Compare commits

...

38 Commits

Author SHA1 Message Date
argo-bot
7be094f38d Bump version to 2.6.4 2023-03-07 22:35:05 +00:00
argo-bot
db2869c866 Bump version to 2.6.4 2023-03-07 22:35:00 +00:00
gcp-cherry-pick-bot[bot]
2b6d55bfe5 fix: typo in doc link (#12744) (#12760)
Signed-off-by: Noah Krause <krausenoah@gmail.com>
Co-authored-by: Noah Krause <krausenoah@gmail.com>
2023-03-07 16:40:20 -05:00
gcp-cherry-pick-bot[bot]
e81ddb0855 fix: Validate chat button url only when chatUrl is set (#12655) (#12749) (#12757)
* Validate chat button url only when chatUrl is set



* Add Info Support to argocd USERS.md



* Fix linter error



* Fix linter error



---------

Signed-off-by: Rouke Broersma <rouke.broersma@infosupport.com>
Co-authored-by: Rouke Broersma <rouke.broersma@infosupport.com>
2023-03-07 14:38:02 -05:00
gcp-cherry-pick-bot[bot]
8dcdbb588d fix: suppress Kubernetes API deprecation warnings from application controller (#12067) (#12742)
Completely suppress warning logs only for log levels that are less than Debug.

Signed-off-by: toVersus <toversus2357@gmail.com>
Co-authored-by: Tsubasa Nagasawa <toversus2357@gmail.com>
2023-03-06 16:50:56 -05:00
gcp-cherry-pick-bot[bot]
1e7aab19aa fix: Use CredsStore for GoogleCloudCreds (#12391) (#12741)
git-ask-pass.sh is no longer supported for credentials

Signed-off-by: David Becher <becher.david@googlemail.com>
Co-authored-by: david-becher <becher.david@googlemail.com>
2023-03-06 16:45:23 -05:00
gcp-cherry-pick-bot[bot]
ec6e05afca docs: add namespace to initial-password command (#12718) (#12737)
Added " -n argocd " to avoid unexpected error.

Signed-off-by: Devarsh <devarshshah2608@gmail.com>
Co-authored-by: Devarsh <devarshshah2608@gmail.com>
2023-03-06 16:41:09 -05:00
gcp-cherry-pick-bot[bot]
09ea76364c docs: Update kustomization example (#12555) (#12738)
...to align with documented usage of kustomize.

As it was, this example stops working with Kustomize v5

Signed-off-by: Jonas Bergler <jonas@bergler.name>
Co-authored-by: Jonas Bergler <jonas@bergler.name>
2023-03-06 16:40:29 -05:00
dependabot[bot]
b795fcad3d chore(deps): bump actions/cache from 3.2.5 to 3.2.6 (#12567)
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](6998d139dd...69d9d449ac)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-06 16:36:37 -05:00
dependabot[bot]
896b143866 chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#12689)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.8.1 to 3.0.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](9becc61764...c3667d9942)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-06 16:33:40 -05:00
gcp-cherry-pick-bot[bot]
10051833a5 docs: unset finalizer before deleting an app non-cascadingly (#10949) (#12733)
Signed-off-by: Bo Huang <beyondbill@users.noreply.github.com>
Co-authored-by: Bo Huang <beyondbill@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-03-06 14:53:04 -05:00
gcp-cherry-pick-bot[bot]
705ca3c95a docs: 2.6 addendum for plugin.name (#12701) (#12704)
* 2.6 addendum for plugin.name



* Clearer doc on plugin.name

---------

Signed-off-by: Raymond Wong <61470342+rwong2888@users.noreply.github.com>
Co-authored-by: Raymond Wong <61470342+rwong2888@users.noreply.github.com>
2023-03-06 12:39:57 -05:00
gcp-cherry-pick-bot[bot]
fca7f58a93 chore: Add unit tests for the shared health resource feature and fix docs (#12715) (#12720) (#12731)
* Dummy action in



* Dummy action in



* happy happy joy joy



* will the tests fail?



* happy happy joy joy



* lua tests with relative path



* bye bye custom action



* placatin custom actions tests



* added tests and fixed docs



* added tests and fixed docs



* Update docs/operator-manual/health.md




---------

Signed-off-by: reggie <reginakagan@gmail.com>
Signed-off-by: reggie-k <reginakagan@gmail.com>
Co-authored-by: reggie-k <reginakagan@gmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-03-06 12:39:19 -05:00
gcp-cherry-pick-bot[bot]
85d1c0fac7 fix: ensure certificate gets updated on reload (#12076) (#12696)
* fix: ensure certificate gets updated on reload

Fixes #10707. `GetCertificate` ensures that the most current version of
 `a.settings.Certificate` is used. It's still a bit of a mystery to me
 as to why the reloading of the server does not work for this, since it
 should fulfill the same function.



* fix: remove break from cert changes

With 3553ef8, there's no longer any need to break out of the loop. The
webhook reloading logic needs another look (since it likely no longer
works), but can be handled in another PR.



---------

Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Co-authored-by: Blake Pettersson <blake.pettersson@gmail.com>
2023-03-02 09:27:45 -05:00
gcp-cherry-pick-bot[bot]
bb7ec0ff32 docs: link directly to HA manifests (#11970) (#12682)
This updates the manifest link directly to the High Availability header in the manifest readme. I chose this over linking to the `ha` folder since it explains the options and links to them.

Signed-off-by: Nicholas Morey <nicholas@morey.tech>
Co-authored-by: Nicholas Morey <nicholas@morey.tech>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-03-01 16:59:04 -05:00
Justin Marquis
57f6703d08 chore: upgrade redis to 7.0.8 to avoid several CVEs (#12627)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2023-02-28 09:26:34 -05:00
gcp-cherry-pick-bot[bot]
f016977b5d chore: upgrade haproxy to 2.6.9 to avoid multiple CVEs (#12628) (#12658)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Co-authored-by: Justin Marquis <34fathombelow@protonmail.com>
2023-02-28 09:25:29 -05:00
argo-bot
e05298b9c6 Bump version to 2.6.3 2023-02-27 14:27:28 +00:00
argo-bot
57c30b5e04 Bump version to 2.6.3 2023-02-27 14:27:24 +00:00
gcp-cherry-pick-bot[bot]
8e544cbb97 fix: traverse generator tree when getting requeue time (#12407) (#12612)
* add unit test reproducing




* feat: Begin polishing top bar design (#12327)



* chore: add dist to path to use our kustomize version (#12352)

* chore: add dist to path to use our kustomize version



* correct path



* missed a spot



---------




* fix: when resource does not exist node menu and resource details shou… (#12360)

* fix: when resource does not exist node menu and resource details should still render



* Retrigger CI pipeline



---------




* fix: traverse generator tree when getting requeue time



* fix: traverse generator tree when getting requeue time



* remove duplicate code



* Retrigger CI pipeline



* revert gitignore



* update from code review



---------

Signed-off-by: rumstead <rjumstead@gmail.com>
Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Joshua Helton <jdoghelton@gmail.com>
Co-authored-by: rumstead <37445536+rumstead@users.noreply.github.com>
Co-authored-by: Remington Breeze <remington@breeze.software>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: jphelton <jdoghelton@gmail.com>
2023-02-24 16:31:08 -05:00
gcp-cherry-pick-bot[bot]
a5fb6ffe6b fix: evaluate all possible refresh reasons for multi-source apps (#12379) (#12609)
* fix: evaluate all possible refresh reasons for multi-source apps (#12379)



* remove redundant parentheses



* tests



* don't auto-sync, it makes tests flaky



* auto-sync because sync CLI doesn't work for multi-source apps



* don't require out-of-sync - app may sync quickly



* timeout 60



* fix timeout



---------

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-02-24 13:39:40 -05:00
Michael Crenshaw
691f20461e docs: add 2.5->2.6 upgrade notes to table of contents (#12319)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-02-17 17:03:26 -05:00
Justin Marquis
7756a816ab chore: use registry.k8s.io instead of k8s.gcr.io (#12362)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-02-17 15:13:38 -05:00
Nicholas Morey
fd4c5f694a docs: add multi source app ref in helm section (#12499)
Signed-off-by: Nicholas Morey <nicholas@morey.tech>
2023-02-17 15:04:44 -05:00
dependabot[bot]
f148fa42a1 chore(deps): bump imjasonh/setup-crane from 0.2 to 0.3 (#12504)
Bumps [imjasonh/setup-crane](https://github.com/imjasonh/setup-crane) from 0.2 to 0.3.
- [Release notes](https://github.com/imjasonh/setup-crane/releases)
- [Commits](e82f1b9a80...00c9e93efa)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: imjasonh/setup-crane
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-17 14:39:52 -05:00
Josh Soref
c3e96be67f docs: FAQ improvements (#12146)
* docs: use more backticks in FAQ

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* docs: add FAQ entry

The order in patch list … doesn't match $setElementOrder list: …

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

---------

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2023-02-17 14:14:48 -05:00
Dmitriy Mann
d17aaf23c9 fix: valid username in webhook URL matching regex (#9055) (#12203)
This commit fixes incorrect regular expression used for URL matching.

Expected behavior: valid user info part is matched => webhook is sent.
Actual behavior: some valid user info is not matched, example: `ssh://user-name@example.com/org/repo` => webhook is not sent.

Context:
 - [RFC 3986 3.2.1 - User Information](https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1)
 - [Username validation regex in shadow Linux package](https://github.com/shadow-maint/shadow/blob/master/libmisc/chkname.c#L36)

Signed-off-by: mdsjip <2284562+mdsjip@users.noreply.github.com>
2023-02-17 14:11:16 -05:00
Steve Ramage
21cdcc124d docs: fix a few typos and grammar mistakes (#12280)
Signed-off-by: Steve Ramage <commits@sjrx.net>
Co-authored-by: Steve Ramage <commits@sjrx.net>
2023-02-17 14:07:07 -05:00
dependabot[bot]
d195568c90 chore(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1 (#12308)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](15c905b16b...f03ac48505)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-17 14:00:25 -05:00
atusy
860503fc07 docs: fix typo (#12389)
Signed-off-by: atusy <30277794+atusy@users.noreply.github.com>
2023-02-17 13:57:26 -05:00
dependabot[bot]
27c6913bfe chore(deps): bump actions/cache from 3.2.4 to 3.2.5 (#12433)
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](627f0f41f6...6998d139dd)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-17 13:52:30 -05:00
Vaibhav Bhembre
9c0ca76d2e fix: setting spec.SyncPolicy crashes 'argocd appset get' output (#12424) (#12425)
Signed-off-by: Vaibhav Bhembre <vaibhav@digitalocean.com>
2023-02-17 13:50:57 -05:00
Wojtek Cichoń
0d0570de53 docs: Updated link to Jenkins and added GitHub Actions link (#12465)
Signed-off-by: Wojtek Cichoń <wojtek.cichon@protonmail.com>
2023-02-17 13:36:26 -05:00
Zadkiel Aharonian
a731a38026 docs: fix typo in health documentation (#12497)
Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr>
2023-02-17 13:34:23 -05:00
Saumeya Katyal
03d1c052f6 fix(security): add url validation for help chat (#9956) (#10417)
* fix: add url validation for help chat

Signed-off-by: saumeya <saumeyakatyal@gmail.com>

* lint check

Signed-off-by: saumeya <saumeyakatyal@gmail.com>

* lint fix

Signed-off-by: saumeya <saumeyakatyal@gmail.com>

* review comments

Signed-off-by: saumeya <saumeyakatyal@gmail.com>

---------

Signed-off-by: saumeya <saumeyakatyal@gmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2023-02-17 13:19:35 -05:00
Michael Chen
312683216e docs: Clarify cascade delete of resource and finalizer (#11064)
* Clarify cascade delete of resource and finalizer.

The wording of this warning was confusing.

Signed-off-by: Michael Chen <4326639+mcgitty@users.noreply.github.com>

* Update docs/operator-manual/declarative-setup.md

Co-authored-by: Nicholas Morey <nicholas@morey.tech>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: Michael Chen <4326639+mcgitty@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Nicholas Morey <nicholas@morey.tech>
2023-02-17 13:17:47 -05:00
schakrad
4412a770d5 fix: show full event message in pod event view (#12104) (#12267)
* #11602 fix : Object options menu truncated when selected in ApplicationListView.

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>

* fix for the message to be fully shown under the events section.

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>

* fixing lint

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>

* Update application-resource-list.tsx

Signed-off-by: schakrad <58915923+schakrad@users.noreply.github.com>

* fix for  lint error

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>

---------

Signed-off-by: schakradari <saisindhu_chakradari@intuit.com>
Signed-off-by: schakrad <58915923+schakrad@users.noreply.github.com>
2023-02-17 11:57:52 -05:00
jphelton
7bbedff9da fix: when resource does not exist node menu and resource details shou… (#12360)
* fix: when resource does not exist node menu and resource details should still render

Signed-off-by: Joshua Helton <jdoghelton@gmail.com>

* Retrigger CI pipeline

Signed-off-by: Joshua Helton <jdoghelton@gmail.com>

---------

Signed-off-by: Joshua Helton <jdoghelton@gmail.com>
2023-02-16 09:06:43 -08:00
67 changed files with 921 additions and 303 deletions

View File

@@ -51,7 +51,7 @@ jobs:
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Restore go build cache
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -116,7 +116,7 @@ jobs:
run: |
echo "/usr/local/bin" >> $GITHUB_PATH
- name: Restore go build cache
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -183,7 +183,7 @@ jobs:
run: |
echo "/usr/local/bin" >> $GITHUB_PATH
- name: Restore go build cache
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -269,7 +269,7 @@ jobs:
node-version: '12.18.4'
- name: Restore node dependency cache
id: cache-dependencies
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -304,7 +304,7 @@ jobs:
fetch-depth: 0
- name: Restore node dependency cache
id: cache-dependencies
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -398,7 +398,7 @@ jobs:
sudo chown runner $HOME/.kube/config
kubectl version
- name: Restore go build cache
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -426,7 +426,7 @@ jobs:
run: |
docker pull ghcr.io/dexidp/dex:v2.35.3
docker pull argoproj/argo-cd-ci-builder:v1.0.0
docker pull redis:7.0.7-alpine
docker pull redis:7.0.8-alpine
- name: Create target directory for binaries in the build-process
run: |
mkdir -p dist

View File

@@ -54,7 +54,7 @@ jobs:
# build
- uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
- uses: docker/setup-buildx-action@15c905b16b06416d2086efa066dd8e3a35cc7f98 # v2.4.0
- uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1
- run: |
IMAGE_PLATFORMS=linux/amd64
if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-arm-image') }}" == "true" ]]
@@ -69,12 +69,12 @@ jobs:
# sign container images
- name: Install cosign
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
with:
cosign-release: 'v1.13.1'
- name: Install crane to get digest of image
uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
- name: Get digest of image
run: |

View File

@@ -205,7 +205,7 @@ jobs:
if: ${{ env.DRY_RUN != 'true' }}
- uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
- uses: docker/setup-buildx-action@15c905b16b06416d2086efa066dd8e3a35cc7f98 # v2.4.0
- uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1
- name: Build and push Docker image for release
run: |
set -ue
@@ -219,12 +219,12 @@ jobs:
if: ${{ env.DRY_RUN != 'true' }}
- name: Install cosign
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
with:
cosign-release: 'v1.13.1'
- name: Install crane to get digest of image
uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
- name: Get digest of image
run: |

View File

@@ -107,6 +107,7 @@ Currently, the following organizations are **officially** using Argo CD:
1. [imaware](https://imaware.health)
1. [Indeed](https://indeed.com)
1. [Index Exchange](https://www.indexexchange.com/)
1. [Info Support](https://www.infosupport.com/)
1. [InsideBoard](https://www.insideboard.com)
1. [Intuit](https://www.intuit.com/)
1. [Joblift](https://joblift.com/)

View File

@@ -1 +1 @@
2.6.2
2.6.4

View File

@@ -0,0 +1,179 @@
package controllers
import (
"context"
"testing"
"time"
"github.com/argoproj/argo-cd/v2/applicationset/generators"
argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
dynfake "k8s.io/client-go/dynamic/fake"
kubefake "k8s.io/client-go/kubernetes/fake"
"k8s.io/client-go/tools/record"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
)
func TestRequeueAfter(t *testing.T) {
mockServer := argoCDServiceMock{}
ctx := context.Background()
scheme := runtime.NewScheme()
err := argov1alpha1.AddToScheme(scheme)
assert.Nil(t, err)
gvrToListKind := map[schema.GroupVersionResource]string{{
Group: "mallard.io",
Version: "v1",
Resource: "ducks",
}: "DuckList"}
appClientset := kubefake.NewSimpleClientset()
k8sClient := fake.NewClientBuilder().Build()
duckType := &unstructured.Unstructured{
Object: map[string]interface{}{
"apiVersion": "v2quack",
"kind": "Duck",
"metadata": map[string]interface{}{
"name": "mightyduck",
"namespace": "namespace",
"labels": map[string]interface{}{"duck": "all-species"},
},
"status": map[string]interface{}{
"decisions": []interface{}{
map[string]interface{}{
"clusterName": "staging-01",
},
map[string]interface{}{
"clusterName": "production-01",
},
},
},
},
}
fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, duckType)
terminalGenerators := map[string]generators.Generator{
"List": generators.NewListGenerator(),
"Clusters": generators.NewClusterGenerator(k8sClient, ctx, appClientset, "argocd"),
"Git": generators.NewGitGenerator(mockServer),
"SCMProvider": generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), generators.SCMAuthProviders{}),
"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd"),
"PullRequest": generators.NewPullRequestGenerator(k8sClient, generators.SCMAuthProviders{}),
}
nestedGenerators := map[string]generators.Generator{
"List": terminalGenerators["List"],
"Clusters": terminalGenerators["Clusters"],
"Git": terminalGenerators["Git"],
"SCMProvider": terminalGenerators["SCMProvider"],
"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
"PullRequest": terminalGenerators["PullRequest"],
"Matrix": generators.NewMatrixGenerator(terminalGenerators),
"Merge": generators.NewMergeGenerator(terminalGenerators),
}
topLevelGenerators := map[string]generators.Generator{
"List": terminalGenerators["List"],
"Clusters": terminalGenerators["Clusters"],
"Git": terminalGenerators["Git"],
"SCMProvider": terminalGenerators["SCMProvider"],
"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
"PullRequest": terminalGenerators["PullRequest"],
"Matrix": generators.NewMatrixGenerator(nestedGenerators),
"Merge": generators.NewMergeGenerator(nestedGenerators),
}
client := fake.NewClientBuilder().WithScheme(scheme).Build()
r := ApplicationSetReconciler{
Client: client,
Scheme: scheme,
Recorder: record.NewFakeRecorder(0),
Generators: topLevelGenerators,
}
type args struct {
appset *argov1alpha1.ApplicationSet
}
tests := []struct {
name string
args args
want time.Duration
wantErr assert.ErrorAssertionFunc
}{
{name: "Cluster", args: args{appset: &argov1alpha1.ApplicationSet{
Spec: argov1alpha1.ApplicationSetSpec{
Generators: []argov1alpha1.ApplicationSetGenerator{{Clusters: &argov1alpha1.ClusterGenerator{}}},
},
}}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
{name: "ClusterMergeNested", args: args{&argov1alpha1.ApplicationSet{
Spec: argov1alpha1.ApplicationSetSpec{
Generators: []argov1alpha1.ApplicationSetGenerator{
{Clusters: &argov1alpha1.ClusterGenerator{}},
{Merge: &argov1alpha1.MergeGenerator{
Generators: []argov1alpha1.ApplicationSetNestedGenerator{
{
Clusters: &argov1alpha1.ClusterGenerator{},
Git: &argov1alpha1.GitGenerator{},
},
},
}},
},
},
}}, want: generators.DefaultRequeueAfterSeconds, wantErr: assert.NoError},
{name: "ClusterMatrixNested", args: args{&argov1alpha1.ApplicationSet{
Spec: argov1alpha1.ApplicationSetSpec{
Generators: []argov1alpha1.ApplicationSetGenerator{
{Clusters: &argov1alpha1.ClusterGenerator{}},
{Matrix: &argov1alpha1.MatrixGenerator{
Generators: []argov1alpha1.ApplicationSetNestedGenerator{
{
Clusters: &argov1alpha1.ClusterGenerator{},
Git: &argov1alpha1.GitGenerator{},
},
},
}},
},
},
}}, want: generators.DefaultRequeueAfterSeconds, wantErr: assert.NoError},
{name: "ListGenerator", args: args{appset: &argov1alpha1.ApplicationSet{
Spec: argov1alpha1.ApplicationSetSpec{
Generators: []argov1alpha1.ApplicationSetGenerator{{List: &argov1alpha1.ListGenerator{}}},
},
}}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.Equalf(t, tt.want, r.getMinRequeueAfter(tt.args.appset), "getMinRequeueAfter(%v)", tt.args.appset)
})
}
}
type argoCDServiceMock struct {
mock *mock.Mock
}
func (a argoCDServiceMock) GetApps(ctx context.Context, repoURL string, revision string) ([]string, error) {
args := a.mock.Called(ctx, repoURL, revision)
return args.Get(0).([]string), args.Error(1)
}
func (a argoCDServiceMock) GetFiles(ctx context.Context, repoURL string, revision string, pattern string) (map[string][]byte, error) {
args := a.mock.Called(ctx, repoURL, revision, pattern)
return args.Get(0).(map[string][]byte), args.Error(1)
}
func (a argoCDServiceMock) GetFileContent(ctx context.Context, repoURL string, revision string, path string) ([]byte, error) {
args := a.mock.Called(ctx, repoURL, revision, path)
return args.Get(0).([]byte), args.Error(1)
}
func (a argoCDServiceMock) GetDirectories(ctx context.Context, repoURL string, revision string) ([]string, error) {
args := a.mock.Called(ctx, repoURL, revision)
return args.Get(0).([]string), args.Error(1)
}

View File

@@ -51,6 +51,8 @@ func NewClusterGenerator(c client.Client, ctx context.Context, clientset kuberne
return g
}
// GetRequeueAfter never requeue the cluster generator because the `clusterSecretEventHandler` will requeue the appsets
// when the cluster secrets change
func (g *ClusterGenerator) GetRequeueAfter(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) time.Duration {
return NoRequeueAfter
}

View File

@@ -80,28 +80,13 @@ func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App
}
func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, params map[string]interface{}) ([]map[string]interface{}, error) {
var matrix *argoprojiov1alpha1.MatrixGenerator
if appSetBaseGenerator.Matrix != nil {
// Since nested matrix generator is represented as a JSON object in the CRD, we unmarshall it back to a Go struct here.
nestedMatrix, err := argoprojiov1alpha1.ToNestedMatrixGenerator(appSetBaseGenerator.Matrix)
if err != nil {
return nil, fmt.Errorf("unable to unmarshall nested matrix generator: %v", err)
}
if nestedMatrix != nil {
matrix = nestedMatrix.ToMatrixGenerator()
}
matrixGen, err := getMatrixGenerator(appSetBaseGenerator)
if err != nil {
return nil, err
}
var mergeGenerator *argoprojiov1alpha1.MergeGenerator
if appSetBaseGenerator.Merge != nil {
// Since nested merge generator is represented as a JSON object in the CRD, we unmarshall it back to a Go struct here.
nestedMerge, err := argoprojiov1alpha1.ToNestedMergeGenerator(appSetBaseGenerator.Merge)
if err != nil {
return nil, fmt.Errorf("unable to unmarshall nested merge generator: %v", err)
}
if nestedMerge != nil {
mergeGenerator = nestedMerge.ToMergeGenerator()
}
mergeGen, err := getMergeGenerator(appSetBaseGenerator)
if err != nil {
return nil, err
}
t, err := Transform(
@@ -112,8 +97,8 @@ func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Appli
SCMProvider: appSetBaseGenerator.SCMProvider,
ClusterDecisionResource: appSetBaseGenerator.ClusterDecisionResource,
PullRequest: appSetBaseGenerator.PullRequest,
Matrix: matrix,
Merge: mergeGenerator,
Matrix: matrixGen,
Merge: mergeGen,
Selector: appSetBaseGenerator.Selector,
},
m.supportedGenerators,
@@ -143,11 +128,15 @@ func (m *MatrixGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Ap
var found bool
for _, r := range appSetGenerator.Matrix.Generators {
matrixGen, _ := getMatrixGenerator(r)
mergeGen, _ := getMergeGenerator(r)
base := &argoprojiov1alpha1.ApplicationSetGenerator{
List: r.List,
Clusters: r.Clusters,
Git: r.Git,
PullRequest: r.PullRequest,
Matrix: matrixGen,
Merge: mergeGen,
}
generators := GetRelevantGenerators(base, m.supportedGenerators)
@@ -168,6 +157,17 @@ func (m *MatrixGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Ap
}
func getMatrixGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*argoprojiov1alpha1.MatrixGenerator, error) {
if r.Matrix == nil {
return nil, nil
}
matrix, err := argoprojiov1alpha1.ToNestedMatrixGenerator(r.Matrix)
if err != nil {
return nil, err
}
return matrix.ToMatrixGenerator(), nil
}
func (m *MatrixGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate {
return &appSetGenerator.Matrix.Template
}

View File

@@ -137,27 +137,13 @@ func getParamSetsByMergeKey(mergeKeys []string, paramSets []map[string]interface
// getParams get the parameters generated by this generator.
func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) {
var matrix *argoprojiov1alpha1.MatrixGenerator
if appSetBaseGenerator.Matrix != nil {
nestedMatrix, err := argoprojiov1alpha1.ToNestedMatrixGenerator(appSetBaseGenerator.Matrix)
if err != nil {
return nil, err
}
if nestedMatrix != nil {
matrix = nestedMatrix.ToMatrixGenerator()
}
matrixGen, err := getMatrixGenerator(appSetBaseGenerator)
if err != nil {
return nil, err
}
var mergeGenerator *argoprojiov1alpha1.MergeGenerator
if appSetBaseGenerator.Merge != nil {
nestedMerge, err := argoprojiov1alpha1.ToNestedMergeGenerator(appSetBaseGenerator.Merge)
if err != nil {
return nil, err
}
if nestedMerge != nil {
mergeGenerator = nestedMerge.ToMergeGenerator()
}
mergeGen, err := getMergeGenerator(appSetBaseGenerator)
if err != nil {
return nil, err
}
t, err := Transform(
@@ -168,8 +154,8 @@ func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Applic
SCMProvider: appSetBaseGenerator.SCMProvider,
ClusterDecisionResource: appSetBaseGenerator.ClusterDecisionResource,
PullRequest: appSetBaseGenerator.PullRequest,
Matrix: matrix,
Merge: mergeGenerator,
Matrix: matrixGen,
Merge: mergeGen,
Selector: appSetBaseGenerator.Selector,
},
m.supportedGenerators,
@@ -197,10 +183,15 @@ func (m *MergeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.App
var found bool
for _, r := range appSetGenerator.Merge.Generators {
matrixGen, _ := getMatrixGenerator(r)
mergeGen, _ := getMergeGenerator(r)
base := &argoprojiov1alpha1.ApplicationSetGenerator{
List: r.List,
Clusters: r.Clusters,
Git: r.Git,
List: r.List,
Clusters: r.Clusters,
Git: r.Git,
PullRequest: r.PullRequest,
Matrix: matrixGen,
Merge: mergeGen,
}
generators := GetRelevantGenerators(base, m.supportedGenerators)
@@ -221,6 +212,17 @@ func (m *MergeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.App
}
func getMergeGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*argoprojiov1alpha1.MergeGenerator, error) {
if r.Merge == nil {
return nil, nil
}
merge, err := argoprojiov1alpha1.ToNestedMergeGenerator(r.Merge)
if err != nil {
return nil, err
}
return merge.ToMergeGenerator(), nil
}
// GetTemplate gets the Template field for the MergeGenerator.
func (m *MergeGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate {
return &appSetGenerator.Merge.Template

View File

@@ -343,16 +343,19 @@ func printAppSetSummaryTable(appSet *arogappsetv1.ApplicationSet) {
fmt.Printf(printOpFmtStr, "Path:", source.Path)
printAppSourceDetails(&source)
var syncPolicy string
if appSet.Spec.SyncPolicy != nil && appSet.Spec.Template.Spec.SyncPolicy.Automated != nil {
syncPolicy = "Automated"
if appSet.Spec.Template.Spec.SyncPolicy.Automated.Prune {
syncPolicy += " (Prune)"
var (
syncPolicyStr string
syncPolicy = appSet.Spec.Template.Spec.SyncPolicy
)
if syncPolicy != nil && syncPolicy.Automated != nil {
syncPolicyStr = "Automated"
if syncPolicy.Automated.Prune {
syncPolicyStr += " (Prune)"
}
} else {
syncPolicy = "<none>"
syncPolicyStr = "<none>"
}
fmt.Printf(printOpFmtStr, "SyncPolicy:", syncPolicy)
fmt.Printf(printOpFmtStr, "SyncPolicy:", syncPolicyStr)
}

View File

@@ -1,6 +1,8 @@
package commands
import (
"io/ioutil"
"os"
"testing"
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
@@ -68,3 +70,124 @@ func TestPrintApplicationSetTable(t *testing.T) {
expectation := "NAME NAMESPACE PROJECT SYNCPOLICY CONDITIONS\napp-name default nil [{ResourcesUpToDate <nil> True }]\napp-name default nil [{ResourcesUpToDate <nil> True }]\n"
assert.Equal(t, expectation, output)
}
func TestPrintAppSetSummaryTable(t *testing.T) {
baseAppSet := &arogappsetv1.ApplicationSet{
ObjectMeta: metav1.ObjectMeta{
Name: "app-name",
},
Spec: arogappsetv1.ApplicationSetSpec{
Generators: []arogappsetv1.ApplicationSetGenerator{
arogappsetv1.ApplicationSetGenerator{
Git: &arogappsetv1.GitGenerator{
RepoURL: "https://github.com/argoproj/argo-cd.git",
Revision: "head",
Directories: []arogappsetv1.GitDirectoryGeneratorItem{
arogappsetv1.GitDirectoryGeneratorItem{
Path: "applicationset/examples/git-generator-directory/cluster-addons/*",
},
},
},
},
},
Template: arogappsetv1.ApplicationSetTemplate{
Spec: v1alpha1.ApplicationSpec{
Project: "default",
},
},
},
Status: arogappsetv1.ApplicationSetStatus{
Conditions: []arogappsetv1.ApplicationSetCondition{
arogappsetv1.ApplicationSetCondition{
Status: v1alpha1.ApplicationSetConditionStatusTrue,
Type: arogappsetv1.ApplicationSetConditionResourcesUpToDate,
},
},
},
}
appsetSpecSyncPolicy := baseAppSet.DeepCopy()
appsetSpecSyncPolicy.Spec.SyncPolicy = &arogappsetv1.ApplicationSetSyncPolicy{
PreserveResourcesOnDeletion: true,
}
appSetTemplateSpecSyncPolicy := baseAppSet.DeepCopy()
appSetTemplateSpecSyncPolicy.Spec.Template.Spec.SyncPolicy = &arogappsetv1.SyncPolicy{
Automated: &arogappsetv1.SyncPolicyAutomated{
SelfHeal: true,
},
}
appSetBothSyncPolicies := baseAppSet.DeepCopy()
appSetBothSyncPolicies.Spec.SyncPolicy = &arogappsetv1.ApplicationSetSyncPolicy{
PreserveResourcesOnDeletion: true,
}
appSetBothSyncPolicies.Spec.Template.Spec.SyncPolicy = &arogappsetv1.SyncPolicy{
Automated: &arogappsetv1.SyncPolicyAutomated{
SelfHeal: true,
},
}
for _, tt := range []struct {
name string
appSet *arogappsetv1.ApplicationSet
expectedOutput string
}{
{
name: "appset with only spec.syncPolicy set",
appSet: appsetSpecSyncPolicy,
expectedOutput: `Name: app-name
Project: default
Server:
Namespace:
Repo:
Target:
Path:
SyncPolicy: <none>
`,
},
{
name: "appset with only spec.template.spec.syncPolicy set",
appSet: appSetTemplateSpecSyncPolicy,
expectedOutput: `Name: app-name
Project: default
Server:
Namespace:
Repo:
Target:
Path:
SyncPolicy: Automated
`,
},
{
name: "appset with both spec.SyncPolicy and spec.template.spec.syncPolicy set",
appSet: appSetBothSyncPolicies,
expectedOutput: `Name: app-name
Project: default
Server:
Namespace:
Repo:
Target:
Path:
SyncPolicy: Automated
`,
},
} {
t.Run(tt.name, func(t *testing.T) {
oldStdout := os.Stdout
defer func() {
os.Stdout = oldStdout
}()
r, w, _ := os.Pipe()
os.Stdout = w
printAppSetSummaryTable(tt.appSet)
w.Close()
out, err := ioutil.ReadAll(r)
assert.NoError(t, err)
assert.Equal(t, tt.expectedOutput, string(out))
})
}
}

View File

@@ -1469,6 +1469,13 @@ func resourceStatusKey(res appv1.ResourceStatus) string {
return strings.Join([]string{res.Group, res.Kind, res.Namespace, res.Name}, "/")
}
func currentSourceEqualsSyncedSource(app *appv1.Application) bool {
if app.Spec.HasMultipleSources() {
return app.Spec.Sources.Equals(app.Status.Sync.ComparedTo.Sources)
}
return app.Spec.Source.Equals(app.Status.Sync.ComparedTo.Source)
}
// needRefreshAppStatus answers if application status needs to be refreshed.
// Returns true if application never been compared, has changed or comparison result has expired.
// Additionally returns whether full refresh was requested or not.
@@ -1487,14 +1494,12 @@ func (ctrl *ApplicationController) needRefreshAppStatus(app *appv1.Application,
refreshType = requestedType
reason = fmt.Sprintf("%s refresh requested", refreshType)
} else {
if app.Spec.HasMultipleSources() {
if (len(app.Spec.Sources) != len(app.Status.Sync.ComparedTo.Sources)) || !reflect.DeepEqual(app.Spec.Sources, app.Status.Sync.ComparedTo.Sources) {
reason = "atleast one of the spec.sources differs"
compareWith = CompareWithLatestForceResolve
}
} else if !app.Spec.Source.Equals(app.Status.Sync.ComparedTo.Source) {
if !currentSourceEqualsSyncedSource(app) {
reason = "spec.source differs"
compareWith = CompareWithLatestForceResolve
if app.Spec.HasMultipleSources() {
reason = "at least one of the spec.sources differs"
}
} else if hardExpired || softExpired {
// The commented line below mysteriously crashes if app.Status.ReconciledAt is nil
// reason = fmt.Sprintf("comparison expired. reconciledAt: %v, expiry: %v", app.Status.ReconciledAt, statusRefreshTimeout)

View File

@@ -209,6 +209,55 @@ status:
repoURL: https://github.com/argoproj/argocd-example-apps.git
`
var fakeMultiSourceApp = `
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
uid: "123"
name: my-app
namespace: ` + test.FakeArgoCDNamespace + `
spec:
destination:
namespace: ` + test.FakeDestNamespace + `
server: https://localhost:6443
project: default
sources:
- path: some/path
repoURL: https://github.com/argoproj/argocd-example-apps.git
- path: some/other/path
repoURL: https://github.com/argoproj/argocd-example-apps-fake.git
syncPolicy:
automated: {}
status:
operationState:
finishedAt: 2018-09-21T23:50:29Z
message: successfully synced
operation:
sync:
revisions:
- HEAD
- HEAD
phase: Succeeded
startedAt: 2018-09-21T23:50:25Z
syncResult:
resources:
- kind: RoleBinding
message: |-
rolebinding.rbac.authorization.k8s.io/always-outofsync reconciled
rolebinding.rbac.authorization.k8s.io/always-outofsync configured
name: always-outofsync
namespace: default
status: Synced
revisions:
- aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
- bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
sources:
- path: some/path
repoURL: https://github.com/argoproj/argocd-example-apps.git
- path: some/other/path
repoURL: https://github.com/argoproj/argocd-example-apps-fake.git
`
var fakeAppWithDestName = `
apiVersion: argoproj.io/v1alpha1
kind: Application
@@ -263,6 +312,10 @@ func newFakeApp() *argoappv1.Application {
return createFakeApp(fakeApp)
}
func newFakeMultiSourceApp() *argoappv1.Application {
return createFakeApp(fakeMultiSourceApp)
}
func newFakeAppWithDestMismatch() *argoappv1.Application {
return createFakeApp(fakeAppWithDestMismatch)
}
@@ -857,101 +910,133 @@ func TestSetOperationStateOnDeletedApp(t *testing.T) {
}
func TestNeedRefreshAppStatus(t *testing.T) {
ctrl := newFakeController(&fakeData{apps: []runtime.Object{}})
app := newFakeApp()
now := metav1.Now()
app.Status.ReconciledAt = &now
app.Status.Sync = argoappv1.SyncStatus{
Status: argoappv1.SyncStatusCodeSynced,
ComparedTo: argoappv1.ComparedTo{
Source: app.Spec.GetSource(),
Destination: app.Spec.Destination,
testCases := []struct {
name string
app *argoappv1.Application
}{
{
name: "single-source app",
app: newFakeApp(),
},
{
name: "multi-source app",
app: newFakeMultiSourceApp(),
},
}
// no need to refresh just reconciled application
needRefresh, _, _ := ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.False(t, needRefresh)
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
ctrl := newFakeController(&fakeData{apps: []runtime.Object{}})
app := tc.app
now := metav1.Now()
app.Status.ReconciledAt = &now
// refresh app using the 'deepest' requested comparison level
ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
ctrl.requestAppRefresh(app.Name, ComparisonWithNothing.Pointer(), nil)
app.Status.Sync = argoappv1.SyncStatus{
Status: argoappv1.SyncStatusCodeSynced,
ComparedTo: argoappv1.ComparedTo{
Destination: app.Spec.Destination,
},
}
needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType)
assert.Equal(t, CompareWithRecent, compareWith)
if app.Spec.HasMultipleSources() {
app.Status.Sync.ComparedTo.Sources = app.Spec.Sources
} else {
app.Status.Sync.ComparedTo.Source = app.Spec.GetSource()
}
// refresh application which status is not reconciled using latest commit
app.Status.Sync = argoappv1.SyncStatus{Status: argoappv1.SyncStatusCodeUnknown}
// no need to refresh just reconciled application
needRefresh, _, _ := ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.False(t, needRefresh)
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType)
assert.Equal(t, CompareWithLatestForceResolve, compareWith)
// refresh app using the 'deepest' requested comparison level
ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
ctrl.requestAppRefresh(app.Name, ComparisonWithNothing.Pointer(), nil)
{
// refresh app using the 'latest' level if comparison expired
app := app.DeepCopy()
ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
reconciledAt := metav1.NewTime(time.Now().UTC().Add(-1 * time.Hour))
app.Status.ReconciledAt = &reconciledAt
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Minute, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType)
assert.Equal(t, CompareWithLatestForceResolve, compareWith)
}
needRefresh, refreshType, compareWith := ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType)
assert.Equal(t, CompareWithRecent, compareWith)
{
// refresh app using the 'latest' level if comparison expired for hard refresh
app := app.DeepCopy()
app.Status.Sync = argoappv1.SyncStatus{
Status: argoappv1.SyncStatusCodeSynced,
ComparedTo: argoappv1.ComparedTo{
Source: app.Spec.GetSource(),
Destination: app.Spec.Destination,
},
}
ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
reconciledAt := metav1.NewTime(time.Now().UTC().Add(-1 * time.Hour))
app.Status.ReconciledAt = &reconciledAt
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 2*time.Hour, 1*time.Minute)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeHard, refreshType)
assert.Equal(t, CompareWithLatest, compareWith)
}
// refresh application which status is not reconciled using latest commit
app.Status.Sync = argoappv1.SyncStatus{Status: argoappv1.SyncStatusCodeUnknown}
{
app := app.DeepCopy()
// execute hard refresh if app has refresh annotation
reconciledAt := metav1.NewTime(time.Now().UTC().Add(-1 * time.Hour))
app.Status.ReconciledAt = &reconciledAt
app.Annotations = map[string]string{
v1alpha1.AnnotationKeyRefresh: string(argoappv1.RefreshTypeHard),
}
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeHard, refreshType)
assert.Equal(t, CompareWithLatestForceResolve, compareWith)
}
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType)
assert.Equal(t, CompareWithLatestForceResolve, compareWith)
{
app := app.DeepCopy()
// ensure that CompareWithLatest level is used if application source has changed
ctrl.requestAppRefresh(app.Name, ComparisonWithNothing.Pointer(), nil)
// sample app source change
app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{
Parameters: []argoappv1.HelmParameter{{
Name: "foo",
Value: "bar",
}},
}
t.Run("refresh app using the 'latest' level if comparison expired", func(t *testing.T) {
app := app.DeepCopy()
ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
reconciledAt := metav1.NewTime(time.Now().UTC().Add(-1 * time.Hour))
app.Status.ReconciledAt = &reconciledAt
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Minute, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType)
assert.Equal(t, CompareWithLatestForceResolve, compareWith)
})
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType)
assert.Equal(t, CompareWithLatestForceResolve, compareWith)
t.Run("refresh app using the 'latest' level if comparison expired for hard refresh", func(t *testing.T) {
app := app.DeepCopy()
app.Status.Sync = argoappv1.SyncStatus{
Status: argoappv1.SyncStatusCodeSynced,
ComparedTo: argoappv1.ComparedTo{
Destination: app.Spec.Destination,
},
}
if app.Spec.HasMultipleSources() {
app.Status.Sync.ComparedTo.Sources = app.Spec.Sources
} else {
app.Status.Sync.ComparedTo.Source = app.Spec.GetSource()
}
ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
reconciledAt := metav1.NewTime(time.Now().UTC().Add(-1 * time.Hour))
app.Status.ReconciledAt = &reconciledAt
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 2*time.Hour, 1*time.Minute)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeHard, refreshType)
assert.Equal(t, CompareWithLatest, compareWith)
})
t.Run("execute hard refresh if app has refresh annotation", func(t *testing.T) {
app := app.DeepCopy()
reconciledAt := metav1.NewTime(time.Now().UTC().Add(-1 * time.Hour))
app.Status.ReconciledAt = &reconciledAt
app.Annotations = map[string]string{
v1alpha1.AnnotationKeyRefresh: string(argoappv1.RefreshTypeHard),
}
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeHard, refreshType)
assert.Equal(t, CompareWithLatestForceResolve, compareWith)
})
t.Run("ensure that CompareWithLatest level is used if application source has changed", func(t *testing.T) {
app := app.DeepCopy()
ctrl.requestAppRefresh(app.Name, ComparisonWithNothing.Pointer(), nil)
// sample app source change
if app.Spec.HasMultipleSources() {
app.Spec.Sources[0].Helm = &argoappv1.ApplicationSourceHelm{
Parameters: []argoappv1.HelmParameter{{
Name: "foo",
Value: "bar",
}},
}
} else {
app.Spec.Source.Helm = &argoappv1.ApplicationSourceHelm{
Parameters: []argoappv1.HelmParameter{{
Name: "foo",
Value: "bar",
}},
}
}
needRefresh, refreshType, compareWith = ctrl.needRefreshAppStatus(app, 1*time.Hour, 2*time.Hour)
assert.True(t, needRefresh)
assert.Equal(t, argoappv1.RefreshTypeNormal, refreshType)
assert.Equal(t, CompareWithLatestForceResolve, compareWith)
})
})
}
}

View File

@@ -25,6 +25,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/cache"
"github.com/argoproj/argo-cd/v2/controller/metrics"
@@ -394,6 +395,20 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e
return nil, fmt.Errorf("error getting custom label: %w", err)
}
clusterCacheConfig := cluster.RESTConfig()
// Controller dynamically fetches all resource types available on the cluster
// using a discovery API that may contain deprecated APIs.
// This causes log flooding when managing a large number of clusters.
// https://github.com/argoproj/argo-cd/issues/11973
// However, we can safely suppress deprecation warnings
// because we do not rely on resources with a particular API group or version.
// https://kubernetes.io/blog/2020/09/03/warnings/#customize-client-handling
//
// Completely suppress warning logs only for log levels that are less than Debug.
if log.GetLevel() < log.DebugLevel {
clusterCacheConfig.WarningHandler = rest.NoWarnings{}
}
clusterCacheOpts := []clustercache.UpdateSettingsFunc{
clustercache.SetListSemaphore(semaphore.NewWeighted(clusterCacheListSemaphoreSize)),
clustercache.SetListPageSize(clusterCacheListPageSize),
@@ -425,7 +440,7 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e
clustercache.SetRetryOptions(clusterCacheAttemptLimit, clusterCacheRetryUseBackoff, isRetryableError),
}
clusterCache = clustercache.NewClusterCache(cluster.RESTConfig(), clusterCacheOpts...)
clusterCache = clustercache.NewClusterCache(clusterCacheConfig, clusterCacheOpts...)
_ = clusterCache.OnResourceUpdated(func(newRes *clustercache.Resource, oldRes *clustercache.Resource, namespaceResources map[kube.ResourceKey]*clustercache.Resource) {
toNotify := make(map[string]bool)

View File

@@ -471,7 +471,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
failedToLoadObjs = true
}
logCtx.Debugf("Retrieved lived manifests")
logCtx.Debugf("Retrieved live manifests")
// filter out all resources which are not permitted in the application project
for k, v := range liveObjByKey {

View File

@@ -28,7 +28,7 @@ telepresence intercept argocd-server --port 8080:http --env-file .envrc.remote #
* `--port` forwards traffic of remote port http to 8080 locally (use `--port 8080:https` if argocd-server terminates TLS)
* `--env-file` writes all the environment variables of the remote pod into a local file, the variables are also set on the subprocess of the `--run` command
With this, any traffic that hits your argocd-server service in the cluster (e.g through a LB / ingress) will be forwarded to your laptop on port 8080. So that you can now start argocd-server locally to debug or test new code. If you launch argocd-server using the environment variables in `.envrc.remote`, he is able to fetch all the configmaps, secrets and so one from the cluster and transparently connect to the other microservices so that no further configuration should be neccesary and he behaves exactly the same as in the cluster.
With this, any traffic that hits your argocd-server service in the cluster (e.g. through a LB / ingress) will be forwarded to your laptop on port 8080. So that you can now start argocd-server locally to debug or test new code. If you launch argocd-server using the environment variables in `.envrc.remote`, it is able to fetch all the configmaps, secrets and so on from the cluster and transparently connect to the other microservices so that no further configuration should be necessary, and it behaves exactly the same as in the cluster.
List current status of Telepresence using:
```shell

View File

@@ -122,9 +122,9 @@ To terminate the sync, click on the "synchronisation" then "terminate":
![Synchronization](assets/synchronization-button.png) ![Terminate](assets/terminate-button.png)
## Why Is My App Out Of Sync Even After Syncing?
## Why Is My App `Out Of Sync` Even After Syncing?
Is some cases, the tool you use may conflict with Argo CD by adding the `app.kubernetes.io/instance` label. E.g. using
In some cases, the tool you use may conflict with Argo CD by adding the `app.kubernetes.io/instance` label. E.g. using
Kustomize common labels feature.
Argo CD automatically sets the `app.kubernetes.io/instance` label and uses it to determine which resources form the app.
@@ -142,7 +142,7 @@ The default polling interval is 3 minutes (180 seconds).
You can change the setting by updating the `timeout.reconciliation` value in the [argocd-cm](https://github.com/argoproj/argo-cd/blob/2d6ce088acd4fb29271ffb6f6023dbb27594d59b/docs/operator-manual/argocd-cm.yaml#L279-L282) config map. If there are any Git changes, ArgoCD will only update applications with the [auto-sync setting](user-guide/auto_sync.md) enabled. If you set it to `0` then Argo CD will stop polling Git repositories automatically and you can only use alternative methods such as [webhooks](operator-manual/webhook.md) and/or manual syncs for deploying applications.
## Why Are My Resource Limits Out Of Sync?
## Why Are My Resource Limits `Out Of Sync`?
Kubernetes has normalized your resource limits when they are applied, and then Argo CD has then compared the version in
your generated manifests to the normalized one is Kubernetes - they won't match.
@@ -157,7 +157,7 @@ E.g.
To fix this use diffing
customizations [settings](./user-guide/diffing.md#known-kubernetes-types-in-crds-resource-limits-volume-mounts-etc).
## How Do I Fix "invalid cookie, longer than max length 4093"?
## How Do I Fix `invalid cookie, longer than max length 4093`?
Argo CD uses a JWT as the auth token. You likely are part of many groups and have gone over the 4KB limit which is set
for cookies. You can get the list of groups by opening "developer tools -> network"
@@ -224,4 +224,38 @@ resource.customizations.health.bitnami.com_SealedSecret: |
hs.status = "Healthy"
hs.message = "Controller doesn't report resource status"
return hs
```
```
## How do I fix `The order in patch list … doesn't match $setElementOrder list: …`?
An application may trigger a sync error labeled a `ComparisonError` with a message like:
> The order in patch list: [map[name:**KEY_BC** value:150] map[name:**KEY_BC** value:500] map[name:**KEY_BD** value:250] map[name:**KEY_BD** value:500] map[name:KEY_BI value:something]] doesn't match $setElementOrder list: [map[name:KEY_AA] map[name:KEY_AB] map[name:KEY_AC] map[name:KEY_AD] map[name:KEY_AE] map[name:KEY_AF] map[name:KEY_AG] map[name:KEY_AH] map[name:KEY_AI] map[name:KEY_AJ] map[name:KEY_AK] map[name:KEY_AL] map[name:KEY_AM] map[name:KEY_AN] map[name:KEY_AO] map[name:KEY_AP] map[name:KEY_AQ] map[name:KEY_AR] map[name:KEY_AS] map[name:KEY_AT] map[name:KEY_AU] map[name:KEY_AV] map[name:KEY_AW] map[name:KEY_AX] map[name:KEY_AY] map[name:KEY_AZ] map[name:KEY_BA] map[name:KEY_BB] map[name:**KEY_BC**] map[name:**KEY_BD**] map[name:KEY_BE] map[name:KEY_BF] map[name:KEY_BG] map[name:KEY_BH] map[name:KEY_BI] map[name:**KEY_BC**] map[name:**KEY_BD**]]
There are two parts to the message:
1. `The order in patch list: [`
This identifies values for items, especially items that appear multiple times:
> map[name:**KEY_BC** value:150] map[name:**KEY_BC** value:500] map[name:**KEY_BD** value:250] map[name:**KEY_BD** value:500] map[name:KEY_BI value:something]
You'll want to identify the keys that are duplicated -- you can focus on the first part, as each duplicated key will appear, once for each of its value with its value in the first list. The second list is really just
`]`
2. `doesn't match $setElementOrder list: [`
This includes all of the keys. It's included for debugging purposes -- you don't need to pay much attention to it. It will give you a hint about the precise location in the list for the duplicated keys:
> map[name:KEY_AA] map[name:KEY_AB] map[name:KEY_AC] map[name:KEY_AD] map[name:KEY_AE] map[name:KEY_AF] map[name:KEY_AG] map[name:KEY_AH] map[name:KEY_AI] map[name:KEY_AJ] map[name:KEY_AK] map[name:KEY_AL] map[name:KEY_AM] map[name:KEY_AN] map[name:KEY_AO] map[name:KEY_AP] map[name:KEY_AQ] map[name:KEY_AR] map[name:KEY_AS] map[name:KEY_AT] map[name:KEY_AU] map[name:KEY_AV] map[name:KEY_AW] map[name:KEY_AX] map[name:KEY_AY] map[name:KEY_AZ] map[name:KEY_BA] map[name:KEY_BB] map[name:**KEY_BC**] map[name:**KEY_BD**] map[name:KEY_BE] map[name:KEY_BF] map[name:KEY_BG] map[name:KEY_BH] map[name:KEY_BI] map[name:**KEY_BC**] map[name:**KEY_BD**]
`]`
In this case, the duplicated keys have been **emphasized** to help you identify the problematic keys. Many editors have the ability to highlight all instances of a string, using such an editor can help with such problems.
The most common instance of this error is with `env:` fields for `containers`.
!!! note "Dynamic applications"
It's possible that your application is being generated by a tool in which case the duplication might not be evident within the scope of a single file. If you have trouble debugging this problem, consider filing a ticket to the owner of the generator tool asking them to improve its validation and error reporting.

View File

@@ -81,7 +81,7 @@ in your Argo CD installation namespace. You can simply retrieve this password
using the `argocd` CLI:
```bash
argocd admin initial-password
argocd admin initial-password -n argocd
```
!!! warning

View File

@@ -24,7 +24,7 @@ This feature can only be enabled and used when your Argo CD is installed as a cl
### Switch resource tracking method
Also, while technically not necessary, it is strongly suggested that you switch the application tracking method from the default `label` setting to either `annotation` or `annotation+label`. The reasonsing for this is, that application names will be a composite of the namespace's name and the name of the `Application`, and this can easily exceed the 63 characters length limit imposed on label values. Annotations have a notably greater length limit.
Also, while technically not necessary, it is strongly suggested that you switch the application tracking method from the default `label` setting to either `annotation` or `annotation+label`. The reasoning for this is, that application names will be a composite of the namespace's name and the name of the `Application`, and this can easily exceed the 63 characters length limit imposed on label values. Annotations have a notably greater length limit.
To enable annotation based resource tracking, refer to the documentation about [resource tracking methods](../../user-guide/resource_tracking/)

View File

@@ -114,9 +114,7 @@ spec:
# plugin specific config
plugin:
# NOTE: this field is deprecated in v2.5 and must be removed to use sidecar-based plugins.
# Only set the plugin name if the plugin is defined in argocd-cm.
# If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the
# If the plugin is defined as a sidecar and name is not passed, the plugin will be automatically matched with the
# Application according to the plugin's discovery rules.
name: mypluginname
# environment variables passed to the plugin

View File

@@ -110,7 +110,7 @@ spec:
server: https://kubernetes.default.svc
namespace: '{{path.basename}}'
```
(*The full example can be found [here](https://github.com/argoproj/argo-cd/tree/master/examples/applicationset/git-generator-directory/excludes).*)
(*The full example can be found [here](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/git-generator-directory/excludes).*)
This example excludes the `exclude-helm-guestbook` directory from the list of directories scanned for this `ApplicationSet` resource.

View File

@@ -34,7 +34,7 @@ When the ApplicationSet changes, the changes will be applied to each group of Ap
* Application groups are selected using their labels and `matchExpressions`.
* All `matchExpressions` must be true for an Application to be selected (multiple expressions match with AND behavior).
* The `In` and `NotIn` operators must match at least one value to be considered true (OR behavior).
* The `NotIn` operatorn has priority in the event that both a `NotIn` and `In` operator produce a match.
* The `NotIn` operator has priority in the event that both a `NotIn` and `In` operator produce a match.
* All Applications in each group must become Healthy before the ApplicationSet controller will proceed to update the next group of Applications.
* The number of simultaneous Application updates in a group will not exceed its `maxUpdate` parameter (default is 100%, unbounded).
* RollingSync will capture external changes outside the ApplicationSet resource, since it relies on watching the OutOfSync status of the managed Applications.

View File

@@ -77,7 +77,7 @@ spec:
```
!!! warning
By default, deleting an application will not perform a cascade delete, which would delete its resources. You must add the finalizer if you want this behaviour - which you may well not want.
Without the `resources-finalizer.argocd.argoproj.io` finalizer, deleting an application will not delete the resources it manages. To perform a cascading delete, you must add the finalizer. See [App Deletion](../user-guide/app_deletion.md#about-the-deletion-finalizer).
```yaml
metadata:

View File

@@ -19,7 +19,7 @@ The configuration for Deep Links is present in `argocd-cm` as `<location>.links`
Each link in the list has five subfields :
1. `title` : title/tag that will be displayed in the UI corresponding to that link
2. `url` : the actual URL where the deep link will redirect to, this field can be templated to use data from the
corresponing application, project or resource objects (depending on where it is located). This uses [text/template](pkg.go.dev/text/template) pkg for templating
corresponding application, project or resource objects (depending on where it is located). This uses [text/template](pkg.go.dev/text/template) pkg for templating
3. `description` (optional) : a description for what the deep link is about
4. `icon.class` (optional) : a font-awesome icon class to be used when displaying the links in dropdown menus
5. `if` (optional) : a conditional statement that results in either `true` or `false`, it also has access to the same
@@ -60,4 +60,4 @@ An example `argocd-cm.yaml` file with deep links and their variations :
- url: https://mycompany.splunk.com?search={{.metadata.namespace}}
title: Splunk
if: kind == "Pod" || kind == "Deployment"
```
```

View File

@@ -5,7 +5,7 @@ Argo CD provides built-in health assessment for several standard Kubernetes type
surfaced to the overall Application health status as a whole. The following checks are made for
specific types of kubernetes resources:
### Deployment, ReplicaSet, StatefulSet DaemonSet
### Deployment, ReplicaSet, StatefulSet, DaemonSet
* Observed generation is equal to desired generation.
* Number of **updated** replicas equals the number of desired replicas.
@@ -114,12 +114,13 @@ In order to prevent duplication of the custom health check for potentially multi
```yaml
resource.customizations: |
*.aws.crossplane.io/*:
"*.aws.crossplane.io/*":
health.lua: |
...
```
!!!important
Please note the required quotes in the resource customization health section, if the wildcard starts with `*`.
The `obj` is a global variable which contains the resource. The script must return an object with status and optional message field.
The custom health check might return one of the following health statuses:

View File

@@ -4,7 +4,7 @@ Argo CD is largely stateless, all data is persisted as Kubernetes objects, which
A set of HA manifests are provided for users who wish to run Argo CD in a highly available manner. This runs more containers, and runs Redis in HA mode.
[Manifests ⧉](https://github.com/argoproj/argo-cd/tree/master/manifests)
[HA Manifests ⧉](https://github.com/argoproj/argo-cd/tree/master/manifests#high-availability)
> **NOTE:** The HA installation will require at least three different nodes due to pod anti-affinity roles in the
> specs. Additionally, IPv6 only clusters are not supported.
@@ -188,4 +188,4 @@ spec:
targetRevision: HEAD
path: my-application
# ...
```
```

View File

@@ -74,7 +74,7 @@ kind: Kustomization
namespace: argocd
resources:
- https://raw.githubusercontent.com/argoproj/argo-cd/v2.0.4/manifests/ha/install.yaml
- github.com/argoproj/argo-cd/manifests/ha?ref=v2.6.2
```
## Helm

View File

@@ -303,7 +303,7 @@ data:
clientSecret: $oidc.okta.clientSecret
# Optional list of allowed aud claims. If omitted or empty, defaults to the clientID value above (and the
# cliCientID, if that is also specified). If you specify a list and want the clientID to be allowed, you must
# cliClientID, if that is also specified). If you specify a list and want the clientID to be allowed, you must
# explicitly include it in the list.
# Token verification will pass if any of the token's audiences matches any of the audiences in this list.
allowedAudiences:

View File

@@ -95,7 +95,7 @@ data:
Make sure that:
- __issuer__ ends with the correct realm (in this example _master_)
- __issuer__ on Keycloak releases older than version 17 the URL must include /auth (in this expample /auth/realms/master)
- __issuer__ on Keycloak releases older than version 17 the URL must include /auth (in this example /auth/realms/master)
- __clientID__ is set to the Client ID you configured in Keycloak
- __clientSecret__ points to the right key you created in the _argocd-secret_ Secret
- __requestedScopes__ contains the _groups_ claim if you didn't add it to the Default scopes

View File

@@ -11,5 +11,6 @@ Before effectively using Argo CD, it is necessary to understand the underlying t
* Depending on how you plan to template your applications:
* [Kustomize](https://kustomize.io)
* [Helm](https://helm.sh)
* If you're integrating with Jenkins:
* [Jenkins User Guide](https://jenkins.io)
* If you're integrating with a CI tool:
* [GitHub Actions Documentation](https://docs.github.com/en/actions)
* [Jenkins User Guide](https://jenkins.io](https://www.jenkins.io/doc/book/)

View File

@@ -24,9 +24,10 @@ argocd app delete APPNAME
# Deletion Using `kubectl`
To perform a non-cascade delete:
To perform a non-cascade delete, make sure the finalizer is unset and then delete the app:
```bash
kubectl patch app APPNAME -p '{"metadata": {"finalizers": null}}' --type merge
kubectl delete app APPNAME
```

View File

@@ -33,9 +33,11 @@ flag. The flag can be repeated to support multiple values files:
argocd app set helm-guestbook --values values-production.yaml
```
!!! note
Values files must be in the same git repository as the Helm chart. The files can be in a different
location in which case it can be accessed using a relative path relative to the root directory of
the Helm chart.
Before `v2.6` of Argo CD, Values files must be in the same git repository as the Helm
chart. The files can be in a different location in which case it can be accessed using
a relative path relative to the root directory of the Helm chart.
As of `v2.6`, values files can be sourced from a separate repository than the Helm chart
by taking advantage of [multiple sources for Applications](./multiple_sources.md#helm-value-files-from-external-git-repository).
In the declarative syntax:

View File

@@ -5,7 +5,7 @@ kind: Kustomization
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: v2.6.2
newTag: v2.6.4
resources:
- ./application-controller
- ./dex

View File

@@ -23,7 +23,7 @@ spec:
serviceAccountName: argocd-redis
containers:
- name: redis
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: Always
args:
- "--save"

View File

@@ -15557,7 +15557,7 @@ spec:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -15639,7 +15639,7 @@ spec:
- ""
- --appendonly
- "no"
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: Always
name: redis
ports:
@@ -15821,7 +15821,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -15873,7 +15873,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -16080,7 +16080,7 @@ spec:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -12,4 +12,4 @@ resources:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: v2.6.2
newTag: v2.6.4

View File

@@ -11,7 +11,7 @@ patchesStrategicMerge:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: v2.6.2
newTag: v2.6.4
resources:
- ../../base/application-controller
- ../../base/applicationset-controller

View File

@@ -1071,7 +1071,7 @@ spec:
topologyKey: kubernetes.io/hostname
initContainers:
- name: config-init
image: haproxy:2.6.2-alpine
image: haproxy:2.6.9-alpine
imagePullPolicy: IfNotPresent
resources:
{}
@@ -1089,7 +1089,7 @@ spec:
mountPath: /data
containers:
- name: haproxy
image: haproxy:2.6.2-alpine
image: haproxy:2.6.9-alpine
imagePullPolicy: IfNotPresent
securityContext:
null
@@ -1179,7 +1179,7 @@ spec:
automountServiceAccountToken: false
initContainers:
- name: config-init
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
resources:
{}
@@ -1206,7 +1206,7 @@ spec:
containers:
- name: redis
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
command:
- redis-server
@@ -1256,7 +1256,7 @@ spec:
- /bin/sh
- /readonly-config/trigger-failover-if-master.sh
- name: sentinel
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
command:
- redis-sentinel
@@ -1300,7 +1300,7 @@ spec:
{}
- name: split-brain-fix
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
command:
- sh

View File

@@ -11,14 +11,14 @@ redis-ha:
IPv6:
enabled: false
image:
tag: 2.6.2-alpine
tag: 2.6.9-alpine
containerSecurityContext: null
timeout:
server: 6m
client: 6m
checkInterval: 3s
image:
tag: 7.0.7-alpine
tag: 7.0.8-alpine
containerSecurityContext: null
sentinel:
bind: "0.0.0.0"

View File

@@ -16758,7 +16758,7 @@ spec:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -16868,7 +16868,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -16921,7 +16921,7 @@ spec:
containers:
- command:
- argocd-notifications
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -16992,7 +16992,7 @@ spec:
app.kubernetes.io/name: argocd-redis-ha-haproxy
topologyKey: kubernetes.io/hostname
containers:
- image: haproxy:2.6.2-alpine
- image: haproxy:2.6.9-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
@@ -17028,7 +17028,7 @@ spec:
- /readonly/haproxy_init.sh
command:
- sh
image: haproxy:2.6.2-alpine
image: haproxy:2.6.9-alpine
imagePullPolicy: IfNotPresent
name: config-init
securityContext:
@@ -17224,7 +17224,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -17276,7 +17276,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -17555,7 +17555,7 @@ spec:
key: server.enable.proxy.extension
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -17791,7 +17791,7 @@ spec:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-application-controller
ports:
@@ -17868,7 +17868,7 @@ spec:
- /data/conf/redis.conf
command:
- redis-server
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -17921,7 +17921,7 @@ spec:
- /data/conf/sentinel.conf
command:
- redis-sentinel
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
@@ -17973,7 +17973,7 @@ spec:
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
- name: SENTINEL_ID_2
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
name: split-brain-fix
resources: {}
@@ -18002,7 +18002,7 @@ spec:
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
- name: SENTINEL_ID_2
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
name: config-init
securityContext:

View File

@@ -1562,7 +1562,7 @@ spec:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -1672,7 +1672,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -1725,7 +1725,7 @@ spec:
containers:
- command:
- argocd-notifications
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -1796,7 +1796,7 @@ spec:
app.kubernetes.io/name: argocd-redis-ha-haproxy
topologyKey: kubernetes.io/hostname
containers:
- image: haproxy:2.6.2-alpine
- image: haproxy:2.6.9-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
@@ -1832,7 +1832,7 @@ spec:
- /readonly/haproxy_init.sh
command:
- sh
image: haproxy:2.6.2-alpine
image: haproxy:2.6.9-alpine
imagePullPolicy: IfNotPresent
name: config-init
securityContext:
@@ -2028,7 +2028,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -2080,7 +2080,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -2359,7 +2359,7 @@ spec:
key: server.enable.proxy.extension
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -2595,7 +2595,7 @@ spec:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-application-controller
ports:
@@ -2672,7 +2672,7 @@ spec:
- /data/conf/redis.conf
command:
- redis-server
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -2725,7 +2725,7 @@ spec:
- /data/conf/sentinel.conf
command:
- redis-sentinel
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
@@ -2777,7 +2777,7 @@ spec:
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
- name: SENTINEL_ID_2
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
name: split-brain-fix
resources: {}
@@ -2806,7 +2806,7 @@ spec:
value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
- name: SENTINEL_ID_2
value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: IfNotPresent
name: config-init
securityContext:

View File

@@ -15877,7 +15877,7 @@ spec:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -15987,7 +15987,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -16040,7 +16040,7 @@ spec:
containers:
- command:
- argocd-notifications
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -16117,7 +16117,7 @@ spec:
- ""
- --appendonly
- "no"
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: Always
name: redis
ports:
@@ -16299,7 +16299,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -16351,7 +16351,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -16626,7 +16626,7 @@ spec:
key: server.enable.proxy.extension
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -16860,7 +16860,7 @@ spec:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -681,7 +681,7 @@ spec:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -791,7 +791,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -844,7 +844,7 @@ spec:
containers:
- command:
- argocd-notifications
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -921,7 +921,7 @@ spec:
- ""
- --appendonly
- "no"
image: redis:7.0.7-alpine
image: redis:7.0.8-alpine
imagePullPolicy: Always
name: redis
ports:
@@ -1103,7 +1103,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -1155,7 +1155,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -1430,7 +1430,7 @@ spec:
key: server.enable.proxy.extension
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -1664,7 +1664,7 @@ spec:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.6.2
image: quay.io/argoproj/argocd:v2.6.4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -112,6 +112,7 @@ nav:
- operator-manual/server-commands/additional-configuration-method.md
- Upgrading:
- operator-manual/upgrading/overview.md
- operator-manual/upgrading/2.5-2.6.md
- operator-manual/upgrading/2.4-2.5.md
- operator-manual/upgrading/2.3-2.4.md
- operator-manual/upgrading/2.2-2.3.md

View File

@@ -202,7 +202,7 @@ func (repo *Repository) GetGitCreds(store git.CredsStore) git.Creds {
return git.NewGitHubAppCreds(repo.GithubAppId, repo.GithubAppInstallationId, repo.GithubAppPrivateKey, repo.GitHubAppEnterpriseBaseURL, repo.Repo, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, store)
}
if repo.GCPServiceAccountKey != "" {
return git.NewGoogleCloudCreds(repo.GCPServiceAccountKey)
return git.NewGoogleCloudCreds(repo.GCPServiceAccountKey, store)
}
return git.NopCreds{}
}

View File

@@ -182,6 +182,18 @@ type ApplicationSource struct {
// ApplicationSources contains list of required information about the sources of an application
type ApplicationSources []ApplicationSource
func (s ApplicationSources) Equals(other ApplicationSources) bool {
if len(s) != len(other) {
return false
}
for i := range s {
if !s[i].Equals(other[i]) {
return false
}
}
return true
}
func (a *ApplicationSpec) GetSource() ApplicationSource {
// if Application has multiple sources, return the first source in sources
if a.HasMultipleSources() {

View File

@@ -1328,7 +1328,7 @@ func TestGetAppDetailsKustomize(t *testing.T) {
assert.Equal(t, "Kustomize", res.Type)
assert.NotNil(t, res.Kustomize)
assert.EqualValues(t, []string{"nginx:1.15.4", "k8s.gcr.io/nginx-slim:0.8"}, res.Kustomize.Images)
assert.EqualValues(t, []string{"nginx:1.15.4", "registry.k8s.io/nginx-slim:0.8"}, res.Kustomize.Images)
}
func TestGetHelmCharts(t *testing.T) {

View File

@@ -25,7 +25,7 @@ spec:
name: daemonset
spec:
containers:
- image: k8s.gcr.io/nginx-slim:0.8
- image: registry.k8s.io/nginx-slim:0.8
imagePullPolicy: IfNotPresent
name: nginx
resources: {}

View File

@@ -23,7 +23,7 @@ spec:
name: daemonset
spec:
containers:
- image: k8s.gcr.io/nginx-slim:0.8
- image: registry.k8s.io/nginx-slim:0.8
imagePullPolicy: IfNotPresent
name: nginx
resources: {}

View File

@@ -26,7 +26,7 @@ spec:
kubectl.kubernetes.io/restartedAt: "0001-01-01T00:00:00Z"
spec:
containers:
- image: k8s.gcr.io/nginx-slim:0.8
- image: registry.k8s.io/nginx-slim:0.8
imagePullPolicy: IfNotPresent
name: nginx
resources: {}

View File

@@ -24,7 +24,7 @@ spec:
app: statefulset
spec:
containers:
- image: k8s.gcr.io/nginx-slim:0.8
- image: registry.k8s.io/nginx-slim:0.8
imagePullPolicy: IfNotPresent
name: nginx
resources: {}

View File

@@ -469,8 +469,9 @@ func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) {
// If not matched, we assume that its TLS.
tlsl := tcpm.Match(cmux.Any())
tlsConfig := tls.Config{
Certificates: []tls.Certificate{*a.settings.Certificate},
tlsConfig := tls.Config{}
tlsConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
return a.settings.Certificate, nil
}
if a.TLSConfigCustomizer != nil {
a.TLSConfigCustomizer(&tlsConfig)
@@ -613,8 +614,8 @@ func (a *ArgoCDServer) watchSettings() {
newCert, newCertKey = tlsutil.EncodeX509KeyPairString(*a.settings.Certificate)
}
if newCert != prevCert || newCertKey != prevCertKey {
log.Infof("tls certificate modified. restarting")
break
log.Infof("tls certificate modified. reloading certificate")
// No need to break out of this loop since TlsConfig.GetCertificate will automagically reload the cert.
}
}
}

View File

@@ -1,4 +1,4 @@
FROM docker.io/library/redis:7.0.5 as redis
FROM docker.io/library/redis:7.0.8-alpine as redis
# There are libraries we will want to copy from here in the final stage of the
# build, but the COPY directive does not have a way to determine system

View File

@@ -3,11 +3,12 @@ package e2e
import (
"testing"
"github.com/stretchr/testify/assert"
. "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
. "github.com/argoproj/argo-cd/v2/test/e2e/fixture"
. "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app"
. "github.com/argoproj/argo-cd/v2/util/argo"
"github.com/stretchr/testify/assert"
)
func TestMultiSourceAppCreation(t *testing.T) {
@@ -24,7 +25,6 @@ func TestMultiSourceAppCreation(t *testing.T) {
When().
CreateMultiSourceAppFromFile().
Then().
Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
And(func(app *Application) {
assert.Equal(t, Name(), app.Name)
for i, source := range app.Spec.GetSources() {
@@ -42,7 +42,8 @@ func TestMultiSourceAppCreation(t *testing.T) {
assert.Contains(t, output, Name())
}).
Expect(Success("")).
When().Refresh(RefreshTypeNormal).Then().
Given().Timeout(60).
When().Wait().Then().
Expect(Success("")).
And(func(app *Application) {
statusByName := map[string]SyncStatusCode{}
@@ -78,7 +79,6 @@ func TestMultiSourceAppWithHelmExternalValueFiles(t *testing.T) {
When().
CreateMultiSourceAppFromFile().
Then().
Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
And(func(app *Application) {
assert.Equal(t, Name(), app.Name)
for i, source := range app.Spec.GetSources() {
@@ -96,7 +96,8 @@ func TestMultiSourceAppWithHelmExternalValueFiles(t *testing.T) {
assert.Contains(t, output, Name())
}).
Expect(Success("")).
When().Refresh(RefreshTypeNormal).Then().
Given().Timeout(60).
When().Wait().Then().
Expect(Success("")).
And(func(app *Application) {
statusByName := map[string]SyncStatusCode{}
@@ -126,7 +127,6 @@ func TestMultiSourceAppWithSourceOverride(t *testing.T) {
When().
CreateMultiSourceAppFromFile().
Then().
Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
And(func(app *Application) {
assert.Equal(t, Name(), app.Name)
for i, source := range app.Spec.GetSources() {
@@ -144,7 +144,8 @@ func TestMultiSourceAppWithSourceOverride(t *testing.T) {
assert.Contains(t, output, Name())
}).
Expect(Success("")).
When().Refresh(RefreshTypeNormal).Then().
Given().Timeout(60).
When().Wait().Then().
Expect(Success("")).
And(func(app *Application) {
statusByName := map[string]SyncStatusCode{}

View File

@@ -362,6 +362,17 @@ func (a *Actions) DeleteBySelector(selector string) *Actions {
return a
}
func (a *Actions) Wait(args ...string) *Actions {
a.context.t.Helper()
args = append([]string{"app", "wait"}, args...)
if a.context.name != "" {
args = append(args, a.context.AppQualifiedName())
}
args = append(args, "--timeout", fmt.Sprintf("%v", a.context.timeout))
a.runCli(args...)
return a
}
func (a *Actions) SetParamInSettingConfigMap(key, value string) *Actions {
fixture.SetParamInSettingConfigMap(key, value)
return a

View File

@@ -86,11 +86,6 @@ func (c *Consequences) resource(kind, name, namespace string) ResourceStatus {
}
}
func (c *Consequences) Timeout(timeout int) *Consequences {
c.timeout = timeout
return c
}
func (c *Consequences) AndCLIOutput(block func(output string, err error)) *Consequences {
c.context.t.Helper()
block(c.actions.lastOutput, c.actions.lastError)

View File

@@ -286,7 +286,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => {
const execEnabled = settings.execEnabled;
const logsAllowed = await services.accounts.canI('logs', 'get', application.spec.project + '/' + application.metadata.name);
const execAllowed = await services.accounts.canI('exec', 'create', application.spec.project + '/' + application.metadata.name);
const links = await services.applications.getResourceLinks(application.metadata.name, application.metadata.namespace, selectedNode);
const links = await services.applications.getResourceLinks(application.metadata.name, application.metadata.namespace, selectedNode).catch(() => null);
return {controlledState, liveState, events, podState, execEnabled, execAllowed, logsAllowed, links};
}}>
{data => (

View File

@@ -493,17 +493,20 @@ function getActionItems(
const resourceActions = getResourceActionsMenuItems(resource, application.metadata, appContext);
const links = services.applications.getResourceLinks(application.metadata.name, application.metadata.namespace, resource).then(data => {
return (data.items || []).map(
link =>
({
title: link.title,
iconClassName: `fa ${link.iconClass ? link.iconClass : 'fa-external-link'}`,
action: () => window.open(link.url, '_blank'),
tooltip: link.description
} as MenuItem)
);
});
const links = services.applications
.getResourceLinks(application.metadata.name, application.metadata.namespace, resource)
.then(data => {
return (data.items || []).map(
link =>
({
title: link.title,
iconClassName: `fa ${link.iconClass ? link.iconClass : 'fa-external-link'}`,
action: () => window.open(link.url, '_blank'),
tooltip: link.description
} as MenuItem)
);
})
.catch(() => [] as MenuItem[]);
return combineLatest(
from([items]), // this resolves immediately

View File

@@ -48,7 +48,9 @@ export const EventsList = (props: {events: models.Event[]}) => {
<div className={`argo-table-list__row events-list__event events-list__event--${event.type}`} key={event.metadata.uid}>
<div className='row'>
<div className='columns small-2 xxlarge-2'>{event.reason}</div>
<div className='columns small-4 xxlarge-5'>{event.message}</div>
<div className='columns small-4 xxlarge-5' style={{whiteSpace: 'normal'}}>
{event.message}
</div>
<div className='columns small-2 xxlarge-1'>{event.count}</div>
<div className='columns small-2 xxlarge-2'>{event.firstTimestamp ? getTimeElements(event.firstTimestamp) : getTimeElements(event.eventTime)}</div>
<div className='columns small-2 xxlarge-2'>{event.lastTimestamp ? getTimeElements(event.lastTimestamp) : getTimeElements(event.eventTime)}</div>

View File

@@ -1,6 +1,8 @@
import {Tooltip} from 'argo-ui';
import * as React from 'react';
import {combineLatest} from 'rxjs';
import {map} from 'rxjs/operators';
import {ExternalLink} from '../applications/components/application-urls';
import {DataLoader} from '../shared/components';
import {services, ViewPreferences} from '../shared/services';
@@ -67,6 +69,14 @@ export const Banner = (props: React.Props<any>) => {
chatBottomPosition = 85;
}
}
if (chatUrl) {
try {
const externalLink = new ExternalLink(chatUrl);
chatUrl = externalLink.ref;
} catch (InvalidExternalLinkError) {
chatUrl = 'invalid-url';
}
}
return (
<React.Fragment>
<div className={combinedBannerClassName} style={{visibility: show ? 'visible' : 'hidden', height: heightOfBanner, left: leftOffset}}>
@@ -97,9 +107,17 @@ export const Banner = (props: React.Props<any>) => {
{show ? <div className={wrapperClassname}>{props.children}</div> : props.children}
{chatUrl && (
<div style={{position: 'fixed', right: 10, bottom: chatBottomPosition}}>
<a href={chatUrl} className='argo-button argo-button--special'>
<i className='fas fa-comment-alt' /> {chatText}
</a>
{chatUrl === 'invalid-url' ? (
<Tooltip content='Invalid URL provided'>
<a className='argo-button disabled argo-button--special'>
<i className='fas fa-comment-alt' /> {chatText}
</a>
</Tooltip>
) : (
<a href={chatUrl} className='argo-button argo-button--special'>
<i className='fas fa-comment-alt' /> {chatText}
</a>
)}
</div>
)}
</React.Fragment>

View File

@@ -456,15 +456,16 @@ func (g GitHubAppCreds) GetClientCertKey() string {
// GoogleCloudCreds to authenticate to Google Cloud Source repositories
type GoogleCloudCreds struct {
creds *google.Credentials
store CredsStore
}
func NewGoogleCloudCreds(jsonData string) GoogleCloudCreds {
func NewGoogleCloudCreds(jsonData string, store CredsStore) GoogleCloudCreds {
creds, err := google.CredentialsFromJSON(context.Background(), []byte(jsonData), "https://www.googleapis.com/auth/cloud-platform")
if err != nil {
// Invalid JSON
log.Errorf("Failed reading credentials from JSON: %+v", err)
}
return GoogleCloudCreds{creds}
return GoogleCloudCreds{creds, store}
}
func (c GoogleCloudCreds) Environ() (io.Closer, []string, error) {
@@ -477,9 +478,13 @@ func (c GoogleCloudCreds) Environ() (io.Closer, []string, error) {
return NopCloser{}, nil, fmt.Errorf("failed to get access token from creds: %w", err)
}
env := []string{fmt.Sprintf("GIT_ASKPASS=%s", "git-ask-pass.sh"), fmt.Sprintf("GIT_USERNAME=%s", username), fmt.Sprintf("GIT_PASSWORD=%s", token)}
nonce := c.store.Add(username, token)
env := getGitAskPassEnv(nonce)
return NopCloser{}, env, nil
return argoioutils.NewCloser(func() error {
c.store.Remove(nonce)
return NopCloser{}.Close()
}), env, nil
}
func (c GoogleCloudCreds) getUsername() (string, error) {

View File

@@ -12,11 +12,11 @@ import (
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
"github.com/argoproj/argo-cd/v2/util/cert"
"github.com/argoproj/argo-cd/v2/util/io"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
type cred struct {
@@ -251,12 +251,14 @@ const invalidJSON = `{
`
func TestNewGoogleCloudCreds(t *testing.T) {
googleCloudCreds := NewGoogleCloudCreds(gcpServiceAccountKeyJSON)
store := &memoryCredsStore{creds: make(map[string]cred)}
googleCloudCreds := NewGoogleCloudCreds(gcpServiceAccountKeyJSON, store)
assert.NotNil(t, googleCloudCreds)
}
func TestNewGoogleCloudCreds_invalidJSON(t *testing.T) {
googleCloudCreds := NewGoogleCloudCreds(invalidJSON)
store := &memoryCredsStore{creds: make(map[string]cred)}
googleCloudCreds := NewGoogleCloudCreds(invalidJSON, store)
assert.Nil(t, googleCloudCreds.creds)
token, err := googleCloudCreds.getAccessToken()
@@ -273,17 +275,25 @@ func TestNewGoogleCloudCreds_invalidJSON(t *testing.T) {
assert.NotNil(t, err)
}
func TestGoogleCloudCreds_Environ(t *testing.T) {
func TestGoogleCloudCreds_Environ_cleanup(t *testing.T) {
store := &memoryCredsStore{creds: make(map[string]cred)}
staticToken := &oauth2.Token{AccessToken: "token"}
googleCloudCreds := GoogleCloudCreds{&google.Credentials{
ProjectID: "my-google-project",
TokenSource: oauth2.StaticTokenSource(staticToken),
JSON: []byte(gcpServiceAccountKeyJSON),
}}
}, store}
closer, env, err := googleCloudCreds.Environ()
assert.NoError(t, err)
defer func() { _ = closer.Close() }()
assert.Equal(t, []string{"GIT_ASKPASS=git-ask-pass.sh", "GIT_USERNAME=argocd-service-account@my-google-project.iam.gserviceaccount.com", "GIT_PASSWORD=token"}, env)
var nonce string
for _, envVar := range env {
if strings.HasPrefix(envVar, ASKPASS_NONCE_ENV) {
nonce = envVar[len(ASKPASS_NONCE_ENV)+1:]
break
}
}
assert.Contains(t, store.creds, nonce)
io.Close(closer)
assert.NotContains(t, store.creds, nonce)
}

View File

@@ -16,7 +16,7 @@ spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx
image: k8s.gcr.io/nginx-slim:0.8
image: registry.k8s.io/nginx-slim:0.8
ports:
- containerPort: 80
name: web

View File

@@ -35,6 +35,20 @@ metadata:
resourceVersion: "123"
`
const ec2AWSCrossplaneObjJson = `
apiVersion: ec2.aws.crossplane.io/v1alpha1
kind: Instance
metadata:
name: sample-crosspalne-ec2-instance
spec:
forProvider:
region: us-west-2
instanceType: t2.micro
keyName: my-crossplane-key-pair
providerConfigRef:
name: awsconfig
`
const newHealthStatusFunction = `a = {}
a.status = "Healthy"
a.message ="NeedsToBeChanged"
@@ -43,6 +57,14 @@ if obj.metadata.name == "helm-guestbook" then
end
return a`
const newWildcardHealthStatusFunction = `a = {}
a.status = "Healthy"
a.message ="NeedsToBeChanged"
if obj.metadata.name == "sample-crosspalne-ec2-instance" then
a.message = "testWildcardMessage"
end
return a`
func StrToUnstructured(jsonStr string) *unstructured.Unstructured {
obj := make(map[string]interface{})
err := yaml.Unmarshal([]byte(jsonStr), &obj)
@@ -65,6 +87,19 @@ func TestExecuteNewHealthStatusFunction(t *testing.T) {
}
func TestExecuteWildcardHealthStatusFunction(t *testing.T) {
testObj := StrToUnstructured(ec2AWSCrossplaneObjJson)
vm := VM{}
status, err := vm.ExecuteHealthLua(testObj, newWildcardHealthStatusFunction)
assert.Nil(t, err)
expectedHealthStatus := &health.HealthStatus{
Status: "Healthy",
Message: "testWildcardMessage",
}
assert.Equal(t, expectedHealthStatus, status)
}
const osLuaScript = `os.getenv("HOME")`
func TestFailExternalLibCall(t *testing.T) {
@@ -160,6 +195,23 @@ func TestGetHealthScriptWithGroupWildcardOverride(t *testing.T) {
assert.Equal(t, newHealthStatusFunction, script)
}
func TestGetHealthScriptWithGroupAndKindWildcardOverride(t *testing.T) {
testObj := StrToUnstructured(ec2AWSCrossplaneObjJson)
vm := VM{
ResourceOverrides: map[string]appv1.ResourceOverride{
"*.aws.crossplane.io/*": {
HealthLua: newHealthStatusFunction,
UseOpenLibs: false,
},
},
}
script, useOpenLibs, err := vm.GetHealthScript(testObj)
assert.Nil(t, err)
assert.Equal(t, false, useOpenLibs)
assert.Equal(t, newHealthStatusFunction, script)
}
func TestGetHealthScriptPredefined(t *testing.T) {
testObj := StrToUnstructured(objJSON)
vm := VM{}
@@ -434,6 +486,11 @@ end
hs.status = "Healthy"
return hs`
const healthWildcardOverrideScript = `
hs = {}
hs.status = "Healthy"
return hs`
getHealthOverride := func(openLibs bool) ResourceHealthOverrides {
return ResourceHealthOverrides{
"ServiceAccount": appv1.ResourceOverride{
@@ -443,6 +500,12 @@ return hs`
}
}
getWildcardHealthOverride := ResourceHealthOverrides{
"*.aws.crossplane.io/*": appv1.ResourceOverride{
HealthLua: healthWildcardOverrideScript,
},
}
t.Run("Enable Lua standard lib", func(t *testing.T) {
testObj := StrToUnstructured(testSA)
overrides := getHealthOverride(true)
@@ -464,4 +527,23 @@ return hs`
assert.EqualError(t, err, expectedErr)
assert.Nil(t, status)
})
t.Run("Get resource health for wildcard override", func(t *testing.T) {
testObj := StrToUnstructured(ec2AWSCrossplaneObjJson)
overrides := getWildcardHealthOverride
status, err := overrides.GetResourceHealth(testObj)
assert.Nil(t, err)
expectedStatus := &health.HealthStatus{
Status: health.HealthStatusHealthy,
}
assert.Equal(t, expectedStatus, status)
})
t.Run("Resource health for wildcard override not found", func(t *testing.T) {
testObj := StrToUnstructured(testSA)
overrides := getWildcardHealthOverride
status, err := overrides.GetResourceHealth(testObj)
assert.Nil(t, err)
assert.Nil(t, status)
})
}

View File

@@ -308,6 +308,24 @@ func TestGetResourceOverrides(t *testing.T) {
}
func TestGetResourceOverridesHealthWithWildcard(t *testing.T) {
data := map[string]string{
"resource.customizations": `
"*.aws.crossplane.io/*":
health.lua: |
foo`,
}
t.Run("TestResourceHealthOverrideWithWildcard", func(t *testing.T) {
_, settingsManager := fixtures(data)
overrides, err := settingsManager.GetResourceOverrides()
assert.NoError(t, err)
assert.Equal(t, 2, len(overrides))
assert.Equal(t, "foo", overrides["*.aws.crossplane.io/*"].HealthLua)
})
}
func TestSettingsManager_GetResourceOverrides_with_empty_string(t *testing.T) {
_, settingsManager := fixtures(map[string]string{
resourceCustomizationsKey: "",

View File

@@ -36,6 +36,10 @@ type settingsSource interface {
GetTrackingMethod() (string, error)
}
// https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1
// https://github.com/shadow-maint/shadow/blob/master/libmisc/chkname.c#L36
const usernameRegex = `[a-zA-Z0-9_\.][a-zA-Z0-9_\.-]{0,30}[a-zA-Z0-9_\.\$-]?`
var _ settingsSource = &settings.SettingsManager{}
type ArgoCDWebhookHandler struct {
@@ -268,7 +272,8 @@ func getWebUrlRegex(webURL string) (*regexp.Regexp, error) {
regexEscapedHostname := regexp.QuoteMeta(urlObj.Hostname())
regexEscapedPath := regexp.QuoteMeta(urlObj.Path[1:])
regexpStr := fmt.Sprintf(`(?i)^(http://|https://|\w+@|ssh://(\w+@)?)%s(:[0-9]+|)[:/]%s(\.git)?$`, regexEscapedHostname, regexEscapedPath)
regexpStr := fmt.Sprintf(`(?i)^(http://|https://|%s@|ssh://(%s@)?)%s(:[0-9]+|)[:/]%s(\.git)?$`,
usernameRegex, usernameRegex, regexEscapedHostname, regexEscapedPath)
repoRegexp, err := regexp.Compile(regexpStr)
if err != nil {
return nil, fmt.Errorf("failed to compile regexp for repoURL '%s'", webURL)

View File

@@ -534,6 +534,8 @@ func Test_getWebUrlRegex(t *testing.T) {
{true, "https://example.com/org/repo", "ssh://git@example.com/org/repo", "git with protocol should match"},
{true, "https://example.com/org/repo", "ssh://git@example.com:22/org/repo", "git with port number should should match"},
{true, "https://example.com:443/org/repo", "ssh://git@example.com:22/org/repo", "https and ssh w/ different port numbers should match"},
{true, "https://example.com/org/repo", "ssh://user-name@example.com/org/repo", "valid usernames with hyphens in repo should match"},
{false, "https://example.com/org/repo", "ssh://-user-name@example.com/org/repo", "invalid usernames with hyphens in repo should not match"},
{true, "https://example.com:443/org/repo", "GIT@EXAMPLE.COM:22:ORG/REPO", "matches aren't case-sensitive"},
}
for _, testCase := range tests {