Merge branch 'master' into appset-resource-events

alexymantha · Apr 2, 2024 · 65a3dfa · 65a3dfa
2 parents 8fe019e + f287dab
commit 65a3dfa
Show file tree

Hide file tree

Showing 51 changed files with 3,600 additions and 1,707 deletions.
diff --git a/USERS.md b/USERS.md
@@ -25,6 +25,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Ant Group](https://www.antgroup.com/)
 1. [AppDirect](https://www.appdirect.com)
 1. [Arctiq Inc.](https://www.arctiq.ca)
+2. [Arturia](https://www.arturia.com)
 1. [ARZ Allgemeines Rechenzentrum GmbH](https://www.arz.at/)
 1. [Autodesk](https://www.autodesk.com)
 1. [Axians ACSP](https://www.axians.fr)
@@ -263,6 +264,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [SCRM Lidl International Hub](https://scrm.lidl)
 1. [SEEK](https://seek.com.au)
 1. [Semgrep](https://semgrep.com)
+1. [Shield](https://shield.com)
 1. [SI Analytics](https://si-analytics.ai)
 1. [Skit](https://skit.ai/)
 1. [Skyscanner](https://www.skyscanner.net/)

diff --git a/cmd/argocd-repo-server/commands/argocd_repo_server.go b/cmd/argocd-repo-server/commands/argocd_repo_server.go
@@ -68,6 +68,7 @@ func NewCommand() *cobra.Command {
 		streamedManifestMaxTarSize        string
 		streamedManifestMaxExtractedSize  string
 		helmManifestMaxExtractedSize      string
+		helmRegistryMaxIndexSize          string
 		disableManifestMaxExtractedSize   bool
 	)
 	var command = cobra.Command{
@@ -110,6 +111,9 @@ func NewCommand() *cobra.Command {
 			helmManifestMaxExtractedSizeQuantity, err := resource.ParseQuantity(helmManifestMaxExtractedSize)
 			errors.CheckError(err)
 
+			helmRegistryMaxIndexSizeQuantity, err := resource.ParseQuantity(helmRegistryMaxIndexSize)
+			errors.CheckError(err)
+
 			askPassServer := askpass.NewServer()
 			metricsServer := metrics.NewMetricsServer()
 			cacheutil.CollectMetrics(redisClient, metricsServer)
@@ -125,6 +129,7 @@ func NewCommand() *cobra.Command {
 				StreamedManifestMaxExtractedSize:             streamedManifestMaxExtractedSizeQuantity.ToDec().Value(),
 				StreamedManifestMaxTarSize:                   streamedManifestMaxTarSizeQuantity.ToDec().Value(),
 				HelmManifestMaxExtractedSize:                 helmManifestMaxExtractedSizeQuantity.ToDec().Value(),
+				HelmRegistryMaxIndexSize:                     helmRegistryMaxIndexSizeQuantity.ToDec().Value(),
 			}, askPassServer)
 			errors.CheckError(err)
 
@@ -208,6 +213,7 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&streamedManifestMaxTarSize, "streamed-manifest-max-tar-size", env.StringFromEnv("ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE", "100M"), "Maximum size of streamed manifest archives")
 	command.Flags().StringVar(&streamedManifestMaxExtractedSize, "streamed-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of streamed manifest archives when extracted")
 	command.Flags().StringVar(&helmManifestMaxExtractedSize, "helm-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of helm manifest archives when extracted")
+	command.Flags().StringVar(&helmRegistryMaxIndexSize, "helm-registry-max-index-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_INDEX_SIZE", "1G"), "Maximum size of registry index file")
 	command.Flags().BoolVar(&disableManifestMaxExtractedSize, "disable-helm-manifest-max-extracted-size", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE", false), "Disable maximum size of helm manifest archives when extracted")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command)
 	cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, cacheutil.Options{

diff --git a/cmd/argocd/commands/admin/app.go b/cmd/argocd/commands/admin/app.go
@@ -24,6 +24,7 @@ import (
 	"github.com/argoproj/argo-cd/v2/controller"
 	"github.com/argoproj/argo-cd/v2/controller/cache"
 	"github.com/argoproj/argo-cd/v2/controller/metrics"
+	"github.com/argoproj/argo-cd/v2/controller/sharding"
 	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
@@ -269,18 +270,26 @@ func NewReconcileCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command
 
 			var result []appReconcileResult
 			if refresh {
+				appClientset := appclientset.NewForConfigOrDie(cfg)
+				kubeClientset := kubernetes.NewForConfigOrDie(cfg)
 				if repoServerAddress == "" {
 					printLine("Repo server is not provided, trying to port-forward to argocd-repo-server pod.")
 					overrides := clientcmd.ConfigOverrides{}
-					repoServerPodLabelSelector := common.LabelKeyAppName + "=" + clientOpts.RepoServerName
+					repoServerName := clientOpts.RepoServerName
+					repoServerServiceLabelSelector := common.LabelKeyComponentRepoServer + "=" + common.LabelValueComponentRepoServer
+					repoServerServices, err := kubeClientset.CoreV1().Services(namespace).List(context.Background(), v1.ListOptions{LabelSelector: repoServerServiceLabelSelector})
+					errors.CheckError(err)
+					if len(repoServerServices.Items) > 0 {
+						if repoServerServicelabel, ok := repoServerServices.Items[0].Labels[common.LabelKeyAppName]; ok && repoServerServicelabel != "" {
+							repoServerName = repoServerServicelabel
+						}
+					}
+					repoServerPodLabelSelector := common.LabelKeyAppName + "=" + repoServerName
 					repoServerPort, err := kubeutil.PortForward(8081, namespace, &overrides, repoServerPodLabelSelector)
 					errors.CheckError(err)
 					repoServerAddress = fmt.Sprintf("localhost:%d", repoServerPort)
 				}
 				repoServerClient := reposerverclient.NewRepoServerClientset(repoServerAddress, 60, reposerverclient.TLSConfiguration{DisableTLS: false, StrictValidation: false})
-
-				appClientset := appclientset.NewForConfigOrDie(cfg)
-				kubeClientset := kubernetes.NewForConfigOrDie(cfg)
 				result, err = reconcileApplications(ctx, kubeClientset, appClientset, namespace, repoServerClient, selector, newLiveStateCache, serverSideDiff)
 				errors.CheckError(err)
 			} else {
@@ -437,5 +446,5 @@ func reconcileApplications(
 }
 
 func newLiveStateCache(argoDB db.ArgoDB, appInformer kubecache.SharedIndexInformer, settingsMgr *settings.SettingsManager, server *metrics.MetricsServer) cache.LiveStateCache {
-	return cache.NewLiveStateCache(argoDB, appInformer, settingsMgr, kubeutil.NewKubectl(), server, func(managedByApp map[string]bool, ref apiv1.ObjectReference) {}, nil, argo.NewResourceTracking())
+	return cache.NewLiveStateCache(argoDB, appInformer, settingsMgr, kubeutil.NewKubectl(), server, func(managedByApp map[string]bool, ref apiv1.ObjectReference) {}, &sharding.ClusterSharding{}, argo.NewResourceTracking())
 }
diff --git a/cmd/argocd/commands/headless/headless.go b/cmd/argocd/commands/headless/headless.go
@@ -18,6 +18,7 @@ import (
 	"github.com/redis/go-redis/v9"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes"
 	cache2 "k8s.io/client-go/tools/cache"
@@ -115,14 +116,27 @@ type forwardRepoClientset struct {
 	repoClientset  repoapiclient.Clientset
 	err            error
 	repoServerName string
+	kubeClientset  kubernetes.Interface
 }
 
 func (c *forwardRepoClientset) NewRepoServerClient() (io.Closer, repoapiclient.RepoServerServiceClient, error) {
 	c.init.Do(func() {
 		overrides := clientcmd.ConfigOverrides{
 			CurrentContext: c.context,
 		}
-		repoServerPodLabelSelector := common.LabelKeyAppName + "=" + c.repoServerName
+		repoServerName := c.repoServerName
+		repoServererviceLabelSelector := common.LabelKeyComponentRepoServer + "=" + common.LabelValueComponentRepoServer
+		repoServerServices, err := c.kubeClientset.CoreV1().Services(c.namespace).List(context.Background(), v1.ListOptions{LabelSelector: repoServererviceLabelSelector})
+		if err != nil {
+			c.err = err
+			return
+		}
+		if len(repoServerServices.Items) > 0 {
+			if repoServerServicelabel, ok := repoServerServices.Items[0].Labels[common.LabelKeyAppName]; ok && repoServerServicelabel != "" {
+				repoServerName = repoServerServicelabel
+			}
+		}
+		repoServerPodLabelSelector := common.LabelKeyAppName + "=" + repoServerName
 		repoServerPort, err := kubeutil.PortForward(8081, c.namespace, &overrides, repoServerPodLabelSelector)
 		if err != nil {
 			c.err = err
@@ -237,7 +251,7 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti
 		KubeClientset:        kubeClientset,
 		Insecure:             true,
 		ListenHost:           *address,
-		RepoClientset:        &forwardRepoClientset{namespace: namespace, context: ctxStr, repoServerName: clientOpts.RepoServerName},
+		RepoClientset:        &forwardRepoClientset{namespace: namespace, context: ctxStr, repoServerName: clientOpts.RepoServerName, kubeClientset: kubeClientset},
 		EnableProxyExtension: false,
 	})
 	srv.Init(ctx)

diff --git a/common/common.go b/common/common.go
@@ -188,6 +188,10 @@ const (
 	// AnnotationKeyAppSkipReconcile tells the Application to skip the Application controller reconcile.
 	// Skip reconcile when the value is "true" or any other string values that can be strconv.ParseBool() to be true.
 	AnnotationKeyAppSkipReconcile = "argocd.argoproj.io/skip-reconcile"
+	// LabelKeyComponentRepoServer is the label key to identify the component as repo-server
+	LabelKeyComponentRepoServer = "app.kubernetes.io/component"
+	// LabelValueComponentRepoServer is the label value for the repo-server component
+	LabelValueComponentRepoServer = "repo-server"
 )
 
 // Environment variables for tuning and debugging Argo CD

diff --git a/controller/cache/cache.go b/controller/cache/cache.go
@@ -437,6 +437,10 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e
 		return nil, fmt.Errorf("error getting cluster: %w", err)
 	}
 
+	if c.clusterSharding == nil {
+		return nil, fmt.Errorf("unable to handle cluster %s: cluster sharding is not configured", cluster.Server)
+	}
+
 	if !c.canHandleCluster(cluster) {
 		return nil, fmt.Errorf("controller is configured to ignore cluster %s", cluster.Server)
 	}

diff --git a/docs/developer-guide/code-contributions.md b/docs/developer-guide/code-contributions.md
@@ -103,10 +103,12 @@ Design documents are usually submitted as PR and use [this template](https://git
 
 Our community regularly meets virtually to discuss issues, ideas and enhancements around Argo CD. We do invite you to join this virtual meetings if you want to bring up certain things (including your enhancement proposals), participate in our triaging or just want to get to know other contributors.
 
-The current cadence of our meetings is weekly, every Thursday at 4:15pm UTC (8:15am Pacific, 11:15am Eastern, 5:15pm Central European, 9:45pm Indian). We use Zoom to conduct these meetings.
+The current cadence of our meetings is weekly, every Thursday at 8:15AM Pacific Time ([click here to check in your current timezone][1]). We use Zoom to conduct these meetings.
 
 * [Agenda document (Google Docs, includes Zoom link)](https://docs.google.com/document/d/1xkoFkVviB70YBzSEa4bDnu-rUZ1sIFtwKKG1Uw8XsY8)
 
 If you want to discuss something, we kindly ask you to put your item on the
 [agenda](https://docs.google.com/document/d/1xkoFkVviB70YBzSEa4bDnu-rUZ1sIFtwKKG1Uw8XsY8)
-for one of the upcoming meetings so that we can plan in the time for discussing it.
+for one of the upcoming meetings so that we can plan in the time for discussing it.
+
+[1]: https://www.timebie.com/std/pacific.php?q=081500
diff --git a/docs/operator-manual/security.md b/docs/operator-manual/security.md
@@ -30,7 +30,7 @@ in one of the following ways:
 ## Authorization
 
 Authorization is performed by iterating the list of group membership in a user's JWT groups claims,
-and comparing each group against the roles/rules in the [RBAC](../rbac) policy. Any matched rule
+and comparing each group against the roles/rules in the [RBAC](./rbac.md) policy. Any matched rule
 permits access to the API request.
 
 ## TLS
@@ -144,7 +144,7 @@ argocd cluster rm https://your-kubernetes-cluster-addr
 
 ## Cluster RBAC
 
-By default, Argo CD uses a [clusteradmin level role](https://github.com/argoproj/argo-cd/blob/master/manifests/base/application-controller/argocd-application-controller-role.yaml)
+By default, Argo CD uses a [clusteradmin level role](https://github.com/argoproj/argo-cd/blob/master/manifests/base/application-controller-roles/argocd-application-controller-role.yaml)
 in order to:
 
 1. watch & operate on cluster state

diff --git a/docs/operator-manual/server-commands/argocd-repo-server.md b/docs/operator-manual/server-commands/argocd-repo-server.md
@@ -21,6 +21,7 @@ argocd-repo-server [flags]
       --disable-helm-manifest-max-extracted-size       Disable maximum size of helm manifest archives when extracted
       --disable-tls                                    Disable TLS on the gRPC endpoint
       --helm-manifest-max-extracted-size string        Maximum size of helm manifest archives when extracted (default "1G")
+      --helm-registry-max-index-size string            Maximum size of registry index file (default "1G")
   -h, --help                                           help for argocd-repo-server
       --logformat string                               Set the logging format. One of: text|json (default "text")
       --loglevel string                                Set the logging level. One of: debug|info|warn|error (default "info")

diff --git a/docs/snyk/index.md b/docs/snyk/index.md
@@ -17,36 +17,36 @@ recent minor releases.
 | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 |
 | [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 1 |
 | [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
-| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 6 | 15 |
+| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 8 | 14 |
 | [redis:7.0.14-alpine](master/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 |
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v2.9.7
+### v2.9.9
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.9.7/argocd-test.html) | 0 | 1 | 11 | 0 |
-| [ui/yarn.lock](v2.9.7/argocd-test.html) | 0 | 0 | 0 | 0 |
-| [dex:v2.37.0](v2.9.7/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 |
-| [haproxy:2.6.14-alpine](v2.9.7/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
-| [argocd:v2.9.7](v2.9.7/quay.io_argoproj_argocd_v2.9.7.html) | 0 | 0 | 6 | 15 |
-| [redis:7.0.11-alpine](v2.9.7/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 |
-| [install.yaml](v2.9.7/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.9.7/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.9.9/argocd-test.html) | 0 | 1 | 11 | 0 |
+| [ui/yarn.lock](v2.9.9/argocd-test.html) | 0 | 0 | 0 | 0 |
+| [dex:v2.37.0](v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 |
+| [haproxy:2.6.14-alpine](v2.9.9/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
+| [argocd:v2.9.9](v2.9.9/quay.io_argoproj_argocd_v2.9.9.html) | 0 | 0 | 9 | 14 |
+| [redis:7.0.11-alpine](v2.9.9/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 |
+| [install.yaml](v2.9.9/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.9.9/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v2.8.11
+### v2.8.13
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.8.11/argocd-test.html) | 0 | 1 | 11 | 0 |
-| [ui/yarn.lock](v2.8.11/argocd-test.html) | 0 | 0 | 0 | 0 |
-| [dex:v2.37.0](v2.8.11/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 |
-| [haproxy:2.6.14-alpine](v2.8.11/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
-| [argocd:v2.8.11](v2.8.11/quay.io_argoproj_argocd_v2.8.11.html) | 0 | 0 | 6 | 15 |
-| [redis:7.0.11-alpine](v2.8.11/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 |
-| [install.yaml](v2.8.11/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.8.11/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.8.13/argocd-test.html) | 0 | 1 | 11 | 0 |
+| [ui/yarn.lock](v2.8.13/argocd-test.html) | 0 | 0 | 0 | 0 |
+| [dex:v2.37.0](v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 |
+| [haproxy:2.6.14-alpine](v2.8.13/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
+| [argocd:v2.8.13](v2.8.13/quay.io_argoproj_argocd_v2.8.13.html) | 0 | 0 | 9 | 14 |
+| [redis:7.0.11-alpine](v2.8.13/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 |
+| [install.yaml](v2.8.13/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.8.13/argocd-iac-namespace-install.html) | - | - | - | - |
 
 ### v2.7.17
 
@@ -56,7 +56,7 @@ recent minor releases.
 | [ui/yarn.lock](v2.7.17/argocd-test.html) | 0 | 1 | 0 | 0 |
 | [dex:v2.37.0](v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 |
 | [haproxy:2.6.14-alpine](v2.7.17/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 |
-| [argocd:v2.7.17](v2.7.17/quay.io_argoproj_argocd_v2.7.17.html) | 0 | 0 | 6 | 20 |
+| [argocd:v2.7.17](v2.7.17/quay.io_argoproj_argocd_v2.7.17.html) | 0 | 0 | 12 | 19 |
 | [redis:7.0.14-alpine](v2.7.17/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 |
 | [install.yaml](v2.7.17/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.7.17/argocd-iac-namespace-install.html) | - | - | - | - |