argoproj-labs · jannfis · Jun 3, 2026 · Aug 13, 2025 · Aug 13, 2025 · May 8, 2026
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -0,0 +1,19 @@
+apiVersion: v2
+name: argocd-agent-principal
+description: Argo CD Agent Principal component for multi-cluster application management
+type: application
+version: 0.3.1
+appVersion: "v0.8.1"
+home: https://github.com/argoproj-labs/argocd-agent
+sources:
+  - https://github.com/argoproj-labs/argocd-agent
+keywords:
+  - argocd
+  - gitops
+  - agent
+kubeVersion: ">=1.24.0-0"
+maintainers:
+  - name: Argo Project Maintainers
+    url: https://github.com/argoproj-labs/argocd-agent
+annotations:
+  charts.openshift.io/name: "Argo CD Agent - Principal Component"
@@ -0,0 +1,61 @@
+Thank you for installing {{ include "argocd-agent-principal.name" . }}!
+
+Your principal has been deployed to the {{ include "argocd-agent-principal.namespace" . }} namespace.
+
+Release: {{ .Release.Name }}
+Namespace: {{ include "argocd-agent-principal.namespace" . }}
+
+Deployment
+----------
+- Name: {{ include "argocd-agent-principal.fullname" . }}
+- Replicas: {{ .Values.replicaCount }}
+- Image: {{ .Values.image.repository }}:{{ include "argocd-agent-principal.defaultTag" . }} (pullPolicy: {{ .Values.image.pullPolicy }})
+
+Services
+--------
+- gRPC Service:    {{ include "argocd-agent-principal.serviceName" . }}
+  - Port: {{ .Values.principal.listen.port }}
+- Metrics Service: {{ include "argocd-agent-principal.metricsServiceName" . }}
+  - Port: {{ .Values.principal.metrics.port }}
+- Healthz Service: {{ include "argocd-agent-principal.healthzServiceName" . }}
+  - Port: {{ .Values.principal.healthz.port }}
+
+Quick checks
+------------
+1) Check Deployment rollout
+   kubectl -n {{ include "argocd-agent-principal.namespace" . }} rollout status deploy/{{ include "argocd-agent-principal.fullname" . }}
+
+2) List Services
+   kubectl -n {{ include "argocd-agent-principal.namespace" . }} get svc
+
+3) Port-forward to Metrics and Healthz
+   # Metrics
+   kubectl -n {{ include "argocd-agent-principal.namespace" . }} port-forward deploy/{{ include "argocd-agent-principal.fullname" . }} 127.0.0.1:{{ .Values.principal.metrics.port }}:{{ .Values.principal.metrics.port }}
+   # Healthz
+   kubectl -n {{ include "argocd-agent-principal.namespace" . }} port-forward deploy/{{ include "argocd-agent-principal.fullname" . }} 127.0.0.1:{{ .Values.principal.healthz.port }}:{{ .Values.principal.healthz.port }}
+
+4) Probe endpoints
+   curl -sf http://127.0.0.1:{{ .Values.principal.healthz.port }}/healthz || true
+   curl -sf http://127.0.0.1:{{ .Values.principal.metrics.port }}/metrics | head -n 20 || true
+
+Configuration overview
+----------------------
+- Listen port:  {{ .Values.principal.listen.port }}
+- Auth method:  {{ .Values.principal.auth }}
+- Namespace:    {{ .Values.principal.namespace }}
+- Redis:        {{ .Values.principal.redis.server.address }}
+{{- if .Values.principal.tls.server.allowGenerate }}
+
+WARNING: TLS certificate generation is enabled. This is insecure and should only be used for development.
+For production, please provide proper TLS certificates.
+{{- end }}
+{{- if .Values.principal.jwt.allowGenerate }}
+
+WARNING: JWT key generation is enabled. This is insecure and should only be used for development.
+For production, please provide a proper JWT signing key.
+{{- end }}
+{{- if hasPrefix "userpass:" .Values.principal.auth }}
+
+NOTE: userpass auth is configured. Ensure the Secret "{{ .Values.principal.userpass.secretName }}" exists with
+a valid encrypted credentials file before agents attempt to connect.
+{{- end }}
@@ -0,0 +1,141 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "argocd-agent-principal.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "argocd-agent-principal.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "argocd-agent-principal.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create default image tag. Defaults to chart appVersion if not set.
+*/}}
+{{- define "argocd-agent-principal.defaultTag" -}}
+{{- default .Chart.AppVersion .Values.image.tag }}
+{{- end -}}
+
+{{/*
+Expand the namespace of the release.
+Defaults to release namespace if namespaceOverride is not set.
+*/}}
+{{- define "argocd-agent-principal.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "argocd-agent-principal.labels" -}}
+helm.sh/chart: {{ include "argocd-agent-principal.chart" . }}
+{{ include "argocd-agent-principal.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels.
+NOTE: spec.selector.matchLabels is immutable on Deployments. Changing any
+value emitted here after the initial install (e.g. by setting nameOverride)
+requires deleting and reinstalling the release.
+*/}}
+{{- define "argocd-agent-principal.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "argocd-agent-principal.name" . }}
+app.kubernetes.io/part-of: argocd-agent
+app.kubernetes.io/component: principal
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "argocd-agent-principal.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- if .Values.serviceAccount.name }}
+{{- .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- include "argocd-agent-principal.fullname" . }}
+{{- end }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Resource name helpers
+*/}}
+{{- define "argocd-agent-principal.configMapName" -}}
+{{- printf "%s-params" (include "argocd-agent-principal.fullname" .) }}
+{{- end }}
+
+{{- define "argocd-agent-principal.serviceName" -}}
+{{- include "argocd-agent-principal.fullname" . }}
+{{- end }}
+
+{{- define "argocd-agent-principal.metricsServiceName" -}}
+{{- printf "%s-metrics" (include "argocd-agent-principal.fullname" .) }}
+{{- end }}
+
+{{- define "argocd-agent-principal.healthzServiceName" -}}
+{{- printf "%s-healthz" (include "argocd-agent-principal.fullname" .) }}
+{{- end }}
+
+{{- define "argocd-agent-principal.redisProxyServiceName" -}}
+argocd-agent-redis-proxy
+{{- end }}
+
+{{- define "argocd-agent-principal.resourceProxyServiceName" -}}
+argocd-agent-resource-proxy
+{{- end }}
+
+{{- define "argocd-agent-principal.serviceMonitorName" -}}
+{{- printf "%s-servicemonitor" (include "argocd-agent-principal.fullname" .) }}
+{{- end }}
+
+{{- define "argocd-agent-principal.clusterRoleName" -}}
+{{- include "argocd-agent-principal.fullname" . }}
+{{- end }}
+
+{{- define "argocd-agent-principal.roleName" -}}
+{{- include "argocd-agent-principal.fullname" . }}
+{{- end }}
+
+{{- define "argocd-agent-principal.clusterRoleBindingName" -}}
+{{- include "argocd-agent-principal.fullname" . }}
+{{- end }}
+
+{{- define "argocd-agent-principal.roleBindingName" -}}
+{{- include "argocd-agent-principal.fullname" . }}
+{{- end }}
+
+{{- define "argocd-agent-principal.userpassSecretName" -}}
+{{- .Values.principal.userpass.secretName }}
+{{- end }}
+
+{{- define "argocd-agent-principal.testResourceName" -}}
+{{- printf "%s-test" (include "argocd-agent-principal.fullname" .) }}
+{{- end }}
@@ -0,0 +1,32 @@
+{{- if and .Values.rbac.create .Values.rbac.createClusterRole }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argocd-agent-principal.clusterRoleName" . }}
+  labels:
+    {{- include "argocd-agent-principal.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - argoproj.io
+  resources:
+  - applications
+  - appprojects
+  - applicationsets
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - delete
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+{{- end }}
@@ -0,0 +1,16 @@
+{{- if and .Values.rbac.create .Values.rbac.createClusterRole }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "argocd-agent-principal.clusterRoleBindingName" . }}
+  labels:
+    {{- include "argocd-agent-principal.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "argocd-agent-principal.clusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argocd-agent-principal.serviceAccountName" . }}
+  namespace: {{ include "argocd-agent-principal.namespace" . }}
+{{- end }}