codefresh-io
diff --git a/‎.github/dependabot.yml‎
Lines changed: 8 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎.github/workflows/lint-and-test.yml‎
Lines changed: 3 additions & 2 deletions b/‎.github/workflows/lint-and-test.yml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎.github/workflows/pr-title.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/pr-title.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 1 addition & 1 deletion b/‎CONTRIBUTING.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/argo-cd/Chart.lock‎
Lines changed: 3 additions & 3 deletions b/‎charts/argo-cd/Chart.lock‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎charts/argo-cd/Chart.yaml‎
Lines changed: 5 additions & 6 deletions b/‎charts/argo-cd/Chart.yaml‎
Lines changed: 5 additions & 6 deletions
diff --git a/‎charts/argo-cd/README.md‎
Lines changed: 85 additions & 38 deletions b/‎charts/argo-cd/README.md‎
Lines changed: 85 additions & 38 deletions
diff --git a/‎charts/argo-cd/README.md.gotmpl‎
Lines changed: 33 additions & 7 deletions b/‎charts/argo-cd/README.md.gotmpl‎
Lines changed: 33 additions & 7 deletions
diff --git a/‎charts/argo-cd/templates/NOTES.txt‎
Lines changed: 23 additions & 5 deletions b/‎charts/argo-cd/templates/NOTES.txt‎
Lines changed: 23 additions & 5 deletions
diff --git a/‎charts/argo-cd/templates/_helpers.tpl‎
Lines changed: 20 additions & 5 deletions b/‎charts/argo-cd/templates/_helpers.tpl‎
Lines changed: 20 additions & 5 deletions
@@ -0,0 +1,8 @@
+## Reference: https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: "saturday"
@@ -26,10 +26,10 @@ jobs:
 
       - name: Setup Chart Linting
         id: lint
-        uses: helm/[email protected].0
+        uses: helm/[email protected].1
         with:
           # Note: Also update in scripts/lint.sh
-          version: v3.7.0
+          version: v3.7.1
 
       - name: List changed charts
         id: list-changed
@@ -41,6 +41,7 @@ jobs:
             echo "::set-output name=changed::true"
             echo "::set-output name=changed_charts::$charts"
           fi
+
       - name: Run chart-testing (lint)
         run: ct lint --debug --config ./.github/configs/ct-lint.yaml --target-branch ${{ github.base_ref }} --lint-conf ./.github/configs/lintconf.yaml
 
 
@@ -19,7 +19,7 @@ jobs:
     name: Validate PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@v4
+      - uses: amannn/action-semantic-pull-request@v5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
 
@@ -93,7 +93,7 @@ helm dependency update
 Minimally:
 
 ```
-helm install charts/argo-cd --namespace argocd -n argo-cd
+helm install argocd  argo/argo-cd  -n argocd --create-namespace
 kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
 ```
 
 
@@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
   repository: https://dandydeveloper.github.io/charts/
-  version: 4.22.2
-digest: sha256:b6dc7774d0cc20a7a889d10e61f3dd653bdacd7836558f4875688b5cb5051d80
-generated: "2022-09-19T12:39:19.736045+02:00"
+  version: 4.22.3
+digest: sha256:ef6269e4e073dad10c230ccfb069fc013608111c895c5e7568450bb3967cf195
+generated: "2022-11-03T12:04:33.673857+09:00"
@@ -1,8 +1,9 @@
 apiVersion: v2
-appVersion: v2.4.15-cap-CR-16709-init-app-proxy
+appVersion: v2.5.5-cap-CR-16950
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 5.7.0-2-CR-16709-init-app-proxy
+version: 5.16.0-2-cap-CR-16950
+kubeVersion: ">=1.22.0-0"
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -17,11 +18,9 @@ maintainers:
     url: https://argoproj.github.io/
 dependencies:
   - name: redis-ha
-    version: 4.22.2
+    version: 4.22.3
     repository: https://dandydeveloper.github.io/charts/
     condition: redis-ha.enabled
 annotations:
   artifacthub.io/changes: |
-    - "[Added]: Configuration sections configs.cm and configs.rbac"
-    - "[Deprecated]: Generic configuration via server.config"
-    - "[Deprecated]: Argo RBAC configuration via server.rbacConfig"
+    - "[Added]: Ability to annotate Deployment and Statefulset objects for all components"
@@ -10,7 +10,7 @@ This is a **community maintained** chart. This chart installs [argo-cd](https://
 
 The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases).
 
-If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative set up](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/) of Argo CD.
+If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD.
 For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.).
 
 ## High Availability
@@ -41,7 +41,7 @@ repoServer:
     minReplicas: 2
 
 applicationSet:
-  replicas: 2
+  replicaCount: 2
 ```
 
 ### HA mode without autoscaling
@@ -60,7 +60,7 @@ repoServer:
   replicas: 2
 
 applicationSet:
-  replicas: 2
+  replicaCount: 2
 ```
 
 ### Synchronizing Changes from Original Repository
@@ -83,8 +83,6 @@ git diff v1.8.7 v2.0.0 -- manifests/install.yaml
 
 Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds).
 
-## Upgrading
-
 ### Custom resource definitions
 
 Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart.
@@ -100,6 +98,32 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=<appVer
 kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9"
 ```
 
+## Changelog
+
+For full list of changes please check ArtifactHub [changelog].
+
+Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
+
+### 5.13.0
+
+This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter.
+
+### 5.12.0
+
+This version deprecates the `configs.secret.argocdServerTlsConfig` option. Use `server.certificate` or `server.certificateSecret` to provide custom TLS configuration for Argo CD server.
+If you terminate TLS on ingress please use `argocd-server-tls` secret instead of `argocd-secret` secret.
+
+### 5.10.0
+
+This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly.
+The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project.
+
+### 5.7.0
+
+This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively.
+Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`.
+If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes.
+
 ### 5.5.20
 
 This version moved API version templates into dedicated helper. If you are using these in your umbrella
@@ -312,7 +336,7 @@ server:
 
 ## Prerequisites
 
-- Kubernetes 1.7+
+- {{ template "chart.kubeVersionLine" . }}
 - Helm v3.0.0+
 
 ## Installing the Chart
@@ -490,10 +514,12 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
 [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
+[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
 [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
 [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
-[Declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
+[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
 [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
+[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
 [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
 [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
 [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
 
@@ -28,24 +28,42 @@ DEPRECATED option server.logFormat - Use configs.params.server.log.format
 {{- if .Values.server.logLevel }}
 DEPRECATED option server.logLevel - Use configs.params.server.log.level
 {{- end }}
+{{- if has "--insecure" .Values.server.extraArgs }}
+DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure
+{{- end }}
 {{- if .Values.repoServer.logFormat }}
 DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format
 {{- end }}
 {{- if .Values.repoServer.logLevel }}
 DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level
 {{- end }}
-{{- if or .Values.server.config .Values.server.configEnabled .Values.server.configAnnotations }}
+{{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }}
 DEPRECATED option server.config - Use configs.cm
 {{- end }}
-{{- if or .Values.server.rbacConfig .Values.server.rbacConfigCreate .Values.server.rbacConfigAnnotations }}
+{{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }}
 DEPRECATED option server.rbacConfig - Use configs.rbac
 {{- end }}
+{{- if .Values.configs.secret.argocdServerTlsConfig }}
+DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret
+{{- end }}
+{{- if .Values.configs.gpgKeys }}
+DEPRECATED option configs.gpgKeys - Use config.gpg.keys
+{{- end }}
+{{- if .Values.configs.gpgKeysAnnotations }}
+DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
+{{- end }}
 {{- if .Values.controller.service }}
 REMOVED option controller.service - Use controller.metrics
 {{- end }}
 {{- if .Values.repoServer.copyutil }}
 REMOVED option repoSever.copyutil.resources - Use repoServer.resources
 {{- end }}
+{{- if .Values.applicationSet.args.debug }}
+REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug
+{{- end }}
+{{- if .Values.applicationSet.args.enableLeaderElection }}
+REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas
+{{- end }}
 
 In order to access the server UI you have the following options:
 
@@ -58,14 +76,14 @@ In order to access the server UI you have the following options:
       - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
 
 
-{{ if eq (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled") "true" -}}
+{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}}
 After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
 
 kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
 
 (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
-{{ else if or (index .Values.server.config "dex.config") (index .Values.server.config "oidc.config") -}}
+{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}
 After reaching the UI the first time you can login using Dex or OIDC.
 {{ else -}}
-After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `server.config.dex.config` or OIDC via `server.config.oidc.config`.
+After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `configs.cm.dex.config` or OIDC via `configs.cm.oidc.config`.
 {{ end -}}
@@ -15,6 +15,17 @@ Create dex name and version as used by the chart label.
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Create Dex server endpoint
+*/}}
+{{- define "argo-cd.dex.server" -}}
+{{- $insecure := index .Values.configs.params "dexserver.disable.tls" | toString -}}
+{{- $scheme := (eq $insecure "true") | ternary "http" "https" -}}
+{{- $host := include "argo-cd.dex.fullname" . -}}
+{{- $port := int .Values.dex.servicePortHttp -}}
+{{- printf "%s://%s:%d" $scheme $host $port }}
+{{- end }}
+
 {{/*
 Create redis name and version as used by the chart label.
 */}}
@@ -171,21 +182,25 @@ ui.cssurl: "./custom/custom.styles.css"
 Merge Argo Configuration with Preset Configuration
 */}}
 {{- define "argo-cd.config.cm" -}}
-{{- $config := coalesce .Values.server.config (omit .Values.configs.cm "create" "annotations") -}}
+{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict))  -}}
 {{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
-{{- mergeOverwrite $preset $config | toYaml }}
+{{- range $key, $value := mergeOverwrite $preset $config }}
+{{ $key }}: {{ toString $value | toYaml }}
+{{- end }}
 {{- end -}}
 
 {{/*
 Argo Params Default Configuration Presets
 */}}
 {{- define "argo-cd.config.params.presets" -}}
 repo.server: "{{ include "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}"
+server.repo.server.strict.tls: {{ .Values.repoServer.certificateSecret.enabled | toString }}
 {{- with include "argo-cd.redis.server" . }}
 redis.server: {{ . | quote }}
 {{- end }}
 {{- if .Values.dex.enabled }}
-server.dex.server: "http://{{ include "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }}"
+server.dex.server: {{ include "argo-cd.dex.server" . | quote }}
+server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }}
 {{- end }}
 {{- range $component := tuple "controller" "server" "reposerver" }}
 {{ $component }}.log.format: {{ $.Values.global.logging.format | quote }}
@@ -198,8 +213,8 @@ Merge Argo Params Configuration with Preset Configuration
 */}}
 {{- define "argo-cd.config.params" -}}
 {{- $config := omit .Values.configs.params "annotations" }}
-{{- $preset := include "argo-cd.config.params.presets" $ | fromYaml | default dict -}}
+{{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}}
 {{- range $key, $value := mergeOverwrite $preset $config }}
-{{ $key }}: {{ $value | quote }}
+{{ $key }}: {{ toString $value | toYaml }}
 {{- end }}
 {{- end -}}