From e943de247e4b24883cb82132a2196d674b17ec2c Mon Sep 17 00:00:00 2001 From: Max Nitze Date: Tue, 2 Jul 2024 22:53:09 +0200 Subject: [PATCH 1/7] [bitnami/argo-cd] Add option to install application controller as stateful set Signed-off-by: Max Nitze --- bitnami/argo-cd/Chart.yaml | 2 +- bitnami/argo-cd/README.md | 2 + bitnami/argo-cd/templates/_helpers.tpl | 10 + .../templates/application-controller/_pod.tpl | 250 ++++++++++++++++++ .../application-controller/deployment.yaml | 244 +---------------- .../service-headless.yaml | 24 ++ .../application-controller/statefulset.yaml | 39 +++ bitnami/argo-cd/values.yaml | 9 + 8 files changed, 338 insertions(+), 242 deletions(-) create mode 100644 bitnami/argo-cd/templates/application-controller/_pod.tpl create mode 100644 bitnami/argo-cd/templates/application-controller/service-headless.yaml create mode 100644 bitnami/argo-cd/templates/application-controller/statefulset.yaml diff --git a/bitnami/argo-cd/Chart.yaml b/bitnami/argo-cd/Chart.yaml index 1fc372a394c2de..3856f68b4a7b61 100644 --- a/bitnami/argo-cd/Chart.yaml +++ b/bitnami/argo-cd/Chart.yaml @@ -39,4 +39,4 @@ maintainers: name: argo-cd sources: - https://github.com/bitnami/charts/tree/main/bitnami/argo-cd -version: 6.5.8 +version: 6.6.0 diff --git a/bitnami/argo-cd/README.md b/bitnami/argo-cd/README.md index b6588285aa42c4..0be8fc71f65e7c 100644 --- a/bitnami/argo-cd/README.md +++ b/bitnami/argo-cd/README.md @@ -330,6 +330,7 @@ As an alternative, use one of the preset configurations for pod affinity, pod an | Name | Description | Value | | -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `controller.kind` | Kind to deploy ArgoCD application controller in. | `Deployment` | | `controller.replicaCount` | Number of Argo CD replicas to deploy | `1` | | `controller.startupProbe.enabled` | Enable startupProbe on Argo CD nodes | `false` | | `controller.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | @@ -448,6 +449,7 @@ As an alternative, use one of the preset configurations for pod affinity, pod an | `controller.priorityClassName` | Argo CD pods' priorityClassName | `""` | | `controller.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | | `controller.lifecycleHooks` | for the Argo CD container(s) to automate configuration before or after startup | `{}` | +| `controller.podManagementPolicy` | podManagementPolicy to manage scaling operation of pods (only in StatefulSet mode) | `""` | | `controller.extraEnvVars` | Array with extra environment variables to add to Argo CD nodes | `[]` | | `controller.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Argo CD nodes | `""` | | `controller.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Argo CD nodes | `""` | diff --git a/bitnami/argo-cd/templates/_helpers.tpl b/bitnami/argo-cd/templates/_helpers.tpl index d7db8ff9186c3b..2791d12c61c54f 100644 --- a/bitnami/argo-cd/templates/_helpers.tpl +++ b/bitnami/argo-cd/templates/_helpers.tpl @@ -256,6 +256,15 @@ Return the Redis® port {{- end -}} {{- end -}} +{{/* +Validate Application Controller config +*/}} +{{- define "argocd.validateValues.controller.config" -}} +{{- if and (gt .Values.controller.replicaCount 1) (not (eq .Values.controller.kind "StatefulSet")) }} +Argo CD: When running in HA mode, the application controller must be installed as a StatefulSet. +{{- end -}} +{{- end -}} + {{/* Validate Redis config */}} @@ -316,6 +325,7 @@ Compile all warnings into a single message. */}} {{- define "argocd.validateValues" -}} {{- $messages := list -}} +{{- $messages := append $messages (include "argocd.validateValues.controller.config" .) -}} {{- $messages := append $messages (include "argocd.validateValues.dex.config" .) -}} {{- $messages := append $messages (include "argocd.validateValues.clusterCredentials" .) -}} {{- $messages := append $messages (include "argocd.validateValues.externalRedis" .) -}} diff --git a/bitnami/argo-cd/templates/application-controller/_pod.tpl b/bitnami/argo-cd/templates/application-controller/_pod.tpl new file mode 100644 index 00000000000000..677069bd226bb6 --- /dev/null +++ b/bitnami/argo-cd/templates/application-controller/_pod.tpl @@ -0,0 +1,250 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* +Pod Spec +*/}} +{{- define "argocd.pod" -}} +serviceAccountName: {{ include "argocd.application-controller.serviceAccountName" . }} +{{- include "argocd.imagePullSecrets" . | nindent 6 }} +automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} +{{- if .Values.controller.hostAliases }} +hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.controller.hostAliases "context" $) | nindent 8 }} +{{- end }} +{{- if .Values.controller.affinity }} +affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.affinity "context" $) | nindent 8 }} +{{- else }} +affinity: +podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "controller" "customLabels" $podLabels "context" $) | nindent 10 }} +podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller" "customLabels" $podLabels "context" $) | nindent 10 }} +nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }} +{{- end }} +{{- if .Values.controller.nodeSelector }} +nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }} +{{- end }} +{{- if .Values.controller.tolerations }} +tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.tolerations "context" .) | nindent 8 }} +{{- end }} +{{- if .Values.controller.schedulerName }} +schedulerName: {{ .Values.controller.schedulerName }} +{{- end }} +{{- if .Values.controller.shareProcessNamespace }} +shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} +{{- end }} +{{- if .Values.controller.topologySpreadConstraints }} +topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.controller.topologySpreadConstraints "context" .) | nindent 8 }} +{{- end }} +{{- if .Values.controller.priorityClassName }} +priorityClassName: {{ .Values.controller.priorityClassName | quote }} +{{- end }} +{{- if .Values.controller.runtimeClassName }} +runtimeClassName: {{ .Values.controller.runtimeClassName }} +{{- end }} +{{- if .Values.controller.podSecurityContext.enabled }} +securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.podSecurityContext "context" $) | nindent 8 }} +{{- end }} +initContainers: +{{- if .Values.redisWait.enabled }} +- name: wait-for-redis + image: {{ include "argocd.redis.image" . }} + imagePullPolicy: {{ .Values.redis.image.pullPolicy | quote }} + {{- if .Values.redisWait.securityContext }} + # Deprecated: use redisWait.containerSecurityContext + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.redisWait.securityContext "context" $) | nindent 12 }} + {{- else if .Values.redisWait.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.redisWait.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + #!/bin/bash + + set -o errexit + set -o nounset + set -o pipefail + + . /opt/bitnami/scripts/libos.sh + . /opt/bitnami/scripts/liblog.sh + + check_redis_connection() { + local result="$(redis-cli -h {{ include "argocd.redisHost" . }} -p {{ include "argocd.redisPort" . }} {{ .Values.redisWait.extraArgs }} PING)" + if [[ "$result" != "PONG" ]]; then + false + fi + } + + info "Checking redis connection..." + if ! retry_while "check_redis_connection"; then + error "Could not connect to the Redis server" + return 1 + else + info "Connected to the Redis instance" + fi + {{- if include "argocd.redis.auth.enabled" . }} + env: + - name: REDISCLI_AUTH + valueFrom: + secretKeyRef: + name: {{ include "argocd.redis.secretName" . }} + key: {{ include "argocd.redis.secretPasswordKey" . }} + {{- end }} +{{- end }} +{{- if .Values.controller.initContainers }} +{{- include "common.tplvalues.render" (dict "value" .Values.controller.initContainers "context" $) | nindent 8 }} +{{- end }} +containers: +- name: controller + image: {{ include "argocd.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.controller.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.controller.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.controller.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.controller.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.controller.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.controller.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.controller.args "context" $) | nindent 12 }} + {{- else }} + args: + - argocd-application-controller + - --status-processors + - {{ .Values.controller.defaultArgs.statusProcessors | quote }} + - --operation-processors + - {{ .Values.controller.defaultArgs.operationProcessors | quote }} + - --app-resync + - {{ .Values.controller.defaultArgs.appResyncPeriod | quote }} + - --self-heal-timeout-seconds + - {{ .Values.controller.defaultArgs.selfHealTimeout | quote }} + - --repo-server + - {{ include "argocd.repo-server" . }}:{{ coalesce .Values.repoServer.service.port .Values.repoServer.service.ports.repoServer }} + - --logformat + - {{ .Values.controller.logFormat | quote }} + - --loglevel + - {{ .Values.controller.logLevel | quote }} + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + # TODO(miguelaeh): Test the chart using redis sentinel enabled: https://github.com/argoproj/argo-cd/blob/2a410187565e15633b6f2a8c8d8da22cf02b257d/util/cache/cache.go#L40 + - --redis + - {{ include "argocd.redisHost" . }}:{{ include "argocd.redisPort" . }} + {{- if .Values.controller.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + protocol: TCP + env: + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ include "argocd.application-controller" . }} + {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "argocd.redis.secretName" . }} + key: {{ include "argocd.redis.secretPasswordKey" . }} + {{- else if .Values.externalRedis.enabled }} + - name: REDIS_PASSWORD + {{- if not ( eq "" .Values.externalRedis.password ) }} + value: {{ .Values.externalRedis.password }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.externalRedis.existingSecret }} + key: {{ .Values.externalRedis.existingSecretPasswordKey }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.controller.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.controller.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{- toYaml .Values.controller.resources | nindent 12 }} + {{- else if ne .Values.controller.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.controller.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if .Values.controller.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.controller.startupProbe.enabled }} + startupProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.startupProbe.successThreshold }} + failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} + {{- end }} + {{- if .Values.controller.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.controller.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.controller.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.controller.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + # Mounting into a path that will be read by Argo CD. + # This secret will be autogenerated by Argo CD repo server unless it already exists. Users can create its own certificate to override it. + # Ref: https://argoproj.github.io/argo-cd/operator-manual/tls/#inbound-tls-certificates-used-by-argocd-repo-sever + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.controller.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} +{{- if .Values.controller.sidecars }} +{{- include "common.tplvalues.render" ( dict "value" .Values.controller.sidecars "context" $) | nindent 8 }} +{{- end }} +volumes: +- name: empty-dir + emptyDir: {} +- name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +{{- if .Values.controller.extraVolumes }} +{{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumes "context" $) | nindent 8 }} +{{- end }} +{{- end }} diff --git a/bitnami/argo-cd/templates/application-controller/deployment.yaml b/bitnami/argo-cd/templates/application-controller/deployment.yaml index 38ca83d43b8244..090bb4efee7281 100644 --- a/bitnami/argo-cd/templates/application-controller/deployment.yaml +++ b/bitnami/argo-cd/templates/application-controller/deployment.yaml @@ -3,6 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} +{{- if eq .Values.controller.kind "Deployment" }} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: @@ -29,244 +30,5 @@ spec: {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/component: controller - spec: - serviceAccountName: {{ include "argocd.application-controller.serviceAccountName" . }} - {{- include "argocd.imagePullSecrets" . | nindent 6 }} - automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} - {{- if .Values.controller.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.controller.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.controller.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "controller" "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller" "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.controller.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.controller.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.controller.schedulerName }} - schedulerName: {{ .Values.controller.schedulerName }} - {{- end }} - {{- if .Values.controller.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} - {{- end }} - {{- if .Values.controller.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.controller.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName | quote }} - {{- end }} - {{- if .Values.controller.runtimeClassName }} - runtimeClassName: {{ .Values.controller.runtimeClassName }} - {{- end }} - {{- if .Values.controller.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.redisWait.enabled }} - - name: wait-for-redis - image: {{ include "argocd.redis.image" . }} - imagePullPolicy: {{ .Values.redis.image.pullPolicy | quote }} - {{- if .Values.redisWait.securityContext }} - # Deprecated: use redisWait.containerSecurityContext - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.redisWait.securityContext "context" $) | nindent 12 }} - {{- else if .Values.redisWait.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.redisWait.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - command: - - /bin/bash - args: - - -ec - - | - #!/bin/bash - - set -o errexit - set -o nounset - set -o pipefail - - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/liblog.sh - - check_redis_connection() { - local result="$(redis-cli -h {{ include "argocd.redisHost" . }} -p {{ include "argocd.redisPort" . }} {{ .Values.redisWait.extraArgs }} PING)" - if [[ "$result" != "PONG" ]]; then - false - fi - } - - info "Checking redis connection..." - if ! retry_while "check_redis_connection"; then - error "Could not connect to the Redis server" - return 1 - else - info "Connected to the Redis instance" - fi - {{- if include "argocd.redis.auth.enabled" . }} - env: - - name: REDISCLI_AUTH - valueFrom: - secretKeyRef: - name: {{ include "argocd.redis.secretName" . }} - key: {{ include "argocd.redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.controller.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: controller - image: {{ include "argocd.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.controller.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.controller.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.controller.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.controller.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.controller.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.controller.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.controller.args "context" $) | nindent 12 }} - {{- else }} - args: - - argocd-application-controller - - --status-processors - - {{ .Values.controller.defaultArgs.statusProcessors | quote }} - - --operation-processors - - {{ .Values.controller.defaultArgs.operationProcessors | quote }} - - --app-resync - - {{ .Values.controller.defaultArgs.appResyncPeriod | quote }} - - --self-heal-timeout-seconds - - {{ .Values.controller.defaultArgs.selfHealTimeout | quote }} - - --repo-server - - {{ include "argocd.repo-server" . }}:{{ coalesce .Values.repoServer.service.port .Values.repoServer.service.ports.repoServer }} - - --logformat - - {{ .Values.controller.logFormat | quote }} - - --loglevel - - {{ .Values.controller.logLevel | quote }} - - --metrics-port={{ .Values.controller.containerPorts.metrics }} - # TODO(miguelaeh): Test the chart using redis sentinel enabled: https://github.com/argoproj/argo-cd/blob/2a410187565e15633b6f2a8c8d8da22cf02b257d/util/cache/cache.go#L40 - - --redis - - {{ include "argocd.redisHost" . }}:{{ include "argocd.redisPort" . }} - {{- if .Values.controller.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraArgs "context" $) | nindent 12 }} - {{- end }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.controller.containerPorts.metrics }} - protocol: TCP - env: - - name: ARGOCD_APPLICATION_CONTROLLER_NAME - value: {{ include "argocd.application-controller" . }} - {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "argocd.redis.secretName" . }} - key: {{ include "argocd.redis.secretPasswordKey" . }} - {{- else if .Values.externalRedis.enabled }} - - name: REDIS_PASSWORD - {{- if not ( eq "" .Values.externalRedis.password ) }} - value: {{ .Values.externalRedis.password }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.externalRedis.existingSecret }} - key: {{ .Values.externalRedis.existingSecretPasswordKey }} - {{- end }} - {{- end }} - {{- if .Values.controller.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.controller.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.controller.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.controller.resources }} - resources: {{- toYaml .Values.controller.resources | nindent 12 }} - {{- else if ne .Values.controller.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.controller.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if .Values.controller.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.controller.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz - port: metrics - initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.startupProbe.successThreshold }} - failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} - {{- end }} - {{- if .Values.controller.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.controller.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: metrics - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.controller.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.controller.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: metrics - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - # Mounting into a path that will be read by Argo CD. - # This secret will be autogenerated by Argo CD repo server unless it already exists. Users can create its own certificate to override it. - # Ref: https://argoproj.github.io/argo-cd/operator-manual/tls/#inbound-tls-certificates-used-by-argocd-repo-sever - - mountPath: /app/config/server/tls - name: argocd-repo-server-tls - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.controller.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.controller.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.controller.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - - name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls - {{- if .Values.controller.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumes "context" $) | nindent 8 }} - {{- end }} + spec: {{- include "argocd.pod" . | nindent 6 }} +{{- end -}} diff --git a/bitnami/argo-cd/templates/application-controller/service-headless.yaml b/bitnami/argo-cd/templates/application-controller/service-headless.yaml new file mode 100644 index 00000000000000..4b7227d1ee8d4c --- /dev/null +++ b/bitnami/argo-cd/templates/application-controller/service-headless.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if eq .Values.controller.kind "StatefulSet" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argocd.application-controller" . }}-headless + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller + {{- if or .Values.commonAnnotations .Values.controller.service.annotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + clusterIP: None + type: ClusterIP + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/bitnami/argo-cd/templates/application-controller/statefulset.yaml b/bitnami/argo-cd/templates/application-controller/statefulset.yaml new file mode 100644 index 00000000000000..e3b7b80d360e70 --- /dev/null +++ b/bitnami/argo-cd/templates/application-controller/statefulset.yaml @@ -0,0 +1,39 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if eq .Values.controller.kind "StatefulSet" }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "argocd.application-controller" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.controller.replicaCount }} + {{- if .Values.controller.podManagementPolicy }} + podManagementPolicy: {{ .Values.controller.podManagementPolicy }} + {{- end }} + {{- if .Values.controller.updateStrategy }} + updateStrategy: {{- toYaml .Values.controller.updateStrategy | nindent 4 }} + {{- end }} + serviceName: {{ include "argocd.application-controller" . }}-headless + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: controller + template: + metadata: + {{- if .Values.controller.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: controller + spec: {{- include "argocd.pod" . | nindent 6 }} + volumeClaimTemplates: [] +{{- end -}} diff --git a/bitnami/argo-cd/values.yaml b/bitnami/argo-cd/values.yaml index befd47de3b496f..7af6dea6932866 100644 --- a/bitnami/argo-cd/values.yaml +++ b/bitnami/argo-cd/values.yaml @@ -88,6 +88,11 @@ image: ## Argo CD Controller ## controller: + ## @param controller.kind Kind to deploy ArgoCD application controller in. + ## Use either StatefulSet or Deployment (default). StatefulSet is required when running in HA mode. + ## ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/ + ## + kind: Deployment ## @param controller.replicaCount Number of Argo CD replicas to deploy ## replicaCount: 1 @@ -593,6 +598,10 @@ controller: ## @param controller.lifecycleHooks for the Argo CD container(s) to automate configuration before or after startup ## lifecycleHooks: {} + ## @param controller.podManagementPolicy podManagementPolicy to manage scaling operation of pods (only in StatefulSet mode) + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: "" ## @param controller.extraEnvVars Array with extra environment variables to add to Argo CD nodes ## e.g: ## extraEnvVars: From 4868a6bf311dc4c59964775ca5c86b7f4805bb67 Mon Sep 17 00:00:00 2001 From: Max Nitze Date: Fri, 28 Jun 2024 14:54:49 +0200 Subject: [PATCH 2/7] [bitnami/argo-cd] Add replica env variables to app controller and server Signed-off-by: Max Nitze --- bitnami/argo-cd/templates/application-controller/_pod.tpl | 4 ++++ bitnami/argo-cd/templates/server/deployment.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/bitnami/argo-cd/templates/application-controller/_pod.tpl b/bitnami/argo-cd/templates/application-controller/_pod.tpl index 677069bd226bb6..e16ef16c628309 100644 --- a/bitnami/argo-cd/templates/application-controller/_pod.tpl +++ b/bitnami/argo-cd/templates/application-controller/_pod.tpl @@ -143,6 +143,10 @@ containers: env: - name: ARGOCD_APPLICATION_CONTROLLER_NAME value: {{ include "argocd.application-controller" . }} + {{- if gt .Values.server.replicaCount 1 }} + - name: ARGOCD_CONTROLLER_REPLICAS + value: {{ .Values.controller.replicaCount | quote }} + {{- end }} {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }} - name: REDIS_PASSWORD valueFrom: diff --git a/bitnami/argo-cd/templates/server/deployment.yaml b/bitnami/argo-cd/templates/server/deployment.yaml index fef12983836a7e..5f3c4f87734add 100644 --- a/bitnami/argo-cd/templates/server/deployment.yaml +++ b/bitnami/argo-cd/templates/server/deployment.yaml @@ -169,6 +169,10 @@ spec: containerPort: {{ .Values.server.containerPorts.metrics }} protocol: TCP env: + {{- if gt .Values.server.replicaCount 1 }} + - name: ARGOCD_API_SERVER_REPLICAS + value: {{ .Values.server.replicaCount | quote }} + {{- end }} {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }} - name: REDIS_PASSWORD valueFrom: From 7d967b070b17410fc9e43eca17af4f599d151843 Mon Sep 17 00:00:00 2001 From: Max Nitze Date: Wed, 3 Jul 2024 10:54:03 +0200 Subject: [PATCH 3/7] [bitnami/argo-cd] Add support for dynamic cluster distribution https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/ Signed-off-by: Max Nitze --- bitnami/argo-cd/README.md | 2 ++ bitnami/argo-cd/templates/_helpers.tpl | 6 +++++- .../argo-cd/templates/application-controller/_pod.tpl | 8 ++++++++ bitnami/argo-cd/values.yaml | 10 ++++++++++ 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/bitnami/argo-cd/README.md b/bitnami/argo-cd/README.md index 0be8fc71f65e7c..6b7c4059a2c40f 100644 --- a/bitnami/argo-cd/README.md +++ b/bitnami/argo-cd/README.md @@ -430,6 +430,8 @@ As an alternative, use one of the preset configurations for pod affinity, pod an | `controller.defaultArgs.selfHealTimeout` | Default self heal timeout for Argo CD controller | `5` | | `controller.args` | Override default container args (useful when using custom images). Overrides the defaultArgs. | `[]` | | `controller.extraArgs` | Add extra arguments to the default arguments for the Argo CD controller | `[]` | +| `controller.dynamicClusterDistribution.enabled` | Whether dynamic cluster distribution is enabled. | `false` | +| `controller.dynamicClusterDistribution.heartbeatDuration` | Time to update the cluster sharding (defaults to 10 seconds). | `""` | | `controller.automountServiceAccountToken` | Mount Service Account token in pod | `true` | | `controller.hostAliases` | Argo CD pods host aliases | `[]` | | `controller.podLabels` | Extra labels for Argo CD pods | `{}` | diff --git a/bitnami/argo-cd/templates/_helpers.tpl b/bitnami/argo-cd/templates/_helpers.tpl index 2791d12c61c54f..c0813bf517baf3 100644 --- a/bitnami/argo-cd/templates/_helpers.tpl +++ b/bitnami/argo-cd/templates/_helpers.tpl @@ -260,8 +260,12 @@ Return the Redis® port Validate Application Controller config */}} {{- define "argocd.validateValues.controller.config" -}} -{{- if and (gt .Values.controller.replicaCount 1) (not (eq .Values.controller.kind "StatefulSet")) }} +{{- if gt .Values.controller.replicaCount 1 }} + {{- if and .Values.controller.dynamicClusterDistribution.enabled (not (eq .Values.controller.kind "Deployment")) }} +Argo CD: When running in HA mode with dynamic cluster distribution enabled, the application controller must be installed as a Deployment. + {{- else if and (not .Values.controller.dynamicClusterDistribution.enabled) (not (eq .Values.controller.kind "StatefulSet")) }} Argo CD: When running in HA mode, the application controller must be installed as a StatefulSet. + {{- end -}} {{- end -}} {{- end -}} diff --git a/bitnami/argo-cd/templates/application-controller/_pod.tpl b/bitnami/argo-cd/templates/application-controller/_pod.tpl index e16ef16c628309..b716dd65a4d24e 100644 --- a/bitnami/argo-cd/templates/application-controller/_pod.tpl +++ b/bitnami/argo-cd/templates/application-controller/_pod.tpl @@ -147,6 +147,14 @@ containers: - name: ARGOCD_CONTROLLER_REPLICAS value: {{ .Values.controller.replicaCount | quote }} {{- end }} + {{- if .Values.controller.dynamicClusterDistribution.enabled }} + - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION + value: "true" + {{- if .Values.controller.dynamicClusterDistribution.heartbeatDuration }} + - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME + value: {{ .Values.controller.dynamicClusterDistribution.heartbeatDuration | quote }} + {{- end }} + {{- end }} {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }} - name: REDIS_PASSWORD valueFrom: diff --git a/bitnami/argo-cd/values.yaml b/bitnami/argo-cd/values.yaml index 7af6dea6932866..debfed9426b16b 100644 --- a/bitnami/argo-cd/values.yaml +++ b/bitnami/argo-cd/values.yaml @@ -510,6 +510,16 @@ controller: ## @param controller.extraArgs Add extra arguments to the default arguments for the Argo CD controller ## extraArgs: [] + ## ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/ + ## + dynamicClusterDistribution: + ## @param controller.dynamicClusterDistribution.enabled Whether dynamic cluster distribution is enabled. + ## + enabled: false + ## @param controller.dynamicClusterDistribution.heartbeatDuration Time to update the cluster sharding (defaults to 10 seconds). + ## ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution + ## + heartbeatDuration: "" ## @param controller.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: true From 2d494263947da6931632673aab3cd1014d293600 Mon Sep 17 00:00:00 2001 From: Bitnami Containers Date: Tue, 9 Jul 2024 09:57:19 +0000 Subject: [PATCH 4/7] Update CHANGELOG.md Signed-off-by: Bitnami Containers --- bitnami/argo-cd/CHANGELOG.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/bitnami/argo-cd/CHANGELOG.md b/bitnami/argo-cd/CHANGELOG.md index 26b94eacff46cd..8f63ffa9f53294 100644 --- a/bitnami/argo-cd/CHANGELOG.md +++ b/bitnami/argo-cd/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog -## 6.5.8 (2024-07-08) +## 6.6.0 (2024-07-09) -* [bitnami/argo-cd] fix: Use the right port name for livenessProbe. ([#27253](https://github.com/bitnami/charts/pull/27253)) +* [bitnami/argo-cd] Make it possible to run ArgoCD in HA mode ([#27585](https://github.com/bitnami/charts/pull/27585)) + +## 6.5.8 (2024-07-08) + +* [bitnami/argo-cd] fix: Use the right port name for livenessProbe. (#27253) ([516d67a](https://github.com/bitnami/charts/commit/516d67a0e6c7f6a24fab5d6c000c0c0de27bdd58)), closes [#27253](https://github.com/bitnami/charts/issues/27253) ## 6.5.7 (2024-07-05) From dadcbad837ea2ebf03c0142378438ae6d20bddd9 Mon Sep 17 00:00:00 2001 From: Max Nitze Date: Thu, 11 Jul 2024 12:48:50 +0200 Subject: [PATCH 5/7] [bitnami/argo-cd] Fix indentation of pod template and add missing podLabels variable Signed-off-by: Max Nitze --- bitnami/argo-cd/templates/_helpers.tpl | 2 +- .../templates/application-controller/_pod.tpl | 413 +++++++++--------- .../argo-cd/templates/server/deployment.yaml | 2 +- 3 files changed, 209 insertions(+), 208 deletions(-) diff --git a/bitnami/argo-cd/templates/_helpers.tpl b/bitnami/argo-cd/templates/_helpers.tpl index c0813bf517baf3..0cd2f3f5194edf 100644 --- a/bitnami/argo-cd/templates/_helpers.tpl +++ b/bitnami/argo-cd/templates/_helpers.tpl @@ -260,7 +260,7 @@ Return the Redis® port Validate Application Controller config */}} {{- define "argocd.validateValues.controller.config" -}} -{{- if gt .Values.controller.replicaCount 1 }} +{{- if gt (int .Values.controller.replicaCount) 1 }} {{- if and .Values.controller.dynamicClusterDistribution.enabled (not (eq .Values.controller.kind "Deployment")) }} Argo CD: When running in HA mode with dynamic cluster distribution enabled, the application controller must be installed as a Deployment. {{- else if and (not .Values.controller.dynamicClusterDistribution.enabled) (not (eq .Values.controller.kind "StatefulSet")) }} diff --git a/bitnami/argo-cd/templates/application-controller/_pod.tpl b/bitnami/argo-cd/templates/application-controller/_pod.tpl index b716dd65a4d24e..bf45a9521401cb 100644 --- a/bitnami/argo-cd/templates/application-controller/_pod.tpl +++ b/bitnami/argo-cd/templates/application-controller/_pod.tpl @@ -11,21 +11,22 @@ serviceAccountName: {{ include "argocd.application-controller.serviceAccountName {{- include "argocd.imagePullSecrets" . | nindent 6 }} automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} {{- if .Values.controller.hostAliases }} -hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.controller.hostAliases "context" $) | nindent 8 }} +hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.controller.hostAliases "context" $) | nindent 2 }} {{- end }} {{- if .Values.controller.affinity }} -affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.affinity "context" $) | nindent 8 }} +affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.affinity "context" $) | nindent 2 }} {{- else }} affinity: -podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "controller" "customLabels" $podLabels "context" $) | nindent 10 }} -podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller" "customLabels" $podLabels "context" $) | nindent 10 }} -nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controller.podLabels .Values.commonLabels ) "context" . ) }} + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "controller" "customLabels" $podLabels "context" $) | nindent 4 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller" "customLabels" $podLabels "context" $) | nindent 4 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 4 }} {{- end }} {{- if .Values.controller.nodeSelector }} -nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }} +nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.nodeSelector "context" $) | nindent 2 }} {{- end }} {{- if .Values.controller.tolerations }} -tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.tolerations "context" .) | nindent 8 }} +tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.tolerations "context" .) | nindent 2 }} {{- end }} {{- if .Values.controller.schedulerName }} schedulerName: {{ .Values.controller.schedulerName }} @@ -34,7 +35,7 @@ schedulerName: {{ .Values.controller.schedulerName }} shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} {{- end }} {{- if .Values.controller.topologySpreadConstraints }} -topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.controller.topologySpreadConstraints "context" .) | nindent 8 }} +topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.controller.topologySpreadConstraints "context" .) | nindent 2 }} {{- end }} {{- if .Values.controller.priorityClassName }} priorityClassName: {{ .Values.controller.priorityClassName | quote }} @@ -43,220 +44,220 @@ priorityClassName: {{ .Values.controller.priorityClassName | quote }} runtimeClassName: {{ .Values.controller.runtimeClassName }} {{- end }} {{- if .Values.controller.podSecurityContext.enabled }} -securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.podSecurityContext "context" $) | nindent 8 }} +securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.podSecurityContext "context" $) | nindent 2 }} {{- end }} initContainers: -{{- if .Values.redisWait.enabled }} -- name: wait-for-redis - image: {{ include "argocd.redis.image" . }} - imagePullPolicy: {{ .Values.redis.image.pullPolicy | quote }} - {{- if .Values.redisWait.securityContext }} - # Deprecated: use redisWait.containerSecurityContext - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.redisWait.securityContext "context" $) | nindent 12 }} - {{- else if .Values.redisWait.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.redisWait.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - command: - - /bin/bash - args: - - -ec - - | - #!/bin/bash + {{- if .Values.redisWait.enabled }} + - name: wait-for-redis + image: {{ include "argocd.redis.image" . }} + imagePullPolicy: {{ .Values.redis.image.pullPolicy | quote }} + {{- if .Values.redisWait.securityContext }} + # Deprecated: use redisWait.containerSecurityContext + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.redisWait.securityContext "context" $) | nindent 6 }} + {{- else if .Values.redisWait.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.redisWait.containerSecurityContext "context" $) | nindent 6 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + #!/bin/bash - set -o errexit - set -o nounset - set -o pipefail + set -o errexit + set -o nounset + set -o pipefail - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/liblog.sh + . /opt/bitnami/scripts/libos.sh + . /opt/bitnami/scripts/liblog.sh - check_redis_connection() { - local result="$(redis-cli -h {{ include "argocd.redisHost" . }} -p {{ include "argocd.redisPort" . }} {{ .Values.redisWait.extraArgs }} PING)" - if [[ "$result" != "PONG" ]]; then - false - fi - } + check_redis_connection() { + local result="$(redis-cli -h {{ include "argocd.redisHost" . }} -p {{ include "argocd.redisPort" . }} {{ .Values.redisWait.extraArgs }} PING)" + if [[ "$result" != "PONG" ]]; then + false + fi + } - info "Checking redis connection..." - if ! retry_while "check_redis_connection"; then - error "Could not connect to the Redis server" - return 1 - else - info "Connected to the Redis instance" - fi - {{- if include "argocd.redis.auth.enabled" . }} - env: - - name: REDISCLI_AUTH - valueFrom: - secretKeyRef: - name: {{ include "argocd.redis.secretName" . }} - key: {{ include "argocd.redis.secretPasswordKey" . }} - {{- end }} -{{- end }} -{{- if .Values.controller.initContainers }} -{{- include "common.tplvalues.render" (dict "value" .Values.controller.initContainers "context" $) | nindent 8 }} -{{- end }} -containers: -- name: controller - image: {{ include "argocd.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.controller.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.controller.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.controller.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.controller.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.controller.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.controller.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.controller.args "context" $) | nindent 12 }} - {{- else }} - args: - - argocd-application-controller - - --status-processors - - {{ .Values.controller.defaultArgs.statusProcessors | quote }} - - --operation-processors - - {{ .Values.controller.defaultArgs.operationProcessors | quote }} - - --app-resync - - {{ .Values.controller.defaultArgs.appResyncPeriod | quote }} - - --self-heal-timeout-seconds - - {{ .Values.controller.defaultArgs.selfHealTimeout | quote }} - - --repo-server - - {{ include "argocd.repo-server" . }}:{{ coalesce .Values.repoServer.service.port .Values.repoServer.service.ports.repoServer }} - - --logformat - - {{ .Values.controller.logFormat | quote }} - - --loglevel - - {{ .Values.controller.logLevel | quote }} - - --metrics-port={{ .Values.controller.containerPorts.metrics }} - # TODO(miguelaeh): Test the chart using redis sentinel enabled: https://github.com/argoproj/argo-cd/blob/2a410187565e15633b6f2a8c8d8da22cf02b257d/util/cache/cache.go#L40 - - --redis - - {{ include "argocd.redisHost" . }}:{{ include "argocd.redisPort" . }} - {{- if .Values.controller.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraArgs "context" $) | nindent 12 }} + info "Checking redis connection..." + if ! retry_while "check_redis_connection"; then + error "Could not connect to the Redis server" + return 1 + else + info "Connected to the Redis instance" + fi + {{- if include "argocd.redis.auth.enabled" . }} + env: + - name: REDISCLI_AUTH + valueFrom: + secretKeyRef: + name: {{ include "argocd.redis.secretName" . }} + key: {{ include "argocd.redis.secretPasswordKey" . }} + {{- end }} {{- end }} + {{- if .Values.controller.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.initContainers "context" $) | nindent 2 }} {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.controller.containerPorts.metrics }} - protocol: TCP - env: - - name: ARGOCD_APPLICATION_CONTROLLER_NAME - value: {{ include "argocd.application-controller" . }} - {{- if gt .Values.server.replicaCount 1 }} - - name: ARGOCD_CONTROLLER_REPLICAS - value: {{ .Values.controller.replicaCount | quote }} +containers: + - name: controller + image: {{ include "argocd.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.controller.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.controller.lifecycleHooks "context" $) | nindent 6 }} {{- end }} - {{- if .Values.controller.dynamicClusterDistribution.enabled }} - - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION - value: "true" - {{- if .Values.controller.dynamicClusterDistribution.heartbeatDuration }} - - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME - value: {{ .Values.controller.dynamicClusterDistribution.heartbeatDuration | quote }} + {{- if .Values.controller.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.controller.containerSecurityContext "context" $) | nindent 6 }} {{- end }} + {{- if .Values.controller.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.controller.command "context" $) | nindent 6 }} {{- end }} - {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "argocd.redis.secretName" . }} - key: {{ include "argocd.redis.secretPasswordKey" . }} - {{- else if .Values.externalRedis.enabled }} - - name: REDIS_PASSWORD - {{- if not ( eq "" .Values.externalRedis.password ) }} - value: {{ .Values.externalRedis.password }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.externalRedis.existingSecret }} - key: {{ .Values.externalRedis.existingSecretPasswordKey }} + {{- if .Values.controller.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.controller.args "context" $) | nindent 6 }} + {{- else }} + args: + - argocd-application-controller + - --status-processors + - {{ .Values.controller.defaultArgs.statusProcessors | quote }} + - --operation-processors + - {{ .Values.controller.defaultArgs.operationProcessors | quote }} + - --app-resync + - {{ .Values.controller.defaultArgs.appResyncPeriod | quote }} + - --self-heal-timeout-seconds + - {{ .Values.controller.defaultArgs.selfHealTimeout | quote }} + - --repo-server + - {{ include "argocd.repo-server" . }}:{{ coalesce .Values.repoServer.service.port .Values.repoServer.service.ports.repoServer }} + - --logformat + - {{ .Values.controller.logFormat | quote }} + - --loglevel + - {{ .Values.controller.logLevel | quote }} + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + # TODO(miguelaeh): Test the chart using redis sentinel enabled: https://github.com/argoproj/argo-cd/blob/2a410187565e15633b6f2a8c8d8da22cf02b257d/util/cache/cache.go#L40 + - --redis + - {{ include "argocd.redisHost" . }}:{{ include "argocd.redisPort" . }} + {{- if .Values.controller.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraArgs "context" $) | nindent 6 }} {{- end }} {{- end }} - {{- if .Values.controller.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVars "context" $) | nindent 12 }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + protocol: TCP + env: + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ include "argocd.application-controller" . }} + {{- if gt (int .Values.server.replicaCount) 1 }} + - name: ARGOCD_CONTROLLER_REPLICAS + value: {{ .Values.controller.replicaCount | quote }} + {{- end }} + {{- if .Values.controller.dynamicClusterDistribution.enabled }} + - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION + value: "true" + {{- if .Values.controller.dynamicClusterDistribution.heartbeatDuration }} + - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME + value: {{ .Values.controller.dynamicClusterDistribution.heartbeatDuration | quote }} + {{- end }} + {{- end }} + {{- if and .Values.redis.enabled (include "argocd.redis.auth.enabled" .) }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "argocd.redis.secretName" . }} + key: {{ include "argocd.redis.secretPasswordKey" . }} + {{- else if .Values.externalRedis.enabled }} + - name: REDIS_PASSWORD + {{- if not ( eq "" .Values.externalRedis.password ) }} + value: {{ .Values.externalRedis.password }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.externalRedis.existingSecret }} + key: {{ .Values.externalRedis.existingSecretPasswordKey }} + {{- end }} + {{- end }} + {{- if .Values.controller.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVars "context" $) | nindent 6 }} + {{- end }} + envFrom: + {{- if .Values.controller.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.controller.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.controller.resources }} + resources: {{- toYaml .Values.controller.resources | nindent 6 }} + {{- else if ne .Values.controller.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.controller.resourcesPreset) | nindent 6 }} {{- end }} - envFrom: - {{- if .Values.controller.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsCM "context" $) }} + {{- if .Values.controller.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customStartupProbe "context" $) | nindent 6 }} + {{- else if .Values.controller.startupProbe.enabled }} + startupProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.startupProbe.successThreshold }} + failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} {{- end }} - {{- if .Values.controller.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVarsSecret "context" $) }} + {{- if .Values.controller.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customLivenessProbe "context" $) | nindent 6 }} + {{- else if .Values.controller.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} {{- end }} - {{- if .Values.controller.resources }} - resources: {{- toYaml .Values.controller.resources | nindent 12 }} - {{- else if ne .Values.controller.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.controller.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if .Values.controller.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.controller.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz - port: metrics - initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.startupProbe.successThreshold }} - failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} - {{- end }} - {{- if .Values.controller.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.controller.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: metrics - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + {{- if .Values.controller.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customReadinessProbe "context" $) | nindent 6 }} + {{- else if .Values.controller.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + # Mounting into a path that will be read by Argo CD. + # This secret will be autogenerated by Argo CD repo server unless it already exists. Users can create its own certificate to override it. + # Ref: https://argoproj.github.io/argo-cd/operator-manual/tls/#inbound-tls-certificates-used-by-argocd-repo-sever + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if .Values.controller.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumeMounts "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.controller.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.controller.sidecars "context" $) | nindent 2 }} {{- end }} - {{- if .Values.controller.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.controller.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: metrics - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} +volumes: + - name: empty-dir + emptyDir: {} + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + {{- if .Values.controller.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumes "context" $) | nindent 2 }} {{- end }} - volumeMounts: - # Mounting into a path that will be read by Argo CD. - # This secret will be autogenerated by Argo CD repo server unless it already exists. Users can create its own certificate to override it. - # Ref: https://argoproj.github.io/argo-cd/operator-manual/tls/#inbound-tls-certificates-used-by-argocd-repo-sever - - mountPath: /app/config/server/tls - name: argocd-repo-server-tls - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.controller.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} -{{- if .Values.controller.sidecars }} -{{- include "common.tplvalues.render" ( dict "value" .Values.controller.sidecars "context" $) | nindent 8 }} -{{- end }} -volumes: -- name: empty-dir - emptyDir: {} -- name: argocd-repo-server-tls - secret: - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt - optional: true - secretName: argocd-repo-server-tls -{{- if .Values.controller.extraVolumes }} -{{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumes "context" $) | nindent 8 }} -{{- end }} -{{- end }} diff --git a/bitnami/argo-cd/templates/server/deployment.yaml b/bitnami/argo-cd/templates/server/deployment.yaml index 5f3c4f87734add..f77d5487f67643 100644 --- a/bitnami/argo-cd/templates/server/deployment.yaml +++ b/bitnami/argo-cd/templates/server/deployment.yaml @@ -169,7 +169,7 @@ spec: containerPort: {{ .Values.server.containerPorts.metrics }} protocol: TCP env: - {{- if gt .Values.server.replicaCount 1 }} + {{- if gt (int .Values.server.replicaCount) 1 }} - name: ARGOCD_API_SERVER_REPLICAS value: {{ .Values.server.replicaCount | quote }} {{- end }} From 291c71d50f688b0d7537b2eeebd9b83834c2a56a Mon Sep 17 00:00:00 2001 From: Bitnami Containers Date: Thu, 11 Jul 2024 10:53:03 +0000 Subject: [PATCH 6/7] Update CHANGELOG.md Signed-off-by: Bitnami Containers --- bitnami/argo-cd/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bitnami/argo-cd/CHANGELOG.md b/bitnami/argo-cd/CHANGELOG.md index 8f63ffa9f53294..4db3942f8b6bbc 100644 --- a/bitnami/argo-cd/CHANGELOG.md +++ b/bitnami/argo-cd/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## 6.6.0 (2024-07-09) +## 6.6.0 (2024-07-11) * [bitnami/argo-cd] Make it possible to run ArgoCD in HA mode ([#27585](https://github.com/bitnami/charts/pull/27585)) From ffe501fba2bf297a6bebe7edeb07343f826d68d2 Mon Sep 17 00:00:00 2001 From: Max Nitze Date: Thu, 11 Jul 2024 15:51:31 +0200 Subject: [PATCH 7/7] [bitnami/argo-cd] Fail the rendering of the chart when there are validation messages Signed-off-by: Max Nitze --- bitnami/argo-cd/templates/_helpers.tpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bitnami/argo-cd/templates/_helpers.tpl b/bitnami/argo-cd/templates/_helpers.tpl index 0cd2f3f5194edf..e49287dd4ff8df 100644 --- a/bitnami/argo-cd/templates/_helpers.tpl +++ b/bitnami/argo-cd/templates/_helpers.tpl @@ -336,4 +336,8 @@ Compile all warnings into a single message. {{- $messages := append $messages (include "argocd.validateValues.redis" .) -}} {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} {{- end -}}