Merge branch 'main' into feature/depracate

* main:
  docs(argo-cd): Update docs with the correct default for application.instanceLabelKey (argoproj#2447)
  chore(argo-cd): Change redis repository to public.ecr.aws (argoproj#2446)
  chore(argo-cd): Provide Casbin matcher explicitly (argoproj#2445)
  fix(argo-cd): Fix fail to render `.Values.configs.secret.azureDevops` (argoproj#2443)

charts/argo-cd/README.md

@@ -524,7 +524,7 @@ NAME: my-release
 |-----|------|---------|-------------|
 | configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
 | configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
-| configs.cm."application.instanceLabelKey" | string | Defaults to app.kubernetes.io/instance | The name of tracking label used by Argo CD for resource pruning |
+| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning |
 | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
 | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement |
 | configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache |
@@ -559,6 +559,7 @@ NAME: my-release
 | configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. |
 | configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. |
 | configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... |
+| configs.rbac."policy.matchMode" | string | `"glob"` | Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. |
 | configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap |
 | configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. |
 | configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. |
@@ -1116,7 +1117,7 @@ The main options are listed here:
 | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
 | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
 | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
-| redis-ha.image.repository | string | `"redis"` | Redis repository |
+| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
 | redis-ha.image.tag | string | `"7.0.13-alpine"` | Redis tag |
 | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
 | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |

charts/argo-cd/templates/argocd-configs/argocd-secret.yaml

@@ -16,7 +16,7 @@ metadata:
     {{- end }}
   {{- end }}
 type: Opaque
-{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }}
+{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }}
 # Setting a blank data again will wipe admin password/key/cert
 data:
   {{- with .Values.configs.secret.githubSecret }}
@@ -34,9 +34,9 @@ data:
   {{- with .Values.configs.secret.gogsSecret }}
   webhook.gogs.secret: {{ . | b64enc }}
   {{- end }}
-  {{- with .Values.configs.secret.azureDevops }}
-  webhook.azuredevops.username: {{ .username }}
-  webhook.azuredevops.password: {{ .password | b64enc }}
+  {{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }}
+  webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }}
+  webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }}
   {{- end }}
   {{- if .Values.configs.secret.argocdServerAdminPassword }}
   admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }}

charts/argo-cd/values.yaml

@@ -159,7 +159,6 @@ configs:
     url: ""
 
     # -- The name of tracking label used by Argo CD for resource pruning
-    # @default -- Defaults to app.kubernetes.io/instance
     application.instanceLabelKey: argocd.argoproj.io/instance
 
     # -- Enable logs RBAC enforcement
@@ -301,6 +300,9 @@ configs:
     # The scope value can be a string, or a list of strings.
     scopes: "[groups]"
 
+    # -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
+    policy.matchMode: "glob"
+
   # GnuPG public keys for commit verification
   ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
   gpg:
@@ -1367,7 +1369,7 @@ redis-ha:
   ## Redis image
   image:
     # -- Redis repository
-    repository: redis
+    repository: public.ecr.aws/docker/library/redis
     # -- Redis tag
     tag: 7.0.13-alpine
   ## Prometheus redis-exporter sidecar