoproj/argo-cd#9755 (comment)). |
|
I believe it should be ClusterRole as you are using different namespace. I will take a look what needs to be patched and add it as another fix. |
ilia-medvedev-codefresh
added a commit
to codefresh-io/argo-helm
that referenced
this pull request
Feb 2, 2023
* feat(argo-cd): Upgrade Argo CD to 2.5.0 (argoproj#1568) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * chore(github): Bump GitHub actions versions (argoproj#1575) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * fix(argo-cd): Chart NOTES nil references (argoproj#1582) Signed-off-by: Filipe Santos <filipe@not.sh> * docs(argo-cd): Improve documentation (argoproj#1584) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * fix(argo-workflows): serviceaccount rbac when sso is enabled (argoproj#1586) Signed-off-by: Nick Fisher <nxf5025@gmail.com> Signed-off-by: Nick Fisher <nxf5025@gmail.com> * Fix incorrect applicationSet property in README (argoproj#1590) Based on [here](https://github.com/argoproj/argo-helm/blob/55b8b34d20ebaf38fa05e1113daf30220d11e725/charts/argo-cd/templates/argocd-applicationset/deployment.yaml#L9), I think `replicas` should be `replicaCount` (though `replicas` would be more consistent). Signed-off-by: Ashlin Eldridge <ashlin.eldridge@gmail.com> Signed-off-by: Ashlin Eldridge <ashlin.eldridge@gmail.com> * fix(argo-cd): Remove AWS volume from server (argoproj#1591) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * chore(argo-cd): Cleanup Redis manifest (argoproj#1577) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * fix(argo-cd): Fix migration path for server configs (argoproj#1585) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * fix(argo-cd): Type conversion for ConfigMaps values (argoproj#1594) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * feat(argo-cd): Add probes for ApplicationSet controller (argoproj#1532) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * chore(argo-cd): Remove liveness probe from application controller (argoproj#1581) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * chore(github): Add dependabot.yml (argoproj#1595) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * feat(argo-cd): Set container security contexts (argoproj#1579) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * feat(argo-cd): Support custom TLS certificates for Dex (argoproj#1477) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * feat(argo-cd): Support manually managed TLS certificate for Server (argoproj#1534) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * fix(argo-cd): Don't install CRDs for disabled components (argoproj#1596) Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> * fix(argo-cd): update network policy port name (argoproj#1603) Signed-off-by: Eric Cimino <ecimino@vailsys.com> * chore(argo-workflows): Update ArgoWorkflows to v3.4.3 (argoproj#1610) Signed-off-by: yu-croco <yu.croco@gmail.com> * fix(argo-cd): Replace coalesce with merge for old config values (argoproj#1612) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * feat(argo-cd): Add revisionHistoryLimit (argoproj#1599) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Upgrade Argo Image to the latest (argoproj#1614) Signed-off-by: Dong Wang <wd@wdicc.com> Signed-off-by: Dong Wang <wd@wdicc.com> * chore(argo-cd): Update redis-ha (argoproj#1617) Signed-off-by: yu-croco <yu.croco@gmail.com> * fix(argo-cd): Add /tmp voulmeMount to extensions container (argoproj#1620) * Fixes argoproj#1619 - Add /tmp voulmeMount to extensions container Signed-off-by: Tim Van de Walle <tvandewalle@trek10.com> * Bump version, add change notes Signed-off-by: Tim Van de Walle <tvandewalle@trek10.com> Signed-off-by: Tim Van de Walle <tvandewalle@trek10.com> * fix(argo-cd): Add missing ClusterRole permissions to argo-cd-server to manage Application in all namespaces (argoproj#1621) Signed-off-by: Elad Dolev <dolevelad@gmail.com> * fix(argo-cd): Use Dex non-distroless image (argoproj#1626) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * chore(argo-cd): Upgrade Argo CD to 2.5.2 (argoproj#1628) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Allow to add custom artifact repository (argoproj#1453) Signed-off-by: Max Kochubey <20810306+maxkochubey@users.noreply.github.com> Signed-off-by: Max Kochubey <20810306+maxkochubey@users.noreply.github.com> * fix(argo-cd): Use raw json for cluster credentials for Vault compatibility (argoproj#1634) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> Signed-off-by: Petr Drastil <petr.drastil@gmail.com> Co-authored-by: Aikawa <yu.croco@gmail.com> * fix(argo-cd): Cluster credentials config should be a string (argoproj#1636) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * fix(argo-workflows): Added missing attribute for sso (argoproj#1641) Signed-off-by: yu-croco <yu.croco@gmail.com> * docs(argo-cd): Improve changelog information (argoproj#1652) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * chore(argo-cd): Consolidated GnuPG configuration (argoproj#1609) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * fix(argo-cd): Invalid argocd-gpg-keys-cm template (argoproj#1656) The template removed a little too much whitespace resulting in an invalid ConfigMap. Error: ``` Error: YAML parse error on argocd/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml: error converting YAML to JSON: yaml: line 10: mapping values are not allowed in this context ``` Signed-off-by: Allex <allexveldman+github@gmail.com> Signed-off-by: Allex <allexveldman+github@gmail.com> * feat(argo-workflows): Allow controller to whitelist secrets (argoproj#1646) * allow users to whitelist secrets Signed-off-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com> * remove unnecessary if-statement Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com> * use square bracket for array Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com> * fix typo and update readme Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com> Signed-off-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com> Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com> Co-authored-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com> * feat(argo-workflows): Add labels for ServiceAccounts (argoproj#1665) * Add labels for ServiceAccounts Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com> * fix workflow serviceaccount labels Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com> * fix docs Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com> Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com> * fix(argo-cd): deprecate server.extraArgs."--insecure" (argoproj#1669) Signed-off-by: GitHub <noreply@github.com> Signed-off-by: GitHub <noreply@github.com> * chore(argo-workflows): Support workflow retention (argoproj#1668) Signed-off-by: yu-croco <yu.croco@gmail.com> * feat(argo-cd): Upgrade argocd to v2.5.3 (argoproj#1671) Signed-off-by: smcavallo <smcavallo@hotmail.com> * fix helm install md (argoproj#1672) Signed-off-by: fsl <1171313930@qq.com> Signed-off-by: fsl <1171313930@qq.com> * feat(argo-cd): Add Repo Server strict TLS cert support (argoproj#1673) Signed-off-by: Karl Parry <karl.parry@imbursepayments.com> * chore(argo-workflows): Update Argo Workflows to v3.4.4 (argoproj#1674) Signed-off-by: yu-croco <yu.croco@gmail.com> * fix(argo-cd): Rename tls secret to include the -secret suffix (argoproj#1676) - "[Fixed]: TLS secret name so Dex correctly generates the checksum for argocd-dex-server-tls." - "[Fixed]: Standardise the naming convention of the TLS secret manifests." - "[Added]: Add checksum to Repo-Server for the argocd-repo-server-tls secret." Signed-off-by: Karl Parry <karl.parry@imbursepayments.com> * chore(argo-cd): Remove duplicate ApplicationSet features (argoproj#1598) Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * feat(argo-cd): Add ability to annotate Deployments and StatefulSets (argoproj#1608) * feat(argo-cd): Add ability to annotate Deployments and StatefulSets Signed-off-by: John Stewart <jstewart@rentpath.com> * fix: Controller and AppSet controller was mixed Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> Signed-off-by: John Stewart <jstewart@rentpath.com> Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> * chart update WIP * backport applicationset * backport applicationset * argocd 2.5.5 --------- Signed-off-by: Petr Drastil <petr.drastil@gmail.com> Signed-off-by: Filipe Santos <filipe@not.sh> Signed-off-by: Nick Fisher <nxf5025@gmail.com> Signed-off-by: Ashlin Eldridge <ashlin.eldridge@gmail.com> Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> Signed-off-by: Eric Cimino <ecimino@vailsys.com> Signed-off-by: yu-croco <yu.croco@gmail.com> Signed-off-by: Dong Wang <wd@wdicc.com> Signed-off-by: Tim Van de Walle <tvandewalle@trek10.com> Signed-off-by: Elad Dolev <dolevelad@gmail.com> Signed-off-by: Max Kochubey <20810306+maxkochubey@users.noreply.github.com> Signed-off-by: Allex <allexveldman+github@gmail.com> Signed-off-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com> Signed-off-by: emmayylu <44856279+emmayylu@users.noreply.github.com> Signed-off-by: Eugene Lugovtsov <lug.zhenia@gmail.com> Signed-off-by: GitHub <noreply@github.com> Signed-off-by: smcavallo <smcavallo@hotmail.com> Signed-off-by: fsl <1171313930@qq.com> Signed-off-by: Karl Parry <karl.parry@imbursepayments.com> Signed-off-by: John Stewart <jstewart@rentpath.com> Co-authored-by: Petr Drastil <petr.drastil@gmail.com> Co-authored-by: Filipe <filipe@not.sh> Co-authored-by: Nick Fisher <nxf5025@gmail.com> Co-authored-by: Ashlin Eldridge <ashlin.eldridge@gmail.com> Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> Co-authored-by: Eric Cimino <58572548+cimin0@users.noreply.github.com> Co-authored-by: Aikawa <yu.croco@gmail.com> Co-authored-by: Dong Wang <wd@wdicc.com> Co-authored-by: tvandewalle <1022306+tvandewalle@users.noreply.github.com> Co-authored-by: Elad Dolev <dolevelad@gmail.com> Co-authored-by: Max Kochubey <20810306+maxkochubey@users.noreply.github.com> Co-authored-by: Allex <a.veldman@chain-stock.com> Co-authored-by: emmayylu <44856279+emmayylu@users.noreply.github.com> Co-authored-by: emmayylu <84873428+yolu-kxs@users.noreply.github.com> Co-authored-by: Eugene Lugovtsov <34510252+EugeneLugovtsov@users.noreply.github.com> Co-authored-by: Zadkiel Aharonian <zadkiel.aharonian@gmail.com> Co-authored-by: smcavallo <smcavallo@users.noreply.github.com> Co-authored-by: fsl <1171313930@qq.com> Co-authored-by: Karl Parry <88431088+karlparry@users.noreply.github.com> Co-authored-by: John Stewart <32647598+jstewart612@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves:
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist:
Changes are automatically published when merged to
main. They are not published on branches.