Compare commits

...

153 Commits

Author SHA1 Message Date
rumstead
ac74bea647 fix: traverse generator tree when getting requeue time (#12407) (#12409)
* add unit test reproducing

Signed-off-by: rumstead <rjumstead@gmail.com>
Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

* feat: Begin polishing top bar design (#12327)

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

* chore: add dist to path to use our kustomize version (#12352)

* chore: add dist to path to use our kustomize version

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* correct path

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* missed a spot

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

* fix: when resource does not exist node menu and resource details shou… (#12360)

* fix: when resource does not exist node menu and resource details should still render

Signed-off-by: Joshua Helton <jdoghelton@gmail.com>

* Retrigger CI pipeline

Signed-off-by: Joshua Helton <jdoghelton@gmail.com>

---------

Signed-off-by: Joshua Helton <jdoghelton@gmail.com>
Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

* fix: traverse generator tree when getting requeue time

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

* fix: traverse generator tree when getting requeue time

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

* remove duplicate code

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

* Retrigger CI pipeline

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

* revert gitignore

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

* update from code review

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

---------

Signed-off-by: rumstead <rjumstead@gmail.com>
Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Joshua Helton <jdoghelton@gmail.com>
Co-authored-by: Remington Breeze <remington@breeze.software>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: jphelton <jdoghelton@gmail.com>
2023-02-24 16:31:22 -05:00
Justin Marquis
f102988793 chore: use registry.k8s.io instead of k8s.gcr.io (#12362)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-02-17 15:13:51 -05:00
dependabot[bot]
2c52907304 chore(deps): bump imjasonh/setup-crane from 0.2 to 0.3 (#12504)
Bumps [imjasonh/setup-crane](https://github.com/imjasonh/setup-crane) from 0.2 to 0.3.
- [Release notes](https://github.com/imjasonh/setup-crane/releases)
- [Commits](e82f1b9a80...00c9e93efa)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: imjasonh/setup-crane
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-17 14:40:11 -05:00
Josh Soref
1d6f8b113c docs: FAQ improvements (#12146)
* docs: use more backticks in FAQ

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* docs: add FAQ entry

The order in patch list … doesn't match $setElementOrder list: …

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

---------

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2023-02-17 14:24:33 -05:00
Dmitriy Mann
5bfcff8631 fix: valid username in webhook URL matching regex (#9055) (#12203)
This commit fixes incorrect regular expression used for URL matching.

Expected behavior: valid user info part is matched => webhook is sent.
Actual behavior: some valid user info is not matched, example: `ssh://user-name@example.com/org/repo` => webhook is not sent.

Context:
 - [RFC 3986 3.2.1 - User Information](https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1)
 - [Username validation regex in shadow Linux package](https://github.com/shadow-maint/shadow/blob/master/libmisc/chkname.c#L36)

Signed-off-by: mdsjip <2284562+mdsjip@users.noreply.github.com>
2023-02-17 14:11:30 -05:00
dependabot[bot]
55289991c6 chore(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1 (#12308)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](15c905b16b...f03ac48505)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-17 14:01:11 -05:00
atusy
b007073231 docs: fix typo (#12389)
Signed-off-by: atusy <30277794+atusy@users.noreply.github.com>
2023-02-17 13:57:48 -05:00
dependabot[bot]
536d1d0e10 chore(deps): bump actions/cache from 3.2.4 to 3.2.5 (#12433)
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](627f0f41f6...6998d139dd)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-17 13:52:50 -05:00
Wojtek Cichoń
dd44083d78 docs: Updated link to Jenkins and added GitHub Actions link (#12465)
Signed-off-by: Wojtek Cichoń <wojtek.cichon@protonmail.com>
2023-02-17 13:36:40 -05:00
Zadkiel Aharonian
db031bbe94 docs: fix typo in health documentation (#12497)
Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr>
2023-02-17 13:34:38 -05:00
Saumeya Katyal
ac0b3e76c0 fix(security): add url validation for help chat (#9956) (#10417)
* fix: add url validation for help chat

Signed-off-by: saumeya <saumeyakatyal@gmail.com>

* lint check

Signed-off-by: saumeya <saumeyakatyal@gmail.com>

* lint fix

Signed-off-by: saumeya <saumeyakatyal@gmail.com>

* review comments

Signed-off-by: saumeya <saumeyakatyal@gmail.com>

---------

Signed-off-by: saumeya <saumeyakatyal@gmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-02-17 13:19:47 -05:00
Michael Chen
a9289d2381 docs: Clarify cascade delete of resource and finalizer (#11064)
* Clarify cascade delete of resource and finalizer.

The wording of this warning was confusing.

Signed-off-by: Michael Chen <4326639+mcgitty@users.noreply.github.com>

* Update docs/operator-manual/declarative-setup.md

Co-authored-by: Nicholas Morey <nicholas@morey.tech>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: Michael Chen <4326639+mcgitty@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Nicholas Morey <nicholas@morey.tech>
2023-02-17 13:18:06 -05:00
schakrad
4be0ce491d fix: show full event message in pod event view (#12104) (#12267)
* #11602 fix : Object options menu truncated when selected in ApplicationListView.

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>

* fix for the message to be fully shown under the events section.

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>

* fixing lint

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>

* Update application-resource-list.tsx

Signed-off-by: schakrad <58915923+schakrad@users.noreply.github.com>

* fix for  lint error

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>

---------

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>
Signed-off-by: schakrad <58915923+schakrad@users.noreply.github.com>
2023-02-17 11:58:14 -05:00
argo-bot
e86cf5d705 Bump version to 2.4.23 2023-02-16 14:40:28 +00:00
argo-bot
8f0d27705e Bump version to 2.4.23 2023-02-16 14:40:22 +00:00
Michael Crenshaw
5831a573aa Merge pull request from GHSA-3jfq-742w-xg8j
fix test name

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-02-16 09:07:57 -05:00
Michael Crenshaw
90869357fb chore: add dist to path to use our kustomize version (#12352)
* chore: add dist to path to use our kustomize version

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* correct path

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* missed a spot

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-02-09 12:18:33 -05:00
Josh Soref
d0551e4c1a docs: Fix heading to not include a v for the second version (#12218)
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2023-02-03 10:29:27 -05:00
Thomas Decaux
402b38dc7d docs: add destination.name example (#12242)
I had trouble finding the documentation to use the cluster name for destination, instead of the full URL. This is really useful.

Use case: we manage multiple clusters, destination.name is a better way to set destination.

Signed-off-by: Thomas Decaux <ebuildy@gmail.com>
Signed-off-by: ebuildy <ebuildy@gmail.com>
2023-02-02 12:56:27 -05:00
argo-bot
eadd25e7ed Bump version to 2.4.22 2023-02-02 14:58:52 +00:00
argo-bot
3f98ee249b Bump version to 2.4.22 2023-02-02 14:58:37 +00:00
Panagiotis Georgiadis
cafb09a8a5 fix: Upgrade gopkg.in/yaml.v2 to v2.2.4 (#12247)
Signed-off-by: Panagiotis Georgiadis <pgeorgia@redhat.com>
2023-02-01 16:37:50 -05:00
Jaideep Rao
f7b9fa32e4 fix: Upgrade goutils to v1.1.1 [release-2.4] (#12219) (#12222)
* upgrade goutils to v1.1.1

Signed-off-by: Jaideep Rao <jaideep.r97@gmail.com>

* Update go.mod

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: Jaideep Rao <jaideep.r97@gmail.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-02-01 14:25:55 -05:00
dependabot[bot]
8536a84775 chore(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.0 (#12227)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.2.1 to 2.4.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](8c0edbc76e...15c905b16b)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-31 16:56:06 -05:00
dependabot[bot]
4bc13fbb25 chore(deps): bump actions/cache from 3.2.3 to 3.2.4 (#12228)
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.3 to 3.2.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](58c146cc91...627f0f41f6)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-31 16:53:48 -05:00
Adam Jensen
fe6472db05 docs: Fix copy that refers to a different CLI flag (#12236)
Signed-off-by: Adam Jensen <adam@acj.sh>
2023-01-31 16:52:10 -05:00
Kostis (Codefresh)
efb0ceca33 docs: Clarify directory recursion (#12037)
Signed-off-by: Kostis Kapelonis <kostis@codefresh.io>
2023-01-31 16:29:47 -05:00
James Brady
717ac4eec1 docs: Fix list formatting in "Resource Actions" docs page (#12061)
Signed-off-by: James Brady <goodgravy@users.noreply.github.com>
2023-01-31 16:26:46 -05:00
Nobuo Takizawa
6cb2a600b0 chore: Update dex's image tag that is forgotten to be updated (#12234)
Signed-off-by: nobuyo <longzechangsheng@gmail.com>
2023-01-31 15:44:13 -05:00
argo-bot
2eb5656842 Bump version to 2.4.21 2023-01-27 23:14:45 +00:00
argo-bot
5c6f8d5460 Bump version to 2.4.21 2023-01-27 23:14:40 +00:00
Eugen Friedland
45c089b48c fix(health): Handling SparkApplication CRD health status if dynamic allocation is enabled (#7557) (#11522)
Signed-off-by: Yevgeniy Fridland <yevg.mord@gmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-27 15:17:27 -05:00
Michael Crenshaw
11ba4834ad fix: add CLI client IDs to default OIDC allowed audiences (#12170) (#12179)
* fix(settings): add CLI client ID in default OAuth2 allowed audiences

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>

* fix: add CLI client IDs to default OIDC allowed audiences (#12170)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* docs

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* test

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* handle expired token properly

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Yann Soubeyrand <yann.soubeyrand@camptocamp.com>
2023-01-27 14:43:21 -05:00
Leonardo Luz Almeida
8f4678ee1f chore: Refactor terminal handler to use auth-middleware (#12052)
* chore: Refactor terminal handler to use auth-middleware

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* remove context key for now

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* implement unit-tests

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* remove claim valid check for now

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* remove unnecessary test

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* fix lint

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* don't too much details in http response

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* Fix error

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* Fix lint

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* trigger build

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* builder pattern in terminal feature-flag middleware

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
2023-01-27 13:37:02 -05:00
argo-bot
68f58c956a Bump version to 2.4.20 2023-01-25 15:28:44 +00:00
argo-bot
5b3bfc746c Bump version to 2.4.20 2023-01-25 15:28:30 +00:00
Dan Garfield
20c63babca Merge pull request from GHSA-q9hr-j4rf-8fjc
* fix: verify audience claim

Co-Authored-By: Vladimir Pouzanov <farcaller@gmail.com>
Signed-off-by: CI <350466+crenshaw-dev@users.noreply.github.com>

* fix unit tests

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* go mod tidy

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* handle single aud claim marshaled as a string

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: CI <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: CI <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Vladimir Pouzanov <farcaller@gmail.com>
2023-01-25 09:15:04 -05:00
Justin Marquis
0775c6e726 chore: disable docker sbom and attestations (#12059)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2023-01-20 10:04:20 -05:00
argo-bot
0ba9817cc2 Bump version to 2.4.19 2023-01-18 02:08:53 +00:00
argo-bot
cac46bf3a6 Bump version to 2.4.19 2023-01-18 02:08:46 +00:00
Michael Crenshaw
e89bf08452 chore: upgrade github.com/prometheus/client_golang to v1.11.1 to avoid CVE-2022-21698 (#12015)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-17 17:05:12 -05:00
Michael Crenshaw
4fa0627dd8 chore: fix bad merge
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-17 17:00:56 -05:00
Aymen Ben Tanfous
4665f19f9a fix: Fixed matrix requeueAfterSeconds for PR (#10914) (#10915)
* Fixed matrix requeueAfterSeconds for PR

Signed-off-by: Aymen Ben Tanfous <aymen.bentanfous@gmail.com>

* A try to make some tests

Signed-off-by: Aymen Ben Tanfous <aymen.bentanfous@cimpress.com>

* Fixed default test returns the default time

Signed-off-by: Aymen Ben Tanfous <aymenbentanfous@gmail.com>

* Fixed default test returns the default time

Signed-off-by: Aymen Ben Tanfous <aymenbentanfous@gmail.com>

Signed-off-by: Aymen Ben Tanfous <aymen.bentanfous@gmail.com>
Signed-off-by: Aymen Ben Tanfous <aymen.bentanfous@cimpress.com>
Signed-off-by: Aymen Ben Tanfous <aymenbentanfous@gmail.com>
Co-authored-by: Aymen Ben Tanfous <aymen.bentanfous@cimpress.com>
Co-authored-by: Aymen Ben Tanfous <aymenbentanfous@gmail.com>
2023-01-17 16:54:22 -05:00
dependabot[bot]
32ab1d906f chore(deps): bump actions/cache from 3.2.2 to 3.2.3 (#11928)
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](4723a57e26...58c146cc91)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-13 09:52:10 -05:00
dependabot[bot]
64b3f0f1f4 chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 (#11895)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](755da8c3cf...ac59398561)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 14:07:20 -05:00
Michael Crenshaw
70276136b1 chore: fix codegen
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-11 09:47:07 -05:00
Michael Crenshaw
0051144468 chore: fix codegen
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-10 16:58:51 -05:00
dependabot[bot]
df55641842 chore(deps): bump actions/setup-node from 3.5.1 to 3.6.0 (#11896)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](8c91899e58...64ed1c7eab)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-10 15:25:24 -05:00
dependabot[bot]
7cde38c52f chore(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#11929)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](83fd05a356...0b7f8abb15)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-10 15:22:04 -05:00
Michael Crenshaw
e9a2102593 Revert "fix: ssa e2e tests failing after updating to kubectl 1.26 (#11753)"
This reverts commit a10a54782a.

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-10 12:19:16 -05:00
Michael Crenshaw
56cba50d69 chore: upgrade redis to 7.0.7 to avoid CVE-2022-3996 (#11925)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-10 10:50:44 -05:00
jannfis
556565f167 chore: Upgrade shipped version of Redis to 7.0.5 to fix CVE-2022-35951 (#10702)
* chore: Upgrade redis to 7.0.5

Signed-off-by: jannfis <jann@mistrust.net>

* Also update Redis version in containerized toolchain

Signed-off-by: jannfis <jann@mistrust.net>

* Update Redis and Dex in CI

Signed-off-by: jannfis <jann@mistrust.net>

* Fix Dex image path

Signed-off-by: jannfis <jann@mistrust.net>

Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-10 10:44:32 -05:00
Michael Crenshaw
f625165b33 fix: upgrade qs to avoid CVE-2022-24999
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-10 10:22:46 -05:00
Alexander Matyushentsev
d11ee714b8 fix: upgrade superagent to resolve potential CVE (#9494)
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2023-01-10 10:21:13 -05:00
dependabot[bot]
3aa191d777 chore(deps): bump actions/cache from 3.2.0 to 3.2.2 (#11839)
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.0 to 3.2.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](c17f4bf466...4723a57e26)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-09 17:12:14 -05:00
dependabot[bot]
3487d4789d chore(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 (#11894)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](9782bd6a98...9bc31d5ccc)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-09 16:52:29 -05:00
Michael Crenshaw
9c9fd9685a docs: note risks of secret-injection plugins (#11617)
* docs: note risks of secret-injection plugins

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* grammar tweaks

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* grammar tweaks

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-01-09 16:31:24 -05:00
dependabot[bot]
bda913c1f2 chore(deps): bump actions/cache from 3.0.11 to 3.2.0 (#11809)
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](9b0c1fce7a...c17f4bf466)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-22 13:39:04 -05:00
Justin Marquis
e37feab905 chore: fix lint error (#11788)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-12-21 08:14:15 -05:00
Justin Marquis
e380dd1ade chore: get image digest in seperate step (#11778)
* chore: get image digest in seperate step

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* Retrigger CI pipeline

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-12-20 17:22:40 -05:00
Gaël Jourdan-Weil
6c88a166d8 docs: clarify project destination possibilities (#11706)
Clarify that it's possible to reference clusters by `cluster` or by `name`.

Signed-off-by: Gaël Jourdan-Weil <gjourdanweil@gmail.com>

Signed-off-by: Gaël Jourdan-Weil <gjourdanweil@gmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-12-20 12:52:09 -05:00
Matt Clegg
f007ddffc9 docs: correct SSO configuration URL in example configmap (#11720)
Signed-off-by: Matt Clegg <m@cle.gg>

Signed-off-by: Matt Clegg <m@cle.gg>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-12-20 08:58:24 -05:00
Phil Wright- Christie
af7b29d922 docs: Update example dockerfile (#11721)
The latest tag hasn't been updated in almost a year, and as a result, the ubuntu repositories are out of date and are throwing errors. This updates the example to use a fixed version, which are updated much more frequently.

Signed-off-by: Phil Wright- Christie <philwc@gmail.com>

Signed-off-by: Phil Wright- Christie <philwc@gmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-12-20 08:55:26 -05:00
Leonardo Luz Almeida
a10a54782a fix: ssa e2e tests failing after updating to kubectl 1.26 (#11753)
* fix: ssa e2e test failing after updating to kubectl 1.26

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* Remove pinned kubectl version

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* Cleaner approach to fix e2e test

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* Fix

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
2022-12-20 08:49:49 -05:00
Nicholas Morey
20e4b8806d docs: clarify that all labels must exist (#11693)
It's unclear if all or any of the labels need to exist. This clarifies that all of the labels must exist.

Signed-off-by: Nicholas Morey <nicholas@morey.tech>

Signed-off-by: Nicholas Morey <nicholas@morey.tech>
2022-12-20 08:47:17 -05:00
dependabot[bot]
2626453cfc chore(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (#11697)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](d0a58c1c4d...6edd4406fa)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-20 08:41:16 -05:00
yanyx
5d6600ed9d doc: correct kustomize demo path (#11762)
Signed-off-by: Yixing Yan <yixingyan@gmail.com>

Signed-off-by: Yixing Yan <yixingyan@gmail.com>
2022-12-20 08:38:17 -05:00
Justin Marquis
0f3f8db000 fix: sign container images by digest (#11151)
* chore: sign container images by digest

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* use sha hash

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-12-19 20:46:16 -05:00
argo-bot
beef23b7a4 Bump version to 2.4.18 2022-12-16 15:57:45 +00:00
argo-bot
a97db48111 Bump version to 2.4.18 2022-12-16 15:57:36 +00:00
Leonardo Luz Almeida
69939d427a docs: Clarification of the create namespace feature (#11723)
* docs: Clarification of the create namespace feature

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* Address review suggestion

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
2022-12-16 08:33:29 -05:00
Michael Crenshaw
a7d22df297 fix: pin kubectl version (#11726)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-12-16 02:11:59 +01:00
Michael Crenshaw
0f99cdd877 chore: fix flaky e2e test for immutable fields (#11685)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-12-13 15:25:41 -05:00
dependabot[bot]
3c8c8adb37 chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#11679)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](93ea575cb5...755da8c3cf)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-13 08:25:37 -05:00
Michael Crenshaw
e0b8b129a5 chore: fix flaky e2e test (#11670)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-12-12 17:45:06 -05:00
Michael Crenshaw
12c6cf3e8c chore: fix flaky e2e test (#11509) (#11654)
* chore: fix flaky e2e test (#11509)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* don't centralize mock response - tests should be independent

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-12-12 12:16:11 -05:00
Nicholas Morey
197e01b834 docs: kustomize has access to build environment (#11643)
Current docs reflect that the build environment is not available to kustomize. Since https://github.com/argoproj/argo-cd/pull/8096 it is now exposed for kustomize. This updates the kustomize section of the docs to reflect that.

Signed-off-by: Nicholas Morey <nicholas@morey.tech>

Signed-off-by: Nicholas Morey <nicholas@morey.tech>
2022-12-11 15:58:51 -05:00
asingh
27ff21643e docs: add warning for user when using replace sync option (#11566)
* docs: adding warning to 'replace' sync option

Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com>

* Update sync-options.md

Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com>

Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com>
Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com>
2022-12-09 14:23:09 -05:00
Alex Eftimie
ecdea743c2 fix(helm): login OCI Helm dependencies correctly (#8563) (#11327)
Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>
2022-12-07 12:53:32 -05:00
Alex Eftimie
fca6271d38 fix(helm): helm v3 doesn't have these flags (#11100) (#11540)
* fix: helm v3 doesn't have these flags

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>

* Revert repoAdd change. Was to greedy, ca-file is needed there

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>
2022-12-07 12:43:58 -05:00
Michael Vittrup Larsen
186c4be175 docs: Add skipCrds and ignoreMissingValueFiles to application.yaml example (#11565)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-12-06 09:51:12 -05:00
dependabot[bot]
e46ae882f1 chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 in /ui (#11533)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-03 22:11:28 -05:00
Michael Crenshaw
30f25ce113 Revert "fix: application stuck in infinite reconciliation loop if using wrong project (#11246)"
This reverts commit 1e53a3adcb.

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-12-02 09:25:13 -05:00
dependabot[bot]
72f8ff370a chore(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (#11535)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](c4a742cab1...d0a58c1c4d)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02 08:54:45 -05:00
dependabot[bot]
955417ae4f chore(deps): bump softprops/action-gh-release from 0.1.14 to 0.1.15 (#11534)
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 0.1.14 to 0.1.15.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](1e07f43987...de2c0eb89a)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02 08:53:40 -05:00
Michael Merrill
e091a92f6c fix: add missing changes for bitbucket cloud SCM provider (#10143) (#11150)
Signed-off-by: mmerrill3 <jjpaacks@gmail.com>

Signed-off-by: mmerrill3 <jjpaacks@gmail.com>
2022-11-30 21:04:35 -05:00
Alexander Matyushentsev
de7d35b069 fix: expose missing ReactDOM to enable extensions implementation (#11495)
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2022-11-30 11:10:53 -08:00
Michael Crenshaw
b6d33ba162 chore: pin actions (#11360)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-11-29 13:04:57 -05:00
Michael Crenshaw
e3ef547f16 chore: use set-output environment file (#10999)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-11-29 09:48:36 -05:00
dependabot[bot]
2868c5aa0a chore(deps): bump actions/upload-artifact from 2 to 3 (#11365)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-18 22:08:01 -05:00
dependabot[bot]
ba5bab807c chore(deps): bump actions/setup-node from 1 to 3 (#11364)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 1 to 3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v1...v3)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-18 22:06:32 -05:00
dependabot[bot]
510e3a9557 chore(deps): bump codecov/codecov-action from 1 to 3 (#11362)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v3)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-18 22:02:51 -05:00
dependabot[bot]
e52895aead chore(deps): bump actions/download-artifact from 2 to 3 (#11361)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-18 21:06:33 -05:00
Alexander Matyushentsev
1e53a3adcb fix: application stuck in infinite reconciliation loop if using wrong project (#11246)
* fix: application stuck in infinite reconciliation loop if using wrong project

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

* add missing unit test

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
2022-11-18 20:58:54 -05:00
Alex Eftimie
7f4b644231 fix: set HELM_CONFIG_HOME dir for oci registry authentication; fixes: #11284 (#11285)
Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>
2022-11-17 14:27:39 -08:00
Michael Crenshaw
9fc46d2a0f chore: use --password-stdin for docker login (#11331)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-11-17 10:47:07 -05:00
Edmund Rhudy
547f666fb2 fix: UI can now get clusters with slashes in name (#9812) (#9813)
* fix: #9812 UI can now get clusters with slashes in name

Fixes #9812

If a cluster name has a slash in it, the API would not be able
to fetch that cluster and would display "in-cluster (undefined)"
for that application. This fixes that issue by URI-encoding
the cluster name on the UI side and URI-decoding the cluster name
on the API side.

Signed-off-by: Edmund Rhudy <erhudy@users.noreply.github.com>

* Retrigger CI pipeline

Signed-off-by: Edmund Rhudy <erhudy@users.noreply.github.com>

Signed-off-by: Edmund Rhudy <erhudy@users.noreply.github.com>
2022-11-17 09:56:12 -05:00
Shuai Zhang
41a2505bf8 fix: allow resolving repo root as jsonnet lib path (#11119)
Signed-off-by: shuai-zh <shuaiz8023@gmail.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-11-15 18:10:14 -05:00
Justin Marquis
b8feaf4db9 fix: use non distroless image for dex (#11219)
* fix: use non distroless image for dex

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* change image in ci workflow

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-11-09 08:26:14 -05:00
argo-bot
d330967960 Bump version to 2.4.17 2022-11-07 16:28:03 +00:00
argo-bot
158a580df0 Bump version to 2.4.17 2022-11-07 16:27:56 +00:00
Leonardo Luz Almeida
5e8ac1b2d6 fix: handle apiGroup updates in resource-tracking (#11012)
* fix: handle apiGroup updates in resource-tracking

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* Fix test

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* change the fix approach by inspecting tracking id from the config

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* add unit-test to validate the scenario

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* fix test lint

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* review fixes

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

* Reword godocs for clarity

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>

Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
2022-11-03 15:02:45 -04:00
argo-bot
7b5899be33 Bump version to 2.4.16 2022-11-01 21:00:28 +00:00
argo-bot
efa96006cc Bump version to 2.4.16 2022-11-01 21:00:22 +00:00
Michael Crenshaw
b871316bba chore: don't generate release notes (#11141)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-11-01 16:21:34 -04:00
Chromo-residuum-opec
c8a1a8650e docs: fix 'bellow' typos (#11038)
Signed-off-by: backfire-monism-net <development.0extl@simplelogin.com>

Signed-off-by: backfire-monism-net <development.0extl@simplelogin.com>
2022-10-22 20:13:36 -04:00
Michael Crenshaw
27af817afb chore: fix CI (#11022)
* chore: fix CI

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* no more set global

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-21 11:24:10 -04:00
Michael Crenshaw
c7dd9bc6d2 chore: fix e2e (#11005)
* chore: fix e2e

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* more config

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* global

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-21 11:23:14 -04:00
Alex Eftimie
e41612927e docs: mention that OCI helm does not support version ranges (#11026)
* docs: mention that OCI helm does not support version ranges

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>

* Apply suggestions from code review

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>
2022-10-21 11:19:00 -04:00
Allex
5c79556ab6 fix: Update custom health check for kiali.io/Kiali (#10995)
With Kiali v1.57.1 an additional status condition was added:
```
    - lastTransitionTime: '2022-10-14T11:56:24Z'
      message: ''
      reason: ''
      status: 'False'
      type: Failure
```

Based on the discussion in https://github.com/kiali/kiali/issues/5560 this should not lead to a degraded health state.

This will no longer return Degraded as a catch-all and use the `type` and `status` fields of the condition to determine the CR health.

Signed-off-by: Allex Veldman <allexveldman+github@gmail.com>

Signed-off-by: Allex Veldman <allexveldman+github@gmail.com>
2022-10-19 12:17:34 -04:00
Michael Crenshaw
03b2deec02 chore: upgrade actions/checkout to v3, i.e. Node.js 16 (#10947)
* chore: updgrade actions/checkout to v3, i.e. Node.js 16

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* more node 12

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-19 10:42:23 -04:00
34FathomBelow
c0774a0d21 chore: release signature of sbom (#10969)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-10-18 15:39:48 -04:00
Jessie Teng
2a47eafb5a fix: Resource list in sync page msg style#10887 (#10970)
* fix: Resource list in sync page msg style#10887

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>

* fix: Resource list in sync page msg style#10887

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>

* fix: Resource list in sync page msg style#10887

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>

* fix: Resource list in sync page msg style#10887

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>
2022-10-18 14:01:55 -04:00
argo-bot
05acf7a52e Bump version to 2.4.15 2022-10-17 20:15:50 +00:00
argo-bot
e290faa6c7 Bump version to 2.4.15 2022-10-17 20:15:42 +00:00
Michael Crenshaw
21a6025d72 chore: add script to generate release notes (#10806)
* chore: add script to generate release notes

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* newlines look bad in the release markdown rendering on GitHub

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* use diff instead of comp

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* use auto-generated docs

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* pre-pended, not appended

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-17 15:47:57 -04:00
34FathomBelow
1a50f7944a chore: sign checksums file for release binaries (#10963)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-10-17 13:03:57 -04:00
34FathomBelow
92df7b877f chore: implement signed images (#10925)
* consolidate checksums into one file

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* sign container images

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* sign container images

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* remove id-token permissions

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-10-17 13:01:10 -04:00
Michael Crenshaw
bca4b1adfc chore: upgrade dex to v2.35.3 to avoid CVE-2022-27665 (#10939)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-17 12:32:47 -04:00
Aiman Fatima
3f4b12ce0d fix: Display pointer on labels for resource names in sync panel (#10959)
Signed-off-by: Aiman Fatima <aimanfatimadl@gmail.com>

Signed-off-by: Aiman Fatima <aimanfatimadl@gmail.com>
2022-10-17 09:30:33 -04:00
Chris Davis
74b5492601 fix: Use os.PathSeparator instead of hard-coded string to resolve local file paths (#10945) (#10946)
fix: Use os.PathSeparator instead of hard-coded string to resolve local file paths (#10945) (#10946)
2022-10-14 13:54:17 -07:00
Michael Crenshaw
187cd4337a docs: appset PR generator docs fixes (#10567)
* docs: appset PR generator docs fixes

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* oh, that field is actually a thing

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-12 11:30:49 -04:00
Michael Crenshaw
b20ef3ecae docs: add link to 2.4-2.5 upgrade guide (#10808)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-12 11:29:53 -04:00
Michael Crenshaw
3ce54d0b98 docs: more docs for directory apps (#10879)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-12 11:19:34 -04:00
Michael Crenshaw
0d882f6da2 docs: clarify how default RBAC policy works (#10896)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-12 11:17:10 -04:00
Mayursinh Sarvaiya
8b78e94e37 fix(ui): sync option label doesn't check corresponding box (#10863) (#10876)
* fix(ui): sync option label doesn't check corresponding box

Signed-off-by: Mayursinh Sarvaiya <marvinduff97@gmail.com>

* fix: lint

Signed-off-by: Mayursinh Sarvaiya <marvinduff97@gmail.com>

Signed-off-by: Mayursinh Sarvaiya <marvinduff97@gmail.com>
2022-10-10 14:52:41 -04:00
Nir Shtein
8fc1f80c75 fix: clicking HEAD in bitbucket leads to a 404 page (#10862)
* Wrap error objects to include context

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* fix: duplicate source namespace validation (#10853)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* Fix CR

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* Change 'branch' to 'src' when building url path

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* Revert "Fix CR"

This reverts commit 4b92408412.

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* Revert "Wrap error objects to include context"

This reverts commit d1789bd271.

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-09 12:11:11 -04:00
Sakshi Jain
983a7b0536 fix: added css to change cursor to pointer on hover (#10864) (#10867)
* added css to change cursor to pointer on hover

Signed-off-by: Sakshi <sakshi.jain7597@gmail.com>

* moved cursor change to only label and input

Signed-off-by: Sakshi <sakshi.jain7597@gmail.com>

Signed-off-by: Sakshi <sakshi.jain7597@gmail.com>
2022-10-09 12:05:32 -04:00
Michael Crenshaw
761636badf docs: fix examples for ArgoCD ApplicationSet Git Generator (#10857)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-08 14:48:56 -04:00
Michael Crenshaw
cb60ddc696 docs: remove unused plugin config fields (#10304)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-08 13:32:07 -04:00
Michael Crenshaw
814964f077 Revert "fix: add applicationset to crds generated by gen-crd-spec (#10833)"
This reverts commit 5cf1a6705b.

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-07 20:23:53 -04:00
Matt Morrison
f360009ff5 fix: consider destination cluster name when validating destinations (#10594)
Signed-off-by: Matt Morrison <matt.morrison@zapier.com>

Signed-off-by: Matt Morrison <matt.morrison@zapier.com>
2022-10-07 16:49:39 -04:00
Minchao
7381470fbe docs: fix advice about preferred version in high availability (#10619)
* docs: fix advice about preferred version in high availability

Signed-off-by: Minchao <minchao.220@gmail.com>

* Update docs/operator-manual/high_availability.md

Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Minchao <minchao.220@gmail.com>

Signed-off-by: Minchao <minchao.220@gmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-07 16:11:27 -04:00
Lars Kellogg-Stedman
c0ecf0271b docs: Correct grammar issues in docs on manifest path annotations (#10776)
The "Webhook and Manifest Paths Annotation" section of the documentation
contained a number of grammar and spelling issues as well as what appeared
to be some unintentionally pasted text.

This commit attempts to address these issues.

Signed-off-by: Lars Kellogg-Stedman <lars@oddbit.com>

Signed-off-by: Lars Kellogg-Stedman <lars@oddbit.com>
2022-10-07 15:34:04 -04:00
Denis Krivenko
6686e43b4f fix: Add missing statuses to MinIO Tenant health check (#10815)
Signed-off-by: dnskr <dnskrv88@gmail.com>

Signed-off-by: dnskr <dnskrv88@gmail.com>
2022-10-07 15:03:50 -04:00
Eddie Knight
d321825d9f chore: Added recommended permissions to github actions workflows (#10812)
* Added recommended permissions to 4 of 5 workflows

Signed-off-by: Eddie Knight <iv.eddieknight@gmail.com>

* Added release.yaml permissions... might need to add pagages:write

Signed-off-by: Eddie Knight <iv.eddieknight@gmail.com>

* Updated inline comments

Signed-off-by: Eddie Knight <iv.eddieknight@gmail.com>

Signed-off-by: Eddie Knight <iv.eddieknight@gmail.com>
2022-10-07 14:42:41 -04:00
Richard Jennings
5cf1a6705b fix: add applicationset to crds generated by gen-crd-spec (#10833)
* add applicationset to crds generated

Signed-off-by: Richard Jennings <richardjennings@gmail.com>

* update applicationset crd

Signed-off-by: Richard Jennings <richardjennings@gmail.com>

* remove description from applicationset crd

Signed-off-by: Richard Jennings <richardjennings@gmail.com>

Signed-off-by: Richard Jennings <richardjennings@gmail.com>
2022-10-07 10:53:06 -04:00
jannfis
db7d8be912 fix(ui): Don't jump back to tiles view on app deletion (#8764) (#10826)
Signed-off-by: jannfis <jann@mistrust.net>

Signed-off-by: jannfis <jann@mistrust.net>
2022-10-06 14:07:27 -04:00
rumstead
4d31d46d4c docs: Update link to resource customizations (#10827) (#10828)
Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
2022-10-06 12:04:34 -04:00
argo-bot
029be590bf Bump version to 2.4.14 2022-10-05 17:01:30 +00:00
argo-bot
65abd05b60 Bump version to 2.4.14 2022-10-05 17:01:24 +00:00
Michael Crenshaw
b9fb7623ad chore: upgrade dex to v2.35.1 (#10797) (#10799)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-05 11:45:12 -04:00
argo-bot
19ec34e134 Bump version to 2.4.13 2022-10-03 20:44:25 +00:00
argo-bot
5f74aa5c24 Bump version to 2.4.13 2022-10-03 20:44:20 +00:00
Em Karisch
b350c11935 docs: add note about multiple sync options on annotation (#10739)
Signed-off-by: Em Karisch <em@khaos.solutions>

Signed-off-by: Em Karisch <em@khaos.solutions>
2022-10-03 15:53:32 -04:00
Buk Bukowski
c271f1a6c1 docs: fix broken links in faq.md (#10744)
* fix broken links in faq.md

Signed-off-by: Bukowa <gitbukowa@gmail.com>

* doc:faq.md: fix

Signed-off-by: bukowa <gitbukowa@gmail.com>

Signed-off-by: Bukowa <gitbukowa@gmail.com>
Signed-off-by: bukowa <gitbukowa@gmail.com>
2022-10-03 15:52:53 -04:00
Michael Crenshaw
e6bd9469f8 chore: upgrade Dex to 2.35.0 (#10775)
* chore: upgrade dex to v2.35.0

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* upgrade github workflow too

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-03 15:45:55 -04:00
Michael Crenshaw
2bb180b3d9 docs: syncWindows in project.yaml (#10591)
* docs: syncWindows in project.yaml

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* trailing newline

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
2022-10-01 19:59:51 -04:00
Ishita Sequeira
216b10e6d8 fix: fix subscription health check (#10450)
Signed-off-by: ishitasequeira <ishiseq29@gmail.com>

Signed-off-by: ishitasequeira <ishiseq29@gmail.com>

Signed-off-by: ishitasequeira <ishiseq29@gmail.com>
2022-09-30 19:45:18 -04:00
Mohammad Abusaa
fc8f57a0b5 docs: Update Generators-Pull-Request.md (#10643) (#10642)
Signed-off-by: Mohammad Abusaa <abusaa_mz@hotmail.com>

Signed-off-by: Mohammad Abusaa <abusaa_mz@hotmail.com>
2022-09-30 19:09:44 -04:00
Ahmed Mahmoud BACHIRI
56c2e3c81d docs: fix typo in GitHub section (#10723)
Replace and with an

Signed-off-by: Ahmed Mahmoud BACHIRI <bachiriahmedmahmoud@gmail.com>

Signed-off-by: Ahmed Mahmoud BACHIRI <bachiriahmedmahmoud@gmail.com>
2022-09-30 19:04:08 -04:00
Michael Crenshaw
83931b8515 chore: upgrade dex to v2.32.1-distroless (#10746)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-09-30 18:54:39 -04:00
cleverhu
712df99420 fix: Fix a nil pointer crash for repo server (#10696)
Fixes: https://github.com/argoproj/argo-cd/issues/10614
Signed-off-by: cleverhu <shouping.hu@daocloud.io>

Signed-off-by: cleverhu <shouping.hu@daocloud.io>
Co-authored-by: jannfis <jann@mistrust.net>
2022-09-26 08:56:05 +00:00
155 changed files with 3443 additions and 1594 deletions

View File

@@ -18,15 +18,18 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
check-go:
name: Ensure Go modules synchronicity
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Download all Go modules
@@ -42,13 +45,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Restore go build cache
uses: actions/cache@v1
uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # v3.2.5
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -59,17 +62,20 @@ jobs:
run: make build-local
lint-go:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
name: Lint Go code
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v3
uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1
with:
version: v1.45.2
args: --timeout 10m --exclude SA5011 --verbose
@@ -86,11 +92,11 @@ jobs:
- name: Create checkout directory
run: mkdir -p ~/go/src/github.com/argoproj
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Create symlink in GOPATH
run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Install required packages
@@ -110,13 +116,17 @@ jobs:
run: |
echo "/usr/local/bin" >> $GITHUB_PATH
- name: Restore go build cache
uses: actions/cache@v1
uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # v3.2.5
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
- name: Install all tools required for building & testing
run: |
make install-test-tools-local
# We install kustomize in the dist directory
- name: Add dist to PATH
run: |
echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
- name: Setup git username and email
run: |
git config --global user.name "John Doe"
@@ -127,12 +137,12 @@ jobs:
- name: Run all unit tests
run: make test-local
- name: Generate code coverage artifacts
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: code-coverage
path: coverage.out
- name: Generate test results artifacts
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: test-results
path: test-results/
@@ -149,11 +159,11 @@ jobs:
- name: Create checkout directory
run: mkdir -p ~/go/src/github.com/argoproj
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Create symlink in GOPATH
run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Install required packages
@@ -173,13 +183,17 @@ jobs:
run: |
echo "/usr/local/bin" >> $GITHUB_PATH
- name: Restore go build cache
uses: actions/cache@v1
uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # v3.2.5
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
- name: Install all tools required for building & testing
run: |
make install-test-tools-local
# We install kustomize in the dist directory
- name: Add dist to PATH
run: |
echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
- name: Setup git username and email
run: |
git config --global user.name "John Doe"
@@ -190,7 +204,7 @@ jobs:
- name: Run all unit tests
run: make test-race-local
- name: Generate test results artifacts
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: race-results
path: test-results/
@@ -200,9 +214,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Create symlink in GOPATH
@@ -226,6 +240,10 @@ jobs:
make install-codegen-tools-local
make install-go-tools-local
working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
# We install kustomize in the dist directory
- name: Add dist to PATH
run: |
echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
- name: Run codegen
run: |
set -x
@@ -244,14 +262,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Setup NodeJS
uses: actions/setup-node@v1
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '12.18.4'
- name: Restore node dependency cache
id: cache-dependencies
uses: actions/cache@v1
uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # v3.2.5
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -281,12 +299,12 @@ jobs:
sonar_secret: ${{ secrets.SONAR_TOKEN }}
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
fetch-depth: 0
- name: Restore node dependency cache
id: cache-dependencies
uses: actions/cache@v1
uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # v3.2.5
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -297,16 +315,16 @@ jobs:
run: |
mkdir -p test-results
- name: Get code coverage artifiact
uses: actions/download-artifact@v2
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: code-coverage
- name: Get test result artifact
uses: actions/download-artifact@v2
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: test-results
path: test-results
- name: Upload code coverage information to codecov.io
uses: codecov/codecov-action@v1
uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1
with:
file: coverage.out
- name: Perform static code analysis using SonarCloud
@@ -359,14 +377,22 @@ jobs:
GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: GH actions workaround - Kill XSP4 process
run: |
sudo pkill mono || true
# ubuntu-22.04 comes with kubectl, but the version is not pinned. The version as of 2022-12-05 is 1.26.0 which
# breaks the `TestNamespacedResourceDiffing` e2e test. So we'll pin to 1.25 and then fix the underlying issue.
- name: Install kubectl
run: |
rm /usr/local/bin/kubectl
curl -LO https://dl.k8s.io/release/v1.25.4/bin/linux/amd64/kubectl
mv kubectl /usr/local/bin/kubectl
chmod +x /usr/local/bin/kubectl
- name: Install K3S
env:
INSTALL_K3S_VERSION: ${{ matrix.k3s-version }}+k3s1
@@ -379,7 +405,7 @@ jobs:
sudo chown runner $HOME/.kube/config
kubectl version
- name: Restore go build cache
uses: actions/cache@v1
uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # v3.2.5
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -405,9 +431,9 @@ jobs:
git config --global user.email "john.doe@example.com"
- name: Pull Docker image required for tests
run: |
docker pull quay.io/dexidp/dex:v2.25.0
docker pull ghcr.io/dexidp/dex:v2.35.3
docker pull argoproj/argo-cd-ci-builder:v1.0.0
docker pull redis:7.0.4-alpine
docker pull redis:7.0.7-alpine
- name: Create target directory for binaries in the build-process
run: |
mkdir -p dist
@@ -435,7 +461,7 @@ jobs:
set -x
make test-e2e-local
- name: Upload e2e-server logs
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: e2e-server-k8s${{ matrix.k3s-version }}.log
path: /tmp/e2e-server.log

View File

@@ -13,8 +13,15 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
CodeQL-Build:
permissions:
actions: read # for github/codeql-action/init to get workflow details
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/autobuild to send a status report
if: github.repository == 'argoproj/argo-cd'
# CodeQL runs on ubuntu-latest and windows-latest
@@ -22,11 +29,11 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
# Override language selection by uncommenting this and choosing your languages
# with:
# languages: go, javascript, csharp, python, cpp, java
@@ -34,7 +41,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
@@ -48,4 +55,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33

View File

@@ -16,29 +16,34 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
publish:
permissions:
contents: write # for git to push upgrade commit if not already deployed
if: github.repository == 'argoproj/argo-cd'
runs-on: ubuntu-latest
env:
GOPATH: /home/runner/work/argo-cd/argo-cd
steps:
- uses: actions/setup-go@v1
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ${{ env.GOLANG_VERSION }}
- uses: actions/checkout@master
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
path: src/github.com/argoproj/argo-cd
# get image tag
- run: echo ::set-output name=tag::$(cat ./VERSION)-${GITHUB_SHA::8}
- run: echo "tag=$(cat ./VERSION)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT
working-directory: ./src/github.com/argoproj/argo-cd
id: image
# login
- run: |
docker login ghcr.io --username $USERNAME --password $PASSWORD
docker login quay.io --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
docker login ghcr.io --username $USERNAME --password-stdin <<< "$PASSWORD"
docker login quay.io --username "$DOCKER_USERNAME" --password-stdin <<< "$DOCKER_TOKEN"
if: github.event_name == 'push'
env:
USERNAME: ${{ secrets.USERNAME }}
@@ -47,11 +52,11 @@ jobs:
DOCKER_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
# build
- uses: docker/setup-qemu-action@v1
- uses: docker/setup-buildx-action@v1
- uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
- uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1
- name: Setup cache for argocd-ui docker layer
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-single-buildx-${{ github.sha }}
@@ -87,7 +92,7 @@ jobs:
IMAGE_PLATFORMS=linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
fi
echo "Building image for platforms: $IMAGE_PLATFORMS"
docker buildx build --platform $IMAGE_PLATFORMS --push="${{ github.event_name == 'push' }}" \
docker buildx build --platform $IMAGE_PLATFORMS --sbom=false --provenance=false --push="${{ github.event_name == 'push' }}" \
--cache-from "type=local,src=/tmp/.buildx-cache" \
-t ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }} \
-t quay.io/argoproj/argocd:latest .
@@ -110,6 +115,29 @@ jobs:
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
if: github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'test-arm-image')
# sign container images
- name: Install cosign
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
with:
cosign-release: 'v1.13.1'
- name: Install crane to get digest of image
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
- name: Get digest of image
run: |
echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:latest)" >> $GITHUB_ENV
- name: Sign Argo CD latest image
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argocd@${{ env.IMAGE_DIGEST }}
# Displays the public key to share.
cosign public-key --key env://COSIGN_PRIVATE_KEY
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ github.event_name == 'push' }}
# deploy
- run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments"
if: github.event_name == 'push'

View File

@@ -12,10 +12,15 @@ on:
- "!release-v0*"
env:
GOLANG_VERSION: '1.18'
GOLANG_VERSION: '1.18'
permissions:
contents: read
jobs:
prepare-release:
permissions:
contents: write # To push changes to release branch
name: Perform automatic release on trigger ${{ github.ref }}
if: github.repository == 'argoproj/argo-cd'
runs-on: ubuntu-latest
@@ -38,7 +43,7 @@ jobs:
GIT_EMAIL: argoproj@gmail.com
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
@@ -142,7 +147,7 @@ jobs:
echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV
- name: Setup Golang
uses: actions/setup-go@v2
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: ${{ env.GOLANG_VERSION }}
@@ -172,6 +177,10 @@ jobs:
run: |
set -ue
make install-codegen-tools-local
# We install kustomize in the dist directory
echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
make manifests-local VERSION=${TARGET_VERSION}
git diff
git commit manifests/ -m "Bump version to ${TARGET_VERSION}"
@@ -190,28 +199,51 @@ jobs:
QUAY_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
run: |
set -ue
docker login quay.io --username "${QUAY_USERNAME}" --password "${QUAY_TOKEN}"
docker login quay.io --username "${QUAY_USERNAME}" --password-stdin <<< "${QUAY_TOKEN}"
# Remove the following when Docker Hub is gone
docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
docker login --username "${DOCKER_USERNAME}" --password-stdin <<< "${DOCKER_TOKEN}"
if: ${{ env.DRY_RUN != 'true' }}
- uses: docker/setup-qemu-action@v1
- uses: docker/setup-buildx-action@v1
- uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
- uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1
- name: Build and push Docker image for release
run: |
set -ue
git clean -fd
mkdir -p dist/
docker buildx build --platform linux/amd64,linux/arm64,linux/s390x,linux/ppc64le --push -t ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION} -t argoproj/argocd:v${TARGET_VERSION} .
docker buildx build --platform linux/amd64,linux/arm64,linux/s390x,linux/ppc64le --sbom=false --provenance=false --push -t ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION} -t argoproj/argocd:v${TARGET_VERSION} .
make release-cli
make checksums
chmod +x ./dist/argocd-linux-amd64
./dist/argocd-linux-amd64 version --client
if: ${{ env.DRY_RUN != 'true' }}
- name: Install cosign
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
with:
cosign-release: 'v1.13.1'
- name: Install crane to get digest of image
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
- name: Get digest of image
run: |
echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:v${TARGET_VERSION})" >> $GITHUB_ENV
- name: Sign Argo CD container images and assets
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY ${IMAGE_NAMESPACE}/argocd@${{ env.IMAGE_DIGEST }}
cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argocd-${TARGET_VERSION}-checksums.txt > ./dist/argocd-${TARGET_VERSION}-checksums.sig
# Retrieves the public key to release as an asset
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argocd-cosign.pub
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ env.DRY_RUN != 'true' }}
- name: Read release notes file
id: release-notes
uses: juliangruber/read-file-action@v1
uses: juliangruber/read-file-action@02bbba9876a8f870efd4ad64e3b9088d3fb94d4b # v1.1.6
with:
path: ${{ env.RELEASE_NOTES }}
@@ -222,7 +254,7 @@ jobs:
git push origin ${RELEASE_TAG}
- name: Dry run GitHub release
uses: actions/create-release@v1
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
id: create_release
@@ -243,7 +275,7 @@ jobs:
SIGS_BOM_VERSION: v0.2.1
# comma delimited list of project relative folders to inspect for package
# managers (gomod, yarn, npm).
PROJECT_FOLDERS: ".,./ui"
PROJECT_FOLDERS: ".,./ui"
# full qualified name of the docker image to be inspected
DOCKER_IMAGE: ${{env.IMAGE_NAMESPACE}}/argocd:v${{env.TARGET_VERSION}}
run: |
@@ -265,8 +297,16 @@ jobs:
cd /tmp && tar -zcf sbom.tar.gz *.spdx
if: ${{ env.DRY_RUN != 'true' }}
- name: Sign sbom
run: |
cosign sign-blob --key env://COSIGN_PRIVATE_KEY /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ env.DRY_RUN != 'true' }}
- name: Create GitHub release
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
@@ -274,16 +314,17 @@ jobs:
tag_name: ${{ env.RELEASE_TAG }}
draft: ${{ env.DRAFT_RELEASE }}
prerelease: ${{ env.PRE_RELEASE }}
body: ${{ steps.release-notes.outputs.content }}
body: ${{ steps.release-notes.outputs.content }} # Pre-pended to the generated notes
files: |
dist/argocd-*
/tmp/sbom.tar.gz
/tmp/sbom.tar.gz.sig
if: ${{ env.DRY_RUN != 'true' }}
- name: Update homebrew formula
env:
HOMEBREW_TOKEN: ${{ secrets.RELEASE_HOMEBREW_TOKEN }}
uses: dawidd6/action-homebrew-bump-formula@v3
uses: dawidd6/action-homebrew-bump-formula@02e79d9da43d79efa846d73695b6052cbbdbf48a # v3.8.3
with:
token: ${{env.HOMEBREW_TOKEN}}
formula: argocd

View File

@@ -25,7 +25,7 @@ DOCKER_WORKDIR?=/go/src/github.com/argoproj/argo-cd
ARGOCD_PROCFILE?=Procfile
# Strict mode has been disabled in latest versions of mkdocs-material.
# Strict mode has been disabled in latest versions of mkdocs-material.
# Thus pointing to the older image of mkdocs-material matching the version used by argo-cd.
MKDOCS_DOCKER_IMAGE?=squidfunk/mkdocs-material:4.1.1
MKDOCS_RUN_ARGS?=
@@ -114,7 +114,7 @@ define run-in-test-client
bash -c "$(1)"
endef
#
#
define exec-in-test-server
docker exec -it -u $(shell id -u):$(shell id -g) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
endef
@@ -205,7 +205,7 @@ clientgen: ensure-gopath
.PHONY: clidocsgen
clidocsgen: ensure-gopath
go run tools/cmd-docs/main.go
go run tools/cmd-docs/main.go
.PHONY: codegen-local
@@ -568,4 +568,4 @@ applicationset-controller:
.PHONY: checksums
checksums:
for f in ./dist/$(BIN_NAME)-*; do openssl dgst -sha256 "$$f" | awk ' { print $$2 }' > "$$f".sha256 ; done
sha256sum ./dist/$(BIN_NAME)-* | awk -F './dist/' '{print $$1 $$2}' > ./dist/$(BIN_NAME)-$(TARGET_VERSION)-checksums.txt

View File

@@ -1 +1 @@
2.4.12
2.4.23

View File

@@ -0,0 +1,180 @@
package controllers
import (
"context"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
dynfake "k8s.io/client-go/dynamic/fake"
kubefake "k8s.io/client-go/kubernetes/fake"
"k8s.io/client-go/tools/record"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
"github.com/argoproj/argo-cd/v2/applicationset/generators"
argoappsetv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/applicationset/v1alpha1"
)
func TestRequeueAfter(t *testing.T) {
mockServer := argoCDServiceMock{}
ctx := context.Background()
scheme := runtime.NewScheme()
err := argoappsetv1alpha1.AddToScheme(scheme)
assert.Nil(t, err)
gvrToListKind := map[schema.GroupVersionResource]string{{
Group: "mallard.io",
Version: "v1",
Resource: "ducks",
}: "DuckList"}
appClientset := kubefake.NewSimpleClientset()
k8sClient := fake.NewClientBuilder().Build()
duckType := &unstructured.Unstructured{
Object: map[string]interface{}{
"apiVersion": "v2quack",
"kind": "Duck",
"metadata": map[string]interface{}{
"name": "mightyduck",
"namespace": "namespace",
"labels": map[string]interface{}{"duck": "all-species"},
},
"status": map[string]interface{}{
"decisions": []interface{}{
map[string]interface{}{
"clusterName": "staging-01",
},
map[string]interface{}{
"clusterName": "production-01",
},
},
},
},
}
fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, duckType)
terminalGenerators := map[string]generators.Generator{
"List": generators.NewListGenerator(),
"Clusters": generators.NewClusterGenerator(k8sClient, ctx, appClientset, "argocd"),
"Git": generators.NewGitGenerator(mockServer),
"SCMProvider": generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build()),
"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd"),
"PullRequest": generators.NewPullRequestGenerator(k8sClient),
}
nestedGenerators := map[string]generators.Generator{
"List": terminalGenerators["List"],
"Clusters": terminalGenerators["Clusters"],
"Git": terminalGenerators["Git"],
"SCMProvider": terminalGenerators["SCMProvider"],
"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
"PullRequest": terminalGenerators["PullRequest"],
"Matrix": generators.NewMatrixGenerator(terminalGenerators),
"Merge": generators.NewMergeGenerator(terminalGenerators),
}
topLevelGenerators := map[string]generators.Generator{
"List": terminalGenerators["List"],
"Clusters": terminalGenerators["Clusters"],
"Git": terminalGenerators["Git"],
"SCMProvider": terminalGenerators["SCMProvider"],
"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
"PullRequest": terminalGenerators["PullRequest"],
"Matrix": generators.NewMatrixGenerator(nestedGenerators),
"Merge": generators.NewMergeGenerator(nestedGenerators),
}
client := fake.NewClientBuilder().WithScheme(scheme).Build()
r := ApplicationSetReconciler{
Client: client,
Scheme: scheme,
Recorder: record.NewFakeRecorder(0),
Generators: topLevelGenerators,
}
type args struct {
appset *argoappsetv1alpha1.ApplicationSet
}
tests := []struct {
name string
args args
want time.Duration
wantErr assert.ErrorAssertionFunc
}{
{name: "Cluster", args: args{appset: &argoappsetv1alpha1.ApplicationSet{
Spec: argoappsetv1alpha1.ApplicationSetSpec{
Generators: []argoappsetv1alpha1.ApplicationSetGenerator{{Clusters: &argoappsetv1alpha1.ClusterGenerator{}}},
},
}}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
{name: "ClusterMergeNested", args: args{&argoappsetv1alpha1.ApplicationSet{
Spec: argoappsetv1alpha1.ApplicationSetSpec{
Generators: []argoappsetv1alpha1.ApplicationSetGenerator{
{Clusters: &argoappsetv1alpha1.ClusterGenerator{}},
{Merge: &argoappsetv1alpha1.MergeGenerator{
Generators: []argoappsetv1alpha1.ApplicationSetNestedGenerator{
{
Clusters: &argoappsetv1alpha1.ClusterGenerator{},
Git: &argoappsetv1alpha1.GitGenerator{},
},
},
}},
},
},
}}, want: generators.DefaultRequeueAfterSeconds, wantErr: assert.NoError},
{name: "ClusterMatrixNested", args: args{&argoappsetv1alpha1.ApplicationSet{
Spec: argoappsetv1alpha1.ApplicationSetSpec{
Generators: []argoappsetv1alpha1.ApplicationSetGenerator{
{Clusters: &argoappsetv1alpha1.ClusterGenerator{}},
{Matrix: &argoappsetv1alpha1.MatrixGenerator{
Generators: []argoappsetv1alpha1.ApplicationSetNestedGenerator{
{
Clusters: &argoappsetv1alpha1.ClusterGenerator{},
Git: &argoappsetv1alpha1.GitGenerator{},
},
},
}},
},
},
}}, want: generators.DefaultRequeueAfterSeconds, wantErr: assert.NoError},
{name: "ListGenerator", args: args{appset: &argoappsetv1alpha1.ApplicationSet{
Spec: argoappsetv1alpha1.ApplicationSetSpec{
Generators: []argoappsetv1alpha1.ApplicationSetGenerator{{List: &argoappsetv1alpha1.ListGenerator{}}},
},
}}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.Equalf(t, tt.want, r.getMinRequeueAfter(tt.args.appset), "getMinRequeueAfter(%v)", tt.args.appset)
})
}
}
type argoCDServiceMock struct {
mock *mock.Mock
}
func (a argoCDServiceMock) GetApps(ctx context.Context, repoURL string, revision string) ([]string, error) {
args := a.mock.Called(ctx, repoURL, revision)
return args.Get(0).([]string), args.Error(1)
}
func (a argoCDServiceMock) GetFiles(ctx context.Context, repoURL string, revision string, pattern string) (map[string][]byte, error) {
args := a.mock.Called(ctx, repoURL, revision, pattern)
return args.Get(0).(map[string][]byte), args.Error(1)
}
func (a argoCDServiceMock) GetFileContent(ctx context.Context, repoURL string, revision string, path string) ([]byte, error) {
args := a.mock.Called(ctx, repoURL, revision, path)
return args.Get(0).([]byte), args.Error(1)
}
func (a argoCDServiceMock) GetDirectories(ctx context.Context, repoURL string, revision string) ([]string, error) {
args := a.mock.Called(ctx, repoURL, revision)
return args.Get(0).([]string), args.Error(1)
}

View File

@@ -1,6 +1,6 @@
#namePrefix: kustomize-
resources:
- namespace-install.yaml
- https://github.com/argoproj/argo-workflows/releases/download/v3.4.0/namespace-install.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

View File

@@ -1,417 +0,0 @@
# This is an auto-generated file. DO NOT EDIT
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterworkflowtemplates.argoproj.io
spec:
group: argoproj.io
names:
kind: ClusterWorkflowTemplate
listKind: ClusterWorkflowTemplateList
plural: clusterworkflowtemplates
shortNames:
- clusterwftmpl
- cwft
singular: clusterworkflowtemplate
scope: Cluster
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: cronworkflows.argoproj.io
spec:
group: argoproj.io
names:
kind: CronWorkflow
listKind: CronWorkflowList
plural: cronworkflows
shortNames:
- cwf
- cronwf
singular: cronworkflow
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workfloweventbindings.argoproj.io
spec:
group: argoproj.io
names:
kind: WorkflowEventBinding
listKind: WorkflowEventBindingList
plural: workfloweventbindings
shortNames:
- wfeb
singular: workfloweventbinding
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workflows.argoproj.io
spec:
additionalPrinterColumns:
- JSONPath: .status.phase
description: Status of the workflow
name: Status
type: string
- JSONPath: .status.startedAt
description: When the workflow was started
format: date-time
name: Age
type: date
group: argoproj.io
names:
kind: Workflow
listKind: WorkflowList
plural: workflows
shortNames:
- wf
singular: workflow
scope: Namespaced
subresources: {}
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workflowtemplates.argoproj.io
spec:
group: argoproj.io
names:
kind: WorkflowTemplate
listKind: WorkflowTemplateList
plural: workflowtemplates
shortNames:
- wftmpl
singular: workflowtemplate
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo-server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-role
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- get
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- create
- apiGroups:
- argoproj.io
resources:
- workflowtemplates
- workflowtemplates/finalizers
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- argoproj.io
resources:
- cronworkflows
- cronworkflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- get
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-server-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
- apiGroups:
- ""
resources:
- pods
- pods/exec
- pods/log
verbs:
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- watch
- create
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- apiGroups:
- argoproj.io
resources:
- workflows
- workfloweventbindings
- workflowtemplates
- cronworkflows
- cronworkflows/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-role
subjects:
- kind: ServiceAccount
name: argo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-server-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-server-role
subjects:
- kind: ServiceAccount
name: argo-server
---
apiVersion: v1
kind: ConfigMap
metadata:
name: workflow-controller-configmap
---
apiVersion: v1
kind: Service
metadata:
name: argo-server
spec:
ports:
- name: web
port: 2746
targetPort: 2746
selector:
app: argo-server
---
apiVersion: v1
kind: Service
metadata:
name: workflow-controller-metrics
spec:
ports:
- name: metrics
port: 9090
protocol: TCP
targetPort: 9090
selector:
app: workflow-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: argo-server
spec:
selector:
matchLabels:
app: argo-server
template:
metadata:
labels:
app: argo-server
spec:
containers:
- args:
- server
- --namespaced
image: argoproj/argocli:v2.12.5
name: argo-server
ports:
- containerPort: 2746
name: web
readinessProbe:
httpGet:
path: /
port: 2746
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 20
volumeMounts:
- mountPath: /tmp
name: tmp
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: argo-server
volumes:
- emptyDir: {}
name: tmp
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: workflow-controller
spec:
selector:
matchLabels:
app: workflow-controller
template:
metadata:
labels:
app: workflow-controller
spec:
containers:
- args:
- --configmap
- workflow-controller-configmap
- --executor-image
- argoproj/argoexec:v2.12.5
- --namespaced
command:
- workflow-controller
image: argoproj/workflow-controller:v2.12.5
livenessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: 30
periodSeconds: 30
name: workflow-controller
ports:
- containerPort: 9090
name: metrics
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: argo

View File

@@ -11,4 +11,4 @@ version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: "1.0"
appVersion: "1.0"

View File

@@ -1,4 +1,4 @@
dependencies:
- name: kube-prometheus-stack
version: 9.4.10
version: 40.5.0
repository: https://prometheus-community.github.io/helm-charts

View File

@@ -1,6 +1,6 @@
#namePrefix: kustomize-
resources:
- namespace-install.yaml
- https://github.com/argoproj/argo-workflows/releases/download/v3.4.0/namespace-install.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

View File

@@ -1,417 +0,0 @@
# This is an auto-generated file. DO NOT EDIT
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterworkflowtemplates.argoproj.io
spec:
group: argoproj.io
names:
kind: ClusterWorkflowTemplate
listKind: ClusterWorkflowTemplateList
plural: clusterworkflowtemplates
shortNames:
- clusterwftmpl
- cwft
singular: clusterworkflowtemplate
scope: Cluster
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: cronworkflows.argoproj.io
spec:
group: argoproj.io
names:
kind: CronWorkflow
listKind: CronWorkflowList
plural: cronworkflows
shortNames:
- cwf
- cronwf
singular: cronworkflow
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workfloweventbindings.argoproj.io
spec:
group: argoproj.io
names:
kind: WorkflowEventBinding
listKind: WorkflowEventBindingList
plural: workfloweventbindings
shortNames:
- wfeb
singular: workfloweventbinding
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workflows.argoproj.io
spec:
additionalPrinterColumns:
- JSONPath: .status.phase
description: Status of the workflow
name: Status
type: string
- JSONPath: .status.startedAt
description: When the workflow was started
format: date-time
name: Age
type: date
group: argoproj.io
names:
kind: Workflow
listKind: WorkflowList
plural: workflows
shortNames:
- wf
singular: workflow
scope: Namespaced
subresources: {}
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workflowtemplates.argoproj.io
spec:
group: argoproj.io
names:
kind: WorkflowTemplate
listKind: WorkflowTemplateList
plural: workflowtemplates
shortNames:
- wftmpl
singular: workflowtemplate
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo-server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-role
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- get
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- create
- apiGroups:
- argoproj.io
resources:
- workflowtemplates
- workflowtemplates/finalizers
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- argoproj.io
resources:
- cronworkflows
- cronworkflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- get
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-server-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
- apiGroups:
- ""
resources:
- pods
- pods/exec
- pods/log
verbs:
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- watch
- create
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- apiGroups:
- argoproj.io
resources:
- workflows
- workfloweventbindings
- workflowtemplates
- cronworkflows
- cronworkflows/finalizers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-role
subjects:
- kind: ServiceAccount
name: argo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-server-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-server-role
subjects:
- kind: ServiceAccount
name: argo-server
---
apiVersion: v1
kind: ConfigMap
metadata:
name: workflow-controller-configmap
---
apiVersion: v1
kind: Service
metadata:
name: argo-server
spec:
ports:
- name: web
port: 2746
targetPort: 2746
selector:
app: argo-server
---
apiVersion: v1
kind: Service
metadata:
name: workflow-controller-metrics
spec:
ports:
- name: metrics
port: 9090
protocol: TCP
targetPort: 9090
selector:
app: workflow-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: argo-server
spec:
selector:
matchLabels:
app: argo-server
template:
metadata:
labels:
app: argo-server
spec:
containers:
- args:
- server
- --namespaced
image: argoproj/argocli:v2.12.5
name: argo-server
ports:
- containerPort: 2746
name: web
readinessProbe:
httpGet:
path: /
port: 2746
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 20
volumeMounts:
- mountPath: /tmp
name: tmp
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: argo-server
volumes:
- emptyDir: {}
name: tmp
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: workflow-controller
spec:
selector:
matchLabels:
app: workflow-controller
template:
metadata:
labels:
app: workflow-controller
spec:
containers:
- args:
- --configmap
- workflow-controller-configmap
- --executor-image
- argoproj/argoexec:v2.12.5
- --namespaced
command:
- workflow-controller
image: argoproj/workflow-controller:v2.12.5
livenessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: 30
periodSeconds: 30
name: workflow-controller
ports:
- containerPort: 9090
name: metrics
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
serviceAccountName: argo

View File

@@ -1 +1,14 @@
apiVersion: v2
name: helm-prometheus-operator
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: "1.0"

View File

@@ -1,4 +1,4 @@
dependencies:
- name: kube-prometheus-stack
version: 9.4.10
version: 40.5.0
repository: https://prometheus-community.github.io/helm-charts

View File

@@ -2,6 +2,7 @@ apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: cluster-addons
namespace: argocd
spec:
generators:
- git:
@@ -15,7 +16,7 @@ spec:
metadata:
name: '{{path.basename}}'
spec:
project: default
project: "my-project"
source:
repoURL: https://github.com/argoproj/argo-cd.git
targetRevision: HEAD
@@ -23,3 +24,6 @@ spec:
destination:
server: https://kubernetes.default.svc
namespace: '{{path.basename}}'
syncPolicy:
syncOptions:
- CreateNamespace=true

View File

@@ -2,6 +2,7 @@ apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: cluster-addons
namespace: argocd
spec:
generators:
- git:
@@ -13,7 +14,7 @@ spec:
metadata:
name: '{{path.basename}}'
spec:
project: default
project: "my-project"
source:
repoURL: https://github.com/argoproj/argo-cd.git
targetRevision: HEAD
@@ -21,3 +22,6 @@ spec:
destination:
server: https://kubernetes.default.svc
namespace: '{{path.basename}}'
syncPolicy:
syncOptions:
- CreateNamespace=true

View File

@@ -51,6 +51,8 @@ func NewClusterGenerator(c client.Client, ctx context.Context, clientset kuberne
return g
}
// GetRequeueAfter never requeue the cluster generator because the `clusterSecretEventHandler` will requeue the appsets
// when the cluster secrets change
func (g *ClusterGenerator) GetRequeueAfter(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) time.Duration {
return NoRequeueAfter
}

View File

@@ -67,28 +67,13 @@ func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App
}
func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]string, error) {
var matrix *argoprojiov1alpha1.MatrixGenerator
if appSetBaseGenerator.Matrix != nil {
// Since nested matrix generator is represented as a JSON object in the CRD, we unmarshall it back to a Go struct here.
nestedMatrix, err := argoprojiov1alpha1.ToNestedMatrixGenerator(appSetBaseGenerator.Matrix)
if err != nil {
return nil, fmt.Errorf("unable to unmarshall nested matrix generator: %v", err)
}
if nestedMatrix != nil {
matrix = nestedMatrix.ToMatrixGenerator()
}
matrixGen, err := getMatrixGenerator(appSetBaseGenerator)
if err != nil {
return nil, err
}
var mergeGenerator *argoprojiov1alpha1.MergeGenerator
if appSetBaseGenerator.Merge != nil {
// Since nested merge generator is represented as a JSON object in the CRD, we unmarshall it back to a Go struct here.
nestedMerge, err := argoprojiov1alpha1.ToNestedMergeGenerator(appSetBaseGenerator.Merge)
if err != nil {
return nil, fmt.Errorf("unable to unmarshall nested merge generator: %v", err)
}
if nestedMerge != nil {
mergeGenerator = nestedMerge.ToMergeGenerator()
}
mergeGen, err := getMergeGenerator(appSetBaseGenerator)
if err != nil {
return nil, err
}
t, err := Transform(
@@ -99,8 +84,8 @@ func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Appli
SCMProvider: appSetBaseGenerator.SCMProvider,
ClusterDecisionResource: appSetBaseGenerator.ClusterDecisionResource,
PullRequest: appSetBaseGenerator.PullRequest,
Matrix: matrix,
Merge: mergeGenerator,
Matrix: matrixGen,
Merge: mergeGen,
},
m.supportedGenerators,
argoprojiov1alpha1.ApplicationSetTemplate{},
@@ -128,10 +113,15 @@ func (m *MatrixGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Ap
var found bool
for _, r := range appSetGenerator.Matrix.Generators {
matrixGen, _ := getMatrixGenerator(r)
mergeGen, _ := getMergeGenerator(r)
base := &argoprojiov1alpha1.ApplicationSetGenerator{
List: r.List,
Clusters: r.Clusters,
Git: r.Git,
List: r.List,
Clusters: r.Clusters,
Git: r.Git,
PullRequest: r.PullRequest,
Matrix: matrixGen,
Merge: mergeGen,
}
generators := GetRelevantGenerators(base, m.supportedGenerators)
@@ -152,6 +142,17 @@ func (m *MatrixGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Ap
}
func getMatrixGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*argoprojiov1alpha1.MatrixGenerator, error) {
if r.Matrix == nil {
return nil, nil
}
matrix, err := argoprojiov1alpha1.ToNestedMatrixGenerator(r.Matrix)
if err != nil {
return nil, err
}
return matrix.ToMatrixGenerator(), nil
}
func (m *MatrixGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate {
return &appSetGenerator.Matrix.Template
}

View File

@@ -191,6 +191,8 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
Elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "Cluster","url": "Url"}`)}},
}
pullRequestGenerator := &argoprojiov1alpha1.PullRequestGenerator{}
testCases := []struct {
name string
baseGenerators []argoprojiov1alpha1.ApplicationSetNestedGenerator
@@ -223,6 +225,31 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
gitGetRequeueAfter: time.Duration(1),
expected: time.Duration(1),
},
{
name: "returns the minimal time for pull request",
baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
{
Git: gitGenerator,
},
{
PullRequest: pullRequestGenerator,
},
},
gitGetRequeueAfter: time.Duration(15 * time.Second),
expected: time.Duration(15 * time.Second),
},
{
name: "returns the default time if no requeueAfterSeconds is provided",
baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
{
Git: gitGenerator,
},
{
PullRequest: pullRequestGenerator,
},
},
expected: time.Duration(30 * time.Minute),
},
}
for _, testCase := range testCases {
@@ -233,16 +260,18 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
for _, g := range testCaseCopy.baseGenerators {
gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{
Git: g.Git,
List: g.List,
Git: g.Git,
List: g.List,
PullRequest: g.PullRequest,
}
mock.On("GetRequeueAfter", &gitGeneratorSpec).Return(testCaseCopy.gitGetRequeueAfter, nil)
}
var matrixGenerator = NewMatrixGenerator(
map[string]Generator{
"Git": mock,
"List": &ListGenerator{},
"Git": mock,
"List": &ListGenerator{},
"PullRequest": &PullRequestGenerator{},
},
)

View File

@@ -127,27 +127,13 @@ func getParamSetsByMergeKey(mergeKeys []string, paramSets []map[string]string) (
// getParams get the parameters generated by this generator.
func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]string, error) {
var matrix *argoprojiov1alpha1.MatrixGenerator
if appSetBaseGenerator.Matrix != nil {
nestedMatrix, err := argoprojiov1alpha1.ToNestedMatrixGenerator(appSetBaseGenerator.Matrix)
if err != nil {
return nil, err
}
if nestedMatrix != nil {
matrix = nestedMatrix.ToMatrixGenerator()
}
matrixGen, err := getMatrixGenerator(appSetBaseGenerator)
if err != nil {
return nil, err
}
var mergeGenerator *argoprojiov1alpha1.MergeGenerator
if appSetBaseGenerator.Merge != nil {
nestedMerge, err := argoprojiov1alpha1.ToNestedMergeGenerator(appSetBaseGenerator.Merge)
if err != nil {
return nil, err
}
if nestedMerge != nil {
mergeGenerator = nestedMerge.ToMergeGenerator()
}
mergeGen, err := getMergeGenerator(appSetBaseGenerator)
if err != nil {
return nil, err
}
t, err := Transform(
@@ -158,8 +144,8 @@ func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Applic
SCMProvider: appSetBaseGenerator.SCMProvider,
ClusterDecisionResource: appSetBaseGenerator.ClusterDecisionResource,
PullRequest: appSetBaseGenerator.PullRequest,
Matrix: matrix,
Merge: mergeGenerator,
Matrix: matrixGen,
Merge: mergeGen,
},
m.supportedGenerators,
argoprojiov1alpha1.ApplicationSetTemplate{},
@@ -185,10 +171,15 @@ func (m *MergeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.App
var found bool
for _, r := range appSetGenerator.Merge.Generators {
matrixGen, _ := getMatrixGenerator(r)
mergeGen, _ := getMergeGenerator(r)
base := &argoprojiov1alpha1.ApplicationSetGenerator{
List: r.List,
Clusters: r.Clusters,
Git: r.Git,
List: r.List,
Clusters: r.Clusters,
Git: r.Git,
PullRequest: r.PullRequest,
Matrix: matrixGen,
Merge: mergeGen,
}
generators := GetRelevantGenerators(base, m.supportedGenerators)
@@ -209,6 +200,17 @@ func (m *MergeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.App
}
func getMergeGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*argoprojiov1alpha1.MergeGenerator, error) {
if r.Merge == nil {
return nil, nil
}
merge, err := argoprojiov1alpha1.ToNestedMergeGenerator(r.Merge)
if err != nil {
return nil, err
}
return merge.ToMergeGenerator(), nil
}
// GetTemplate gets the Template field for the MergeGenerator.
func (m *MergeGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate {
return &appSetGenerator.Merge.Template

View File

@@ -101,6 +101,15 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
if scmError != nil {
return nil, fmt.Errorf("error initializing Bitbucket Server service: %v", scmError)
}
} else if providerConfig.Bitbucket != nil {
appPassword, err := g.getSecretRef(ctx, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace)
if err != nil {
return nil, fmt.Errorf("error fetching Bitbucket cloud appPassword: %v", err)
}
provider, err = scm_provider.NewBitBucketCloudProvider(ctx, providerConfig.Bitbucket.Owner, providerConfig.Bitbucket.User, appPassword, providerConfig.Bitbucket.AllBranches)
if err != nil {
return nil, fmt.Errorf("error initializing Bitbucket cloud service: %v", err)
}
} else {
return nil, fmt.Errorf("no SCM provider implementation configured")
}

View File

@@ -207,7 +207,7 @@ var validatorsByGroup = map[string]settingValidator{
}
ssoProvider = "Dex"
} else if general.OIDCConfigRAW != "" {
if _, err := settings.UnmarshalOIDCConfig(general.OIDCConfigRAW); err != nil {
if err := settings.ValidateOIDCConfig(general.OIDCConfigRAW); err != nil {
return "", fmt.Errorf("invalid oidc.config: %v", err)
}
ssoProvider = "OIDC"

View File

@@ -25,8 +25,6 @@ type PluginConfigSpec struct {
Init Command `json:"init,omitempty"`
Generate Command `json:"generate"`
Discover Discover `json:"discover"`
AllowConcurrency bool `json:"allowConcurrency"`
LockRepo bool `json:"lockRepo"`
}
//Discover holds find and fileName

View File

@@ -11,5 +11,3 @@ spec:
discover:
find:
glob: "**/*/main.jsonnet"
allowConcurrency: false
lockRepo: false

View File

@@ -12,5 +12,3 @@ spec:
find:
command: [sh, -c, find . -name kustomization.yaml]
glob: "**/*/kustomization.yaml"
allowConcurrency: true
lockRepo: false

View File

@@ -12,5 +12,3 @@ spec:
find:
command: [sh, -c, find . -name kustomization.yaml]
glob: "**/*/kustomization.yaml"
allowConcurrency: true
lockRepo: false

View File

@@ -1,12 +1,15 @@
package common
import (
"errors"
"os"
"path/filepath"
"strconv"
"time"
"github.com/sirupsen/logrus"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
// Default service addresses and URLS of Argo CD internal services
@@ -293,3 +296,10 @@ const (
// Keep alive is 2x enforcement minimum to ensure network jitter does not introduce ENHANCE_YOUR_CALM errors
GRPCKeepAliveTime = 2 * GRPCKeepAliveEnforcementMinimum
)
// Common error messages
const TokenVerificationError = "failed to verify the token"
var TokenVerificationErr = errors.New(TokenVerificationError)
var PermissionDeniedAPIError = status.Error(codes.PermissionDenied, "permission denied")

View File

@@ -494,7 +494,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
}
gvk := obj.GroupVersionKind()
isSelfReferencedObj := m.isSelfReferencedObj(liveObj, appLabelKey, trackingMethod)
isSelfReferencedObj := m.isSelfReferencedObj(liveObj, targetObj, app.GetName(), appLabelKey, trackingMethod)
resState := v1alpha1.ResourceStatus{
Namespace: obj.GetNamespace(),
@@ -674,12 +674,13 @@ func NewAppStateManager(
}
// isSelfReferencedObj returns whether the given obj is managed by the application
// according to the values in the tracking annotation. It returns true when all
// of the properties in the annotation (name, namespace, group and kind) match
// the properties of the inspected object, or if the tracking method used does
// not provide the required properties for matching.
func (m *appStateManager) isSelfReferencedObj(obj *unstructured.Unstructured, appLabelKey string, trackingMethod v1alpha1.TrackingMethod) bool {
if obj == nil {
// according to the values of the tracking id (aka app instance value) annotation.
// It returns true when all of the properties of the tracking id (app name, namespace,
// group and kind) match the properties of the live object, or if the tracking method
// used does not provide the required properties for matching.
// Reference: https://github.com/argoproj/argo-cd/issues/8683
func (m *appStateManager) isSelfReferencedObj(live, config *unstructured.Unstructured, appName, appLabelKey string, trackingMethod v1alpha1.TrackingMethod) bool {
if live == nil {
return true
}
@@ -689,17 +690,42 @@ func (m *appStateManager) isSelfReferencedObj(obj *unstructured.Unstructured, ap
return true
}
// In order for us to assume obj to be managed by this application, the
// values from the annotation have to match the properties from the live
// object. Cluster scoped objects carry the app's destination namespace
// in the tracking annotation, but are unique in GVK + name combination.
appInstance := m.resourceTracking.GetAppInstance(obj, appLabelKey, trackingMethod)
if appInstance != nil {
return (obj.GetNamespace() == appInstance.Namespace || obj.GetNamespace() == "") &&
obj.GetName() == appInstance.Name &&
obj.GetObjectKind().GroupVersionKind().Group == appInstance.Group &&
obj.GetObjectKind().GroupVersionKind().Kind == appInstance.Kind
// config != nil is the best-case scenario for constructing an accurate
// Tracking ID. `config` is the "desired state" (from git/helm/etc.).
// Using the desired state is important when there is an ApiGroup upgrade.
// When upgrading, the comparison must be made with the new tracking ID.
// Example:
// live resource annotation will be:
// ingress-app:extensions/Ingress:default/some-ingress
// when it should be:
// ingress-app:networking.k8s.io/Ingress:default/some-ingress
// More details in: https://github.com/argoproj/argo-cd/pull/11012
var aiv argo.AppInstanceValue
if config != nil {
aiv = argo.UnstructuredToAppInstanceValue(config, appName, "")
return isSelfReferencedObj(live, aiv)
}
// If config is nil then compare the live resource with the value
// of the annotation. In this case, in order to validate if obj is
// managed by this application, the values from the annotation have
// to match the properties from the live object. Cluster scoped objects
// carry the app's destination namespace in the tracking annotation,
// but are unique in GVK + name combination.
appInstance := m.resourceTracking.GetAppInstance(live, appLabelKey, trackingMethod)
if appInstance != nil {
return isSelfReferencedObj(live, *appInstance)
}
return true
}
// isSelfReferencedObj returns true if the given Tracking ID (`aiv`) matches
// the given object. It returns false when the ID doesn't match. This sometimes
// happens when a tracking label or annotation gets accidentally copied to a
// different resource.
func isSelfReferencedObj(obj *unstructured.Unstructured, aiv argo.AppInstanceValue) bool {
return (obj.GetNamespace() == aiv.Namespace || obj.GetNamespace() == "") &&
obj.GetName() == aiv.Name &&
obj.GetObjectKind().GroupVersionKind().Group == aiv.Group &&
obj.GetObjectKind().GroupVersionKind().Kind == aiv.Kind
}

View File

@@ -14,6 +14,7 @@ import (
"github.com/stretchr/testify/assert"
v1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
networkingv1 "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
@@ -852,6 +853,19 @@ func TestIsLiveResourceManaged(t *testing.T) {
},
},
})
managedWrongAPIGroup := kube.MustToUnstructured(&networkingv1.Ingress{
TypeMeta: metav1.TypeMeta{
APIVersion: "networking.k8s.io/v1",
Kind: "Ingress",
},
ObjectMeta: metav1.ObjectMeta{
Name: "some-ingress",
Namespace: "default",
Annotations: map[string]string{
common.AnnotationKeyAppInstance: "guestbook:extensions/Ingress:default/some-ingress",
},
},
})
ctrl := newFakeController(&fakeData{
apps: []runtime.Object{app, &defaultProj},
manifestResponse: &apiclient.ManifestResponse{
@@ -870,30 +884,69 @@ func TestIsLiveResourceManaged(t *testing.T) {
})
manager := ctrl.appStateManager.(*appStateManager)
appName := "guestbook"
// Managed resource w/ annotations
assert.True(t, manager.isSelfReferencedObj(managedObj, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.True(t, manager.isSelfReferencedObj(managedObj, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
t.Run("will return true if trackingid matches the resource", func(t *testing.T) {
// given
t.Parallel()
configObj := managedObj.DeepCopy()
// Managed resource w/ label
assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
// then
assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
})
t.Run("will return true if tracked with label", func(t *testing.T) {
// given
t.Parallel()
configObj := managedObjWithLabel.DeepCopy()
// Wrong resource name
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
// then
assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
})
t.Run("will handle if trackingId has wrong resource name and config is nil", func(t *testing.T) {
// given
t.Parallel()
// Wrong resource group
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
// then
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
})
t.Run("will handle if trackingId has wrong resource group and config is nil", func(t *testing.T) {
// given
t.Parallel()
// Wrong resource kind
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
// then
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
})
t.Run("will handle if trackingId has wrong kind and config is nil", func(t *testing.T) {
// given
t.Parallel()
// Wrong resource namespace
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel))
// then
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
})
t.Run("will handle if trackingId has wrong namespace and config is nil", func(t *testing.T) {
// given
t.Parallel()
// Nil resource
assert.True(t, manager.isSelfReferencedObj(nil, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
// then
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel))
})
t.Run("will return true if live is nil", func(t *testing.T) {
t.Parallel()
assert.True(t, manager.isSelfReferencedObj(nil, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
})
t.Run("will handle upgrade in desired state APIGroup", func(t *testing.T) {
// given
t.Parallel()
config := managedWrongAPIGroup.DeepCopy()
delete(config.GetAnnotations(), common.AnnotationKeyAppInstance)
// then
assert.True(t, manager.isSelfReferencedObj(managedWrongAPIGroup, config, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
})
}

View File

@@ -236,7 +236,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
sync.WithResourcesFilter(func(key kube.ResourceKey, target *unstructured.Unstructured, live *unstructured.Unstructured) bool {
return (len(syncOp.Resources) == 0 ||
argo.ContainsSyncResource(key.Name, key.Namespace, schema.GroupVersionKind{Kind: key.Kind, Group: key.Group}, syncOp.Resources)) &&
m.isSelfReferencedObj(live, appLabelKey, trackingMethod)
m.isSelfReferencedObj(live, target, app.GetName(), appLabelKey, trackingMethod)
}),
sync.WithManifestValidation(!syncOp.SyncOptions.HasOption(common.SyncOptionsDisableValidation)),
sync.WithNamespaceCreation(syncOp.SyncOptions.HasOption("CreateNamespace=true"), func(un *unstructured.Unstructured) bool {

View File

@@ -63,7 +63,7 @@ or a randomly generated password stored in a secret (Argo CD 1.9 and later).
## How to disable admin user?
Add `admin.enabled: "false"` to the `argocd-cm` ConfigMap (
see [user management](operator-manual/user-management/index.md)).
see [user management](./operator-manual/user-management/index.md)).
## Argo CD cannot deploy Helm Chart based applications without internet access, how can I solve it?
@@ -122,9 +122,9 @@ To terminate the sync, click on the "synchronisation" then "terminate":
![Synchronization](assets/synchronization-button.png) ![Terminate](assets/terminate-button.png)
## Why Is My App Out Of Sync Even After Syncing?
## Why Is My App `Out Of Sync` Even After Syncing?
Is some cases, the tool you use may conflict with Argo CD by adding the `app.kubernetes.io/instance` label. E.g. using
In some cases, the tool you use may conflict with Argo CD by adding the `app.kubernetes.io/instance` label. E.g. using
Kustomize common labels feature.
Argo CD automatically sets the `app.kubernetes.io/instance` label and uses it to determine which resources form the app.
@@ -151,7 +151,7 @@ E.g.
To fix this use diffing
customizations [settings](./user-guide/diffing.md#known-kubernetes-types-in-crds-resource-limits-volume-mounts-etc).
## How Do I Fix "invalid cookie, longer than max length 4093"?
## How Do I Fix `invalid cookie, longer than max length 4093`?
Argo CD uses a JWT as the auth token. You likely are part of many groups and have gone over the 4KB limit which is set
for cookies. You can get the list of groups by opening "developer tools -> network"
@@ -189,7 +189,7 @@ argocd ... --insecure
## I have configured Dex via `dex.config` in `argocd-cm`, it still says Dex is unconfigured. Why?
Most likely you forgot to set the `url` in `argocd-cm` to point to your ArgoCD as well. See also
[the docs](/operator-manual/user-management/#2-configure-argo-cd-for-sso).
[the docs](./operator-manual/user-management/index.md#2-configure-argo-cd-for-sso).
## Why are `SealedSecret` resources reporting a `Status`?
@@ -218,4 +218,38 @@ resource.customizations.health.bitnami.com_SealedSecret: |
hs.status = "Healthy"
hs.message = "Controller doesn't report resource status"
return hs
```
```
## How do I fix `The order in patch list … doesn't match $setElementOrder list: …`?
An application may trigger a sync error labeled a `ComparisonError` with a message like:
> The order in patch list: [map[name:**KEY_BC** value:150] map[name:**KEY_BC** value:500] map[name:**KEY_BD** value:250] map[name:**KEY_BD** value:500] map[name:KEY_BI value:something]] doesn't match $setElementOrder list: [map[name:KEY_AA] map[name:KEY_AB] map[name:KEY_AC] map[name:KEY_AD] map[name:KEY_AE] map[name:KEY_AF] map[name:KEY_AG] map[name:KEY_AH] map[name:KEY_AI] map[name:KEY_AJ] map[name:KEY_AK] map[name:KEY_AL] map[name:KEY_AM] map[name:KEY_AN] map[name:KEY_AO] map[name:KEY_AP] map[name:KEY_AQ] map[name:KEY_AR] map[name:KEY_AS] map[name:KEY_AT] map[name:KEY_AU] map[name:KEY_AV] map[name:KEY_AW] map[name:KEY_AX] map[name:KEY_AY] map[name:KEY_AZ] map[name:KEY_BA] map[name:KEY_BB] map[name:**KEY_BC**] map[name:**KEY_BD**] map[name:KEY_BE] map[name:KEY_BF] map[name:KEY_BG] map[name:KEY_BH] map[name:KEY_BI] map[name:**KEY_BC**] map[name:**KEY_BD**]]
There are two parts to the message:
1. `The order in patch list: [`
This identifies values for items, especially items that appear multiple times:
> map[name:**KEY_BC** value:150] map[name:**KEY_BC** value:500] map[name:**KEY_BD** value:250] map[name:**KEY_BD** value:500] map[name:KEY_BI value:something]
You'll want to identify the keys that are duplicated -- you can focus on the first part, as each duplicated key will appear, once for each of its value with its value in the first list. The second list is really just
`]`
2. `doesn't match $setElementOrder list: [`
This includes all of the keys. It's included for debugging purposes -- you don't need to pay much attention to it. It will give you a hint about the precise location in the list for the duplicated keys:
> map[name:KEY_AA] map[name:KEY_AB] map[name:KEY_AC] map[name:KEY_AD] map[name:KEY_AE] map[name:KEY_AF] map[name:KEY_AG] map[name:KEY_AH] map[name:KEY_AI] map[name:KEY_AJ] map[name:KEY_AK] map[name:KEY_AL] map[name:KEY_AM] map[name:KEY_AN] map[name:KEY_AO] map[name:KEY_AP] map[name:KEY_AQ] map[name:KEY_AR] map[name:KEY_AS] map[name:KEY_AT] map[name:KEY_AU] map[name:KEY_AV] map[name:KEY_AW] map[name:KEY_AX] map[name:KEY_AY] map[name:KEY_AZ] map[name:KEY_BA] map[name:KEY_BB] map[name:**KEY_BC**] map[name:**KEY_BD**] map[name:KEY_BE] map[name:KEY_BF] map[name:KEY_BG] map[name:KEY_BH] map[name:KEY_BI] map[name:**KEY_BC**] map[name:**KEY_BD**]
`]`
In this case, the duplicated keys have been **emphasized** to help you identify the problematic keys. Many editors have the ability to highlight all instances of a string, using such an editor can help with such problems.
The most common instance of this error is with `env:` fields for `containers`.
!!! note "Dynamic applications"
It's possible that your application is being generated by a tool in which case the duplication might not be evident within the scope of a single file. If you have trouble debugging this problem, consider filing a ticket to the owner of the generator tool asking them to improve its validation and error reporting.

View File

@@ -45,6 +45,9 @@ spec:
valueFiles:
- values-prod.yaml
# Ignore locally missing valueFiles when installing Helm chart. Defaults to false
ignoreMissingValueFiles: false
# Values file as block file
values: |
ingress:
@@ -61,6 +64,9 @@ spec:
hosts:
- mydomain.example.com
# Skip custom resource definition installation if chart contains custom resource definitions. Defaults to false
skipCrds: false
# Optional Helm version to template with. If omitted it will fall back to look at the 'apiVersion' in Chart.yaml
# and decide which Helm binary to use automatically. This field can be either 'v2' or 'v3'.
version: v2
@@ -99,10 +105,12 @@ spec:
value: bar
# Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during
# manifest generation. This takes precedence over the `include` field.
exclude: string
# To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}'
exclude: 'config.yaml'
# Include contains a glob pattern to match paths against that should be explicitly included during manifest
# generation. If this field is set, only matching manifests will be included.
include: string
# To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}'
include: '*.yaml'
# plugin specific config
plugin:
@@ -117,7 +125,10 @@ spec:
# Destination cluster and namespace to deploy the application
destination:
# cluster API URL
server: https://kubernetes.default.svc
# or cluster name
# name: in-cluster
# The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
namespace: guestbook

View File

@@ -45,7 +45,7 @@ spec:
- path: applicationset/examples/git-generator-directory/cluster-addons/*
template:
metadata:
name: '{{path[0]}}'
name: '{{path.basename}}'
spec:
project: "my-project"
source:
@@ -55,6 +55,9 @@ spec:
destination:
server: https://kubernetes.default.svc
namespace: '{{path.basename}}'
syncPolicy:
syncOptions:
- CreateNamespace=true
```
(*The full example can be found [here](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/git-generator-directory).*)

View File

@@ -10,6 +10,8 @@ metadata:
spec:
generators:
- pullRequest:
# When using a Pull Request generator, the ApplicationSet controller polls every `requeueAfterSeconds` interval (defaulting to every 30 minutes) to detect changes.
requeueAfterSeconds: 1800
# See below for provider specific options.
github:
# ...
@@ -47,7 +49,7 @@ spec:
# Labels is used to filter the PRs that you want to target. (optional)
labels:
- preview
requeueAfterSeconds: 1800
requeueAfterSeconds: 1800
template:
# ...
```
@@ -56,7 +58,7 @@ spec:
* `repo`: Required name of the GitHub repository.
* `api`: If using GitHub Enterprise, the URL to access it. (Optional)
* `tokenRef`: A `Secret` name and key containing the GitHub access token to use for requests. If not specified, will make anonymous requests which have a lower rate limit and can only see public repositories. (Optional)
* `labels`: Labels is used to filter the PRs that you want to target. (Optional)
* `labels`: Filter the PRs to those containing **all** of the labels listed. (Optional)
## Gitea
@@ -83,7 +85,7 @@ spec:
key: token
# many gitea deployments use TLS, but many are self-hosted and self-signed certificates
insecure: true
requeueAfterSeconds: 1800
requeueAfterSeconds: 1800
template:
# ...
```
@@ -139,7 +141,7 @@ If you want to access a private repository, you must also provide the credential
## Filters
Filters allow selecting which pull requests to generate for. Each filter can declare one or more conditions, all of which must pass. If multiple filters are present, any can match for a repository to be included. If no filters are specified, all pull requests will be processed.
Currently, only a subset of filters is available when comparing with SCM provider filters.
Currently, only a subset of filters is available when comparing with [SCM provider](Generators-SCM-Provider.md) filters.
```yaml
apiVersion: argoproj.io/v1alpha1
@@ -148,7 +150,7 @@ metadata:
name: myapps
spec:
generators:
- scmProvider:
- pullRequest:
# ...
# Include any pull request ending with "argocd". (optional)
filters:
@@ -159,6 +161,7 @@ spec:
* `branchMatch`: A regexp matched against source branch names.
[GitHub](#github) and [GitLab](#gitlab) also support a `labels` filter.
## Template

View File

@@ -27,7 +27,7 @@ spec:
## GitHub
The GitHub mode uses the GitHub API to scan and organization in either github.com or GitHub Enterprise.
The GitHub mode uses the GitHub API to scan an organization in either github.com or GitHub Enterprise.
```yaml
apiVersion: argoproj.io/v1alpha1
@@ -178,6 +178,42 @@ If you want to access a private repository, you must also provide the credential
Available clone protocols are `ssh` and `https`.
## Bitbucket Cloud
The Bitbucket mode uses the Bitbucket API V2 to scan a workspace in bitbucket.org.
```yaml
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: myapps
spec:
generators:
- scmProvider:
bitbucket:
# The workspace id (slug).
owner: "example-owner"
# The user to use for basic authentication with an app password.
user: "example-user"
# If true, scan every branch of every repository. If false, scan only the main branch. Defaults to false.
allBranches: true
# Reference to a Secret containing an app password.
appPasswordRef:
secretName: appPassword
key: password
template:
# ...
```
* `owner`: The workspace ID (slug) to use when looking up repositories.
* `user`: The user to use for authentication to the Bitbucket API V2 at bitbucket.org.
* `allBranches`: By default (false) the template will only be evaluated for the main branch of each repo. If this is true, every branch of every repository will be passed to the filters. If using this flag, you likely want to use a `branchMatch` filter.
* `appPasswordRef`: A `Secret` name and key containing the bitbucket app password to use for requests.
This SCM provider does not yet support label filtering
Available clone protocols are `ssh` and `https`.
## Filters
Filters allow selecting which repositories to generate for. Each filter can declare one or more conditions, all of which must pass. If multiple filters are present, any can match for a repository to be included. If no filters are specified, all repositories will be processed.

View File

@@ -47,7 +47,7 @@ data:
help.download.windows-amd64: "path-or-url-to-download"
# A dex connector configuration (optional). See SSO configuration documentation:
# https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/sso
# https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/user-management/index.md#sso
# https://dexidp.io/docs/connectors/
dex.config: |
connectors:

View File

@@ -51,7 +51,7 @@ following example builds an entirely customized repo-server from a Dockerfile, i
dependencies that may be needed for generating manifests.
```Dockerfile
FROM argoproj/argocd:latest
FROM argoproj/argocd:v2.5.4 # Replace tag with the appropriate argo version
# Switch to root for the ability to perform install
USER root

View File

@@ -77,7 +77,7 @@ spec:
```
!!! warning
By default, deleting an application will not perform a cascade delete, which would delete its resources. You must add the finalizer if you want this behaviour - which you may well not want.
Without the `resources-finalizer.argocd.argoproj.io` finalizer, deleting an application will not delete the resources it manages. To perform a cascading delete, you must add the finalizer. See [App Deletion](../user-guide/app_deletion.md#about-the-deletion-finalizer).
```yaml
metadata:

View File

@@ -5,7 +5,7 @@ Argo CD provides built-in health assessment for several standard Kubernetes type
surfaced to the overall Application health status as a whole. The following checks are made for
specific types of kubernetes resources:
### Deployment, ReplicaSet, StatefulSet DaemonSet
### Deployment, ReplicaSet, StatefulSet, DaemonSet
* Observed generation is equal to desired generation.
* Number of **updated** replicas equals the number of desired replicas.

View File

@@ -61,7 +61,7 @@ number of allowed concurrent kubectl fork/execs.
* The controller uses Kubernetes watch APIs to maintain lightweight Kubernetes cluster cache. This allows to avoid querying Kubernetes during app reconciliation and significantly improve
performance. For performance reasons controller monitors and caches only preferred the version of a resource. During reconciliation, the controller might have to convert cached resource from
preferred version into a version of the resource stored in Git. If `kubectl convert` fails because conversion is not supported then controller falls back to Kubernetes API query which slows down
reconciliation. In this case advice user-preferred resource version in Git.
reconciliation. In this case, we advise you to use the preferred resource version in Git.
* The controller polls Git every 3m by default. You can increase this duration using `timeout.reconciliation` setting in the `argocd-cm` ConfigMap. The value of `timeout.reconciliation` is a duration string e.g `60s`, `1m`, `1h` or `1d`.
@@ -126,20 +126,17 @@ If the manifest generation has no side effects then requests are processed in pa
### Webhook and Manifest Paths Annotation
Argo CD aggressively caches generated manifests and uses repository commit SHA as a cache key. A new commit to the Git repository invalidates cache for all applications configured in the repository
that again negatively affect mono repositories with multiple applications. You might use [webhooks](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/webhook.md) and `argocd.argoproj.io/manifest-generate-paths` Application
CRD annotation to solve this problem and improve performance.
Argo CD aggressively caches generated manifests and uses the repository commit SHA as a cache key. A new commit to the Git repository invalidates the cache for all applications configured in the repository.
This can negatively affect repositories with multiple applications. You can use [webhooks](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/webhook.md) and the `argocd.argoproj.io/manifest-generate-paths` Application CRD annotation to solve this problem and improve performance.
The `argocd.argoproj.io/manifest-generate-paths` contains a semicolon-separated list of paths within the Git repository that are used during manifest generation. The webhook compares paths specified in the annotation
with the changed files specified in the webhook payload. If non of the changed files are located in the paths then webhook don't trigger application reconciliation and re-uses previously generated manifests cache for a new commit.
The `argocd.argoproj.io/manifest-generate-paths` annotation contains a semicolon-separated list of paths within the Git repository that are used during manifest generation. The webhook compares paths specified in the annotation with the changed files specified in the webhook payload. If no modified files match the paths specified in `argocd.argoproj.io/manifest-generate-paths`, then the webhook will not trigger application reconciliation and the existing cache will be considered valid for the new commit.
Installations that use a different repo for each app are **not** subject to this behavior and will likely get no benefit from using these annotations.
Installations that use a different repository for each application are **not** subject to this behavior and will likely get no benefit from using these annotations.
!!! note
Application manifest paths annotation support depends on the git provider used for the Application. It is currently only supported for GitHub, GitLab, and Gogs based repos
I'm using `.Second()` modifier to avoid distracting users who already rely on `--app-resync` flag.
Application manifest paths annotation support depends on the git provider used for the Application. It is currently only supported for GitHub, GitLab, and Gogs based repos.
* **Relative path** The annotation might contains relative path. In this case the path is considered relative to the path specified in the application source:
* **Relative path** The annotation might contain a relative path. In this case the path is considered relative to the path specified in the application source:
```yaml
apiVersion: argoproj.io/v1alpha1
@@ -157,7 +154,8 @@ spec:
path: guestbook
# ...
```
* **Absolute path** The annotation value might be an absolute path started from '/'. In this case path is considered as an absolute path within the Git repository:
* **Absolute path** The annotation value might be an absolute path starting with '/'. In this case path is considered as an absolute path within the Git repository:
```yaml
apiVersion: argoproj.io/v1alpha1

View File

@@ -9,7 +9,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin
|--------|:----:|-------------|
| `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in ArgoCD. |
| `argocd_app_k8s_request_total` | counter | Number of kubernetes requests executed during application reconciliation |
| `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section bellow about how to enable it. |
| `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. |
| `argocd_app_reconcile` | histogram | Application reconciliation performance. |
| `argocd_app_sync_total` | counter | Counter for application sync history |
| `argocd_cluster_api_resource_objects` | gauge | Number of k8s resource objects in the cache. |
@@ -41,7 +41,7 @@ Some examples are:
As the Application labels are specific to each company, this feature is disabled by default. To enable it, add the
`--metrics-application-labels` flag to the ArgoCD application controller.
The example bellow will expose the ArgoCD Application labels `team-name` and `business-unit` to Prometheus:
The example below will expose the ArgoCD Application labels `team-name` and `business-unit` to Prometheus:
containers:
- command:

View File

@@ -15,9 +15,11 @@ spec:
- '*'
# Only permit applications to deploy to the guestbook namespace in the same cluster
# Destination clusters can be identified by 'server', 'name', or both.
destinations:
- namespace: guestbook
server: https://kubernetes.default.svc
name: in-cluster
# Deny all cluster-scoped resources from being created, except for Namespace
clusterResourceWhitelist:
@@ -64,3 +66,23 @@ spec:
# anywhere by Argo CD. It can be prematurely revoked by removing the entry from this list.
jwtTokens:
- iat: 1535390316
# Sync windows restrict when Applications may be synced. https://argo-cd.readthedocs.io/en/stable/user-guide/sync_windows/
syncWindows:
- kind: allow
schedule: '10 1 * * *'
duration: 1h
applications:
- '*-prod'
manualSync: true
- kind: deny
schedule: '0 22 * * *'
duration: 1h
namespaces:
- default
- kind: allow
schedule: '0 23 * * *'
duration: 1h
clusters:
- in-cluster
- cluster1

View File

@@ -45,7 +45,7 @@ subresources of an application.
#### The `action` action
The `action` action corresponds to either built-in resource customizations defined
[in the Argo CD repository](https://github.com/argoproj/argo-cd/search?q=filename%3Aaction.lua+path%3Aresource_customizations),
[in the Argo CD repository](https://github.com/argoproj/argo-cd/tree/master/resource_customizations),
or to [custom resource actions](resource_actions.md#custom-resource-actions) defined by you.
The `action` path is of the form `action/<api-group>/<Kind>/<action-name>`. For
example, a resource customization path
@@ -68,6 +68,10 @@ configures a custom role, named `org-admin`. The role is assigned to any user wh
`your-github-org:your-team` group. All other users get the default policy of `role:readonly`,
which cannot modify Argo CD settings.
!!! warning
All authenticated users get _at least_ the permissions granted by the default policy. This access cannot be blocked
by a `deny` rule. Instead, restrict the default policy and then grant permissions to individual roles as needed.
*ArgoCD ConfigMap `argocd-rbac-cm` Example:*
```yaml

View File

@@ -9,9 +9,8 @@ Operators can add actions to custom resources in form of a Lua script and expand
Argo CD supports custom resource actions written in [Lua](https://www.lua.org/). This is useful if you:
* Have a custom resource for which Argo CD does not provide any built-in actions.
* Have a commonly performed manual task that might be error prone if executed by users via `kubectl`
* Have a custom resource for which Argo CD does not provide any built-in actions.
* Have a commonly performed manual task that might be error prone if executed by users via `kubectl`
You can define your own custom resource actions in the `argocd-cm` ConfigMap.

View File

@@ -1,6 +1,11 @@
# Secret Management
Argo CD is un-opinionated about how secrets are managed. There's many ways to do it and there's no one-size-fits-all solution. Here's some ways people are doing GitOps secrets:
Argo CD is un-opinionated about how secrets are managed. There are many ways to do it, and there's no one-size-fits-all solution.
Many solutions use plugins to inject secrets into the application manifests. See [Mitigating Risks of Secret-Injection Plugins](#mitigating-risks-of-secret-injection-plugins)
below to make sure you use those plugins securely.
Here are some ways people are doing GitOps secrets:
* [Bitnami Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets)
* [GoDaddy Kubernetes External Secrets](https://github.com/godaddy/kubernetes-external-secrets)
@@ -15,3 +20,17 @@ Argo CD is un-opinionated about how secrets are managed. There's many ways to do
* [argocd-vault-replacer](https://github.com/crumbhole/argocd-vault-replacer)
For discussion, see [#1364](https://github.com/argoproj/argo-cd/issues/1364)
## Mitigating Risks of Secret-Injection Plugins
Argo CD caches the manifests generated by plugins, along with the injected secrets, in its Redis instance. Those
manifests are also available via the repo-server API (a gRPC service). This means that the secrets are available to
anyone who has access to the Redis instance or to the repo-server.
Consider these steps to mitigate the risks of secret-injection plugins:
1. Set up network policies to prevent direct access to Argo CD components (Redis and the repo-server). Make sure your
cluster supports those network policies and can actually enforce them.
2. Consider running Argo CD on its own cluster, with no other applications running on it.
3. [Enable password authentication on the Redis instance](https://github.com/argoproj/argo-cd/issues/3130) (currently
only supported for non-HA Argo CD installations).

View File

@@ -1,4 +1,4 @@
# v1.8 to v2.0
# v1.8 to 2.0
## Redis Upgraded to v6.2.1

View File

@@ -301,6 +301,19 @@ data:
issuer: https://dev-123456.oktapreview.com
clientID: aaaabbbbccccddddeee
clientSecret: $oidc.okta.clientSecret
# Optional list of allowed aud claims. If omitted or empty, defaults to the clientID value above (and the
# cliCientID, if that is also specified). If you specify a list and want the clientID to be allowed, you must
# explicitly include it in the list.
# Token verification will pass if any of the token's audiences matches any of the audiences in this list.
allowedAudiences:
- aaaabbbbccccddddeee
- qqqqwwwweeeerrrrttt
# Optional. If false, tokens without an audience will always fail validation. If true, tokens without an audience
# will always pass validation.
# Defaults to true for Argo CD < 2.6.0. Defaults to false for Argo CD >= 2.6.0.
skipAudienceCheckWhenTokenHasNoAudience: true
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
requestedScopes: ["openid", "profile", "email", "groups"]

View File

@@ -168,7 +168,6 @@ spec:
check:
- command: [-f ./main.ts]
glob: "main.ts"
allowConcurrency: true # enables generating multiple manifests in parallel.
```
#### Config Management Plugin API Server (cmp-server)
@@ -320,6 +319,5 @@ spec:
check:
- command: [-f ./main.ts]
glob: "main.ts"
allowConcurrency: true # enables generating multiple manifests in parallel.
```
2. Something magically patches the relevant manifest to add the sidecar.

View File

@@ -12,5 +12,6 @@ Before effectively using Argo CD, it is necessary to understand the underlying t
* Depending on how you plan to template your applications:
* [Kustomize](https://kustomize.io)
* [Helm](https://helm.sh)
* If you're integrating with Jenkins:
* [Jenkins User Guide](https://jenkins.io)
* If you're integrating with a CI tool:
* [GitHub Actions Documentation](https://docs.github.com/en/actions)
* [Jenkins User Guide](https://jenkins.io](https://www.jenkins.io/doc/book/)

View File

@@ -81,7 +81,7 @@ data:
- '.webhooks[]?.clientConfig.caBundle'
```
Resource customization can also be configured to ignore all differences made by a managedField.manager at the system level. The example bellow shows how to configure Argo CD to ignore changes made by `kube-controller-manager` in `Deployment` resources.
Resource customization can also be configured to ignore all differences made by a managedField.manager at the system level. The example below shows how to configure Argo CD to ignore changes made by `kube-controller-manager` in `Deployment` resources.
```yaml
data:
@@ -90,7 +90,7 @@ data:
- kube-controller-manager
```
It is possible to configure ignoreDifferences to be applied to all resources in every Application managed by an Argo CD instance. In order to do so, resource customizations can be configured like in the example bellow:
It is possible to configure ignoreDifferences to be applied to all resources in every Application managed by an Argo CD instance. In order to do so, resource customizations can be configured like in the example below:
```yaml
data:

View File

@@ -0,0 +1,132 @@
# Directory
A directory-type application loads plain manifest files from `.yml`, `.yaml`, and `.json` files. A directory-type
application may be created from the UI, CLI, or declaratively. This is the declarative syntax:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
spec:
destination:
namespace: default
server: https://kubernetes.default.svc
project: default
source:
path: guestbook
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
```
It's unnecessary to explicitly add the `spec.source.directory` field except to add additional configuration options.
Argo CD will automatically detect that the source repository/path contains plain manifest files.
## Enabling Recursive Resource Detection
By default, directory applications will only include the files from the root of the configured repository/path.
To enable recursive resource detection, set the `recurse` option.
```bash
argocd app set guestbook --directory-recurse
```
To do the same thing declaratively, use this syntax:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
source:
directory:
recurse: true
```
!!! warning
Directory-type applications only work for plain manifest files. If Argo CD encounters Kustomize, Helm, or Jsonnet files when directory: is set, it will fail to render the manifests.
## Including/Excluding Files
### Including Only Certain Files
To include only certain files/directories in a directory application, set the `include` option. The value is a glob
pattern.
For example, if you want to include only `.yaml` files, you can use this pattern:
```shell
argocd app set guestbook --directory-include "*.yaml"
```
!!! note
It is important to quote `*.yaml` so that the shell does not expand the pattern before sending it to Argo CD.
It is also possible to include multiple patterns. Wrap the patterns with `{}` and separate them with commas. To include
`.yml` and `.yaml` files, use this pattern:
```shell
argocd app set guestbook --directory-include "{*.yml,*.yaml}"
```
To include only a certain directory, use a pattern like this:
```shell
argocd app set guestbook --directory-include "some-directory/*"
```
To accomplish the same thing declaratively, use this syntax:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
source:
directory:
include: 'some-directory/*'
```
### Excluding Certain Files
It is possible to exclude files matching a pattern from directory applications. For example, in a repository containing
some manifests and also a non-manifest YAML file, you could exclude the config file like this:
```shell
argocd app set guestbook --directory-exclude "config.yaml"
```
It is possible to exclude more than one pattern. For example, a config file and an irrelevant directory:
```shell
argocd app set guestbook --directory-exclude "{config.yaml,env-use2/*}"
```
If both `include` and `exclude` are specified, then the Application will include all files which match the `include`
pattern and do not match the `exclude` pattern. For example, consider this source repository:
```
config.json
deployment.yaml
env-use2/
configmap.yaml
env-usw2/
configmap.yaml
```
To exclude `config.json` and the `env-usw2` directory, you could use this combination of patterns:
```shell
argocd app set guestbook --directory-include "*.yaml" --directory-exclude "{config.json,env-usw2/*}"
```
This would be the declarative syntax:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
source:
directory:
exclude: '{config.json,env-usw2/*}'
include: '*.yaml'
```

View File

@@ -283,7 +283,7 @@ Helm, [starting with v3.6.1](https://github.com/helm/helm/releases/tag/v3.6.1),
prevents sending repository credentials to download charts that are being served
from a different domain than the repository.
If needed, it is possible to specifically set the Helm version to template with by setting the `helm-pass-credentials` flag on the cli:
If needed, it is possible to opt into passing credentials for all domains by setting the `helm-pass-credentials` flag on the cli:
```bash
argocd app set helm-guestbook --helm-pass-credentials

View File

@@ -69,7 +69,7 @@ spec:
source:
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
path: guestbook-kustomize
path: kustomize-guestbook
kustomize:
version: v3.5.4
@@ -84,7 +84,7 @@ argocd app set <appName> --kustomize-version v3.5.4
## Build Environment
Kustomize does not support parameters and therefore cannot support the standard [build environment](build-environment.md).
Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config managment plugin](config-management-plugins.md) to alter the rendered manifests.
## Kustomizing Helm charts

View File

@@ -1,6 +1,6 @@
# Sync Options
ArgoCD allows users to customize some aspects of how it syncs the desired state in the target cluster. Some Sync Options can defined as annotations in a specific resource. Most of the Sync Options are configured in the Application resource `spec.syncPolicy.syncOptions` attribute.
Argo CD allows users to customize some aspects of how it syncs the desired state in the target cluster. Some Sync Options can defined as annotations in a specific resource. Most of the Sync Options are configured in the Application resource `spec.syncPolicy.syncOptions` attribute. Multiple Sync Options which are configured with the `argocd.argoproj.io/sync-options` annotation can be concatenated with a `,` in the annotation value; white spaces will be trimmed.
Below you can find details about each available Sync Option:
@@ -40,8 +40,8 @@ metadata:
argocd.argoproj.io/sync-options: Validate=false
```
If you want to exclude a whole class of objects globally, consider setting `resource.customizations` in [system level configuration](../user-guide/diffing.md#system-level-configuration).
If you want to exclude a whole class of objects globally, consider setting `resource.customizations` in [system level configuration](../user-guide/diffing.md#system-level-configuration).
## Skip Dry Run for new custom resources types
>v1.6
@@ -64,9 +64,9 @@ The dry run will still be executed if the CRD is already present in the cluster.
## Selective Sync
Currently when syncing using auto sync ArgoCD applies every object in the application.
Currently when syncing using auto sync Argo CD applies every object in the application.
For applications containing thousands of objects this takes quite a long time and puts undue pressure on the api server.
Turning on selective sync option which will sync only out-of-sync resources.
Turning on selective sync option which will sync only out-of-sync resources.
You can add this option by following ways
@@ -81,7 +81,7 @@ spec:
syncPolicy:
syncOptions:
- ApplyOutOfSyncOnly=true
```
```
2) Set sync option via argocd cli
@@ -108,8 +108,8 @@ spec:
## Prune Last
This feature is to allow the ability for resource pruning to happen as a final, implicit wave of a sync operation,
after the other resources have been deployed and become healthy, and after all other waves completed successfully.
This feature is to allow the ability for resource pruning to happen as a final, implicit wave of a sync operation,
after the other resources have been deployed and become healthy, and after all other waves completed successfully.
```yaml
apiVersion: argoproj.io/v1alpha1
@@ -146,6 +146,10 @@ spec:
If the `Replace=true` sync option is set the ArgoCD will use `kubectl replace` or `kubectl create` command to apply changes.
!!! warning
During the sync process, the resources will be synchronized using the 'kubectl replace/create' command.
This sync option has the potential to be destructive and might lead to resources having to be recreated, which could cause an outage for your application.
This can also be configured at individual resource level.
```yaml
metadata:
@@ -168,7 +172,7 @@ spec:
## Respect ignore difference configs
This sync option is used to enable ArgoCD to consider the configurations made in the `spec.ignoreDifferences` attribute also during the sync stage. By default, ArgoCD uses the `ignoreDifferences` config just for computing the diff between the live and desired state which defines if the application is synced or not. However during the sync stage, the desired state is applied as-is. The patch is calculated using a 3-way-merge between the live state the desired state and the `last-applied-configuration` annotation. This sometimes leads to an undesired results. This behavior can be changed by setting the `RespectIgnoreDifferences=true` sync option like in the example bellow:
This sync option is used to enable Argo CD to consider the configurations made in the `spec.ignoreDifferences` attribute also during the sync stage. By default, Argo CD uses the `ignoreDifferences` config just for computing the diff between the live and desired state which defines if the application is synced or not. However during the sync stage, the desired state is applied as-is. The patch is calculated using a 3-way-merge between the live state the desired state and the `last-applied-configuration` annotation. This sometimes leads to an undesired results. This behavior can be changed by setting the `RespectIgnoreDifferences=true` sync option like in the example below:
```yaml
apiVersion: argoproj.io/v1alpha1
@@ -194,10 +198,16 @@ The example above shows how an ArgoCD Application can be configured so it will i
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
namespace: test
namespace: argocd
spec:
destination:
server: https://kubernetes.default.svc
namespace: some-namespace
syncPolicy:
syncOptions:
- CreateNamespace=true
```
The example above shows how an Argo CD Application can be configured so it will create namespaces for the Application resources if the namespaces don't exist already. Without this either declared in the Application manifest or passed in the cli via `--sync-option CreateNamespace=true`, the Application will fail to sync if the resources' namespaces do not exist.
The example above shows how an Argo CD Application can be configured so it will create the namespace specified in `spec.destination.namespace` if it doesn't exist already. Without this either declared in the Application manifest or passed in the CLI via `--sync-option CreateNamespace=true`, the Application will fail to sync if the namespace doesn't exist.
Note that the namespace to be created must be informed in the `spec.destination.namespace` field of the Application resource. The `metadata.namespace` field in the Application's child manifests must match this value, or can be omitted, so resources are created in the proper destination.

View File

@@ -20,6 +20,8 @@ For Helm, all versions are [Semantic Versions](https://semver.org/). As a result
| Track minor releases (e.g. in QA) | Use a range | `1.*` or `>=1.0.0 <2.0.0` |
| Use the latest (e.g. in local development) | Use star range | `*` or `>=0.0.0` |
**Note for OCI Helm repositories**: the only available strategy is "Pin to a version".
[Read about version ranges](https://www.telerik.com/blogs/the-mystical-magical-semver-ranges-used-by-npm-bower)
## Git

9
go.mod
View File

@@ -61,7 +61,7 @@ require (
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/pkg/errors v0.9.1
github.com/pquerna/cachecontrol v0.1.0 // indirect
github.com/prometheus/client_golang v1.11.0
github.com/prometheus/client_golang v1.11.1
github.com/r3labs/diff v1.1.0
github.com/robfig/cron v1.2.0
github.com/rs/cors v1.8.0 // indirect
@@ -214,7 +214,7 @@ require (
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/square/go-jose.v2 v2.6.0
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
k8s.io/apiserver v0.23.1
@@ -249,6 +249,8 @@ require (
)
replace (
// Address CVE-2021-4238
github.com/Masterminds/goutils => github.com/Masterminds/goutils v1.1.1
// https://github.com/golang/go/issues/33546#issuecomment-519656923
github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127
@@ -257,6 +259,9 @@ replace (
github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0
github.com/improbable-eng/grpc-web => github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a
// Avoid CVE-2022-3064
gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.2.4
// Avoid CVE-2022-28948
gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1

17
go.sum
View File

@@ -87,8 +87,8 @@ github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd h1:sjQovDkwrZp8u+gxLtPgKGjk5hCxuy2hrRejBTA9xFU=
github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg=
github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
@@ -954,8 +954,9 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ=
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
github.com/prometheus/client_golang v1.11.1 h1:+4eQaD7vAZ6DsfsxB15hbE0odUjGI5ARs9yskGu1v4s=
github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -1804,16 +1805,8 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=

95
hack/generate-release-notes.sh Executable file
View File

@@ -0,0 +1,95 @@
#!/usr/bin/env bash
if [ "$1" == "" ] || [ "$2" == "" ] || [ "$3" == "" ]; then
cat <<-EOM
USAGE:
generate-release-notes.sh NEW_REF OLD_REF NEW_VERSION
EXAMPLES:
# For releasing a new minor version:
generate-release-notes.sh release-2.5 release-2.4 v2.5.0-rc1 > /tmp/release.md
# For a patch release:
generate-release-notes.sh release-2.4 v2.4.13 v2.4.14 > /tmp/release.md
EOM
exit 1
fi
function to_list_items() {
sed 's/^/- /'
}
function strip_last_word() {
sed 's/ [^ ]*$//'
}
function nonempty_line_count() {
sed '/^\s*$/d' | wc -l | tr -d ' \n'
}
function only_last_word() {
awk 'NF>1{print $NF}'
}
new_ref=$1
old_ref=$2
version=$3
cat <<-EOM
## Quick Start
### Non-HA:
\`\`\`shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/$version/manifests/install.yaml
\`\`\`
### HA:
\`\`\`shell
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/$version/manifests/ha/install.yaml
\`\`\`
## Upgrading
If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.
EOM
# Adapted from https://stackoverflow.com/a/67029088/684776
less_log=$(git log --pretty="format:%s %ae" --cherry-pick --left-only --no-merges "$new_ref...$old_ref")
more_log=$(git log --pretty="format:%s %ae" "$new_ref..$old_ref")
new_commits=$(diff --new-line-format="" --unchanged-line-format="" <(echo "$less_log") <(echo "$more_log") | grep -v "Merge pull request from GHSA")
new_commits_no_email=$(echo "$new_commits" | strip_last_word)
contributors_num=$(echo "$new_commits" | only_last_word | sort -u | nonempty_line_count)
new_commits_num=$(echo "$new_commits" | nonempty_line_count)
features_num=$(echo "$new_commits_no_email" | grep '^feat' | nonempty_line_count)
fixes_num=$(echo "$new_commits_no_email" | grep '^fix' | nonempty_line_count)
previous_contributors=$(git log --pretty="format:%an %ae" "$old_ref" | sort -uf)
all_contributors=$(git log --pretty="format:%an %ae" "$new_ref" | sort -uf)
new_contributors=$(diff --new-line-format="" --unchanged-line-format="" <(echo "$all_contributors") <(echo "$previous_contributors"))
new_contributors_num=$(echo "$new_contributors" | only_last_word | nonempty_line_count) # Count contributors by email
new_contributors_names=$(echo "$new_contributors" | strip_last_word | to_list_items)
new_contributors_message=""
if [ "$new_contributors_num" -gt 0 ]; then
new_contributors_message=" ($new_contributors_num of them new)"
fi
echo "## Changes"
echo
echo "This release includes $new_commits_num contributions from $contributors_num contributors$new_contributors_message with $features_num features and $fixes_num bug fixes."
echo
if [ "$new_contributors_num" -lt 20 ] && [ "$new_contributors_num" -gt 0 ]; then
echo "A special thanks goes to the $new_contributors_num new contributors:"
echo "$new_contributors_names"
echo
fi

View File

@@ -30,6 +30,7 @@ cleanup() {
if test "${NEW_TAG}" = "" -o "${GIT_REMOTE}" = ""; then
echo "!! Usage: $0 <release tag> <remote> [path to release notes file]" >&2
echo "You can use generate-release-notes.sh to generate the release notes file." >&2
exit 1
fi

View File

@@ -35,7 +35,7 @@ spec:
runAsNonRoot: true
containers:
- name: dex
image: ghcr.io/dexidp/dex:v2.32.0
image: ghcr.io/dexidp/dex:v2.35.3
imagePullPolicy: Always
command: [/shared/argocd-dex, rundex]
securityContext:

View File

@@ -5,7 +5,7 @@ kind: Kustomization
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: v2.4.12
newTag: v2.4.23
resources:
- ./application-controller
- ./dex

View File

@@ -21,7 +21,7 @@ spec:
serviceAccountName: argocd-redis
containers:
- name: redis
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: Always
args:
- "--save"

View File

@@ -336,8 +336,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@@ -682,8 +682,7 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management plugin
specific options
description: Plugin holds config management plugin specific options
properties:
env:
description: Env is a list of environment variable entries
@@ -1038,8 +1037,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@@ -1410,8 +1409,8 @@ spec:
from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin
specific options
properties:
env:
description: Env is a list of environment variable
@@ -1754,8 +1753,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
@@ -2088,8 +2087,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
@@ -9385,7 +9384,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -9465,7 +9464,7 @@ spec:
- ""
- --appendonly
- "no"
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: Always
name: redis
ports:
@@ -9615,7 +9614,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -9664,7 +9663,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -9851,7 +9850,7 @@ spec:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
httpGet:

View File

@@ -12,4 +12,4 @@ resources:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: v2.4.12
newTag: v2.4.23

View File

@@ -335,8 +335,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@@ -681,8 +681,7 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management plugin
specific options
description: Plugin holds config management plugin specific options
properties:
env:
description: Env is a list of environment variable entries
@@ -1037,8 +1036,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@@ -1409,8 +1408,8 @@ spec:
from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin
specific options
properties:
env:
description: Env is a list of environment variable
@@ -1753,8 +1752,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
@@ -2087,8 +2086,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable

View File

@@ -11,7 +11,7 @@ patchesStrategicMerge:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: v2.4.12
newTag: v2.4.23
resources:
- ../../base/application-controller
- ../../base/applicationset-controller

View File

@@ -878,7 +878,7 @@ spec:
automountServiceAccountToken: false
initContainers:
- name: config-init
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: IfNotPresent
resources:
{}
@@ -906,7 +906,7 @@ spec:
containers:
- name: redis
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: IfNotPresent
command:
- redis-server
@@ -947,7 +947,7 @@ spec:
lifecycle:
{}
- name: sentinel
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: IfNotPresent
command:
- redis-sentinel

View File

@@ -15,6 +15,6 @@ redis-ha:
client: 6m
checkInterval: 3s
image:
tag: 7.0.4-alpine
tag: 7.0.7-alpine
sentinel:
bind: "0.0.0.0"

View File

@@ -336,8 +336,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@@ -682,8 +682,7 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management plugin
specific options
description: Plugin holds config management plugin specific options
properties:
env:
description: Env is a list of environment variable entries
@@ -1038,8 +1037,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@@ -1410,8 +1409,8 @@ spec:
from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin
specific options
properties:
env:
description: Env is a list of environment variable
@@ -1754,8 +1753,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
@@ -2088,8 +2087,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
@@ -10320,7 +10319,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -10392,7 +10391,7 @@ spec:
- command:
- /shared/argocd-dex
- rundex
image: ghcr.io/dexidp/dex:v2.32.0
image: ghcr.io/dexidp/dex:v2.35.3
imagePullPolicy: Always
name: dex
ports:
@@ -10417,7 +10416,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -10457,7 +10456,7 @@ spec:
containers:
- command:
- argocd-notifications
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -10714,7 +10713,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -10763,7 +10762,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -11010,7 +11009,7 @@ spec:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -11218,7 +11217,7 @@ spec:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -11299,7 +11298,7 @@ spec:
- /data/conf/redis.conf
command:
- redis-server
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
@@ -11337,7 +11336,7 @@ spec:
- /data/conf/sentinel.conf
command:
- redis-sentinel
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
@@ -11383,7 +11382,7 @@ spec:
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
- name: SENTINEL_ID_2
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: IfNotPresent
name: config-init
volumeMounts:

View File

@@ -1244,7 +1244,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -1316,7 +1316,7 @@ spec:
- command:
- /shared/argocd-dex
- rundex
image: ghcr.io/dexidp/dex:v2.32.0
image: ghcr.io/dexidp/dex:v2.35.3
imagePullPolicy: Always
name: dex
ports:
@@ -1341,7 +1341,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -1381,7 +1381,7 @@ spec:
containers:
- command:
- argocd-notifications
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -1638,7 +1638,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -1687,7 +1687,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -1934,7 +1934,7 @@ spec:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -2142,7 +2142,7 @@ spec:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -2223,7 +2223,7 @@ spec:
- /data/conf/redis.conf
command:
- redis-server
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
@@ -2261,7 +2261,7 @@ spec:
- /data/conf/sentinel.conf
command:
- redis-sentinel
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
@@ -2307,7 +2307,7 @@ spec:
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
- name: SENTINEL_ID_2
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: IfNotPresent
name: config-init
volumeMounts:

View File

@@ -336,8 +336,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@@ -682,8 +682,7 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management plugin
specific options
description: Plugin holds config management plugin specific options
properties:
env:
description: Env is a list of environment variable entries
@@ -1038,8 +1037,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable entries
@@ -1410,8 +1409,8 @@ spec:
from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin
specific options
properties:
env:
description: Env is a list of environment variable
@@ -1754,8 +1753,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
@@ -2088,8 +2087,8 @@ spec:
and is only valid for applications sourced from Git.
type: string
plugin:
description: ConfigManagementPlugin holds config management
plugin specific options
description: Plugin holds config management plugin specific
options
properties:
env:
description: Env is a list of environment variable
@@ -9692,7 +9691,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -9764,7 +9763,7 @@ spec:
- command:
- /shared/argocd-dex
- rundex
image: ghcr.io/dexidp/dex:v2.32.0
image: ghcr.io/dexidp/dex:v2.35.3
imagePullPolicy: Always
name: dex
ports:
@@ -9789,7 +9788,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -9829,7 +9828,7 @@ spec:
containers:
- command:
- argocd-notifications
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -9904,7 +9903,7 @@ spec:
- ""
- --appendonly
- "no"
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: Always
name: redis
ports:
@@ -10054,7 +10053,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -10103,7 +10102,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -10346,7 +10345,7 @@ spec:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -10548,7 +10547,7 @@ spec:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
httpGet:

View File

@@ -616,7 +616,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -688,7 +688,7 @@ spec:
- command:
- /shared/argocd-dex
- rundex
image: ghcr.io/dexidp/dex:v2.32.0
image: ghcr.io/dexidp/dex:v2.35.3
imagePullPolicy: Always
name: dex
ports:
@@ -713,7 +713,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -753,7 +753,7 @@ spec:
containers:
- command:
- argocd-notifications
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -828,7 +828,7 @@ spec:
- ""
- --appendonly
- "no"
image: redis:7.0.4-alpine
image: redis:7.0.7-alpine
imagePullPolicy: Always
name: redis
ports:
@@ -978,7 +978,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -1027,7 +1027,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -1270,7 +1270,7 @@ spec:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -1472,7 +1472,7 @@ spec:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.4.12
image: quay.io/argoproj/argocd:v2.4.23
imagePullPolicy: Always
livenessProbe:
httpGet:

View File

@@ -119,6 +119,7 @@ nav:
- user-guide/kustomize.md
- user-guide/helm.md
- user-guide/jsonnet.md
- user-guide/directory.md
- user-guide/config-management-plugins.md
- user-guide/tool_detection.md
- user-guide/projects.md

View File

@@ -155,6 +155,10 @@ func (p *AppProject) ValidateProject() error {
destKeys := make(map[string]bool)
for _, dest := range p.Spec.Destinations {
key := fmt.Sprintf("%s/%s", dest.Server, dest.Namespace)
if dest.Server == "" && dest.Name != "" {
// destination cluster set using name instead of server endpoint
key = fmt.Sprintf("%s/%s", dest.Name, dest.Namespace)
}
if _, ok := destKeys[key]; ok {
return status.Errorf(codes.InvalidArgument, "destination '%s' already added", key)
}

View File

@@ -163,7 +163,7 @@ message ApplicationSource {
// Directory holds path/directory specific options
optional ApplicationSourceDirectory directory = 10;
// ConfigManagementPlugin holds config management plugin specific options
// Plugin holds config management plugin specific options
optional ApplicationSourcePlugin plugin = 11;
// Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.

View File

@@ -638,7 +638,7 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSource(ref common.Reference
},
"plugin": {
SchemaProps: spec.SchemaProps{
Description: "ConfigManagementPlugin holds config management plugin specific options",
Description: "Plugin holds config management plugin specific options",
Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSourcePlugin"),
},
},

View File

@@ -166,7 +166,7 @@ type ApplicationSource struct {
Kustomize *ApplicationSourceKustomize `json:"kustomize,omitempty" protobuf:"bytes,8,opt,name=kustomize"`
// Directory holds path/directory specific options
Directory *ApplicationSourceDirectory `json:"directory,omitempty" protobuf:"bytes,10,opt,name=directory"`
// ConfigManagementPlugin holds config management plugin specific options
// Plugin holds config management plugin specific options
Plugin *ApplicationSourcePlugin `json:"plugin,omitempty" protobuf:"bytes,11,opt,name=plugin"`
// Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.
Chart string `json:"chart,omitempty" protobuf:"bytes,12,opt,name=chart"`

View File

@@ -260,11 +260,75 @@ func TestAppProject_RemoveGroupFromRole(t *testing.T) {
func newTestProject() *AppProject {
p := AppProject{
ObjectMeta: metav1.ObjectMeta{Name: "my-proj"},
Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "my-role"}}},
Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "my-role"}}, Destinations: []ApplicationDestination{{}}},
}
return &p
}
// TestAppProject_ValidateDestinations tests for an invalid destination
func TestAppProject_ValidateDestinations(t *testing.T) {
p := newTestProject()
err := p.ValidateProject()
assert.NoError(t, err)
goodNamespaces := []string{
"*",
"some-namespace",
}
for _, goodNamespace := range goodNamespaces {
p.Spec.Destinations[0].Namespace = goodNamespace
err = p.ValidateProject()
assert.NoError(t, err)
}
goodServers := []string{
"*",
"some-server",
}
for _, badName := range goodServers {
p.Spec.Destinations[0].Server = badName
err = p.ValidateProject()
assert.NoError(t, err)
}
goodNames := []string{
"*",
"some-name",
}
for _, goodName := range goodNames {
p.Spec.Destinations[0].Name = goodName
err = p.ValidateProject()
assert.NoError(t, err)
}
validDestination := ApplicationDestination{
Server: "some-server",
Namespace: "some-namespace",
}
p.Spec.Destinations[0] = validDestination
err = p.ValidateProject()
assert.NoError(t, err)
//no duplicates allowed
p.Spec.Destinations = []ApplicationDestination{validDestination, validDestination}
err = p.ValidateProject()
assert.Error(t, err)
cluster1Destination := ApplicationDestination{
Name: "cluster1",
Namespace: "some-namespace",
}
cluster2Destination := ApplicationDestination{
Name: "cluster2",
Namespace: "some-namespace",
}
// allow multiple destinations with blank server, same namespace but unique cluster name
p.Spec.Destinations = []ApplicationDestination{cluster1Destination, cluster2Destination}
err = p.ValidateProject()
assert.NoError(t, err)
}
// TestValidateRoleName tests for an invalid role name
func TestAppProject_ValidateRoleName(t *testing.T) {
p := newTestProject()

View File

@@ -697,6 +697,32 @@ func runHelmBuild(appPath string, h helm.Helm) error {
return ioutil.WriteFile(markerFile, []byte("marker"), 0644)
}
func populateRequestRepos(appPath string, q *apiclient.ManifestRequest) error {
repos, err := getHelmDependencyRepos(appPath)
if err != nil {
return err
}
for _, r := range repos {
if !repoExists(r.Repo, q.Repos) {
repositoryCredential := getRepoCredential(q.HelmRepoCreds, r.Repo)
if repositoryCredential != nil {
if repositoryCredential.EnableOCI {
r.Repo = strings.TrimPrefix(r.Repo, ociPrefix)
}
r.EnableOCI = repositoryCredential.EnableOCI
r.Password = repositoryCredential.Password
r.Username = repositoryCredential.Username
r.SSHPrivateKey = repositoryCredential.SSHPrivateKey
r.TLSClientCertData = repositoryCredential.TLSClientCertData
r.TLSClientCertKey = repositoryCredential.TLSClientCertKey
}
q.Repos = append(q.Repos, r)
}
}
return nil
}
func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclient.ManifestRequest, isLocal bool) ([]*unstructured.Unstructured, error) {
concurrencyAllowed := isConcurrencyAllowed(appPath)
if !concurrencyAllowed {
@@ -728,7 +754,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie
for _, val := range appHelm.ValueFiles {
// This will resolve val to an absolute path (or an URL)
path, isRemote, err := pathutil.ResolveFilePath(appPath, repoRoot, val, q.GetValuesFileSchemes())
path, isRemote, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, val, q.GetValuesFileSchemes())
if err != nil {
return nil, err
}
@@ -768,7 +794,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie
}
}
for _, p := range appHelm.FileParameters {
resolvedPath, _, err := pathutil.ResolveFilePath(appPath, repoRoot, env.Envsubst(p.Path), q.GetValuesFileSchemes())
resolvedPath, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, env.Envsubst(p.Path), q.GetValuesFileSchemes())
if err != nil {
return nil, err
}
@@ -787,24 +813,8 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie
templateOpts.SetString[i] = env.Envsubst(j)
}
repos, err := getHelmDependencyRepos(appPath)
if err != nil {
return nil, err
}
for _, r := range repos {
if !repoExists(r.Repo, q.Repos) {
repositoryCredential := getRepoCredential(q.HelmRepoCreds, r.Repo)
if repositoryCredential != nil {
r.EnableOCI = repositoryCredential.EnableOCI
r.Password = repositoryCredential.Password
r.Username = repositoryCredential.Username
r.SSHPrivateKey = repositoryCredential.SSHPrivateKey
r.TLSClientCertData = repositoryCredential.TLSClientCertData
r.TLSClientCertKey = repositoryCredential.TLSClientCertKey
}
q.Repos = append(q.Repos, r)
}
if err := populateRequestRepos(appPath, q); err != nil {
return nil, fmt.Errorf("failed parsing dependencies: %v", err)
}
var proxy string
@@ -939,6 +949,10 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string,
manifests := make([]string, 0)
for _, obj := range targetObjs {
if obj == nil {
continue
}
var targets []*unstructured.Unstructured
if obj.IsList() {
err = obj.EachListItem(func(object runtime.Object) error {
@@ -1367,7 +1381,7 @@ func makeJsonnetVm(appPath string, repoRoot string, sourceJsonnet v1alpha1.Appli
jpaths := []string{appPath}
for _, p := range sourceJsonnet.Libs {
// the jsonnet library path is relative to the repository root, not application path
jpath, _, err := pathutil.ResolveFilePath(repoRoot, repoRoot, p, nil)
jpath, err := pathutil.ResolveFileOrDirectoryPath(repoRoot, repoRoot, p)
if err != nil {
return nil, err
}
@@ -1609,7 +1623,7 @@ func populateHelmAppDetails(res *apiclient.RepoAppDetailsResponse, appPath strin
return err
}
if resolvedValuesPath, _, err := pathutil.ResolveFilePath(appPath, repoRoot, "values.yaml", []string{}); err == nil {
if resolvedValuesPath, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, "values.yaml", []string{}); err == nil {
if err := loadFileIntoIfExists(resolvedValuesPath, &res.Helm.Values); err != nil {
return err
}
@@ -1619,7 +1633,7 @@ func populateHelmAppDetails(res *apiclient.RepoAppDetailsResponse, appPath strin
var resolvedSelectedValueFiles []pathutil.ResolvedFilePath
// drop not allowed values files
for _, file := range selectedValueFiles {
if resolvedFile, _, err := pathutil.ResolveFilePath(appPath, repoRoot, file, q.GetValuesFileSchemes()); err == nil {
if resolvedFile, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, file, q.GetValuesFileSchemes()); err == nil {
resolvedSelectedValueFiles = append(resolvedSelectedValueFiles, resolvedFile)
} else {
log.Warnf("Values file %s is not allowed: %v", file, err)

View File

@@ -47,14 +47,14 @@ gpg: using RSA key 4AEE18F83AFDEB23
gpg: Good signature from "GitHub (web-flow commit signing) <noreply@github.com>" [ultimate]
`
type clientFunc func(*gitmocks.Client)
type clientFunc func(*gitmocks.Client, *helmmocks.Client)
func newServiceWithMocks(root string, signed bool) (*Service, *gitmocks.Client) {
root, err := filepath.Abs(root)
if err != nil {
panic(err)
}
return newServiceWithOpt(func(gitClient *gitmocks.Client) {
return newServiceWithOpt(func(gitClient *gitmocks.Client, helmClient *helmmocks.Client) {
gitClient.On("Init").Return(nil)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
@@ -66,26 +66,27 @@ func newServiceWithMocks(root string, signed bool) (*Service, *gitmocks.Client)
} else {
gitClient.On("VerifyCommitSignature", mock.Anything).Return("", nil)
}
})
chart := "my-chart"
version := "1.1.0"
helmClient.On("GetIndex", true).Return(&helm.Index{Entries: map[string]helm.Entries{
chart: {{Version: "1.0.0"}, {Version: version}},
}}, nil)
helmClient.On("ExtractChart", chart, version).Return("./testdata/my-chart", io.NopCloser, nil)
helmClient.On("CleanChartCache", chart, version).Return(nil)
helmClient.On("DependencyBuild").Return(nil)
}, root)
}
func newServiceWithOpt(cf clientFunc) (*Service, *gitmocks.Client) {
func newServiceWithOpt(cf clientFunc, root string) (*Service, *gitmocks.Client) {
helmClient := &helmmocks.Client{}
gitClient := &gitmocks.Client{}
cf(gitClient)
cf(gitClient, helmClient)
service := NewService(metrics.NewMetricsServer(), cache.NewCache(
cacheutil.NewCache(cacheutil.NewInMemoryCache(1*time.Minute)),
1*time.Minute,
1*time.Minute,
), RepoServerInitConstants{ParallelismLimit: 1}, argo.NewResourceTracking(), &git.NoopCredsStore{}, os.TempDir())
chart := "my-chart"
version := "1.1.0"
helmClient.On("GetIndex", true).Return(&helm.Index{Entries: map[string]helm.Entries{
chart: {{Version: "1.0.0"}, {Version: version}},
}}, nil)
helmClient.On("ExtractChart", chart, version).Return("./testdata/my-chart", io.NopCloser, nil)
helmClient.On("CleanChartCache", chart, version).Return(nil)
), RepoServerInitConstants{ParallelismLimit: 1}, argo.NewResourceTracking(), &git.NoopCredsStore{}, root)
service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, prosy string, opts ...git.ClientOpts) (client git.Client, e error) {
return gitClient, nil
@@ -110,6 +111,11 @@ func newServiceWithSignature(root string) *Service {
}
func newServiceWithCommitSHA(root, revision string) *Service {
root, err := filepath.Abs(root)
if err != nil {
panic(err)
}
var revisionErr error
commitSHARegex := regexp.MustCompile("^[0-9A-Fa-f]{40}$")
@@ -117,14 +123,14 @@ func newServiceWithCommitSHA(root, revision string) *Service {
revisionErr = errors.New("not a commit SHA")
}
service, gitClient := newServiceWithOpt(func(gitClient *gitmocks.Client) {
service, gitClient := newServiceWithOpt(func(gitClient *gitmocks.Client, helmClient *helmmocks.Client) {
gitClient.On("Init").Return(nil)
gitClient.On("Fetch", mock.Anything).Return(nil)
gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
gitClient.On("LsRemote", revision).Return(revision, revisionErr)
gitClient.On("CommitSHA").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
gitClient.On("Root").Return(root)
})
}, root)
service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, opts ...git.ClientOpts) (client git.Client, e error) {
return gitClient, nil
@@ -363,6 +369,27 @@ func TestGenerateJsonnetManifestInDir(t *testing.T) {
assert.Equal(t, 2, len(res1.Manifests))
}
func TestGenerateJsonnetManifestInRootDir(t *testing.T) {
service := newService("testdata/jsonnet-1")
q := apiclient.ManifestRequest{
Repo: &argoappv1.Repository{},
ApplicationSource: &argoappv1.ApplicationSource{
Path: ".",
Directory: &argoappv1.ApplicationSourceDirectory{
Jsonnet: argoappv1.ApplicationSourceJsonnet{
ExtVars: []argoappv1.JsonnetVar{{Name: "extVarString", Value: "extVarString"}, {Name: "extVarCode", Value: "\"extVarCode\"", Code: true}},
TLAs: []argoappv1.JsonnetVar{{Name: "tlaString", Value: "tlaString"}, {Name: "tlaCode", Value: "\"tlaCode\"", Code: true}},
Libs: []string{"."},
},
},
},
}
res1, err := service.GenerateManifest(context.Background(), &q)
assert.Nil(t, err)
assert.Equal(t, 2, len(res1.Manifests))
}
func TestGenerateJsonnetLibOutside(t *testing.T) {
service := newService(".")
@@ -379,7 +406,7 @@ func TestGenerateJsonnetLibOutside(t *testing.T) {
}
_, err := service.GenerateManifest(context.Background(), &q)
require.Error(t, err)
require.Contains(t, err.Error(), "value file '../../../testdata/jsonnet/vendor' resolved to outside repository root")
require.Contains(t, err.Error(), "file '../../../testdata/jsonnet/vendor' resolved to outside repository root")
}
func TestManifestGenErrorCacheByNumRequests(t *testing.T) {
@@ -1159,6 +1186,7 @@ func TestListApps(t *testing.T) {
"kustomization_yml": "Kustomize",
"my-chart": "Helm",
"my-chart-2": "Helm",
"oci-dependencies": "Helm",
"out-of-bounds-values-file-link": "Helm",
"values-files": "Helm",
}
@@ -1213,7 +1241,7 @@ func TestGetAppDetailsKustomize(t *testing.T) {
assert.Equal(t, "Kustomize", res.Type)
assert.NotNil(t, res.Kustomize)
assert.EqualValues(t, []string{"nginx:1.15.4", "k8s.gcr.io/nginx-slim:0.8"}, res.Kustomize.Images)
assert.EqualValues(t, []string{"nginx:1.15.4", "registry.k8s.io/nginx-slim:0.8"}, res.Kustomize.Images)
}
func TestGetHelmCharts(t *testing.T) {
@@ -2478,3 +2506,18 @@ func Test_populateHelmAppDetails_values_symlinks(t *testing.T) {
assert.Empty(t, res.Helm.Parameters)
})
}
func TestOCIDependencies(t *testing.T) {
src := argoappv1.ApplicationSource{Path: "."}
q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{
{URL: "example.com", Username: "test", Password: "test", EnableOCI: true},
}}
err := populateRequestRepos("./testdata/oci-dependencies", &q)
assert.Nil(t, err)
assert.Equal(t, len(q.Repos), 1)
assert.Equal(t, q.Repos[0].Username, "test")
assert.Equal(t, q.Repos[0].EnableOCI, true)
assert.Equal(t, q.Repos[0].Repo, "example.com")
}

View File

@@ -0,0 +1,47 @@
local service = import 'vendor/nested/service.libsonnet';
local params = import 'params.libsonnet';
function(tlaString, tlaCode)
[
service.new(params),
{
apiVersion: 'apps/v1beta2',
kind: 'Deployment',
metadata: {
name: params.name,
},
spec: {
replicas: params.replicas,
selector: {
matchLabels: {
app: params.name,
},
},
template: {
metadata: {
labels: {
app: params.name,
tlaString: tlaString,
tlaCode: tlaCode,
extVarString: std.extVar('extVarString'),
extVarCode: std.extVar('extVarCode'),
},
},
spec: {
containers: [
{
image: params.image,
name: params.name,
ports: [
{
containerPort: params.containerPort,
},
],
},
],
},
},
},
},
null,
]

View File

@@ -0,0 +1,8 @@
{
containerPort: 80,
image: "gcr.io/heptio-images/ks-guestbook-demo:0.2",
name: "guestbook-ui",
replicas: 1,
servicePort: 80,
type: "ClusterIP",
}

View File

@@ -0,0 +1,23 @@
local new(params) = {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: params.name,
},
spec: {
ports: [
{
port: params.servicePort,
targetPort: params.containerPort,
},
],
selector: {
app: params.name,
},
type: params.type,
},
};
{
new:: new,
}

View File

@@ -43,4 +43,5 @@ function(tlaString, tlaCode)
},
},
},
null,
]

View File

@@ -0,0 +1,6 @@
name: my-chart
version: 1.1.0
dependencies:
- name: my-dependency
repository: oci://example.com
version: '*'

View File

@@ -25,7 +25,7 @@ spec:
name: daemonset
spec:
containers:
- image: k8s.gcr.io/nginx-slim:0.8
- image: registry.k8s.io/nginx-slim:0.8
imagePullPolicy: IfNotPresent
name: nginx
resources: {}

View File

@@ -23,7 +23,7 @@ spec:
name: daemonset
spec:
containers:
- image: k8s.gcr.io/nginx-slim:0.8
- image: registry.k8s.io/nginx-slim:0.8
imagePullPolicy: IfNotPresent
name: nginx
resources: {}

View File

@@ -26,7 +26,7 @@ spec:
kubectl.kubernetes.io/restartedAt: "0001-01-01T00:00:00Z"
spec:
containers:
- image: k8s.gcr.io/nginx-slim:0.8
- image: registry.k8s.io/nginx-slim:0.8
imagePullPolicy: IfNotPresent
name: nginx
resources: {}

View File

@@ -24,7 +24,7 @@ spec:
app: statefulset
spec:
containers:
- image: k8s.gcr.io/nginx-slim:0.8
- image: registry.k8s.io/nginx-slim:0.8
imagePullPolicy: IfNotPresent
name: nginx
resources: {}

View File

@@ -3,17 +3,21 @@ if obj.status ~= nil then
if obj.status.conditions ~= nil then
for i, condition in ipairs(obj.status.conditions) do
health_status.message = condition.message
if condition.reason == "Successful" then
if condition.type == "Successful" and condition.status == "True" then
health_status.status = "Healthy"
elseif condition.reason == "Running" then
health_status.status = "Progressing"
else
health_status.status = "Degraded"
return health_status
end
if condition.type == "Failure" and condition.status == "True" then
health_status.status = "Degraded"
return health_status
end
if condition.type == "Running" and condition.reason == "Running" then
health_status.status = "Progressing"
return health_status
end
return health_status
end
end
end
health_status.status = "Progressing"
health_status.message = "Waiting for Kiali"
return health_status
return health_status

View File

@@ -9,5 +9,5 @@ tests:
inputPath: testdata/degraded.yaml
- healthStatus:
status: Healthy
message: "Awaiting next reconciliation"
message: "Last reconciliation succeeded"
inputPath: testdata/healthy.yaml

View File

@@ -14,14 +14,24 @@ metadata:
spec: {}
status:
conditions:
- ansibleResult:
changed: 1
completion: 2020-06-08T13:41:20.133525
failures: 0
ok: 56
skipped: 82
lastTransitionTime: "2020-06-04T17:47:31Z"
message: Error Reconciling
reason: null
status: "True"
type: Running
- lastTransitionTime: '2022-10-19T09:44:32Z'
message: ''
reason: ''
status: 'False'
type: Failure
- ansibleResult:
changed: 18
completion: '2022-10-19T09:44:32.289505'
failures: 0
ok: 101
skipped: 101
lastTransitionTime: '2022-10-19T09:43:39Z'
message: Awaiting next reconciliation
reason: Successful
status: 'True'
type: Running
- lastTransitionTime: '2022-10-19T09:44:32Z'
message: Error Reconciling
reason: Failure
status: 'True'
type: Failure

View File

@@ -14,14 +14,24 @@ metadata:
spec: {}
status:
conditions:
- ansibleResult:
changed: 1
completion: 2020-06-08T13:41:20.133525
failures: 0
ok: 56
skipped: 82
lastTransitionTime: "2020-06-04T17:47:31Z"
message: Awaiting next reconciliation
reason: Successful
status: "True"
type: Running
- lastTransitionTime: '2022-10-19T09:44:32Z'
message: ''
reason: ''
status: 'False'
type: Failure
- ansibleResult:
changed: 18
completion: '2022-10-19T09:44:32.289505'
failures: 0
ok: 101
skipped: 101
lastTransitionTime: '2022-10-19T09:43:39Z'
message: Awaiting next reconciliation
reason: Successful
status: 'True'
type: Running
- lastTransitionTime: '2022-10-19T09:44:32Z'
message: Last reconciliation succeeded
reason: Successful
status: 'True'
type: Successful

View File

@@ -36,11 +36,21 @@ if obj.status ~= nil then
health_status.message = obj.status.currentState
return health_status
end
if obj.status.currentState == "Tenant credentials are not set properly" then
health_status.status = "Degraded"
health_status.message = obj.status.currentState
return health_status
end
if obj.status.currentState == "Different versions across MinIO Pools" then
health_status.status = "Degraded"
health_status.message = obj.status.currentState
return health_status
end
if obj.status.currentState == "Pool Decommissioning Not Allowed" then
health_status.status = "Degraded"
health_status.message = obj.status.currentState
return health_status
end
health_status.status = "Progressing"
health_status.message = obj.status.currentState
return health_status

View File

@@ -23,10 +23,18 @@ tests:
status: Degraded
message: "Another MinIO Tenant already exists in the namespace"
inputPath: testdata/another_tenant_exists.yaml
- healthStatus:
status: Degraded
message: "Tenant credentials are not set properly"
inputPath: testdata/incorrect_tenant_credentials.yaml
- healthStatus:
status: Degraded
message: "Different versions across MinIO Pools"
inputPath: testdata/versions_mismatch.yaml
- healthStatus:
status: Degraded
message: "Pool Decommissioning Not Allowed"
inputPath: testdata/pool_decommissioning_not_allowed.yaml
- healthStatus:
status: Progressing
message: "<unknown status message>"

View File

@@ -0,0 +1,13 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: minio-tenant
spec:
image: minio/minio:latest
pools:
- name: pool-0
servers: 1
volumesPerServer: 4
status:
revision: 0
currentState: Tenant credentials are not set properly

View File

@@ -0,0 +1,13 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: minio-tenant
spec:
image: minio/minio:latest
pools:
- name: pool-0
servers: 1
volumesPerServer: 4
status:
revision: 0
currentState: Pool Decommissioning Not Allowed

View File

@@ -8,7 +8,9 @@ if obj.status ~= nil then
msg = msg .. i .. ": " .. condition.type .. " | " .. condition.status .. "\n"
if condition.type == "InstallPlanPending" and condition.status == "True" then
numPending = numPending + 1
elseif (condition.type == "CatalogSourcesUnhealthy" or condition.type == "InstallPlanMissing" or condition.type == "InstallPlanFailed" or condition.type == "ResolutionFailed") and condition.status == "True" then
elseif (condition.type == "InstallPlanMissing" and condition.reason ~= "ReferencedInstallPlanNotFound") then
numDegraded = numDegraded + 1
elseif (condition.type == "CatalogSourcesUnhealthy" or condition.type == "InstallPlanFailed" or condition.type == "ResolutionFailed") and condition.status == "True" then
numDegraded = numDegraded + 1
end
end

View File

@@ -8,7 +8,7 @@ tests:
message: "1: CatalogSourcesUnhealthy | True\n"
inputPath: testdata/catalog_sources_unhealthy.yaml
- healthStatus:
status: Degraded
status: Healthy
message: "1: CatalogSourcesUnhealthy | False\n2: InstallPlanMissing | True\n"
inputPath: testdata/install_plan_missing.yaml
- healthStatus:

Some files were not shown because too many files have changed in this diff Show More