From 8b284b608c0d3bc88d7166cc1110931e5c936f24 Mon Sep 17 00:00:00 2001 From: Faizan Ahmad Date: Sat, 15 Jun 2024 09:32:54 +0530 Subject: [PATCH] Update ArgoCD to v2.11.3 due to bug in multi source apps https://gitea.obmondo.com/EnableIT/rufvpto91t/issues/1221 --- argocd-helm-charts/argo-cd/Chart.yaml | 2 +- .../argo-cd/charts/argo-cd/Chart.yaml | 8 +- .../argo-cd/charts/argo-cd/README.md | 68 ++++++++++++- .../charts/argo-cd/templates/_helpers.tpl | 31 ++++++ .../deployment.yaml | 8 +- .../metrics.yaml | 1 + .../argocd-application-controller/role.yaml | 14 +++ .../statefulset.yaml | 8 +- .../argocd-applicationset/metrics.yaml | 1 + .../argocd-applicationset/service.yaml | 1 + .../argocd-configs/cluster-secrets.yaml | 26 ++--- .../argocd-configs/externalredis-secret.yaml | 2 +- .../argocd-notifications/metrics.yaml | 1 + .../argocd-repo-server/deployment.yaml | 8 +- .../templates/argocd-repo-server/metrics.yaml | 1 + .../templates/argocd-repo-server/service.yaml | 1 + .../templates/argocd-server/aws/service.yaml | 1 + .../templates/argocd-server/deployment.yaml | 8 +- .../templates/argocd-server/metrics.yaml | 1 + .../templates/argocd-server/service.yaml | 1 + .../argo-cd/templates/dex/deployment.yaml | 3 + .../charts/argo-cd/templates/dex/service.yaml | 1 + .../templates/redis-secret-init/job.yaml | 65 ++++++++++++ .../templates/redis-secret-init/role.yaml | 27 +++++ .../redis-secret-init/rolebinding.yaml | 19 ++++ .../redis-secret-init/serviceaccount.yaml | 16 +++ .../argo-cd/templates/redis/deployment.yaml | 13 ++- .../templates/redis/health-configmap.yaml | 2 + .../argo-cd/templates/redis/service.yaml | 1 + .../argo-cd/charts/argo-cd/values.yaml | 99 ++++++++++++++++++- argocd-helm-charts/argo-cd/requirements.lock | 6 +- 31 files changed, 407 insertions(+), 37 deletions(-) create mode 100644 argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/job.yaml create mode 100644 argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/role.yaml create mode 100644 argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml create mode 100644 argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml diff --git a/argocd-helm-charts/argo-cd/Chart.yaml b/argocd-helm-charts/argo-cd/Chart.yaml index a655dad06..9e45d5bcf 100644 --- a/argocd-helm-charts/argo-cd/Chart.yaml +++ b/argocd-helm-charts/argo-cd/Chart.yaml @@ -7,5 +7,5 @@ dependencies: # 2.3v argocd failes with remote value files # 3.35.4v helm chart fails also with bad path of the values files (this is the last release for 2.2.x argocd) # please stick to 3.29.5, why ? cause its a tested and the last working helm chart version - version: 6.9.2 + version: "7.1.3" repository: https://argoproj.github.io/argo-helm diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/Chart.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/Chart.yaml index 7eb7b72eb..c855028a3 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/Chart.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/Chart.yaml @@ -1,12 +1,12 @@ annotations: artifacthub.io/changes: | - - kind: added - description: Support ability to set .Values.namespaceOverride + - kind: fixed + description: Add missing permission for Dynamic Cluster Distribution artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc apiVersion: v2 -appVersion: v2.11.0 +appVersion: v2.11.3 dependencies: - condition: redis-ha.enabled name: redis-ha @@ -28,4 +28,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 6.9.2 +version: 7.1.3 diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/README.md b/argocd-helm-charts/argo-cd/charts/argo-cd/README.md index 3f196f82f..833fbe151 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/README.md +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/README.md @@ -278,6 +278,39 @@ For full list of changes please check ArtifactHub [changelog]. Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to roteate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + ### 6.9.0 ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). @@ -638,6 +671,8 @@ NAME: my-release | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | global.domain | string | `"argocd.example.com"` | Default domain used by all components | +| global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | +| global.dualStack.ipFamilyPolicy | string | `""` | IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) | | global.env | list | `[]` | Environment variables to pass to all deployed Deployments | | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | @@ -662,7 +697,7 @@ NAME: my-release | Key | Type | Default | Description | |-----|------|---------|-------------| -| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | +| configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | | configs.cm."admin.enabled" | bool | `true` | Enable local admin user | | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | @@ -1271,8 +1306,10 @@ The main options are listed here: |-----|------|---------|-------------| | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH | | redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | +| redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter | @@ -1316,6 +1353,33 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | externalRedis.secretAnnotations | object | `{}` | External Redis Secret annotations | | externalRedis.username | string | `""` | External Redis username | +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | +| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | +| redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job | +| redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job | +| redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name | +| redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job | +| redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | +| redisSecretInit.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for Redis secret-init Job | +| redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | +| redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context | +| redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod | +| redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod | +| redisSecretInit.tolerations | list | `[]` (defaults to global.tolerations) | Tolerations to be added to the Redis secret-init Job | + ## ApplicationSet | Key | Type | Default | Description | @@ -1507,8 +1571,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/ [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/_helpers.tpl b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/_helpers.tpl index 67af632ca..c609f19fb 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/_helpers.tpl +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/_helpers.tpl @@ -86,6 +86,25 @@ Create the name of the redis service account to use {{- end -}} {{- end -}} + +{{/* +Create Redis secret-init name +*/}} +{{- define "argo-cd.redisSecretInit.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Redis secret-init service account to use +*/}} +{{- define "argo-cd.redisSecretInit.serviceAccountName" -}} +{{- if .Values.redisSecretInit.serviceAccount.create -}} + {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redisSecretInit.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create argocd server name and version as used by the chart label. */}} @@ -226,3 +245,15 @@ Allows overriding it for multi-namespace deployments in combined charts. {{- define "argo-cd.namespace" -}} {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} {{- end }} + +{{/* +Dual stack definition +*/}} +{{- define "argo-cd.dualStack" -}} +{{- with .Values.global.dualStack.ipFamilyPolicy }} +ipFamilyPolicy: {{ . }} +{{- end }} +{{- with .Values.global.dualStack.ipFamilies }} +ipFamilies: {{ toYaml . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/deployment.yaml index 23d2a7ad5..7c4a2a6da 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -199,15 +199,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/metrics.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/metrics.yaml index c3ceb047c..086dfe9b3 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/metrics.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.controller.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.controller.metrics.service.portName }} protocol: TCP diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/role.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/role.yaml index f2aa2cfdd..27e3e9563 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -43,3 +43,17 @@ rules: - get - list - watch +{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - argocd-app-controller-shard-cm + verbs: + - get + - list + - watch + - create + - update +{{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 071913591..947307d76 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -198,15 +198,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-applicationset/metrics.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-applicationset/metrics.yaml index 06253a81e..de5638ad4 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-applicationset/metrics.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-applicationset/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.applicationSet.metrics.service.portName }} protocol: TCP diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-applicationset/service.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-applicationset/service.yaml index 91c082aaa..bf58c6b49 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-applicationset/service.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-applicationset/service.yaml @@ -16,6 +16,7 @@ metadata: {{- end }} spec: type: {{ .Values.applicationSet.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.applicationSet.service.portName }} port: {{ .Values.applicationSet.service.port }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml index 83b1c15d7..2682e70ec 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml @@ -1,17 +1,17 @@ -{{- range .Values.configs.clusterCredentials }} +{{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }} --- apiVersion: v1 kind: Secret metadata: - name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} + name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }} namespace: {{ $.Release.Namespace | quote }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} - {{- with .labels }} + {{- with $cluster_value.labels }} {{- toYaml . | nindent 4 }} {{- end }} argocd.argoproj.io/secret-type: cluster - {{- with .annotations }} + {{- with $cluster_value.annotations }} annotations: {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} @@ -19,17 +19,17 @@ metadata: {{- end }} type: Opaque stringData: - name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} - server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} - {{- if .namespaces }} - namespaces: {{ .namespaces }} - {{- if .clusterResources }} - clusterResources: {{ .clusterResources | quote }} + name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }} + server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} + {{- if $cluster_value.namespaces }} + namespaces: {{ $cluster_value.namespaces }} + {{- if $cluster_value.clusterResources }} + clusterResources: {{ $cluster_value.clusterResources | quote }} {{- end }} {{- end }} - {{- if .project }} - project: {{ .project | quote }} + {{- if $cluster_value.project }} + project: {{ $cluster_value.project | quote }} {{- end }} config: | - {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }} + {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }} {{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml index c4166d1b0..2cfefde98 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "argo-cd.redis.fullname" . }} + name: argocd-redis namespace: {{ include "argo-cd.namespace" . }} labels: {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-notifications/metrics.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-notifications/metrics.yaml index b7dcfe6a1..9dd18c8b3 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-notifications/metrics.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-notifications/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} selector: {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} ports: diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 745150e7a..3cacf1247 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -175,15 +175,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/metrics.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/metrics.yaml index 6b82796c1..6ede9ddb4 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/metrics.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.repoServer.metrics.service.portName }} protocol: TCP diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/service.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/service.yaml index 4412a8c9a..24ca10ef5 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -15,6 +15,7 @@ metadata: name: {{ template "argo-cd.repoServer.fullname" . }} namespace: {{ include "argo-cd.namespace" . }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.repoServer.service.portName }} protocol: TCP diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/aws/service.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/aws/service.yaml index a98ddfa21..0e9de75a0 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/aws/service.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/aws/service.yaml @@ -9,6 +9,7 @@ metadata: name: {{ template "argo-cd.server.fullname" . }}-grpc namespace: {{ include "argo-cd.namespace" . }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.server.service.servicePortHttpName }} protocol: TCP diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/deployment.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/deployment.yaml index 8c02805a9..125328a54 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -243,15 +243,19 @@ spec: - name: REDIS_USERNAME valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} key: redis-username optional: true - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} + {{- if .Values.externalRedis.host }} key: redis-password optional: true + {{- else }} + key: auth + {{- end }} - name: ARGOCD_DEFAULT_CACHE_EXPIRATION valueFrom: configMapKeyRef: diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/metrics.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/metrics.yaml index f0797552c..d08dbae0a 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/metrics.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/metrics.yaml @@ -24,6 +24,7 @@ spec: {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} clusterIP: {{ .Values.server.metrics.service.clusterIP }} {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.server.metrics.service.portName }} protocol: TCP diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/service.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/service.yaml index 2b9872be6..71f464496 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/service.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/argocd-server/service.yaml @@ -16,6 +16,7 @@ metadata: {{- end }} spec: type: {{ .Values.server.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} {{- with .Values.server.service.externalIPs }} externalIPs: {{ . }} {{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/dex/deployment.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/dex/deployment.yaml index 007e0ee11..bc9b45309 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/dex/deployment.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/dex/deployment.yaml @@ -26,6 +26,9 @@ spec: metadata: annotations: checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (index .Values.configs.cm "dex.config") }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} {{- if .Values.dex.certificateSecret.enabled }} checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls-secret.yaml") . | sha256sum }} {{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/dex/service.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/dex/service.yaml index 8825a7eaf..b52acfb1a 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/dex/service.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/dex/service.yaml @@ -16,6 +16,7 @@ metadata: {{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: {{ .Values.dex.servicePortHttpName }} protocol: TCP diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/job.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/job.yaml new file mode 100644 index 000000000..27837465a --- /dev/null +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/job.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.jobAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +spec: + template: + metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redisSecretInit.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redisSecretInit.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{ toYaml . | nindent 8 }} + {{- end }} + containers: + - command: + - argocd + - admin + - redis-initial-password + image: {{ default .Values.global.image.repository .Values.redisSecretInit.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.redisSecretInit.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redisSecretInit.image.imagePullPolicy }} + name: secret-init + resources: + {{- toYaml .Values.redisSecretInit.resources | nindent 10 }} + {{- with .Values.redisSecretInit.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.redisSecretInit.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + restartPolicy: OnFailure + {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/role.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/role.yaml new file mode 100644 index 000000000..ac5fd3134 --- /dev/null +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/role.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +{{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml new file mode 100644 index 000000000..7ea1de961 --- /dev/null +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.redisSecretInit.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml new file mode 100644 index 000000000..d6b95f138 --- /dev/null +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +{{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/deployment.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/deployment.yaml index de9c29b1c..76e1b00ac 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/deployment.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/deployment.yaml @@ -65,8 +65,14 @@ spec: - "" - --appendonly - "no" - {{- with (concat .Values.global.env .Values.redis.env) }} + - --requirepass $(REDIS_PASSWORD) env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + {{- with (concat .Values.global.env .Values.redis.env) }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.redis.envFrom }} @@ -124,6 +130,11 @@ spec: value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth {{- with (concat .Values.global.env .Values.redis.exporter.env) }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/health-configmap.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/health-configmap.yaml index 0d4005d62..7443625f4 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/health-configmap.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/health-configmap.yaml @@ -11,6 +11,7 @@ data: redis_liveness.sh: | response=$( redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ -h localhost \ -p {{ .Values.redis.containerPorts.redis }} \ ping @@ -23,6 +24,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ -h localhost \ -p {{ .Values.redis.containerPorts.redis }} \ ping diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/service.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/service.yaml index a4a94140f..a60cf77eb 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/service.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/templates/redis/service.yaml @@ -17,6 +17,7 @@ metadata: {{- end }} {{- end }} spec: + {{- include "argo-cd.dualStack" . | indent 2 }} ports: - name: redis port: {{ .Values.redis.servicePort }} diff --git a/argocd-helm-charts/argo-cd/charts/argo-cd/values.yaml b/argocd-helm-charts/argo-cd/charts/argo-cd/values.yaml index 151716562..6c446a2e4 100644 --- a/argocd-helm-charts/argo-cd/charts/argo-cd/values.yaml +++ b/argocd-helm-charts/argo-cd/charts/argo-cd/values.yaml @@ -98,6 +98,13 @@ global: # hostnames: # - git.myhostname + # Configure dual-stack used by all component services + dualStack: + # -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + ipFamilyPolicy: "" + # -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + ipFamilies: [] + # Default network policy rules used by all components networkPolicy: # -- Create NetworkPolicy objects for all components @@ -418,13 +425,13 @@ configs: # command: [sh, -c, find . -name env.yaml] # -- Provide one or multiple [external cluster credentials] - # @default -- `[]` (See [values.yaml]) + # @default -- `{}` (See [values.yaml]) ## Ref: ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters - clusterCredentials: [] - # - name: mycluster + clusterCredentials: {} + # mycluster: # server: https://mycluster.example.com # labels: {} # annotations: {} @@ -433,7 +440,7 @@ configs: # tlsClientConfig: # insecure: false # caData: "" - # - name: mycluster2 + # mycluster2: # server: https://mycluster2.example.com # labels: {} # annotations: {} @@ -444,7 +451,7 @@ configs: # tlsClientConfig: # insecure: false # caData: "" - # - name: mycluster3-project-scoped + # mycluster3-project-scoped: # server: https://mycluster3.example.com # labels: {} # annotations: {} @@ -1547,6 +1554,12 @@ redis-ha: containerSecurityContext: readOnlyRootFilesystem: true + # -- Configures redis-ha with AUTH + auth: true + # -- Existing Secret to use for redis-ha authentication. + # By default the redis-secret-init Job is generating this Secret. + existingSecret: argocd-redis + # -- Whether the Redis server pods should be forced to run on separate nodes. hardAntiAffinity: true @@ -1594,6 +1607,82 @@ externalRedis: # -- External Redis Secret annotations secretAnnotations: {} +redisSecretInit: + # -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods + enabled: true + # -- Redis secret-init name + name: redis-secret-init + + image: + # -- Repository to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the Redis secret-init Job + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Annotations to be added to the Redis secret-init Job + jobAnnotations: {} + + # -- Annotations to be added to the Redis secret-init Job + podAnnotations: {} + + # -- Labels to be added to the Redis secret-init Job + podLabels: {} + + # -- Resource limits and requests for Redis secret-init Job + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + + # -- Application controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + # -- Redis secret-init Job pod-level security context + securityContext: {} + + serviceAccount: + # -- Create a service account for the redis pod + create: true + # -- Service account name for redis pod + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Priority class for Redis secret-init Job + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- Node selector to be added to the Redis secret-init Job + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- Tolerations to be added to the Redis secret-init Job + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + ## Server server: # -- Argo CD server name diff --git a/argocd-helm-charts/argo-cd/requirements.lock b/argocd-helm-charts/argo-cd/requirements.lock index caf775278..41a0249d2 100644 --- a/argocd-helm-charts/argo-cd/requirements.lock +++ b/argocd-helm-charts/argo-cd/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm - version: 6.9.2 -digest: sha256:1b8cadaf4729654e4aaa8820e7836da232ad2b66c2788bf7267e466167d9242c -generated: "2024-05-17T13:06:19.489483949+02:00" + version: 7.1.3 +digest: sha256:ea582c2df14e867ee332484b5734ad7330a7d05f3f680555f57a9773088ac672 +generated: "2024-06-15T09:31:42.50306289+05:30"