mirror of
https://github.com/argoproj/argo-cd.git
synced 2026-02-28 13:38:47 +01:00
Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
148d8da7a9 | ||
|
|
f13bb9e2e9 | ||
|
|
1e6a4c6128 | ||
|
|
2873aa43f4 | ||
|
|
e7b4256474 | ||
|
|
b0b8353e26 | ||
|
|
2848ca2607 | ||
|
|
9b7445cb18 | ||
|
|
9b2cdc2ccf | ||
|
|
301b80b512 | ||
|
|
504da424c2 | ||
|
|
24cc8578fd |
@@ -133,6 +133,16 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri
|
||||
if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Keys can be templated as well as values (e.g. to template something into an annotation).
|
||||
if key.Kind() == reflect.String {
|
||||
templatedKey, err := r.Replace(key.String(), replaceMap, useGoTemplate)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
key = reflect.ValueOf(templatedKey)
|
||||
}
|
||||
|
||||
copy.SetMapIndex(key, copyValue)
|
||||
}
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"github.com/sirupsen/logrus"
|
||||
logtest "github.com/sirupsen/logrus/hooks/test"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
@@ -461,7 +462,49 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) {
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestRenderTemplateKeys(t *testing.T) {
|
||||
t.Run("fasttemplate", func(t *testing.T) {
|
||||
application := &argoappsv1.Application{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Annotations: map[string]string{
|
||||
"annotation-{{key}}": "annotation-{{value}}",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
params := map[string]interface{}{
|
||||
"key": "some-key",
|
||||
"value": "some-value",
|
||||
}
|
||||
|
||||
render := Render{}
|
||||
newApplication, err := render.RenderTemplateParams(application, nil, params, false)
|
||||
require.NoError(t, err)
|
||||
require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key")
|
||||
assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value")
|
||||
})
|
||||
t.Run("gotemplate", func(t *testing.T) {
|
||||
application := &argoappsv1.Application{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Annotations: map[string]string{
|
||||
"annotation-{{ .key }}": "annotation-{{ .value }}",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
params := map[string]interface{}{
|
||||
"key": "some-key",
|
||||
"value": "some-value",
|
||||
}
|
||||
|
||||
render := Render{}
|
||||
newApplication, err := render.RenderTemplateParams(application, nil, params, true)
|
||||
require.NoError(t, err)
|
||||
require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key")
|
||||
assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value")
|
||||
})
|
||||
}
|
||||
|
||||
func TestRenderTemplateParamsFinalizers(t *testing.T) {
|
||||
|
||||
@@ -514,7 +514,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
|
||||
}
|
||||
gvk := obj.GroupVersionKind()
|
||||
|
||||
isSelfReferencedObj := m.isSelfReferencedObj(liveObj, appLabelKey, trackingMethod)
|
||||
isSelfReferencedObj := m.isSelfReferencedObj(liveObj, targetObj, app.GetName(), appLabelKey, trackingMethod)
|
||||
|
||||
resState := v1alpha1.ResourceStatus{
|
||||
Namespace: obj.GetNamespace(),
|
||||
@@ -699,12 +699,13 @@ func NewAppStateManager(
|
||||
}
|
||||
|
||||
// isSelfReferencedObj returns whether the given obj is managed by the application
|
||||
// according to the values in the tracking annotation. It returns true when all
|
||||
// of the properties in the annotation (name, namespace, group and kind) match
|
||||
// the properties of the inspected object, or if the tracking method used does
|
||||
// not provide the required properties for matching.
|
||||
func (m *appStateManager) isSelfReferencedObj(obj *unstructured.Unstructured, appLabelKey string, trackingMethod v1alpha1.TrackingMethod) bool {
|
||||
if obj == nil {
|
||||
// according to the values of the tracking id (aka app instance value) annotation.
|
||||
// It returns true when all of the properties of the tracking id (app name, namespace,
|
||||
// group and kind) match the properties of the live object, or if the tracking method
|
||||
// used does not provide the required properties for matching.
|
||||
// Reference: https://github.com/argoproj/argo-cd/issues/8683
|
||||
func (m *appStateManager) isSelfReferencedObj(live, config *unstructured.Unstructured, appName, appLabelKey string, trackingMethod v1alpha1.TrackingMethod) bool {
|
||||
if live == nil {
|
||||
return true
|
||||
}
|
||||
|
||||
@@ -714,17 +715,42 @@ func (m *appStateManager) isSelfReferencedObj(obj *unstructured.Unstructured, ap
|
||||
return true
|
||||
}
|
||||
|
||||
// In order for us to assume obj to be managed by this application, the
|
||||
// values from the annotation have to match the properties from the live
|
||||
// object. Cluster scoped objects carry the app's destination namespace
|
||||
// in the tracking annotation, but are unique in GVK + name combination.
|
||||
appInstance := m.resourceTracking.GetAppInstance(obj, appLabelKey, trackingMethod)
|
||||
if appInstance != nil {
|
||||
return (obj.GetNamespace() == appInstance.Namespace || obj.GetNamespace() == "") &&
|
||||
obj.GetName() == appInstance.Name &&
|
||||
obj.GetObjectKind().GroupVersionKind().Group == appInstance.Group &&
|
||||
obj.GetObjectKind().GroupVersionKind().Kind == appInstance.Kind
|
||||
// config != nil is the best-case scenario for constructing an accurate
|
||||
// Tracking ID. `config` is the "desired state" (from git/helm/etc.).
|
||||
// Using the desired state is important when there is an ApiGroup upgrade.
|
||||
// When upgrading, the comparison must be made with the new tracking ID.
|
||||
// Example:
|
||||
// live resource annotation will be:
|
||||
// ingress-app:extensions/Ingress:default/some-ingress
|
||||
// when it should be:
|
||||
// ingress-app:networking.k8s.io/Ingress:default/some-ingress
|
||||
// More details in: https://github.com/argoproj/argo-cd/pull/11012
|
||||
var aiv argo.AppInstanceValue
|
||||
if config != nil {
|
||||
aiv = argo.UnstructuredToAppInstanceValue(config, appName, "")
|
||||
return isSelfReferencedObj(live, aiv)
|
||||
}
|
||||
|
||||
// If config is nil then compare the live resource with the value
|
||||
// of the annotation. In this case, in order to validate if obj is
|
||||
// managed by this application, the values from the annotation have
|
||||
// to match the properties from the live object. Cluster scoped objects
|
||||
// carry the app's destination namespace in the tracking annotation,
|
||||
// but are unique in GVK + name combination.
|
||||
appInstance := m.resourceTracking.GetAppInstance(live, appLabelKey, trackingMethod)
|
||||
if appInstance != nil {
|
||||
return isSelfReferencedObj(live, *appInstance)
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// isSelfReferencedObj returns true if the given Tracking ID (`aiv`) matches
|
||||
// the given object. It returns false when the ID doesn't match. This sometimes
|
||||
// happens when a tracking label or annotation gets accidentally copied to a
|
||||
// different resource.
|
||||
func isSelfReferencedObj(obj *unstructured.Unstructured, aiv argo.AppInstanceValue) bool {
|
||||
return (obj.GetNamespace() == aiv.Namespace || obj.GetNamespace() == "") &&
|
||||
obj.GetName() == aiv.Name &&
|
||||
obj.GetObjectKind().GroupVersionKind().Group == aiv.Group &&
|
||||
obj.GetObjectKind().GroupVersionKind().Kind == aiv.Kind
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
v1 "k8s.io/api/apps/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
networkingv1 "k8s.io/api/networking/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
@@ -852,6 +853,19 @@ func TestIsLiveResourceManaged(t *testing.T) {
|
||||
},
|
||||
},
|
||||
})
|
||||
managedWrongAPIGroup := kube.MustToUnstructured(&networkingv1.Ingress{
|
||||
TypeMeta: metav1.TypeMeta{
|
||||
APIVersion: "networking.k8s.io/v1",
|
||||
Kind: "Ingress",
|
||||
},
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "some-ingress",
|
||||
Namespace: "default",
|
||||
Annotations: map[string]string{
|
||||
common.AnnotationKeyAppInstance: "guestbook:extensions/Ingress:default/some-ingress",
|
||||
},
|
||||
},
|
||||
})
|
||||
ctrl := newFakeController(&fakeData{
|
||||
apps: []runtime.Object{app, &defaultProj},
|
||||
manifestResponse: &apiclient.ManifestResponse{
|
||||
@@ -870,30 +884,69 @@ func TestIsLiveResourceManaged(t *testing.T) {
|
||||
})
|
||||
|
||||
manager := ctrl.appStateManager.(*appStateManager)
|
||||
appName := "guestbook"
|
||||
|
||||
// Managed resource w/ annotations
|
||||
assert.True(t, manager.isSelfReferencedObj(managedObj, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.True(t, manager.isSelfReferencedObj(managedObj, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
t.Run("will return true if trackingid matches the resource", func(t *testing.T) {
|
||||
// given
|
||||
t.Parallel()
|
||||
configObj := managedObj.DeepCopy()
|
||||
|
||||
// Managed resource w/ label
|
||||
assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
// then
|
||||
assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
})
|
||||
t.Run("will return true if tracked with label", func(t *testing.T) {
|
||||
// given
|
||||
t.Parallel()
|
||||
configObj := managedObjWithLabel.DeepCopy()
|
||||
|
||||
// Wrong resource name
|
||||
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
// then
|
||||
assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
})
|
||||
t.Run("will handle if trackingId has wrong resource name and config is nil", func(t *testing.T) {
|
||||
// given
|
||||
t.Parallel()
|
||||
|
||||
// Wrong resource group
|
||||
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
// then
|
||||
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
})
|
||||
t.Run("will handle if trackingId has wrong resource group and config is nil", func(t *testing.T) {
|
||||
// given
|
||||
t.Parallel()
|
||||
|
||||
// Wrong resource kind
|
||||
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
// then
|
||||
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
})
|
||||
t.Run("will handle if trackingId has wrong kind and config is nil", func(t *testing.T) {
|
||||
// given
|
||||
t.Parallel()
|
||||
|
||||
// Wrong resource namespace
|
||||
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel))
|
||||
// then
|
||||
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
})
|
||||
t.Run("will handle if trackingId has wrong namespace and config is nil", func(t *testing.T) {
|
||||
// given
|
||||
t.Parallel()
|
||||
|
||||
// Nil resource
|
||||
assert.True(t, manager.isSelfReferencedObj(nil, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
// then
|
||||
assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
|
||||
assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel))
|
||||
})
|
||||
t.Run("will return true if live is nil", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
assert.True(t, manager.isSelfReferencedObj(nil, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
})
|
||||
|
||||
t.Run("will handle upgrade in desired state APIGroup", func(t *testing.T) {
|
||||
// given
|
||||
t.Parallel()
|
||||
config := managedWrongAPIGroup.DeepCopy()
|
||||
delete(config.GetAnnotations(), common.AnnotationKeyAppInstance)
|
||||
|
||||
// then
|
||||
assert.True(t, manager.isSelfReferencedObj(managedWrongAPIGroup, config, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
|
||||
})
|
||||
}
|
||||
|
||||
@@ -246,7 +246,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
|
||||
sync.WithResourcesFilter(func(key kube.ResourceKey, target *unstructured.Unstructured, live *unstructured.Unstructured) bool {
|
||||
return (len(syncOp.Resources) == 0 ||
|
||||
argo.ContainsSyncResource(key.Name, key.Namespace, schema.GroupVersionKind{Kind: key.Kind, Group: key.Group}, syncOp.Resources)) &&
|
||||
m.isSelfReferencedObj(live, appLabelKey, trackingMethod)
|
||||
m.isSelfReferencedObj(live, target, app.GetName(), appLabelKey, trackingMethod)
|
||||
}),
|
||||
sync.WithManifestValidation(!syncOp.SyncOptions.HasOption(common.SyncOptionsDisableValidation)),
|
||||
sync.WithNamespaceCreation(syncOp.SyncOptions.HasOption("CreateNamespace=true"), func(un *unstructured.Unstructured) bool {
|
||||
|
||||
112
docs/developer-guide/contributors-quickstart.md
Normal file
112
docs/developer-guide/contributors-quickstart.md
Normal file
@@ -0,0 +1,112 @@
|
||||
# Contributors Quick-Start
|
||||
|
||||
This guide is a starting point for first-time contributors running Argo CD locally for the first time.
|
||||
|
||||
It skips advanced topics such as codegen, which are covered in the [running locally guide](running-locally.md)
|
||||
and the [toolchain guide](toolchain-guide.md).
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Install Go
|
||||
|
||||
- Install version 1.18 or newer (Verify version by running `go version`)
|
||||
|
||||
- Get current value of `GOPATH` env:
|
||||
```shell
|
||||
go env | grep path
|
||||
```
|
||||
- Change directory into that path
|
||||
```shell
|
||||
cd <path>
|
||||
```
|
||||
|
||||
### Clone the Argo CD repo
|
||||
|
||||
```shell
|
||||
mkdir -p src/github.com/argoproj/ &&
|
||||
cd src/github.com/argoproj &&
|
||||
git clone https://github.com/argoproj/argo-cd.git
|
||||
```
|
||||
|
||||
### Install Docker
|
||||
|
||||
<https://docs.docker.com/engine/install/>
|
||||
|
||||
### Install or Upgrade `kind` (Optional - Should work with any local cluster)
|
||||
|
||||
<https://kind.sigs.k8s.io/docs/user/quick-start/>
|
||||
|
||||
### Start Your Local Cluster
|
||||
|
||||
```shell
|
||||
kind create cluster
|
||||
```
|
||||
|
||||
### Install Argo CD
|
||||
|
||||
```shell
|
||||
kubectl create namespace argocd &&
|
||||
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml
|
||||
```
|
||||
|
||||
Set kubectl config to avoid specifying the namespace in every kubectl command.
|
||||
All following commands in this guide assume the namespace is already set.
|
||||
|
||||
```shell
|
||||
kubectl config set-context --current --namespace=argocd
|
||||
```
|
||||
|
||||
### Install `yarn`
|
||||
|
||||
<https://classic.yarnpkg.com/lang/en/docs/install/>
|
||||
|
||||
### Install `goreman`
|
||||
|
||||
<https://github.com/mattn/goreman#getting-started>
|
||||
|
||||
### Run Argo CD
|
||||
|
||||
```shell
|
||||
cd argo-cd
|
||||
make start-local ARGOCD_GPG_ENABLED=false
|
||||
```
|
||||
|
||||
- Navigate to <localhost:4000> to the ArgoCD UI on browser
|
||||
- It may take a few minutes for the UI to be responsive
|
||||
|
||||
!!! note
|
||||
If the UI is not working, check the logs from `make start-local`. The logs are `DEBUG` level by default. If the logs are
|
||||
too noisy to find the problem, try editing log levels for the commands in the `Procfile` in the root of the Argo CD repo.
|
||||
|
||||
## Making Changes
|
||||
|
||||
### UI Changes
|
||||
|
||||
Modifying the User-Interface (by editing .tsx or .scss files) auto-reloads the changes on port 4000.
|
||||
|
||||
### Backend Changes
|
||||
|
||||
Modifying the API server, repo server, or a controller requires restarting the current `make start-local` session to reflect the changes.
|
||||
|
||||
### CLI Changes
|
||||
|
||||
Modifying the CLI requires restarting the current `make start-local` session to reflect the changes.
|
||||
|
||||
To test most CLI commands, you will need to log in.
|
||||
|
||||
First, get the auto-generated secret:
|
||||
|
||||
```shell
|
||||
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
|
||||
```
|
||||
|
||||
Then log in using that password and username `admin`:
|
||||
|
||||
```shell
|
||||
dist/argocd login localhost:8080
|
||||
```
|
||||
|
||||
---
|
||||
Congrats on making it to the end of this runbook! 🚀
|
||||
|
||||
For more on Argo CD, find us in Slack - <https://slack.cncf.io/> [#argo-contributors](https://cloud-native.slack.com/archives/C020XM04CUW)
|
||||
@@ -74,6 +74,13 @@ All your templates must replace parameters with GoTemplate Syntax:
|
||||
|
||||
Example: `{{ some.value }}` becomes `{{ .some.value }}`
|
||||
|
||||
### Cluster Generators
|
||||
|
||||
By activating Go Templating, `{{ .metadata }}` becomes an object.
|
||||
|
||||
- `{{ metadata.labels.my-label }}` becomes `{{ index .metadata.labels "my-label" }}`
|
||||
- `{{ metadata.annotations.my/annotation }}` becomes `{{ index .metadata.annotations "my/annotation" }}`
|
||||
|
||||
### Git Generators
|
||||
|
||||
By activating Go Templating, `{{ .path }}` becomes an object. Therefore, some changes must be made to the Git
|
||||
|
||||
@@ -63,6 +63,10 @@ metadata:
|
||||
name: cmp-plugin
|
||||
spec:
|
||||
version: v1.0
|
||||
init:
|
||||
# Init always happens immediately before generate, but its output is not treated as manifests.
|
||||
# This is a good place to, for example, download chart dependencies.
|
||||
command: [sh, -c, 'echo "Initializing..."']
|
||||
generate:
|
||||
command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"']
|
||||
discover:
|
||||
@@ -94,6 +98,11 @@ Argo CD expects the plugin configuration file to be located at `/home/argocd/cmp
|
||||
|
||||
If you use a custom image for the sidecar, you can add the file directly to that image.
|
||||
|
||||
```dockerfile
|
||||
WORKDIR /home/argocd/cmp-server/config/
|
||||
COPY plugin.yaml ./
|
||||
```
|
||||
|
||||
If you use a stock image for the sidecar or would rather maintain the plugin configuration in a ConfigMap, just nest the
|
||||
plugin config file in a ConfigMap under the `plugin.yaml` key.
|
||||
|
||||
@@ -110,6 +119,8 @@ data:
|
||||
name: cmp-plugin
|
||||
spec:
|
||||
version: v1.0
|
||||
init:
|
||||
command: [sh, -c, 'echo "Initializing..."']
|
||||
generate:
|
||||
command: [sh, -c, 'echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"']
|
||||
discover:
|
||||
@@ -230,6 +241,23 @@ If you don't need to set any environment variables, you can set an empty plugin
|
||||
Each CMP command will also independently timeout on the `ARGOCD_EXEC_TIMEOUT` set for the CMP sidecar. The default
|
||||
is 90s. So if you increase the repo server timeout greater than 90s, be sure to set `ARGOCD_EXEC_TIMEOUT` on the
|
||||
sidecar.
|
||||
|
||||
!!! note
|
||||
Each Application can only have one config management plugin configured at a time. If you're converting an existing
|
||||
plugin configured through the `argocd-cm` ConfigMap to a sidecar, make sure the discovery mechanism only returns
|
||||
true for Applications that have had their `name` field in the `plugin` section of their spec removed.
|
||||
|
||||
## Debugging a CMP
|
||||
|
||||
If you are actively developing a sidecar-installed CMP, keep a few things in mind:
|
||||
|
||||
1) If you are mounting plugin.yaml from a ConfigMap, you will have to restart the repo-server Pod so the plugin will
|
||||
pick up the changes.
|
||||
2) If you have baked plugin.yaml into your image, you will have to build, push, and force a re-pull of that image on the
|
||||
repo-server Pod so the plugin will pick up the changes. If you are using `:latest`, the Pod will always pull the new
|
||||
image. If you're using a different, static tag, set `imagePullPolicy: Always` on the CMP's sidecar container.
|
||||
3) CMP errors are cached by the repo-server in Redis. Restarting the repo-server Pod will not clear the cache. Always
|
||||
do a "Hard Refresh" when actively developing a CMP so you have the latest output.
|
||||
|
||||
## Plugin tar stream exclusions
|
||||
|
||||
|
||||
55
docs/user-guide/import.md
Normal file
55
docs/user-guide/import.md
Normal file
@@ -0,0 +1,55 @@
|
||||
# Importing Argo CD go packages
|
||||
|
||||
## Issue
|
||||
|
||||
When importing Argo CD packages in your own projects, you may face some errors when downloading the dependencies, such as "unknown revision v0.0.0". This is because Argo CD directly depends on some Kubernetes packages which have these unknown v0.0.0 versions in their go.mod.
|
||||
|
||||
## Solution
|
||||
|
||||
Add a replace section in your own go.mod as same as the replace section of the corresponding Argo CD version's go.mod. In order to find the go.mod for a specific version, navigate to the [Argo CD repository](https://github.com/argoproj/argo-cd/) and click on the switch branches/tags dropdown to select the version you are looking for. Now you can view the go.mod file for a specific version along with all other files.
|
||||
|
||||
## Example
|
||||
|
||||
If you are using Argo CD v2.4.15, your go.mod should contain the following:
|
||||
|
||||
```
|
||||
replace (
|
||||
// https://github.com/golang/go/issues/33546#issuecomment-519656923
|
||||
github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127
|
||||
|
||||
github.com/golang/protobuf => github.com/golang/protobuf v1.4.2
|
||||
github.com/gorilla/websocket => github.com/gorilla/websocket v1.4.2
|
||||
github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0
|
||||
github.com/improbable-eng/grpc-web => github.com/improbable-eng/grpc-web v0.0.0-20181111100011-16092bd1d58a
|
||||
|
||||
// Avoid CVE-2022-28948
|
||||
gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
|
||||
|
||||
// https://github.com/kubernetes/kubernetes/issues/79384#issuecomment-505627280
|
||||
k8s.io/api => k8s.io/api v0.23.1
|
||||
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.23.1
|
||||
k8s.io/apimachinery => k8s.io/apimachinery v0.23.1
|
||||
k8s.io/apiserver => k8s.io/apiserver v0.23.1
|
||||
k8s.io/cli-runtime => k8s.io/cli-runtime v0.23.1
|
||||
k8s.io/client-go => k8s.io/client-go v0.23.1
|
||||
k8s.io/cloud-provider => k8s.io/cloud-provider v0.23.1
|
||||
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.23.1
|
||||
k8s.io/code-generator => k8s.io/code-generator v0.23.1
|
||||
k8s.io/component-base => k8s.io/component-base v0.23.1
|
||||
k8s.io/component-helpers => k8s.io/component-helpers v0.23.1
|
||||
k8s.io/controller-manager => k8s.io/controller-manager v0.23.1
|
||||
k8s.io/cri-api => k8s.io/cri-api v0.23.1
|
||||
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.23.1
|
||||
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.23.1
|
||||
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.23.1
|
||||
k8s.io/kube-proxy => k8s.io/kube-proxy v0.23.1
|
||||
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.23.1
|
||||
k8s.io/kubectl => k8s.io/kubectl v0.23.1
|
||||
k8s.io/kubelet => k8s.io/kubelet v0.23.1
|
||||
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.23.1
|
||||
k8s.io/metrics => k8s.io/metrics v0.23.1
|
||||
k8s.io/mount-utils => k8s.io/mount-utils v0.23.1
|
||||
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.23.1
|
||||
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.23.1
|
||||
)
|
||||
```
|
||||
@@ -5,7 +5,7 @@ kind: Kustomization
|
||||
images:
|
||||
- name: quay.io/argoproj/argocd
|
||||
newName: quay.io/argoproj/argocd
|
||||
newTag: v2.5.0
|
||||
newTag: v2.5.2
|
||||
resources:
|
||||
- ./application-controller
|
||||
- ./dex
|
||||
|
||||
@@ -25,7 +25,8 @@ spec:
|
||||
port: 6379
|
||||
egress:
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
|
||||
@@ -9635,7 +9635,7 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -9893,7 +9893,7 @@ spec:
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -9944,7 +9944,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -10151,7 +10151,7 @@ spec:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
@@ -10240,7 +10240,8 @@ spec:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
|
||||
@@ -12,4 +12,4 @@ resources:
|
||||
images:
|
||||
- name: quay.io/argoproj/argocd
|
||||
newName: quay.io/argoproj/argocd
|
||||
newTag: v2.5.0
|
||||
newTag: v2.5.2
|
||||
|
||||
@@ -11,7 +11,7 @@ patchesStrategicMerge:
|
||||
images:
|
||||
- name: quay.io/argoproj/argocd
|
||||
newName: quay.io/argoproj/argocd
|
||||
newTag: v2.5.0
|
||||
newTag: v2.5.2
|
||||
resources:
|
||||
- ../../base/application-controller
|
||||
- ../../base/applicationset-controller
|
||||
|
||||
@@ -36,7 +36,8 @@ spec:
|
||||
- port: 26379
|
||||
protocol: TCP
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
|
||||
@@ -33,7 +33,8 @@ spec:
|
||||
- port: 26379
|
||||
protocol: TCP
|
||||
- to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: redis-ha
|
||||
repository: https://dandydeveloper.github.io/charts
|
||||
version: 4.17.8
|
||||
digest: sha256:24b66a7cd8e6ec23502173bd643bfaa66cf0d062df0361370226754e0cedda12
|
||||
generated: "2022-08-12T00:12:34.042365707-07:00"
|
||||
version: 4.22.3
|
||||
digest: sha256:ae773caf65b172bdd2216072c03ba76ef3c0383dbd1e2478934a67b9455f6a2e
|
||||
generated: "2022-11-02T16:57:25.047025473-07:00"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
dependencies:
|
||||
- name: redis-ha
|
||||
version: 4.17.8
|
||||
version: 4.22.3
|
||||
repository: https://dandydeveloper.github.io/charts
|
||||
|
||||
@@ -9,7 +9,7 @@ metadata:
|
||||
labels:
|
||||
heritage: Helm
|
||||
release: argocd
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
app: argocd-redis-ha
|
||||
---
|
||||
# Source: redis-ha/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml
|
||||
@@ -21,7 +21,7 @@ metadata:
|
||||
labels:
|
||||
heritage: Helm
|
||||
release: argocd
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
app: argocd-redis-ha
|
||||
---
|
||||
# Source: redis-ha/charts/redis-ha/templates/redis-ha-configmap.yaml
|
||||
@@ -33,7 +33,7 @@ metadata:
|
||||
labels:
|
||||
heritage: Helm
|
||||
release: argocd
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
app: argocd-redis-ha
|
||||
data:
|
||||
redis.conf: |
|
||||
@@ -41,7 +41,6 @@ data:
|
||||
port 6379
|
||||
rename-command FLUSHDB ""
|
||||
rename-command FLUSHALL ""
|
||||
bind 0.0.0.0
|
||||
maxmemory 0
|
||||
maxmemory-policy volatile-lru
|
||||
min-replicas-max-lag 5
|
||||
@@ -54,7 +53,6 @@ data:
|
||||
sentinel.conf: |
|
||||
dir "/data"
|
||||
port 26379
|
||||
bind 0.0.0.0
|
||||
sentinel down-after-milliseconds argocd 10000
|
||||
sentinel failover-timeout argocd 180000
|
||||
maxclients 10000
|
||||
@@ -176,11 +174,11 @@ data:
|
||||
echo "Getting redis master ip.."
|
||||
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
|
||||
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
if [ -z "${DEFAULT_MASTER}" ]; then
|
||||
echo "Error: Unable to resolve redis master (getent hosts)."
|
||||
exit 1
|
||||
fi
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
echo "Setting default slave config for redis and sentinel.."
|
||||
echo " using master ip (${DEFAULT_MASTER})"
|
||||
redis_update "${DEFAULT_MASTER}"
|
||||
@@ -277,11 +275,7 @@ data:
|
||||
getent_hosts() {
|
||||
index=${1:-${INDEX}}
|
||||
service="${SERVICE}-announce-${index}"
|
||||
pod="${SERVICE}-server-${index}"
|
||||
host=$(getent hosts "${service}")
|
||||
if [ -z "${host}" ]; then
|
||||
host=$(getent hosts "${pod}")
|
||||
fi
|
||||
echo "${host}"
|
||||
}
|
||||
|
||||
@@ -443,11 +437,11 @@ data:
|
||||
echo "Getting redis master ip.."
|
||||
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
|
||||
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
if [ -z "${DEFAULT_MASTER}" ]; then
|
||||
echo "Error: Unable to resolve redis master (getent hosts)."
|
||||
exit 1
|
||||
fi
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
echo "Setting default slave config for redis and sentinel.."
|
||||
echo " using master ip (${DEFAULT_MASTER})"
|
||||
redis_update "${DEFAULT_MASTER}"
|
||||
@@ -544,11 +538,7 @@ data:
|
||||
getent_hosts() {
|
||||
index=${1:-${INDEX}}
|
||||
service="${SERVICE}-announce-${index}"
|
||||
pod="${SERVICE}-server-${index}"
|
||||
host=$(getent hosts "${service}")
|
||||
if [ -z "${host}" ]; then
|
||||
host=$(getent hosts "${pod}")
|
||||
fi
|
||||
echo "${host}"
|
||||
}
|
||||
|
||||
@@ -593,18 +583,24 @@ data:
|
||||
|
||||
identify_announce_ip
|
||||
|
||||
while [ -z "${ANNOUNCE_IP}" ]; do
|
||||
echo "Error: Could not resolve the announce ip for this pod."
|
||||
sleep 30
|
||||
identify_announce_ip
|
||||
done
|
||||
|
||||
while true; do
|
||||
sleep 60
|
||||
|
||||
# where is redis master
|
||||
identify_master
|
||||
|
||||
if [ "$MASTER" == "$ANNOUNCE_IP" ]; then
|
||||
if [ "$MASTER" = "$ANNOUNCE_IP" ]; then
|
||||
redis_role
|
||||
if [ "$ROLE" != "master" ]; then
|
||||
reinit
|
||||
fi
|
||||
else
|
||||
elif [ "${MASTER}" ]; then
|
||||
identify_redis_master
|
||||
if [ "$REDIS_MASTER" != "$MASTER" ]; then
|
||||
reinit
|
||||
@@ -622,7 +618,7 @@ data:
|
||||
timeout check 2s
|
||||
|
||||
listen health_check_http_url
|
||||
bind [::]:8888 v4v6
|
||||
bind [::]:8888 v4v6
|
||||
mode http
|
||||
monitor-uri /healthz
|
||||
option dontlognull
|
||||
@@ -636,7 +632,6 @@ data:
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE0
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
|
||||
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
|
||||
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
|
||||
@@ -650,7 +645,6 @@ data:
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE1
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
|
||||
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
|
||||
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
|
||||
@@ -664,7 +658,6 @@ data:
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE2
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
|
||||
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
|
||||
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
|
||||
@@ -764,7 +757,7 @@ metadata:
|
||||
labels:
|
||||
heritage: Helm
|
||||
release: argocd
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
app: argocd-redis-ha
|
||||
data:
|
||||
redis_liveness.sh: |
|
||||
@@ -814,7 +807,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
@@ -833,7 +826,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
component: argocd-redis-ha-haproxy
|
||||
rules:
|
||||
- apiGroups:
|
||||
@@ -853,7 +846,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: argocd-redis-ha
|
||||
@@ -872,7 +865,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
component: argocd-redis-ha-haproxy
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
@@ -892,7 +885,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
annotations:
|
||||
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
|
||||
spec:
|
||||
@@ -922,7 +915,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
annotations:
|
||||
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
|
||||
spec:
|
||||
@@ -952,7 +945,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
annotations:
|
||||
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
|
||||
spec:
|
||||
@@ -982,7 +975,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
annotations:
|
||||
spec:
|
||||
type: ClusterIP
|
||||
@@ -1010,7 +1003,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
component: argocd-redis-ha-haproxy
|
||||
annotations:
|
||||
spec:
|
||||
@@ -1034,7 +1027,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
spec:
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
@@ -1052,11 +1045,15 @@ spec:
|
||||
release: argocd
|
||||
revision: "1"
|
||||
annotations:
|
||||
checksum/config: 33967cee643b636d6e9a66e82b7f85814ceb8c55fba7a1d8af439ef056934e5c
|
||||
checksum/config: 1f7a9ffcacb3871ceb9b0741c0714e3f7fa656d426a398c1f727fffb01073f35
|
||||
spec:
|
||||
# Needed when using unmodified rbac-setup.yml
|
||||
|
||||
serviceAccountName: argocd-redis-ha-haproxy
|
||||
securityContext:
|
||||
fsGroup: 99
|
||||
runAsNonRoot: true
|
||||
runAsUser: 99
|
||||
nodeSelector:
|
||||
{}
|
||||
tolerations:
|
||||
@@ -1080,20 +1077,20 @@ spec:
|
||||
- sh
|
||||
args:
|
||||
- /readonly/haproxy_init.sh
|
||||
securityContext:
|
||||
null
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /readonly
|
||||
readOnly: true
|
||||
- name: data
|
||||
mountPath: /data
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
containers:
|
||||
- name: haproxy
|
||||
image: haproxy:2.6.2-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
null
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
@@ -1140,7 +1137,7 @@ metadata:
|
||||
app: redis-ha
|
||||
heritage: "Helm"
|
||||
release: "argocd"
|
||||
chart: redis-ha-4.17.8
|
||||
chart: redis-ha-4.22.3
|
||||
annotations:
|
||||
{}
|
||||
spec:
|
||||
@@ -1156,7 +1153,7 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/init-config: 226aec192d2f29b5355769c9f1fbf093bf36c3a1e15b574b71fb8fe73fd37c05
|
||||
checksum/init-config: 84ccf6a9b8a7fa3ae5b62a8f17d6c65a5197e9605da9b2761179bf942828eefe
|
||||
labels:
|
||||
release: argocd
|
||||
app: redis-ha
|
||||
@@ -1172,7 +1169,7 @@ spec:
|
||||
release: argocd
|
||||
argocd-redis-ha: replica
|
||||
topologyKey: kubernetes.io/hostname
|
||||
securityContext:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
@@ -1188,6 +1185,8 @@ spec:
|
||||
- sh
|
||||
args:
|
||||
- /readonly-config/init.sh
|
||||
securityContext:
|
||||
null
|
||||
env:
|
||||
- name: SENTINEL_ID_0
|
||||
value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
|
||||
@@ -1211,6 +1210,8 @@ spec:
|
||||
- redis-server
|
||||
args:
|
||||
- /data/conf/redis.conf
|
||||
securityContext:
|
||||
null
|
||||
livenessProbe:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
@@ -1259,6 +1260,8 @@ spec:
|
||||
- redis-sentinel
|
||||
args:
|
||||
- /data/conf/sentinel.conf
|
||||
securityContext:
|
||||
null
|
||||
livenessProbe:
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
@@ -1301,6 +1304,8 @@ spec:
|
||||
- sh
|
||||
args:
|
||||
- /readonly-config/fix-split-brain.sh
|
||||
securityContext:
|
||||
null
|
||||
env:
|
||||
- name: SENTINEL_ID_0
|
||||
value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
|
||||
|
||||
@@ -5,16 +5,15 @@ redis-ha:
|
||||
masterGroupName: argocd
|
||||
config:
|
||||
save: "\"\""
|
||||
bind: "0.0.0.0"
|
||||
haproxy:
|
||||
enabled: true
|
||||
image:
|
||||
tag: 2.6.2-alpine
|
||||
containerSecurityContext: null
|
||||
timeout:
|
||||
server: 6m
|
||||
client: 6m
|
||||
checkInterval: 3s
|
||||
image:
|
||||
tag: 7.0.5-alpine
|
||||
sentinel:
|
||||
bind: "0.0.0.0"
|
||||
containerSecurityContext: null
|
||||
|
||||
@@ -25,3 +25,12 @@
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/2/securityContext
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
@@ -9911,11 +9911,11 @@ data:
|
||||
echo "Getting redis master ip.."
|
||||
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
|
||||
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
if [ -z "${DEFAULT_MASTER}" ]; then
|
||||
echo "Error: Unable to resolve redis master (getent hosts)."
|
||||
exit 1
|
||||
fi
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
echo "Setting default slave config for redis and sentinel.."
|
||||
echo " using master ip (${DEFAULT_MASTER})"
|
||||
redis_update "${DEFAULT_MASTER}"
|
||||
@@ -10012,11 +10012,7 @@ data:
|
||||
getent_hosts() {
|
||||
index=${1:-${INDEX}}
|
||||
service="${SERVICE}-announce-${index}"
|
||||
pod="${SERVICE}-server-${index}"
|
||||
host=$(getent hosts "${service}")
|
||||
if [ -z "${host}" ]; then
|
||||
host=$(getent hosts "${pod}")
|
||||
fi
|
||||
echo "${host}"
|
||||
}
|
||||
|
||||
@@ -10061,18 +10057,24 @@ data:
|
||||
|
||||
identify_announce_ip
|
||||
|
||||
while [ -z "${ANNOUNCE_IP}" ]; do
|
||||
echo "Error: Could not resolve the announce ip for this pod."
|
||||
sleep 30
|
||||
identify_announce_ip
|
||||
done
|
||||
|
||||
while true; do
|
||||
sleep 60
|
||||
|
||||
# where is redis master
|
||||
identify_master
|
||||
|
||||
if [ "$MASTER" == "$ANNOUNCE_IP" ]; then
|
||||
if [ "$MASTER" = "$ANNOUNCE_IP" ]; then
|
||||
redis_role
|
||||
if [ "$ROLE" != "master" ]; then
|
||||
reinit
|
||||
fi
|
||||
else
|
||||
elif [ "${MASTER}" ]; then
|
||||
identify_redis_master
|
||||
if [ "$REDIS_MASTER" != "$MASTER" ]; then
|
||||
reinit
|
||||
@@ -10088,7 +10090,7 @@ data:
|
||||
timeout check 2s
|
||||
|
||||
listen health_check_http_url
|
||||
bind [::]:8888 v4v6
|
||||
bind [::]:8888 v4v6
|
||||
mode http
|
||||
monitor-uri /healthz
|
||||
option dontlognull
|
||||
@@ -10102,7 +10104,6 @@ data:
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE0
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
|
||||
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
|
||||
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
|
||||
@@ -10116,7 +10117,6 @@ data:
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE1
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
|
||||
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
|
||||
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
|
||||
@@ -10130,7 +10130,6 @@ data:
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE2
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
|
||||
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
|
||||
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
|
||||
@@ -10306,11 +10305,11 @@ data:
|
||||
echo "Getting redis master ip.."
|
||||
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
|
||||
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
if [ -z "${DEFAULT_MASTER}" ]; then
|
||||
echo "Error: Unable to resolve redis master (getent hosts)."
|
||||
exit 1
|
||||
fi
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
echo "Setting default slave config for redis and sentinel.."
|
||||
echo " using master ip (${DEFAULT_MASTER})"
|
||||
redis_update "${DEFAULT_MASTER}"
|
||||
@@ -10407,11 +10406,7 @@ data:
|
||||
getent_hosts() {
|
||||
index=${1:-${INDEX}}
|
||||
service="${SERVICE}-announce-${index}"
|
||||
pod="${SERVICE}-server-${index}"
|
||||
host=$(getent hosts "${service}")
|
||||
if [ -z "${host}" ]; then
|
||||
host=$(getent hosts "${pod}")
|
||||
fi
|
||||
echo "${host}"
|
||||
}
|
||||
|
||||
@@ -10459,7 +10454,6 @@ data:
|
||||
port 6379
|
||||
rename-command FLUSHDB ""
|
||||
rename-command FLUSHALL ""
|
||||
bind 0.0.0.0
|
||||
maxmemory 0
|
||||
maxmemory-policy volatile-lru
|
||||
min-replicas-max-lag 5
|
||||
@@ -10471,7 +10465,6 @@ data:
|
||||
sentinel.conf: |
|
||||
dir "/data"
|
||||
port 26379
|
||||
bind 0.0.0.0
|
||||
sentinel down-after-milliseconds argocd 10000
|
||||
sentinel failover-timeout argocd 180000
|
||||
maxclients 10000
|
||||
@@ -10884,7 +10877,7 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -10994,7 +10987,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /shared/argocd-dex
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: copyutil
|
||||
securityContext:
|
||||
@@ -11047,7 +11040,7 @@ spec:
|
||||
containers:
|
||||
- command:
|
||||
- argocd-notifications
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
@@ -11105,7 +11098,7 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: 33967cee643b636d6e9a66e82b7f85814ceb8c55fba7a1d8af439ef056934e5c
|
||||
checksum/config: 1f7a9ffcacb3871ceb9b0741c0714e3f7fa656d426a398c1f727fffb01073f35
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-redis-ha-haproxy
|
||||
name: argocd-redis-ha-haproxy
|
||||
@@ -11171,9 +11164,9 @@ spec:
|
||||
- mountPath: /data
|
||||
name: data
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
fsGroup: 99
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsUser: 99
|
||||
serviceAccountName: argocd-redis-ha-haproxy
|
||||
volumes:
|
||||
- configMap:
|
||||
@@ -11344,7 +11337,7 @@ spec:
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -11395,7 +11388,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -11668,7 +11661,7 @@ spec:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -11903,7 +11896,7 @@ spec:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
@@ -11963,7 +11956,7 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/init-config: 226aec192d2f29b5355769c9f1fbf093bf36c3a1e15b574b71fb8fe73fd37c05
|
||||
checksum/init-config: 84ccf6a9b8a7fa3ae5b62a8f17d6c65a5197e9605da9b2761179bf942828eefe
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-redis-ha
|
||||
spec:
|
||||
@@ -12089,6 +12082,13 @@ spec:
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: split-brain-fix
|
||||
resources: {}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /readonly-config
|
||||
name: config
|
||||
@@ -12241,7 +12241,8 @@ spec:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
@@ -12286,7 +12287,8 @@ spec:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
|
||||
@@ -577,11 +577,11 @@ data:
|
||||
echo "Getting redis master ip.."
|
||||
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
|
||||
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
if [ -z "${DEFAULT_MASTER}" ]; then
|
||||
echo "Error: Unable to resolve redis master (getent hosts)."
|
||||
exit 1
|
||||
fi
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
echo "Setting default slave config for redis and sentinel.."
|
||||
echo " using master ip (${DEFAULT_MASTER})"
|
||||
redis_update "${DEFAULT_MASTER}"
|
||||
@@ -678,11 +678,7 @@ data:
|
||||
getent_hosts() {
|
||||
index=${1:-${INDEX}}
|
||||
service="${SERVICE}-announce-${index}"
|
||||
pod="${SERVICE}-server-${index}"
|
||||
host=$(getent hosts "${service}")
|
||||
if [ -z "${host}" ]; then
|
||||
host=$(getent hosts "${pod}")
|
||||
fi
|
||||
echo "${host}"
|
||||
}
|
||||
|
||||
@@ -727,18 +723,24 @@ data:
|
||||
|
||||
identify_announce_ip
|
||||
|
||||
while [ -z "${ANNOUNCE_IP}" ]; do
|
||||
echo "Error: Could not resolve the announce ip for this pod."
|
||||
sleep 30
|
||||
identify_announce_ip
|
||||
done
|
||||
|
||||
while true; do
|
||||
sleep 60
|
||||
|
||||
# where is redis master
|
||||
identify_master
|
||||
|
||||
if [ "$MASTER" == "$ANNOUNCE_IP" ]; then
|
||||
if [ "$MASTER" = "$ANNOUNCE_IP" ]; then
|
||||
redis_role
|
||||
if [ "$ROLE" != "master" ]; then
|
||||
reinit
|
||||
fi
|
||||
else
|
||||
elif [ "${MASTER}" ]; then
|
||||
identify_redis_master
|
||||
if [ "$REDIS_MASTER" != "$MASTER" ]; then
|
||||
reinit
|
||||
@@ -754,7 +756,7 @@ data:
|
||||
timeout check 2s
|
||||
|
||||
listen health_check_http_url
|
||||
bind [::]:8888 v4v6
|
||||
bind [::]:8888 v4v6
|
||||
mode http
|
||||
monitor-uri /healthz
|
||||
option dontlognull
|
||||
@@ -768,7 +770,6 @@ data:
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE0
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
|
||||
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
|
||||
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
|
||||
@@ -782,7 +783,6 @@ data:
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE1
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
|
||||
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
|
||||
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
|
||||
@@ -796,7 +796,6 @@ data:
|
||||
tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
|
||||
tcp-check expect string REPLACE_ANNOUNCE2
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server R0 argocd-redis-ha-announce-0:26379 check inter 3s
|
||||
server R1 argocd-redis-ha-announce-1:26379 check inter 3s
|
||||
server R2 argocd-redis-ha-announce-2:26379 check inter 3s
|
||||
@@ -972,11 +971,11 @@ data:
|
||||
echo "Getting redis master ip.."
|
||||
echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
|
||||
DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
if [ -z "${DEFAULT_MASTER}" ]; then
|
||||
echo "Error: Unable to resolve redis master (getent hosts)."
|
||||
exit 1
|
||||
fi
|
||||
echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})"
|
||||
echo "Setting default slave config for redis and sentinel.."
|
||||
echo " using master ip (${DEFAULT_MASTER})"
|
||||
redis_update "${DEFAULT_MASTER}"
|
||||
@@ -1073,11 +1072,7 @@ data:
|
||||
getent_hosts() {
|
||||
index=${1:-${INDEX}}
|
||||
service="${SERVICE}-announce-${index}"
|
||||
pod="${SERVICE}-server-${index}"
|
||||
host=$(getent hosts "${service}")
|
||||
if [ -z "${host}" ]; then
|
||||
host=$(getent hosts "${pod}")
|
||||
fi
|
||||
echo "${host}"
|
||||
}
|
||||
|
||||
@@ -1125,7 +1120,6 @@ data:
|
||||
port 6379
|
||||
rename-command FLUSHDB ""
|
||||
rename-command FLUSHALL ""
|
||||
bind 0.0.0.0
|
||||
maxmemory 0
|
||||
maxmemory-policy volatile-lru
|
||||
min-replicas-max-lag 5
|
||||
@@ -1137,7 +1131,6 @@ data:
|
||||
sentinel.conf: |
|
||||
dir "/data"
|
||||
port 26379
|
||||
bind 0.0.0.0
|
||||
sentinel down-after-milliseconds argocd 10000
|
||||
sentinel failover-timeout argocd 180000
|
||||
maxclients 10000
|
||||
@@ -1550,7 +1543,7 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -1660,7 +1653,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /shared/argocd-dex
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: copyutil
|
||||
securityContext:
|
||||
@@ -1713,7 +1706,7 @@ spec:
|
||||
containers:
|
||||
- command:
|
||||
- argocd-notifications
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
@@ -1771,7 +1764,7 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: 33967cee643b636d6e9a66e82b7f85814ceb8c55fba7a1d8af439ef056934e5c
|
||||
checksum/config: 1f7a9ffcacb3871ceb9b0741c0714e3f7fa656d426a398c1f727fffb01073f35
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-redis-ha-haproxy
|
||||
name: argocd-redis-ha-haproxy
|
||||
@@ -1837,9 +1830,9 @@ spec:
|
||||
- mountPath: /data
|
||||
name: data
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
fsGroup: 99
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsUser: 99
|
||||
serviceAccountName: argocd-redis-ha-haproxy
|
||||
volumes:
|
||||
- configMap:
|
||||
@@ -2010,7 +2003,7 @@ spec:
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -2061,7 +2054,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -2334,7 +2327,7 @@ spec:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -2569,7 +2562,7 @@ spec:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
@@ -2629,7 +2622,7 @@ spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/init-config: 226aec192d2f29b5355769c9f1fbf093bf36c3a1e15b574b71fb8fe73fd37c05
|
||||
checksum/init-config: 84ccf6a9b8a7fa3ae5b62a8f17d6c65a5197e9605da9b2761179bf942828eefe
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-redis-ha
|
||||
spec:
|
||||
@@ -2755,6 +2748,13 @@ spec:
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: split-brain-fix
|
||||
resources: {}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /readonly-config
|
||||
name: config
|
||||
@@ -2907,7 +2907,8 @@ spec:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
@@ -2952,7 +2953,8 @@ spec:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
|
||||
@@ -9955,7 +9955,7 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -10065,7 +10065,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /shared/argocd-dex
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: copyutil
|
||||
securityContext:
|
||||
@@ -10118,7 +10118,7 @@ spec:
|
||||
containers:
|
||||
- command:
|
||||
- argocd-notifications
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
@@ -10371,7 +10371,7 @@ spec:
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -10422,7 +10422,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -10691,7 +10691,7 @@ spec:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -10924,7 +10924,7 @@ spec:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
@@ -11056,7 +11056,8 @@ spec:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
|
||||
@@ -621,7 +621,7 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-applicationset-controller
|
||||
ports:
|
||||
@@ -731,7 +731,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /shared/argocd-dex
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: copyutil
|
||||
securityContext:
|
||||
@@ -784,7 +784,7 @@ spec:
|
||||
containers:
|
||||
- command:
|
||||
- argocd-notifications
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
@@ -1037,7 +1037,7 @@ spec:
|
||||
value: /helm-working-dir
|
||||
- name: HELM_DATA_HOME
|
||||
value: /helm-working-dir
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
@@ -1088,7 +1088,7 @@ spec:
|
||||
- -n
|
||||
- /usr/local/bin/argocd
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
name: copyutil
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -1357,7 +1357,7 @@ spec:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -1590,7 +1590,7 @@ spec:
|
||||
key: application.namespaces
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
image: quay.io/argoproj/argocd:v2.5.0
|
||||
image: quay.io/argoproj/argocd:v2.5.2
|
||||
imagePullPolicy: Always
|
||||
name: argocd-application-controller
|
||||
ports:
|
||||
@@ -1722,7 +1722,8 @@ spec:
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector: {}
|
||||
- ipBlock:
|
||||
cidr: 0.0.0.0/0
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
|
||||
@@ -124,6 +124,7 @@ nav:
|
||||
- user-guide/application_sources.md
|
||||
- user-guide/kustomize.md
|
||||
- user-guide/helm.md
|
||||
- user-guide/import.md
|
||||
- user-guide/jsonnet.md
|
||||
- user-guide/directory.md
|
||||
- user-guide/config-management-plugins.md
|
||||
@@ -157,6 +158,7 @@ nav:
|
||||
- developer-guide/index.md
|
||||
- Code Contribution Guide: developer-guide/code-contributions.md
|
||||
- Toolchain Guide: developer-guide/toolchain-guide.md
|
||||
- developer-guide/contributors-quickstart.md
|
||||
- developer-guide/release-process-and-cadence.md
|
||||
- developer-guide/running-locally.md
|
||||
- developer-guide/debugging-remote-environment.md
|
||||
|
||||
@@ -334,7 +334,7 @@ func (c *diffConfig) DiffFromCache(appName string) (bool, []*appv1.ResourceDiff)
|
||||
}
|
||||
|
||||
// preDiffNormalize applies the normalization of live and target resources before invoking
|
||||
// the diff. None of the attributes in the preDiffNormalizeParams will be modified.
|
||||
// the diff. None of the attributes in the lives and targets params will be modified.
|
||||
func preDiffNormalize(lives, targets []*unstructured.Unstructured, diffConfig DiffConfig) (*NormalizationResult, error) {
|
||||
if diffConfig == nil {
|
||||
return nil, fmt.Errorf("preDiffNormalize error: diffConfig can not be nil")
|
||||
|
||||
@@ -4,17 +4,12 @@ import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/argoproj/gitops-engine/pkg/utils/kube"
|
||||
|
||||
"github.com/argoproj/argo-cd/v2/common"
|
||||
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
|
||||
"github.com/argoproj/argo-cd/v2/util/settings"
|
||||
|
||||
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
|
||||
|
||||
"github.com/argoproj/argo-cd/v2/util/kube"
|
||||
argokube "github.com/argoproj/argo-cd/v2/util/kube"
|
||||
"github.com/argoproj/argo-cd/v2/util/settings"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -107,21 +102,29 @@ func (rt *resourceTracking) GetAppInstance(un *unstructured.Unstructured, key st
|
||||
}
|
||||
}
|
||||
|
||||
// UnstructuredToAppInstanceValue will build the AppInstanceValue based
|
||||
// on the provided unstructured. The given namespace works as a default
|
||||
// value if the resource's namespace is not defined. It should be the
|
||||
// Application's target destination namespace.
|
||||
func UnstructuredToAppInstanceValue(un *unstructured.Unstructured, appName, namespace string) AppInstanceValue {
|
||||
ns := un.GetNamespace()
|
||||
if ns == "" {
|
||||
ns = namespace
|
||||
}
|
||||
gvk := un.GetObjectKind().GroupVersionKind()
|
||||
return AppInstanceValue{
|
||||
ApplicationName: appName,
|
||||
Group: gvk.Group,
|
||||
Kind: gvk.Kind,
|
||||
Namespace: ns,
|
||||
Name: un.GetName(),
|
||||
}
|
||||
}
|
||||
|
||||
// SetAppInstance set label/annotation base on tracking method
|
||||
func (rt *resourceTracking) SetAppInstance(un *unstructured.Unstructured, key, val, namespace string, trackingMethod v1alpha1.TrackingMethod) error {
|
||||
setAppInstanceAnnotation := func() error {
|
||||
ns := un.GetNamespace()
|
||||
if ns == "" {
|
||||
ns = namespace
|
||||
}
|
||||
gvk := un.GetObjectKind().GroupVersionKind()
|
||||
appInstanceValue := AppInstanceValue{
|
||||
ApplicationName: val,
|
||||
Group: gvk.Group,
|
||||
Kind: gvk.Kind,
|
||||
Namespace: ns,
|
||||
Name: un.GetName(),
|
||||
}
|
||||
appInstanceValue := UnstructuredToAppInstanceValue(un, val, namespace)
|
||||
return argokube.SetAppInstanceAnnotation(un, common.AnnotationKeyAppInstance, rt.BuildAppInstanceValue(appInstanceValue))
|
||||
}
|
||||
switch trackingMethod {
|
||||
|
||||
Reference in New Issue
Block a user