From 241590619fbe74ea61e6df53238edda08a257af3 Mon Sep 17 00:00:00 2001 From: Nima Kaviani Date: Sun, 20 Oct 2024 15:06:15 -0700 Subject: [PATCH 1/3] update gitea 1.22.0 -> 1.22.3 fixes #408 Signed-off-by: Nima Kaviani --- hack/gitea/values.yaml | 3 +- .../resources/gitea/k8s/install.yaml | 38 +++++++++---------- 2 files changed, 20 insertions(+), 21 deletions(-) diff --git a/hack/gitea/values.yaml b/hack/gitea/values.yaml index e205c9ff..5826a55e 100644 --- a/hack/gitea/values.yaml +++ b/hack/gitea/values.yaml @@ -43,7 +43,6 @@ ingress: image: pullPolicy: "IfNotPresent" - # Overrides the image tag whose default is the chart appVersion. - tag: "1.22.0" + tag: "1.22.3" # Adds -rootless suffix to image name rootless: true diff --git a/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml b/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml index 739b0388..9bf51a09 100644 --- a/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml +++ b/pkg/controllers/localbuild/resources/gitea/k8s/install.yaml @@ -10,8 +10,8 @@ metadata: app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: my-gitea - app.kubernetes.io/version: "1.22.0" - version: "1.22.0" + app.kubernetes.io/version: "1.22.3" + version: "1.22.3" app.kubernetes.io/managed-by: Helm type: Opaque stringData: @@ -55,8 +55,8 @@ metadata: app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: my-gitea - app.kubernetes.io/version: "1.22.0" - version: "1.22.0" + app.kubernetes.io/version: "1.22.3" + version: "1.22.3" app.kubernetes.io/managed-by: Helm type: Opaque stringData: @@ -227,8 +227,8 @@ metadata: app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: my-gitea - app.kubernetes.io/version: "1.22.0" - version: "1.22.0" + app.kubernetes.io/version: "1.22.3" + version: "1.22.3" app.kubernetes.io/managed-by: Helm type: Opaque stringData: @@ -345,8 +345,8 @@ metadata: app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: my-gitea - app.kubernetes.io/version: "1.22.0" - version: "1.22.0" + app.kubernetes.io/version: "1.22.3" + version: "1.22.3" app.kubernetes.io/managed-by: Helm annotations: {} @@ -371,8 +371,8 @@ metadata: app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: my-gitea - app.kubernetes.io/version: "1.22.0" - version: "1.22.0" + app.kubernetes.io/version: "1.22.3" + version: "1.22.3" app.kubernetes.io/managed-by: Helm annotations: {} @@ -400,8 +400,8 @@ metadata: app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: my-gitea - app.kubernetes.io/version: "1.22.0" - version: "1.22.0" + app.kubernetes.io/version: "1.22.3" + version: "1.22.3" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -417,14 +417,14 @@ spec: template: metadata: annotations: - checksum/config: 94b0102e29e8bd17652180743c848722b184530813c36ad9fe0705edc22cc716 + checksum/config: b27bbebff9cac65cf88591e318416148a7d2dc2a34faa234e08d946e723b6a50 labels: helm.sh/chart: gitea-10.1.4 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: my-gitea - app.kubernetes.io/version: "1.22.0" - version: "1.22.0" + app.kubernetes.io/version: "1.22.3" + version: "1.22.3" app.kubernetes.io/managed-by: Helm spec: @@ -432,7 +432,7 @@ spec: fsGroup: 1000 initContainers: - name: init-directories - image: "gitea/gitea:1.22.0-rootless" + image: "gitea/gitea:1.22.3-rootless" imagePullPolicy: IfNotPresent command: ["/usr/sbin/init_directory_structure.sh"] env: @@ -460,7 +460,7 @@ spec: cpu: 100m memory: 128Mi - name: init-app-ini - image: "gitea/gitea:1.22.0-rootless" + image: "gitea/gitea:1.22.3-rootless" imagePullPolicy: IfNotPresent command: ["/usr/sbin/config_environment.sh"] env: @@ -490,7 +490,7 @@ spec: cpu: 100m memory: 128Mi - name: configure-gitea - image: "gitea/gitea:1.22.0-rootless" + image: "gitea/gitea:1.22.3-rootless" command: ["/usr/sbin/configure_gitea.sh"] imagePullPolicy: IfNotPresent securityContext: @@ -532,7 +532,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: gitea - image: "gitea/gitea:1.22.0-rootless" + image: "gitea/gitea:1.22.3-rootless" imagePullPolicy: IfNotPresent env: # SSH Port values have to be set here as well for openssh configuration From 374e0d5189f31e2a604a3265bcf71cd7342697b4 Mon Sep 17 00:00:00 2001 From: Nima Kaviani Date: Sun, 20 Oct 2024 16:00:30 -0700 Subject: [PATCH 2/3] update argocd 2.10.7 -> 2.12.4 fixes #407 Signed-off-by: Nima Kaviani --- hack/argo-cd/kustomization.yaml | 2 +- .../localbuild/resources/argo/install.yaml | 672 +++++++++++++----- 2 files changed, 491 insertions(+), 183 deletions(-) diff --git a/hack/argo-cd/kustomization.yaml b/hack/argo-cd/kustomization.yaml index 25872b10..3feb4f6e 100644 --- a/hack/argo-cd/kustomization.yaml +++ b/hack/argo-cd/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.7/manifests/install.yaml + - https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.4/manifests/install.yaml patches: - path: dex-server.yaml diff --git a/pkg/controllers/localbuild/resources/argo/install.yaml b/pkg/controllers/localbuild/resources/argo/install.yaml index 28dae6ce..0c3394f4 100644 --- a/pkg/controllers/localbuild/resources/argo/install.yaml +++ b/pkg/controllers/localbuild/resources/argo/install.yaml @@ -30,20 +30,29 @@ spec: name: Revision priority: 10 type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -141,22 +150,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version (Helm) - which to sync the application to If omitted, will use the revision - specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or chart - version (Helm) which to sync each source in sources field for - the application to If omitted, will use the revision specified - in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -344,6 +352,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -473,18 +485,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be - commit, tag, or branch. If omitted, will equal to HEAD. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -679,6 +691,10 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -808,11 +824,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -831,10 +846,10 @@ spec: the sync. properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -842,10 +857,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -866,9 +881,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -897,10 +912,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted managers. - Fields mutated by those managers will take precedence over - the desired state defined in the SCM and won't be displayed - in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -927,18 +941,17 @@ spec: type: object type: array project: - description: Project is a reference to the project this application - belongs to. The empty string means that application belongs to the - 'default' project. + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: RevisionHistoryLimit limits the number of items kept - in the application's revision history, which is used for informational - purposes as well as for rollbacks to previous versions. This should - only be changed in exceptional circumstances. Setting to zero will - store no history. This will reduce storage used. Increasing will - increase the space used to store the history, so we do not recommend - increasing it. Default is 10. + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. format: int64 type: integer source: @@ -1128,6 +1141,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1253,10 +1270,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1453,6 +1470,10 @@ spec: definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -1581,10 +1602,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of - Helm, this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1727,6 +1748,19 @@ spec: description: ID is an auto incrementing identifier of the RevisionHistory format: int64 type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object revision: description: Revision holds the revision the sync was performed against @@ -1931,6 +1965,10 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -2060,11 +2098,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2269,6 +2306,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -2401,11 +2443,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2417,9 +2458,9 @@ spec: type: object type: array observedAt: - description: 'ObservedAt indicates when the application state was - updated without querying latest git state Deprecated: controller - no longer updates ObservedAt field' + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field format: date-time type: string operationState: @@ -2532,22 +2573,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version - (Helm) which to sync the application to If omitted, - will use the revision specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or - chart version (Helm) which to sync each source in sources - field for the application to If omitted, will use the - revision specified in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2752,6 +2792,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -2885,19 +2930,18 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3108,6 +3152,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3243,11 +3292,10 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision - of the source to sync the application to. In case - of Git, this can be commit, tag, or branch. If - omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3268,11 +3316,10 @@ spec: to perform the sync. properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -3280,11 +3327,10 @@ spec: to perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -3328,9 +3374,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: HookPhase contains the state of any operation - associated with this resource OR hook This can also - contain values for non-hook resources. + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3578,6 +3624,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -3710,11 +3761,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3927,6 +3977,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -4060,11 +4115,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4091,8 +4145,9 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: 'ResourceStatus holds the current sync and health status - of a resource TODO: describe members of this type' + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type properties: group: type: string @@ -4175,10 +4230,9 @@ spec: if Server is not set. type: string namespace: - description: Namespace specifies the target namespace - for the application's resources. The namespace will - only be set for namespace-scoped resources that have - not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4207,10 +4261,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted - managers. Fields mutated by those managers will take - precedence over the desired state defined in the SCM - and won't be displayed in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -4419,6 +4472,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -4551,11 +4609,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4768,6 +4825,11 @@ spec: image definition in the format [old_image_name=]: type: string type: array + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean namePrefix: description: NamePrefix is a prefix appended to resources for Kustomize apps @@ -4901,11 +4963,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -5002,6 +5063,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5197,6 +5259,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5411,6 +5475,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5594,6 +5660,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -5784,6 +5851,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -5998,6 +6067,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -6375,6 +6446,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -6589,6 +6662,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -6946,6 +7021,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7160,6 +7237,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7344,6 +7423,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -7539,6 +7619,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7753,6 +7835,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -7936,6 +8020,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -8126,6 +8211,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8340,6 +8427,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8717,6 +8806,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -8931,6 +9022,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9288,6 +9381,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9502,6 +9597,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -9867,6 +9964,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10081,6 +10180,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10628,6 +10729,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -10842,6 +10945,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -11384,6 +11489,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -11598,6 +11705,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -11777,6 +11886,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array template: @@ -11969,6 +12079,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12183,6 +12295,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12369,6 +12483,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -12564,6 +12679,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12778,6 +12895,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -12961,6 +13080,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -13151,6 +13271,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -13365,6 +13487,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -13742,6 +13866,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -13956,6 +14082,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14313,6 +14441,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14527,6 +14657,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -14892,6 +15024,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -15106,6 +15240,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -15653,6 +15789,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -15867,6 +16005,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -16409,6 +16549,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -16623,6 +16765,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -16802,6 +16946,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -16998,6 +17143,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -17212,6 +17359,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -17576,6 +17725,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -17790,6 +17941,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -18337,6 +18490,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -18551,6 +18706,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -19093,6 +19250,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -19307,6 +19466,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -19486,6 +19647,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -19753,6 +19915,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -19967,6 +20131,8 @@ spec: items: type: string type: array + labelWithoutSelector: + type: boolean namePrefix: type: string nameSuffix: @@ -20140,11 +20306,16 @@ spec: type: string step: type: string + targetRevisions: + items: + type: string + type: array required: - application - message - status - step + - targetRevisions type: object type: array conditions: @@ -20168,6 +20339,37 @@ spec: - type type: object type: array + resources: + items: + properties: + group: + type: string + health: + properties: + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array type: object required: - metadata @@ -20200,22 +20402,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing - controls for: * where the apps may deploy to (cluster whitelist) * what - may be deployed (repository whitelist, resource whitelist/blacklist) * who - can access these applications (roles, OIDC group claims bindings) * and - what they can do (RBAC policies) * automation access to these roles (JWT - tokens)' + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -20226,9 +20434,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20243,9 +20451,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20272,9 +20480,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20287,9 +20495,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20304,9 +20512,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20642,6 +20850,8 @@ rules: - appprojects verbs: - get + - list + - watch - apiGroups: - argoproj.io resources: @@ -20745,6 +20955,30 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: labels: app.kubernetes.io/component: server @@ -20844,6 +21078,8 @@ rules: - appprojects verbs: - get + - list + - watch - apiGroups: - "" resources: @@ -21014,6 +21250,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app.kubernetes.io/component: server @@ -21492,7 +21744,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:v2.10.7 + image: quay.io/argoproj/argocd:v2.12.4 imagePullPolicy: IfNotPresent name: argocd-applicationset-controller ports: @@ -21587,7 +21839,7 @@ spec: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.37.0 + image: ghcr.io/dexidp/dex:v2.38.0 imagePullPolicy: IfNotPresent name: dex ports: @@ -21616,7 +21868,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:v2.10.7 + image: quay.io/argoproj/argocd:v2.12.4 imagePullPolicy: IfNotPresent name: copyutil securityContext: @@ -21699,7 +21951,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:v2.10.7 + image: quay.io/argoproj/argocd:v2.12.4 imagePullPolicy: IfNotPresent livenessProbe: tcpSocket: @@ -21776,7 +22028,14 @@ spec: - "" - --appendonly - "no" - image: redis:7.0.14-alpine + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: redis ports: @@ -21787,6 +22046,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:v2.12.4 + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -21831,6 +22107,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -21981,6 +22262,12 @@ spec: key: reposerver.disable.helm.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_GIT_MODULES_ENABLED valueFrom: configMapKeyRef: @@ -21999,13 +22286,25 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GRPC_MAX_SIZE_MB + valueFrom: + configMapKeyRef: + key: reposerver.grpc.max.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:v2.10.7 + image: quay.io/argoproj/argocd:v2.12.4 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -22057,7 +22356,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:v2.10.7 + image: quay.io/argoproj/argocd:v2.12.4 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -22145,6 +22444,11 @@ spec: - /argocd - '{{end}}' env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -22379,7 +22683,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:v2.10.7 + image: quay.io/argoproj/argocd:v2.12.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -22491,6 +22795,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -22667,7 +22976,13 @@ spec: key: controller.diff.server.side name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:v2.10.7 + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:v2.12.4 imagePullPolicy: IfNotPresent name: argocd-application-controller ports: @@ -22796,12 +23111,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -22821,7 +23130,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy From b2b2e6b819a28f0aead5ade79725af1f3c430fd2 Mon Sep 17 00:00:00 2001 From: Nima Kaviani Date: Sun, 20 Oct 2024 23:14:34 -0700 Subject: [PATCH 3/3] fix test Signed-off-by: Nima Kaviani --- pkg/controllers/localbuild/argo_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controllers/localbuild/argo_test.go b/pkg/controllers/localbuild/argo_test.go index e35ec4c6..946e8666 100644 --- a/pkg/controllers/localbuild/argo_test.go +++ b/pkg/controllers/localbuild/argo_test.go @@ -80,7 +80,7 @@ func TestGetK8sInstallResources(t *testing.T) { t.Fatalf("GetK8sInstallResources() error: %v", err) } - if len(objs) != 58 { + if len(objs) != 60 { t.Fatalf("Expected 58 Argo Install Resources, got: %d", len(objs)) } }