upgrade components - closes #430 refs #532

Signed-off-by: Marcin Fabrykowski <git@fabrykowski.pl>

upgrade components - closes #430 refs #532
Signed-off-by: Marcin Fabrykowski <git@fabrykowski.pl>
399b2002 · torgiren · daa59e04 · 399b2002 · 399b2002 · 399b2002
Unverified Commit 399b2002 authored 2 years ago by torgiren
Hide whitespace changes
Inline Side-by-side

Showing

with 230 additions and 119 deletions
+230 -119
--- a/chart/templates/alerts/alertmanagerconfig.yml
+++ b/chart/templates/alerts/alertmanagerconfig.yml
@@ -4,7 +4,6 @@ metadata:
  name: alertmanager-config
  namespace: prometheus-system
  annotations:
-    argocd.argoproj.io/sync-wave: "2"
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
  templates:

--- a/chart/templates/argocd.yml
+++ b/chart/templates/argocd.yml
@@ -3,13 +3,14 @@ kind: Application
 metadata:
  name: argocd
  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-1"
 spec:
  project: exphost
  source:
    repoURL: 'https://argoproj.github.io/argo-helm'
-    targetRevision: 3.35.4
+    targetRevision: 7.3.9
    chart: argo-cd
    helm:
      values: |
@@ -18,7 +19,6 @@ spec:
            enabled: true
            serviceMonitor:
              enabled: true
-          priorityClassName: high-priority
        server:
          extraArgs:
            - --insecure
@@ -28,25 +28,18 @@ spec:
              enabled: true
          ingress:
            enabled: true
-            hosts:
-              - argocd.{{ .Values.domain}}
-            tls:
-              - secretName: argocd-server-tls
-                hosts:
-                  - argocd.{{ .Values.domain}}
-            https: false
+            hostname: argocd.{{ .Values.domain}}
+            tls: true
+            #https: false
            annotations:
              cert-manager.io/cluster-issuer: acme-issuer
          ingressGrpc:
            enabled: false
-            hosts:
-              - argocd.{{ .Values.domain}}
-            tls:
-              - secretName: argocd-server-tls
-                hosts:
-                  - argocd.{{ .Values.domain}}
-            https: false
-          config:
+            hostname: argocd.{{ .Values.domain}}
+            tls: true
+            #https: false
+        config:
+          cm:
            url: https://argocd.{{ .Values.domain }}
            oidc.config: |
              name: dex
@@ -62,23 +55,14 @@ spec:
                - profile
                - email
                - groups
-          rbacConfig:
+          rbac:
            policy.csv: |
              g, argo-admins, role:admin
-
-              p, role:tenant-services, projects, get, services, allow
-              g, tenant-services, role:tenant-services
-
-          priorityClassName: high-priority
        repoServer:
          metrics:
            enabled: true
            serviceMonitor:
              enabled: true
-
-          priorityClassName: high-priority
-        redis:
-          priorityClassName: high-priority
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: argocd

--- a/chart/templates/cert-manager/cert-manager.yml
+++ b/chart/templates/cert-manager/cert-manager.yml
@@ -3,20 +3,23 @@ kind: Application
 metadata:
  name: cert-manager
  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
 spec:
  project: exphost
  source:
    repoURL: 'https://charts.jetstack.io'
-    targetRevision: v1.8.0
+    targetRevision: v1.15.1
    chart: cert-manager
    helm:
      values: |
        global:
          leaderElection:
            namespace: cert-manager
-        installCRDs: true
+        crds:
+          enabled: true
+        prometheus:
+          enabled: true
+          servicemonitor:
+            enabled: true


  destination:

--- a/chart/templates/cert-manager/issuer/issuer.yml
+++ b/chart/templates/cert-manager/issuer/issuer.yml
@@ -4,7 +4,6 @@ metadata:
  name: acme-issuer
  namespace: cert-manager
  annotations:
-    argocd.argoproj.io/sync-wave: "2"
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
  acme:

--- a/chart/templates/cilium/cilium_addresspool.yml
+++ b/chart/templates/cilium/cilium_addresspool.yml
+{{ if .Values.cilium.lb_pools }}
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: "lb-pool-{{ .Release.Name }}"
+spec:
+  blocks:
+{{- range .Values.cilium.lb_pools }}
+  - {{ toYaml . }}
+{{- end }}
+{{- end }}
--- a/chart/templates/cilium/cilium_announcement_policy.yml
+++ b/chart/templates/cilium/cilium_announcement_policy.yml
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: policy1
+spec:
+  nodeSelector:
+    matchExpressions:
+      - key: node-role.kubernetes.io/control-plane
+        operator: DoesNotExist
+  interfaces:
+  - "enx*"
+  externalIPs: true
+  loadBalancerIPs: true
--- a/chart/templates/dex/dex-k8s-authenticator.yml
+++ b/chart/templates/dex/dex-k8s-authenticator.yml
@@ -3,8 +3,6 @@ kind: Application
 metadata:
  name: dex-k8s-authenticator
  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
 spec:
  project: exphost
  source:

--- a/chart/templates/dex/dex.yml
+++ b/chart/templates/dex/dex.yml
@@ -3,13 +3,14 @@ kind: Application
 metadata:
  name: dex
  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-1"
 spec:
  project: exphost
  source:
    repoURL: 'https://charts.dexidp.io'
-    targetRevision: 0.8.2
+    targetRevision: 0.14.1
    chart: dex
    helm:
      values: |
@@ -33,7 +34,6 @@ spec:
            nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
            nginx.ingress.kubernetes.io/cors-allow-origin: "*"
            nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
-        priorityClassName: high-priority
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: dex

--- a/chart/templates/dex/dex_congig_template.yml
+++ b/chart/templates/dex/dex_congig_template.yml
@@ -4,7 +4,6 @@ metadata:
  name: dex-config
  namespace: dex
  annotations:
-    argocd.argoproj.io/sync-wave: "2"
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
  templates:

--- a/chart/templates/dex/etcd.yml
+++ b/chart/templates/dex/etcd.yml
@@ -3,13 +3,14 @@ kind: Application
 metadata:
  name: etcd
  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-1"
 spec:
  project: exphost
  source:
    repoURL: 'https://charts.bitnami.com/bitnami'
-    targetRevision: 8.1.1
+    targetRevision: 8.7.6
    chart: etcd
    helm:
      values: |

--- a/chart/templates/exphost-configuraotr.yml
+++ b/chart/templates/exphost-configuraotr.yml
@@ -3,8 +3,9 @@ kind: Application
 metadata:
  name: exphost-configurator
  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-2"
 spec:
  project: exphost
  source:

--- a/chart/templates/exphost-project.yml
+++ b/chart/templates/exphost-project.yml
@@ -3,6 +3,9 @@ kind: AppProject
 metadata:
  name: exphost
  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false
+    argocd.argoproj.io/sync-wave: "-20"
 spec:
  destinations:
  - namespace: argocd
@@ -52,5 +55,7 @@ spec:
    kind: MutatingWebhookConfiguration
  - group: '*'
    kind: PodSecurityPolicy
+  - group: '*'
+    kind: PriorityClass
  sourceRepos:
  - '*'
--- a/chart/templates/external-dns/external-dns.yml
+++ b/chart/templates/external-dns/external-dns.yml
@@ -3,21 +3,19 @@ kind: Application
 metadata:
  name: external-dns
  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
 spec:
  project: exphost
  source:
    repoURL: 'https://charts.bitnami.com/bitnami'
    chart: external-dns
-    targetRevision: 6.1.4
+    targetRevision: 8.3.4
    helm:
      values: |
-        image:
-          registry: registry.gitlab.exphost.pl
-          repository: torgiren/external-dns
-          tag: v1.0.0-mf
-          pullPolicy: Always
+        #image:
+        #  registry: registry.gitlab.exphost.pl
+        #  repository: torgiren/external-dns
+        #  tag: v1.0.0-mf
+        #  pullPolicy: Always
        sources:
          - crd
          - ingress
@@ -36,7 +34,9 @@ spec:
            enabled: true
        logLevel: debug
        crd:
-          create: true
+          # temporary workaround
+          create: false
+          #create: true
        policy: sync
        publishHostIP: true
        txtOwnerId: "k8s_{{ .Values.domain }}"

--- a/chart/templates/external-dns/temporary_crd.yml
+++ b/chart/templates/external-dns/temporary_crd.yml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+    api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/external-dns/pull/2007"
+  name: dnsendpoints.externaldns.k8s.io
+spec:
+  group: externaldns.k8s.io
+  names:
+    kind: DNSEndpoint
+    listKind: DNSEndpointList
+    plural: dnsendpoints
+    singular: dnsendpoint
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DNSEndpointSpec defines the desired state of DNSEndpoint
+            properties:
+              endpoints:
+                items:
+                  description: Endpoint is a high-level way of a connection between
+                    a service and an IP
+                  properties:
+                    dnsName:
+                      description: The hostname of the DNS record
+                      type: string
+                    labels:
+                      additionalProperties:
+                        type: string
+                      description: Labels stores labels defined for the Endpoint
+                      type: object
+                    providerSpecific:
+                      description: ProviderSpecific stores provider specific config
+                      items:
+                        description: ProviderSpecificProperty holds the name and value
+                          of a configuration which is specific to individual DNS providers
+                        properties:
+                          name:
+                            type: string
+                          value:
+                            type: string
+                        type: object
+                      type: array
+                    recordTTL:
+                      description: TTL for the record
+                      format: int64
+                      type: integer
+                    recordType:
+                      description: RecordType type of record, e.g. CNAME, A, AAAA,
+                        SRV, TXT etc
+                      type: string
+                    setIdentifier:
+                      description: Identifier to distinguish multiple records with
+                        the same name and type (e.g. Route53 records with routing
+                        policies other than 'simple')
+                      type: string
+                    targets:
+                      description: The targets the DNS record points to
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+          status:
+            description: DNSEndpointStatus defines the observed state of DNSEndpoint
+            properties:
+              observedGeneration:
+                description: The generation observed by the external-dns controller.
+                format: int64
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
--- a/chart/templates/external-dns/tsig_key.yml
+++ b/chart/templates/external-dns/tsig_key.yml
@@ -4,7 +4,6 @@ metadata:
  name: rfc2136-tsig-secret
  namespace: external-dns
  annotations:
-    argocd.argoproj.io/sync-wave: "2"
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
  templates:

--- a/chart/templates/grafana/grafana.yml
+++ b/chart/templates/grafana/grafana.yml
@@ -3,15 +3,11 @@ kind: Application
 metadata:
  name: grafana
  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-  annotations:
-    argocd.argoproj.io/sync-wave: "1"
 spec:
  project: exphost
  source:
    repoURL: 'https://charts.bitnami.com/bitnami'
-    targetRevision: 7.7.1
+    targetRevision: 8.4.5
    chart: grafana
    helm:
      values: |

--- a/chart/templates/longhorn/longhorn-backup-credentials.yml
+++ b/chart/templates/longhorn/longhorn-backup-credentials.yml
@@ -5,7 +5,6 @@ metadata:
  name: longhorn-backup-credentials-access-key
  namespace: longhorn-system
  annotations:
-    argocd.argoproj.io/sync-wave: "2"
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
  templates:

--- a/chart/templates/longhorn/longhorn.yml
+++ b/chart/templates/longhorn/longhorn.yml
@@ -3,14 +3,16 @@ kind: Application
 metadata:
  name: longhorn
  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-10"
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
  project: exphost
  source:
    repoURL: 'https://charts.longhorn.io'
    chart: longhorn
-    targetRevision: 1.2.4
+    targetRevision: 1.6.2
    helm:
      values: |
        persistence:
@@ -27,13 +29,11 @@ spec:
        defaultSettings:
          defaultDataLocality: "best-effort"
          backupTargetCredentialSecret: longhorn-backup-credentials
-          priorityClass: high-priority
-        longhornManager:
-          priorityClass: high-priority
-        longhornDriver:
-          priorityClass: high-priority
-        longhornUI:
-          priorityClass: high-priority
+        metrics:
+          serviceMonitor:
+            enabled: true
+        preUpgradeChecker:
+          jobEnabled: false

  destination:
    server: 'https://kubernetes.default.svc'
@@ -42,5 +42,3 @@ spec:
    automated:
      prune: true
      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
--- a/chart/templates/longhorn/longhorn_namespace.yml
+++ b/chart/templates/longhorn/longhorn_namespace.yml
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: longhorn-system
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+  annotations:
+    argocd.argoproj.io/sync-wave: "-10"
--- a/chart/templates/longhorn/longhorn_oauth2.yml
+++ b/chart/templates/longhorn/longhorn_oauth2.yml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: oauth2-longhorn
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: exphost
-  source:
-    repoURL: 'https://charts.bitnami.com/bitnami'
-    chart: oauth2-proxy
-    targetRevision: 2.0.2
-    helm:
-      values: |
-        ingress:
-          enabled: true
-          hostname: "longhorn.{{ .Values.domain}}"
-          path: /oauth2
-          pathType: Prefix
-          tls: true
-          annotations:
-            cert-manager.io/cluster-issuer: acme-issuer
-        configuration:
-          existingSecret: oauth2-longhorn-oauth2-proxy
-          content: |
-            provider = "oidc"
-            oidc_issuer_url = "https://auth.{{ .Values.domain }}/dex"
-            allowed_groups = ["k8s-admins"]
-            email_domains = [ "*" ]
-            upstreams = [ "file:///dev/null" ]
-        redis:
-          auth:
-            existingSecret: oauth2-longhorn-redis
-
-  destination:
-    server: 'https://kubernetes.default.svc'
-    namespace: longhorn-system
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
+#apiVersion: argoproj.io/v1alpha1
+#kind: Application
+#metadata:
+#  name: oauth2-longhorn
+#  namespace: argocd
+#spec:
+#  project: exphost
+#  source:
+#    repoURL: 'https://charts.bitnami.com/bitnami'
+#    chart: oauth2-proxy
+#    targetRevision: 3.4.9
+#    helm:
+#      values: |
+#        ingress:
+#          enabled: true
+#          hostname: "longhorn.{{ .Values.domain}}"
+#          path: /oauth2
+#          pathType: Prefix
+#          tls: true
+#          annotations:
+#            cert-manager.io/cluster-issuer: acme-issuer
+#        configuration:
+#          existingSecret: oauth2-longhorn-oauth2-proxy
+#          content: |
+#            provider = "oidc"
+#            oidc_issuer_url = "https://auth.{{ .Values.domain }}/dex"
+#            allowed_groups = ["k8s-admins"]
+#            email_domains = [ "*" ]
+#            upstreams = [ "file:///dev/null" ]
+#        redis:
+#          auth:
+#            existingSecret: oauth2-longhorn-redis
+#
+#  destination:
+#    server: 'https://kubernetes.default.svc'
+#    namespace: longhorn-system
+#  syncPolicy:
+#    automated:
+#      prune: true
+#      selfHeal: true
+#    syncOptions:
+#      - CreateNamespace=true