From ff3d0f62cb14893b7a9b2bc8f56e6130ba176724 Mon Sep 17 00:00:00 2001 From: Max Nitze Date: Tue, 20 Aug 2024 16:03:32 +0200 Subject: [PATCH] [bitnami/argo-cd] Use bitnami/os-shell image to download additional binaries in config management plugins Signed-off-by: Max Nitze --- bitnami/argo-cd/README.md | 265 +++++++++--------- .../templates/repo-server/deployment.yaml | 10 +- bitnami/argo-cd/values.yaml | 38 ++- 3 files changed, 172 insertions(+), 141 deletions(-) diff --git a/bitnami/argo-cd/README.md b/bitnami/argo-cd/README.md index 0a199b8cfa92d5..1429952333d138 100644 --- a/bitnami/argo-cd/README.md +++ b/bitnami/argo-cd/README.md @@ -953,136 +953,141 @@ As an alternative, use one of the preset configurations for pod affinity, pod an ### Argo CD repo server Parameters -| Name | Description | Value | -| -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `repoServer.replicaCount` | Number of Argo CD repo server replicas to deploy | `1` | -| `repoServer.startupProbe.enabled` | Enable startupProbe on Argo CD repo server nodes | `false` | -| `repoServer.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `repoServer.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `repoServer.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `repoServer.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | -| `repoServer.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `repoServer.livenessProbe.enabled` | Enable livenessProbe on Argo CD repo server nodes | `true` | -| `repoServer.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `repoServer.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `repoServer.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `repoServer.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `repoServer.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `repoServer.readinessProbe.enabled` | Enable readinessProbe on Argo CD repo server nodes | `true` | -| `repoServer.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `repoServer.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `repoServer.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `repoServer.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `repoServer.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `repoServer.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `repoServer.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `repoServer.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `repoServer.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if repoServer.resources is set (repoServer.resources is recommended for production). | `nano` | -| `repoServer.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `repoServer.podSecurityContext.enabled` | Enabled Argo CD repo server pods' Security Context | `true` | -| `repoServer.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `repoServer.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `repoServer.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `repoServer.podSecurityContext.fsGroup` | Set Argo CD repo server pod's Security Context fsGroup | `1001` | -| `repoServer.containerSecurityContext.enabled` | Enabled Argo CD repo server containers' Security Context | `true` | -| `repoServer.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `repoServer.containerSecurityContext.runAsUser` | Set Argo CD repo server containers' Security Context runAsUser | `1001` | -| `repoServer.containerSecurityContext.runAsGroup` | Set Argo CD repo server containers' Security Context runAsGroup | `1001` | -| `repoServer.containerSecurityContext.allowPrivilegeEscalation` | Set Argo CD repo server containers' Security Context allowPrivilegeEscalation | `false` | -| `repoServer.containerSecurityContext.capabilities.drop` | Set Argo CD containers' repo server Security Context capabilities to be dropped | `["ALL"]` | -| `repoServer.containerSecurityContext.readOnlyRootFilesystem` | Set Argo CD containers' repo server Security Context readOnlyRootFilesystem | `true` | -| `repoServer.containerSecurityContext.runAsNonRoot` | Set Argo CD repo server containers' Security Context runAsNonRoot | `true` | -| `repoServer.containerSecurityContext.privileged` | Set repoServer container's Security Context privileged | `false` | -| `repoServer.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `repoServer.service.type` | Repo server service type | `ClusterIP` | -| `repoServer.service.ports.repoServer` | Repo server service port | `8081` | -| `repoServer.service.nodePorts.repoServer` | Node port for the repo server service | `""` | -| `repoServer.service.clusterIP` | Repo server service Cluster IP | `""` | -| `repoServer.service.loadBalancerIP` | Repo server service Load Balancer IP | `""` | -| `repoServer.service.loadBalancerSourceRanges` | Repo server service Load Balancer sources | `[]` | -| `repoServer.service.externalTrafficPolicy` | Repo server service external traffic policy | `Cluster` | -| `repoServer.service.annotations` | Additional custom annotations for Repo server service | `{}` | -| `repoServer.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `repoServer.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `repoServer.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `repoServer.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `repoServer.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `repoServer.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `repoServer.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `repoServer.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `repoServer.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | `[]` | -| `repoServer.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `repoServer.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `repoServer.logFormat` | Format for the Argo CD repo server logs. Options: [text, json] | `text` | -| `repoServer.logLevel` | Log level for the Argo CD repo server | `info` | -| `repoServer.containerPorts.repoServer` | Container port for Argo CD repo server | `8081` | -| `repoServer.containerPorts.metrics` | Metrics port for Argo CD repo server | `8084` | -| `repoServer.metrics.enabled` | Enable metrics for the Argo CD repo server | `false` | -| `repoServer.metrics.service.type` | Argo CD repo server service type | `ClusterIP` | -| `repoServer.metrics.service.ports.metrics` | Argo CD repo server metrics service port | `8084` | -| `repoServer.metrics.service.nodePorts.metrics` | Node port for the repo server metrics service | `""` | -| `repoServer.metrics.service.clusterIP` | Argo CD repo server metrics service Cluster IP | `""` | -| `repoServer.metrics.service.loadBalancerIP` | Argo CD repo server service Load Balancer IP | `""` | -| `repoServer.metrics.service.loadBalancerSourceRanges` | Argo CD repo server service Load Balancer sources | `[]` | -| `repoServer.metrics.service.externalTrafficPolicy` | Argo CD repo server service external traffic policy | `Cluster` | -| `repoServer.metrics.service.annotations` | Additional custom annotations for Argo CD repo server service | `{}` | -| `repoServer.metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `repoServer.metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `repoServer.metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `repoServer.metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | -| `repoServer.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `repoServer.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `repoServer.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `10s` | -| `repoServer.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `repoServer.metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `repoServer.metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | -| `repoServer.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | -| `repoServer.autoscaling.enabled` | Enable Argo CD repo server deployment autoscaling | `false` | -| `repoServer.autoscaling.minReplicas` | Argo CD repo server deployment autoscaling minimum number of replicas | `1` | -| `repoServer.autoscaling.maxReplicas` | Argo CD repo server deployment autoscaling maximum number of replicas | `5` | -| `repoServer.autoscaling.targetCPU` | Argo CD repo server deployment autoscaling target CPU percentage | `50` | -| `repoServer.autoscaling.targetMemory` | Argo CD repo server deployment autoscaling target CPU memory | `50` | -| `repoServer.serviceAccount.create` | Specifies whether a ServiceAccount for repo server should be created | `true` | -| `repoServer.serviceAccount.name` | The name of the ServiceAccount for repo server to use. | `""` | -| `repoServer.serviceAccount.automountServiceAccountToken` | Automount service account token for the repo server service account | `false` | -| `repoServer.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `repoServer.clusterAdminAccess` | Enable K8s cluster admin access for the repo server | `false` | -| `repoServer.clusterRoleRules` | Use custom rules for repo server's cluster role | `[]` | -| `repoServer.command` | Override default container command (useful when using custom images) | `[]` | -| `repoServer.args` | Override default container args (useful when using custom images) | `[]` | -| `repoServer.extraArgs` | Add extra args to the default repo server args | `[]` | -| `repoServer.configManagementPlugins.enabled` | Whether the config management plugins are enabled or not. | `false` | -| `repoServer.configManagementPlugins.additionalBinaries` | Additional binaries necessary for the config management plugins. | `[]` | -| `repoServer.configManagementPlugins.plugins` | The config management plugins to be provided as sidecars alongside the repo server. | `[]` | -| `repoServer.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `repoServer.hostAliases` | Argo CD repo server pods host aliases | `[]` | -| `repoServer.podLabels` | Extra labels for Argo CD repo server pods | `{}` | -| `repoServer.podAnnotations` | Annotations for Argo CD repo server pods | `{}` | -| `repoServer.podAffinityPreset` | Pod affinity preset. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `repoServer.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `repoServer.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `repoServer.nodeAffinityPreset.key` | Node label key to match. Ignored if `repoServer.affinity` is set | `""` | -| `repoServer.nodeAffinityPreset.values` | Node label values to match. Ignored if `repoServer.affinity` is set | `[]` | -| `repoServer.affinity` | Affinity for Argo CD repo server pods assignment | `{}` | -| `repoServer.nodeSelector` | Node labels for Argo CD repo server pods assignment | `{}` | -| `repoServer.tolerations` | Tolerations for Argo CD repo server pods assignment | `[]` | -| `repoServer.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `repoServer.shareProcessNamespace` | Enable shared process namespace in a pod. | `false` | -| `repoServer.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `repoServer.updateStrategy.type` | Argo CD repo server statefulset strategy type | `RollingUpdate` | -| `repoServer.priorityClassName` | Argo CD repo server pods' priorityClassName | `""` | -| `repoServer.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | -| `repoServer.lifecycleHooks` | for the Argo CD repo server container(s) to automate configuration before or after startup | `{}` | -| `repoServer.extraEnvVars` | Array with extra environment variables to add to Argo CD repo server nodes | `[]` | -| `repoServer.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Argo CD repo server nodes | `""` | -| `repoServer.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Argo CD repo server nodes | `""` | -| `repoServer.extraVolumes` | Optionally specify extra list of additional volumes for the Argo CD repo server pod(s) | `[]` | -| `repoServer.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Argo CD repo server container(s) | `[]` | -| `repoServer.sidecars` | Add additional sidecar containers to the Argo CD repo server pod(s) | `[]` | -| `repoServer.initContainers` | Add additional init containers to the Argo CD repo server pod(s) | `[]` | -| `repoServer.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `repoServer.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | -| `repoServer.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `repoServer.pdb.minAvailable` and `repoServer.pdb.maxUnavailable` are empty. | `""` | +| Name | Description | Value | +| ------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `repoServer.replicaCount` | Number of Argo CD repo server replicas to deploy | `1` | +| `repoServer.startupProbe.enabled` | Enable startupProbe on Argo CD repo server nodes | `false` | +| `repoServer.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `repoServer.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `repoServer.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `repoServer.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `repoServer.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `repoServer.livenessProbe.enabled` | Enable livenessProbe on Argo CD repo server nodes | `true` | +| `repoServer.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `repoServer.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `repoServer.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `repoServer.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `repoServer.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `repoServer.readinessProbe.enabled` | Enable readinessProbe on Argo CD repo server nodes | `true` | +| `repoServer.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `repoServer.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `repoServer.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `repoServer.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `repoServer.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `repoServer.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `repoServer.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `repoServer.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `repoServer.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if repoServer.resources is set (repoServer.resources is recommended for production). | `nano` | +| `repoServer.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `repoServer.podSecurityContext.enabled` | Enabled Argo CD repo server pods' Security Context | `true` | +| `repoServer.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `repoServer.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `repoServer.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `repoServer.podSecurityContext.fsGroup` | Set Argo CD repo server pod's Security Context fsGroup | `1001` | +| `repoServer.containerSecurityContext.enabled` | Enabled Argo CD repo server containers' Security Context | `true` | +| `repoServer.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `repoServer.containerSecurityContext.runAsUser` | Set Argo CD repo server containers' Security Context runAsUser | `1001` | +| `repoServer.containerSecurityContext.runAsGroup` | Set Argo CD repo server containers' Security Context runAsGroup | `1001` | +| `repoServer.containerSecurityContext.allowPrivilegeEscalation` | Set Argo CD repo server containers' Security Context allowPrivilegeEscalation | `false` | +| `repoServer.containerSecurityContext.capabilities.drop` | Set Argo CD containers' repo server Security Context capabilities to be dropped | `["ALL"]` | +| `repoServer.containerSecurityContext.readOnlyRootFilesystem` | Set Argo CD containers' repo server Security Context readOnlyRootFilesystem | `true` | +| `repoServer.containerSecurityContext.runAsNonRoot` | Set Argo CD repo server containers' Security Context runAsNonRoot | `true` | +| `repoServer.containerSecurityContext.privileged` | Set repoServer container's Security Context privileged | `false` | +| `repoServer.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `repoServer.service.type` | Repo server service type | `ClusterIP` | +| `repoServer.service.ports.repoServer` | Repo server service port | `8081` | +| `repoServer.service.nodePorts.repoServer` | Node port for the repo server service | `""` | +| `repoServer.service.clusterIP` | Repo server service Cluster IP | `""` | +| `repoServer.service.loadBalancerIP` | Repo server service Load Balancer IP | `""` | +| `repoServer.service.loadBalancerSourceRanges` | Repo server service Load Balancer sources | `[]` | +| `repoServer.service.externalTrafficPolicy` | Repo server service external traffic policy | `Cluster` | +| `repoServer.service.annotations` | Additional custom annotations for Repo server service | `{}` | +| `repoServer.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `repoServer.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `repoServer.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `repoServer.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `repoServer.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `repoServer.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `repoServer.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `repoServer.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `repoServer.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | `[]` | +| `repoServer.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `repoServer.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `repoServer.logFormat` | Format for the Argo CD repo server logs. Options: [text, json] | `text` | +| `repoServer.logLevel` | Log level for the Argo CD repo server | `info` | +| `repoServer.containerPorts.repoServer` | Container port for Argo CD repo server | `8081` | +| `repoServer.containerPorts.metrics` | Metrics port for Argo CD repo server | `8084` | +| `repoServer.metrics.enabled` | Enable metrics for the Argo CD repo server | `false` | +| `repoServer.metrics.service.type` | Argo CD repo server service type | `ClusterIP` | +| `repoServer.metrics.service.ports.metrics` | Argo CD repo server metrics service port | `8084` | +| `repoServer.metrics.service.nodePorts.metrics` | Node port for the repo server metrics service | `""` | +| `repoServer.metrics.service.clusterIP` | Argo CD repo server metrics service Cluster IP | `""` | +| `repoServer.metrics.service.loadBalancerIP` | Argo CD repo server service Load Balancer IP | `""` | +| `repoServer.metrics.service.loadBalancerSourceRanges` | Argo CD repo server service Load Balancer sources | `[]` | +| `repoServer.metrics.service.externalTrafficPolicy` | Argo CD repo server service external traffic policy | `Cluster` | +| `repoServer.metrics.service.annotations` | Additional custom annotations for Argo CD repo server service | `{}` | +| `repoServer.metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `repoServer.metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `repoServer.metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `repoServer.metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `repoServer.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `repoServer.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `repoServer.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `10s` | +| `repoServer.metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `repoServer.metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `repoServer.metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | +| `repoServer.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `repoServer.autoscaling.enabled` | Enable Argo CD repo server deployment autoscaling | `false` | +| `repoServer.autoscaling.minReplicas` | Argo CD repo server deployment autoscaling minimum number of replicas | `1` | +| `repoServer.autoscaling.maxReplicas` | Argo CD repo server deployment autoscaling maximum number of replicas | `5` | +| `repoServer.autoscaling.targetCPU` | Argo CD repo server deployment autoscaling target CPU percentage | `50` | +| `repoServer.autoscaling.targetMemory` | Argo CD repo server deployment autoscaling target CPU memory | `50` | +| `repoServer.serviceAccount.create` | Specifies whether a ServiceAccount for repo server should be created | `true` | +| `repoServer.serviceAccount.name` | The name of the ServiceAccount for repo server to use. | `""` | +| `repoServer.serviceAccount.automountServiceAccountToken` | Automount service account token for the repo server service account | `false` | +| `repoServer.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `repoServer.clusterAdminAccess` | Enable K8s cluster admin access for the repo server | `false` | +| `repoServer.clusterRoleRules` | Use custom rules for repo server's cluster role | `[]` | +| `repoServer.command` | Override default container command (useful when using custom images) | `[]` | +| `repoServer.args` | Override default container args (useful when using custom images) | `[]` | +| `repoServer.extraArgs` | Add extra args to the default repo server args | `[]` | +| `repoServer.configManagementPlugins.enabled` | Whether the config management plugins are enabled or not. | `false` | +| `repoServer.configManagementPlugins.additionalBinaries.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `repoServer.configManagementPlugins.additionalBinaries.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `repoServer.configManagementPlugins.additionalBinaries.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `repoServer.configManagementPlugins.additionalBinaries.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `repoServer.configManagementPlugins.additionalBinaries.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `repoServer.configManagementPlugins.additionalBinaries.binaries` | Additional binaries necessary for the config management plugins. | `[]` | +| `repoServer.configManagementPlugins.plugins` | The config management plugins to be provided as sidecars alongside the repo server. | `[]` | +| `repoServer.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `repoServer.hostAliases` | Argo CD repo server pods host aliases | `[]` | +| `repoServer.podLabels` | Extra labels for Argo CD repo server pods | `{}` | +| `repoServer.podAnnotations` | Annotations for Argo CD repo server pods | `{}` | +| `repoServer.podAffinityPreset` | Pod affinity preset. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `repoServer.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `repoServer.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `repoServer.nodeAffinityPreset.key` | Node label key to match. Ignored if `repoServer.affinity` is set | `""` | +| `repoServer.nodeAffinityPreset.values` | Node label values to match. Ignored if `repoServer.affinity` is set | `[]` | +| `repoServer.affinity` | Affinity for Argo CD repo server pods assignment | `{}` | +| `repoServer.nodeSelector` | Node labels for Argo CD repo server pods assignment | `{}` | +| `repoServer.tolerations` | Tolerations for Argo CD repo server pods assignment | `[]` | +| `repoServer.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `repoServer.shareProcessNamespace` | Enable shared process namespace in a pod. | `false` | +| `repoServer.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `repoServer.updateStrategy.type` | Argo CD repo server statefulset strategy type | `RollingUpdate` | +| `repoServer.priorityClassName` | Argo CD repo server pods' priorityClassName | `""` | +| `repoServer.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | +| `repoServer.lifecycleHooks` | for the Argo CD repo server container(s) to automate configuration before or after startup | `{}` | +| `repoServer.extraEnvVars` | Array with extra environment variables to add to Argo CD repo server nodes | `[]` | +| `repoServer.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Argo CD repo server nodes | `""` | +| `repoServer.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Argo CD repo server nodes | `""` | +| `repoServer.extraVolumes` | Optionally specify extra list of additional volumes for the Argo CD repo server pod(s) | `[]` | +| `repoServer.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Argo CD repo server container(s) | `[]` | +| `repoServer.sidecars` | Add additional sidecar containers to the Argo CD repo server pod(s) | `[]` | +| `repoServer.initContainers` | Add additional init containers to the Argo CD repo server pod(s) | `[]` | +| `repoServer.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `repoServer.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `repoServer.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `repoServer.pdb.minAvailable` and `repoServer.pdb.maxUnavailable` are empty. | `""` | ### Dex Parameters diff --git a/bitnami/argo-cd/templates/repo-server/deployment.yaml b/bitnami/argo-cd/templates/repo-server/deployment.yaml index 4fa7623db53952..4660579acbb2c8 100644 --- a/bitnami/argo-cd/templates/repo-server/deployment.yaml +++ b/bitnami/argo-cd/templates/repo-server/deployment.yaml @@ -152,16 +152,17 @@ spec: volumeMounts: - mountPath: /additional-binaries name: cmp-additional-binaries - {{- if .Values.repoServer.configManagementPlugins.additionalBinaries }} + {{- with .Values.repoServer.configManagementPlugins.additionalBinaries }} + {{- if .binaries }} - name: download-additional-binaries - image: {{ include "common.images.image" (dict "imageRoot" (dict "repository" "curlimages/curl" "tag" "latest") "global" .Values.global) }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "common.images.image" (dict "imageRoot" .image "global" $.Values.global) }} + imagePullPolicy: {{ .image.pullPolicy }} command: - sh - -c args: - |- - {{- range $additionalBinary := .Values.repoServer.configManagementPlugins.additionalBinaries }} + {{- range $additionalBinary := .binaries }} # downloading {{ $additionalBinary.name }} curl -L {{ $additionalBinary.url }} -o /additional-binaries/{{ $additionalBinary.name }} chmod +x /additional-binaries/{{ $additionalBinary.name }} @@ -171,6 +172,7 @@ spec: name: cmp-additional-binaries {{- end }} {{- end }} + {{- end }} {{- if .Values.repoServer.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.repoServer.initContainers "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/argo-cd/values.yaml b/bitnami/argo-cd/values.yaml index 36c1a15e979adf..5f72066d94b686 100644 --- a/bitnami/argo-cd/values.yaml +++ b/bitnami/argo-cd/values.yaml @@ -3159,13 +3159,37 @@ repoServer: configManagementPlugins: ## @param repoServer.configManagementPlugins.enabled Whether the config management plugins are enabled or not. enabled: false - ## @param repoServer.configManagementPlugins.additionalBinaries Additional binaries necessary for the config management plugins. - ## Will be downloaded from the given URL and made available as `name` in the configured `additionalBinariesDir` of the plugin. - ## E.g. - ## additionalBinaries: - ## - name: my-custom-binary - ## url: https://www.example.com/my-custom-binary-1.2.3 - additionalBinaries: [] + additionalBinaries: + ## OS Shell + Utility image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param repoServer.configManagementPlugins.additionalBinaries.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry + ## @param repoServer.configManagementPlugins.additionalBinaries.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository + ## @skip repoServer.configManagementPlugins.additionalBinaries.image.tag OS Shell + Utility image tag (immutable tags are recommended) + ## @param repoServer.configManagementPlugins.additionalBinaries.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param repoServer.configManagementPlugins.additionalBinaries.image.pullPolicy OS Shell + Utility image pull policy + ## @param repoServer.configManagementPlugins.additionalBinaries.image.pullSecrets OS Shell + Utility image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r27 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [ ] + ## @param repoServer.configManagementPlugins.additionalBinaries.binaries Additional binaries necessary for the config management plugins. + ## Will be downloaded from the given URL and made available as `name` in the configured `additionalBinariesDir` of the plugin. + ## E.g. + ## binaries: + ## - name: my-custom-binary + ## url: https://www.example.com/my-custom-binary-1.2.3 + binaries: [] ## @param repoServer.configManagementPlugins.plugins The config management plugins to be provided as sidecars alongside the repo server. ## E.g. ## plugins: