DaoCloud · weizhoublue · Sep 19, 2024
@@ -1,12 +1,12 @@
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: Bump argo-cd to v2.12.1
+    - kind: fixed
+      description: Certificate template was wrong leading to null
   artifacthub.io/signKey: |
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
 apiVersion: v2
-appVersion: v2.12.1
+appVersion: v2.12.3
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
@@ -22,8 +22,8 @@ name: argo-cd
 sources:
   - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
   - https://github.com/argoproj/argo-cd
-version: 7.4.4
+version: 7.5.2
 dependencies:
   - name: argo-cd
-    version: "7.4.4"
+    version: "7.5.2"
     repository: "https://argoproj.github.io/argo-helm"
@@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach.
 Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
 * Delete `argocd-redis` secret in the namespace where Argo CD is installed.
   ```bash
-  kubectl delete secret argocd-redis -n <argocd namesapce>
+  kubectl delete secret argocd-redis -n <argocd namespace>
   ```
 * **Perform a helm upgrade**
   ```bash

@@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
   repository: https://dandydeveloper.github.io/charts/
-  version: 4.26.1
-digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41
-generated: "2024-02-18T19:42:53.135599+02:00"
+  version: 4.27.6
+digest: sha256:69c6b20682f0a2a8044b71731b7c656a57118088a7b3611f59217b537167af2e
+generated: "2024-08-28T13:02:33.763307+02:00"
@@ -1,17 +1,17 @@
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: Bump argo-cd to v2.12.1
+    - kind: fixed
+      description: Certificate template was wrong leading to null
   artifacthub.io/signKey: |
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
 apiVersion: v2
-appVersion: v2.12.1
+appVersion: v2.12.3
 dependencies:
 - condition: redis-ha.enabled
   name: redis-ha
   repository: https://dandydeveloper.github.io/charts/
-  version: 4.26.1
+  version: 4.27.6
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool
   for Kubernetes.
 home: https://github.com/argoproj/argo-helm
@@ -28,4 +28,4 @@ name: argo-cd
 sources:
 - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
 - https://github.com/argoproj/argo-cd
-version: 7.4.4
+version: 7.5.2
@@ -315,7 +315,7 @@ Upstream steps in the [FAQ] are not enough, since we chose a different approach.
 Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
 * Delete `argocd-redis` secret in the namespace where Argo CD is installed.
   ```bash
-  kubectl delete secret argocd-redis -n <argocd namesapce>
+  kubectl delete secret argocd-redis -n <argocd namespace>
   ```
 * **Perform a helm upgrade**
   ```bash

@@ -18,4 +18,4 @@ sources:
 - https://redis.io/download
 - https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha
 - https://github.com/oliver006/redis_exporter
-version: 4.26.1
+version: 4.27.6
@@ -0,0 +1,14 @@
+---
+## Testing if muti-valued config is working or not
+redis:
+  config:
+    min-replicas-to-write: 1
+    min-replicas-max-lag: 5
+    maxmemory: "0"
+    maxmemory-policy: "volatile-lru"
+    save:
+      - "900 1"
+      - "300 10"
+    repl-diskless-sync: "yes"
+    rdbcompression: "yes"
+    rdbchecksum: "yes"
@@ -27,7 +27,13 @@
     {{- end }}
     {{- end }}
     {{- range $key, $value := .Values.redis.config }}
+    {{- if kindIs "slice" $value }}
+        {{- range $value }}
+    {{ $key }} {{ . }}
+        {{- end }}
+        {{- else }}
     {{ $key }} {{ $value }}
+        {{- end }}
     {{- end }}
 {{- if .Values.auth }}
     requirepass replace-default-auth
@@ -459,6 +465,7 @@
         identify_announce_ip
     done
 
+    trap "exit 0" TERM
     while true; do
         sleep {{ .Values.splitBrainDetection.interval }}
 
@@ -636,11 +643,12 @@
       {{- end}}
         ping
     )
-    if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then
-      echo "$response"
-      exit 1
-    fi
     echo "response=$response"
+    case $response in
+      PONG|LOADING*) ;;
+      *) exit 1 ;;
+    esac
+    exit 0
 {{- end }}
 
 {{- define "redis_readiness.sh" }}

@@ -12,6 +12,10 @@ metadata:
     {{- range $key, $value := .Values.extraLabels }}
     {{ $key }}: {{ $value | quote }}
     {{- end }}
+{{- if .Values.serviceAccount.annotations }}
+  annotations:
+{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
+{{- end }}
 {{- if or .Values.auth .Values.sentinel.auth }}
 secrets:
 {{- end }}

@@ -251,9 +251,17 @@ spec:
         image: {{ include "global.images.image" (dict "imageRoot" .Values.image "global" .Values.global ) }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         command:
-        - redis-server
+        {{- if .Values.redis.customCommand }}
+{{ toYaml .Values.redis.customCommand | indent 10 }}
+        {{- else }}
+          - redis-server
+        {{- end }}
         args:
-        - /data/conf/redis.conf
+        {{- if .Values.redis.customArgs }}
+{{ toYaml .Values.redis.customArgs | indent 10 }}
+        {{- else }}
+          - /data/conf/redis.conf
+        {{- end }}
         securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}        
         {{- if .Values.auth }}
         env:
@@ -267,6 +275,10 @@ spec:
             {{- end }}
               key: {{ .Values.authKey }}
         {{- end }}
+        {{- if .Values.redis.envFrom }}
+        envFrom:
+{{ toYaml .Values.redis.envFrom | indent 10 }}
+        {{- end }}
         livenessProbe:
           initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }}
           periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }}
@@ -321,9 +333,17 @@ spec:
         image: {{ include "global.images.image" (dict "imageRoot" .Values.image "global" .Values.global ) }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         command:
+        {{- if .Values.sentinel.customCommand }}
+{{ toYaml .Values.sentinel.customCommand | indent 10 }}
+        {{- else }}
           - redis-sentinel
+        {{- end }}
         args:
+        {{- if .Values.sentinel.customArgs }}
+{{ toYaml .Values.sentinel.customArgs | indent 10 }}
+        {{- else }}
           - /data/conf/sentinel.conf
+        {{- end }}
         securityContext: {{ toYaml .Values.containerSecurityContext | nindent 10 }}        
 {{- if or .Values.auth .Values.sentinel.auth}}
         env:
@@ -487,19 +507,9 @@ spec:
             value: /tls-certs/{{ .Values.tls.caCertFile }}
         {{- end }}
         livenessProbe:
-          httpGet:
-            path: {{ .Values.exporter.scrapePath }}
-            port: {{ .Values.exporter.port }}
-          initialDelaySeconds: {{ .Values.exporter.livenessProbe.initialDelaySeconds }}
-          timeoutSeconds: {{ .Values.exporter.livenessProbe.timeoutSeconds }}
-          periodSeconds: {{ .Values.exporter.livenessProbe.periodSeconds }}
+{{ toYaml .Values.exporter.livenessProbe | indent 10 }}
         readinessProbe:
-          httpGet:
-            path: {{ .Values.exporter.scrapePath }}
-            port: {{ .Values.exporter.port }}
-          initialDelaySeconds: {{ .Values.exporter.readinessProbe.initialDelaySeconds }}
-          timeoutSeconds: {{ .Values.exporter.readinessProbe.timeoutSeconds }}
-          periodSeconds: {{ .Values.exporter.readinessProbe.periodSeconds }}
+{{ toYaml .Values.exporter.readinessProbe | indent 10 }}
         resources:
 {{ toYaml .Values.exporter.resources | indent 10 }}
         ports:
@@ -518,9 +528,9 @@ spec:
 {{- if .Values.extraContainers }}
 {{- toYaml .Values.extraContainers | nindent 6 }}
 {{- end -}}
-{{- if .Values.priorityClassName }}
-      priorityClassName: {{ .Values.priorityClassName }}
-{{- end }}
+      {{- with .Values.priorityClassName | default .Values.global.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
       volumes:
       - name: config
         configMap:
@@ -556,7 +566,9 @@ spec:
 {{- end -}}
 {{- if .Values.persistentVolume.enabled }}
   volumeClaimTemplates:
-  - metadata:
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
       name: data
       annotations:
       {{- range $key, $value := .Values.persistentVolume.annotations }}

@@ -49,6 +49,7 @@ spec:
       {{- else }}
       serviceAccountName: {{ .Values.haproxy.serviceAccountName }}
       {{- end }}
+      automountServiceAccountToken: {{ .Values.haproxy.serviceAccount.automountToken }}
       securityContext: {{ toYaml .Values.haproxy.securityContext | nindent 8 }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
@@ -178,9 +179,9 @@ spec:
 {{- end }}
         lifecycle:
 {{ toYaml .Values.haproxy.lifecycle | indent 10 }}
-{{- if .Values.haproxy.priorityClassName }}
-      priorityClassName: {{ .Values.haproxy.priorityClassName }}
-{{- end }}
+      {{- with .Values.haproxy.priorityClassName | default .Values.global.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
       volumes:
 {{- if .Values.haproxy.tls.enabled }}
       - name: pemfile

@@ -1,8 +1,12 @@
+## Globally shared configuration
+global:
+  # -- Default priority class for all components
+  priorityClassName: ""
 ## Configure resource requests and limits
 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
 ##
 image:
-  repository: redis
+  repository: public.ecr.aws/docker/library/redis
   tag: 7.2.4-alpine
   pullPolicy: IfNotPresent
   registry: docker.m.daocloud.io
@@ -53,6 +57,8 @@ serviceAccount:
   ## opt in/out of automounting API credentials into container
   ## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
   automountToken: false
+  # Annotations to be added to the service account for the redis statefulset
+  annotations: {}
 ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
 ## Recommend for externally exposed Redis clusters.
 ## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html
@@ -78,7 +84,7 @@ haproxy:
     #   maxSurge: 25%
     #   maxUnavailable: 25%
   image:
-    repository: haproxy
+    repository: public.ecr.aws/docker/library/haproxy
     tag: 2.9.4-alpine
     pullPolicy: IfNotPresent
     registry: docker.m.daocloud.io
@@ -119,6 +125,7 @@ haproxy:
   serviceAccountName: redis-sa
   serviceAccount:
     create: true
+    automountToken: false
   ## Official HAProxy embedded prometheus metrics settings.
   ## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter
   ##
@@ -223,7 +230,7 @@ rbac:
 sysctlImage:
   enabled: false
   command: []
-  registry: docker.io
+  registry: public.ecr.aws/docker/library
   repository: busybox
   tag: 1.34.1
   pullPolicy: Always
@@ -238,6 +245,15 @@ sysctlImage:
 redis:
   port: 6379
   masterGroupName: "mymaster" # must match ^[\\w-\\.]+$) and can be templated
+  customCommand: []
+  # - bash
+  customArgs: []
+  # - "custom-startup.sh"
+
+  envFrom: []
+  # - secretRef:
+  #     name: add-env-secret
+
   ## Configures redis with tls-port parameter
   # tlsPort: 6385
 
@@ -331,6 +347,8 @@ sentinel:
 
   ## Defines the key holding the sentinel password in existing secret.
   authKey: sentinel-password
+  customCommand: []
+  customArgs: []
   # liveness probe parameters for sentinel container
   livenessProbe:
     initialDelaySeconds: 30
@@ -452,9 +470,9 @@ exporter:
   tag: v1.57.0
   pullPolicy: IfNotPresent
   # prometheus port & scrape path
-  port: 9121
+  port: &exporter_port 9121
   portName: exporter-port
-  scrapePath: /metrics
+  scrapePath: &exporter_scrapePath /metrics
   # Address/Host for Redis instance. Default: localhost
   # Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments
   ##
@@ -508,10 +526,16 @@ exporter:
   # prometheus exporter SCANS redis db which can take some time
   # allow different probe settings to not let container crashloop
   livenessProbe:
+    httpGet:
+      path: *exporter_scrapePath
+      port: *exporter_port
     initialDelaySeconds: 15
     timeoutSeconds: 3
     periodSeconds: 15
   readinessProbe:
+    httpGet:
+      path: *exporter_scrapePath
+      port: *exporter_port
     initialDelaySeconds: 15
     timeoutSeconds: 3
     periodSeconds: 15

@@ -183,7 +183,7 @@ Argo Configuration Preset Values (Influenced by Values configuration)
 {{- define "argo-cd.config.cm.presets" -}}
 {{- $presets := dict -}}
 {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}}
-{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}}
+{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}}
 {{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}}
 {{- end -}}
 {{- if .Values.configs.styles -}}

@@ -13,13 +13,13 @@ metadata:
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
+  {{- with .Values.server.certificate.secretTemplateAnnotations }}
   secretTemplate:
-    {{- with .Values.server.certificate.secretTemplateAnnotations }}
     annotations:
       {{- range $key, $value := . }}
       {{ $key }}: {{ $value | quote }}
       {{- end }}
-    {{- end }} 
+  {{- end }} 
   secretName: argocd-server-tls
   commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
   dnsNames: