upgrade components - closes #430 refs #532

Signed-off-by: Marcin Fabrykowski <git@fabrykowski.pl>

chart/templates/alerts/alertmanagerconfig.yml

@@ -4,7 +4,6 @@ metadata:
   name: alertmanager-config
   namespace: prometheus-system
   annotations:
-    argocd.argoproj.io/sync-wave: "2"
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
   templates:

chart/templates/argocd.yml

@@ -3,13 +3,14 @@ kind: Application
 metadata:
   name: argocd
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-1"
 spec:
   project: exphost
   source:
     repoURL: 'https://argoproj.github.io/argo-helm'
-    targetRevision: 3.35.4
+    targetRevision: 7.3.9
     chart: argo-cd
     helm:
       values: |
@@ -18,7 +19,6 @@ spec:
             enabled: true
             serviceMonitor:
               enabled: true
-          priorityClassName: high-priority
         server:
           extraArgs:
             - --insecure
@@ -28,25 +28,18 @@ spec:
               enabled: true
           ingress:
             enabled: true
-            hosts:
-              - argocd.{{ .Values.domain}}
-            tls:
-              - secretName: argocd-server-tls
-                hosts:
-                  - argocd.{{ .Values.domain}}
-            https: false
+            hostname: argocd.{{ .Values.domain}}
+            tls: true
+            #https: false
             annotations:
               cert-manager.io/cluster-issuer: acme-issuer
           ingressGrpc:
             enabled: false
-            hosts:
-              - argocd.{{ .Values.domain}}
-            tls:
-              - secretName: argocd-server-tls
-                hosts:
-                  - argocd.{{ .Values.domain}}
-            https: false
-          config:
+            hostname: argocd.{{ .Values.domain}}
+            tls: true
+            #https: false
+        config:
+          cm:
             url: https://argocd.{{ .Values.domain }}
             oidc.config: |
               name: dex
@@ -62,23 +55,14 @@ spec:
                 - profile
                 - email
                 - groups
-          rbacConfig:
+          rbac:
             policy.csv: |
               g, argo-admins, role:admin
-
-              p, role:tenant-services, projects, get, services, allow
-              g, tenant-services, role:tenant-services
-
-          priorityClassName: high-priority
         repoServer:
           metrics:
             enabled: true
             serviceMonitor:
               enabled: true
-
-          priorityClassName: high-priority
-        redis:
-          priorityClassName: high-priority
   destination:
     server: 'https://kubernetes.default.svc'
     namespace: argocd

chart/templates/cert-manager/cert-manager.yml

@@ -3,20 +3,23 @@ kind: Application
 metadata:
   name: cert-manager
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
 spec:
   project: exphost
   source:
     repoURL: 'https://charts.jetstack.io'
-    targetRevision: v1.8.0
+    targetRevision: v1.15.1
     chart: cert-manager
     helm:
       values: |
         global:
           leaderElection:
             namespace: cert-manager
-        installCRDs: true
+        crds:
+          enabled: true
+        prometheus:
+          enabled: true
+          servicemonitor:
+            enabled: true
 
 
   destination:

chart/templates/cert-manager/issuer/issuer.yml

@@ -4,7 +4,6 @@ metadata:
   name: acme-issuer
   namespace: cert-manager
   annotations:
-    argocd.argoproj.io/sync-wave: "2"
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
   acme:

chart/templates/cilium/cilium_addresspool.yml

+{{ if .Values.cilium.lb_pools }}
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: "lb-pool-{{ .Release.Name }}"
+spec:
+  blocks:
+{{- range .Values.cilium.lb_pools }}
+  - {{ toYaml . }}
+{{- end }}
+{{- end }}

chart/templates/cilium/cilium_announcement_policy.yml

+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: policy1
+spec:
+  nodeSelector:
+    matchExpressions:
+      - key: node-role.kubernetes.io/control-plane
+        operator: DoesNotExist
+  interfaces:
+  - "enx*"
+  externalIPs: true
+  loadBalancerIPs: true

chart/templates/dex/dex-k8s-authenticator.yml

@@ -3,8 +3,6 @@ kind: Application
 metadata:
   name: dex-k8s-authenticator
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
 spec:
   project: exphost
   source:

chart/templates/dex/dex.yml

@@ -3,13 +3,14 @@ kind: Application
 metadata:
   name: dex
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-1"
 spec:
   project: exphost
   source:
     repoURL: 'https://charts.dexidp.io'
-    targetRevision: 0.8.2
+    targetRevision: 0.14.1
     chart: dex
     helm:
       values: |
@@ -33,7 +34,6 @@ spec:
             nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
             nginx.ingress.kubernetes.io/cors-allow-origin: "*"
             nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
-        priorityClassName: high-priority
   destination:
     server: 'https://kubernetes.default.svc'
     namespace: dex

chart/templates/dex/dex_congig_template.yml

@@ -4,7 +4,6 @@ metadata:
   name: dex-config
   namespace: dex
   annotations:
-    argocd.argoproj.io/sync-wave: "2"
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
   templates:

chart/templates/dex/etcd.yml

@@ -3,13 +3,14 @@ kind: Application
 metadata:
   name: etcd
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-1"
 spec:
   project: exphost
   source:
     repoURL: 'https://charts.bitnami.com/bitnami'
-    targetRevision: 8.1.1
+    targetRevision: 8.7.6
     chart: etcd
     helm:
       values: |

chart/templates/exphost-configuraotr.yml

@@ -3,8 +3,9 @@ kind: Application
 metadata:
   name: exphost-configurator
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-2"
 spec:
   project: exphost
   source:

chart/templates/exphost-project.yml

@@ -3,6 +3,9 @@ kind: AppProject
 metadata:
   name: exphost
   namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false
+    argocd.argoproj.io/sync-wave: "-20"
 spec:
   destinations:
   - namespace: argocd
@@ -52,5 +55,7 @@ spec:
     kind: MutatingWebhookConfiguration
   - group: '*'
     kind: PodSecurityPolicy
+  - group: '*'
+    kind: PriorityClass
   sourceRepos:
   - '*'

chart/templates/external-dns/external-dns.yml

@@ -3,23 +3,21 @@ kind: Application
 metadata:
   name: external-dns
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
 spec:
   project: exphost
   source:
     repoURL: 'https://charts.bitnami.com/bitnami'
     chart: external-dns
-    targetRevision: 6.1.4
+    targetRevision: 8.2.3
     helm:
       values: |
-        image:
-          registry: registry.gitlab.exphost.pl
-          repository: torgiren/external-dns
-          tag: v1.0.0-mf
-          pullPolicy: Always
+        #image:
+        #  registry: registry.gitlab.exphost.pl
+        #  repository: torgiren/external-dns
+        #  tag: v1.0.0-mf
+        #  pullPolicy: Always
         sources:
-          - crd
+          #- crd
           - ingress
           - service
         provider: rfc2136
@@ -35,8 +33,8 @@ spec:
           serviceMonitor:
             enabled: true
         logLevel: debug
-        crd:
-          create: true
+        #crd:
+        #  create: true
         policy: sync
         publishHostIP: true
         txtOwnerId: "k8s_{{ .Values.domain }}"

chart/templates/external-dns/tsig_key.yml

@@ -4,7 +4,6 @@ metadata:
   name: rfc2136-tsig-secret
   namespace: external-dns
   annotations:
-    argocd.argoproj.io/sync-wave: "2"
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
   templates:

chart/templates/grafana/grafana.yml

@@ -3,15 +3,11 @@ kind: Application
 metadata:
   name: grafana
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-  annotations:
-    argocd.argoproj.io/sync-wave: "1"
 spec:
   project: exphost
   source:
     repoURL: 'https://charts.bitnami.com/bitnami'
-    targetRevision: 7.7.1
+    targetRevision: 8.4.5
     chart: grafana
     helm:
       values: |

chart/templates/longhorn/longhorn-backup-credentials.yml

@@ -5,7 +5,6 @@ metadata:
   name: longhorn-backup-credentials-access-key
   namespace: longhorn-system
   annotations:
-    argocd.argoproj.io/sync-wave: "2"
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
   templates:

chart/templates/longhorn/longhorn.yml

@@ -3,14 +3,16 @@ kind: Application
 metadata:
   name: longhorn
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=true
+    argocd.argoproj.io/sync-wave: "-10"
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
   project: exphost
   source:
     repoURL: 'https://charts.longhorn.io'
     chart: longhorn
-    targetRevision: 1.2.4
+    targetRevision: 1.6.2
     helm:
       values: |
         persistence:
@@ -27,13 +29,11 @@ spec:
         defaultSettings:
           defaultDataLocality: "best-effort"
           backupTargetCredentialSecret: longhorn-backup-credentials
-          priorityClass: high-priority
-        longhornManager:
-          priorityClass: high-priority
-        longhornDriver:
-          priorityClass: high-priority
-        longhornUI:
-          priorityClass: high-priority
+        metrics:
+          serviceMonitor:
+            enabled: true
+        preUpgradeChecker:
+          jobEnabled: false
 
   destination:
     server: 'https://kubernetes.default.svc'
@@ -42,5 +42,3 @@ spec:
     automated:
       prune: true
       selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

chart/templates/longhorn/longhorn_namespace.yml

+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: longhorn-system
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+  annotations:
+    argocd.argoproj.io/sync-wave: "-10"

chart/templates/longhorn/longhorn_oauth2.yml

@@ -3,14 +3,12 @@ kind: Application
 metadata:
   name: oauth2-longhorn
   namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
 spec:
   project: exphost
   source:
     repoURL: 'https://charts.bitnami.com/bitnami'
     chart: oauth2-proxy
-    targetRevision: 2.0.2
+    targetRevision: 3.4.9
     helm:
       values: |
         ingress:

chart/templates/longhorn/oauth2_keys.yml

@@ -4,6 +4,8 @@ kind: Password
 metadata:
   name: oauth2-cookie
   namespace: longhorn-system
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
   name: oauth2-cookie
   types:
@@ -14,5 +16,7 @@ kind: Password
 metadata:
   name: oauth2-redis
   namespace: longhorn-system
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
   name: oauth2-redis