fix(argo-cd): Downgrade to latest available Redis under BSD-3-Clause

Signed-off-by: Marco Maurer <[email protected]>

charts/argo-cd/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: v2.14.11
 kubeVersion: ">=1.25.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.8.28
+version: 7.9.0
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -27,4 +27,4 @@ annotations:
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
     - kind: changed
-      description: Bump argo-cd to v2.14.11
+      description: Downgrade Redis to latest 7.2.8 to be in-line with upstream and CNCF Allowlist License Policy

charts/argo-cd/README.md

@@ -278,6 +278,35 @@ For full list of changes please check ArtifactHub [changelog].
 
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 
+### 7.9.0
+
+Chart versions from >= 7.7.2 and < 7.9.0 are using a Redis version which is no longer using an open source version of Redis.
+Thus we downgraded Redis to latest available 7.2 (from 7.4) to be in-line with upstream manifests and fully honor
+[CNCF Allowlist License Policy].
+
+**Users using redis-ha may encounter issues** which can be resolved by either deleting all redis-ha pods after the
+deployment/upgrade:
+
+```bash
+kubectl delete pods -l app=redis-ha
+```
+
+Or alternatively by temporary switching to a single redis installation, then back to HA.
+1. Evaluate current chart version in use
+   ```bash
+   $ helm ls
+   NAME  	NAMESPACE	REVISION	UPDATED                              	STATUS  	CHART         	APP VERSION
+   argocd	argocd   	3       	2025-04-29 00:07:43.099922 +0200 CEST	deployed	argo-cd-7.8.28	v2.14.11
+   ```
+2. Switch to single redis
+   ```bash
+   helm upgrade argocd argo/argo-cd --version <your current chart version> --reuse-values --set redis-ha.enabled=false
+   ```
+3. Upgrade to chart version 7.9 or newer and re-enable redis HA again
+   ```bash
+   helm upgrade argocd argo/argo-cd --version 7.9.0 --reuse-values --set redis-ha.enabled=true
+   ```
+
 ### 7.0.0
 
 We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
@@ -1280,7 +1309,7 @@ NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm Conf
 | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
 | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
 | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
-| redis.image.tag | string | `"7.4.2-alpine"` | Redis tag |
+| redis.image.tag | string | `"7.2.8-alpine"` | Redis tag |
 | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
 | redis.initContainers | list | `[]` | Init containers to add to the redis pod |
 | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server |
@@ -1366,7 +1395,7 @@ The main options are listed here:
 | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
 | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
 | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
-| redis-ha.image.tag | string | `"7.4.2-alpine"` | Redis tag |
+| redis-ha.image.tag | string | `"7.2.8-alpine"` | Redis tag |
 | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
 | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
 | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""`  is disabled |
@@ -1713,3 +1742,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer
 [Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/
 [Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md
+[CNCF Allowlist License Policy]: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md#cncf-allowlist-license-policy

charts/argo-cd/README.md.gotmpl

@@ -278,6 +278,36 @@ For full list of changes please check ArtifactHub [changelog].
 
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 
+### 7.9.0
+
+Chart versions from >= 7.7.2 and < 7.9.0 are using a Redis version which is no longer using an open source version of Redis.
+Thus we downgraded Redis to latest available 7.2 (from 7.4) to be in-line with upstream manifests and fully honor
+[CNCF Allowlist License Policy].
+
+
+**Users using redis-ha may encounter issues** which can be resolved by either deleting all redis-ha pods after the
+deployment/upgrade:
+
+```bash
+kubectl delete pods -l app=redis-ha
+```
+
+Or alternatively by temporary switching to a single redis installation, then back to HA.
+1. Evaluate current chart version in use
+   ```bash
+   $ helm ls
+   NAME  	NAMESPACE	REVISION	UPDATED                              	STATUS  	CHART         	APP VERSION
+   argocd	argocd   	3       	2025-04-29 00:07:43.099922 +0200 CEST	deployed	argo-cd-7.8.28	v2.14.11
+   ```
+2. Switch to single redis
+   ```bash
+   helm upgrade argocd argo/argo-cd --version <your current chart version> --reuse-values --set redis-ha.enabled=false
+   ```
+3. Upgrade to chart version 7.9 or newer and re-enable redis HA again
+   ```bash
+   helm upgrade argocd argo/argo-cd --version 7.9.0 --reuse-values --set redis-ha.enabled=true
+   ```
+
 ### 7.0.0
 
 We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
@@ -863,3 +893,4 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer
 [Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/
 [Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md
+[CNCF Allowlist License Policy]: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md#cncf-allowlist-license-policy

charts/argo-cd/values.yaml

@@ -1293,7 +1293,8 @@ redis:
     # -- Redis repository
     repository: public.ecr.aws/docker/library/redis
     # -- Redis tag
-    tag: 7.4.2-alpine
+    ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
+    tag: 7.2.8-alpine
     # -- Redis image pull policy
     # @default -- `""` (defaults to global.image.imagePullPolicy)
     imagePullPolicy: ""
@@ -1579,7 +1580,8 @@ redis-ha:
     # -- Redis repository
     repository: public.ecr.aws/docker/library/redis
     # -- Redis tag
-    tag: 7.4.2-alpine
+    ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
+    tag: 7.2.8-alpine
   ## Prometheus redis-exporter sidecar
   exporter:
     # -- Enable Prometheus redis-exporter sidecar

renovate.json

@@ -86,7 +86,6 @@
         "argoproj/argo-rollouts",
         "argoproj-labs/argocd-image-updater",
         "argoprojlabs/argocd-extension-installer",
-        "public.ecr.aws/docker/library/redis",
         "ghcr.io/dexidp/dex",
         "ghcr.io/oliver006/redis_exporter"
       ],
@@ -98,6 +97,23 @@
         ]
       }
     },
+    {
+      "matchPackageNames": [
+        "public.ecr.aws/docker/library/redis"
+      ],
+      "matchDatasources": [
+        "docker"
+      ],
+      "allowedVersions": "< 7.4",
+      "description": ["With version 7.4, Redis is moving away from the BSD 3-Clause License"],
+      "commitMessagePrefix": "chore({{parentDir}}):",
+      "postUpgradeTasks": {
+        "commands": [
+          "./scripts/renovate-bump-version.sh -c {{parentDir}} -d {{depName}} -v {{newVersion}}",
+          "./scripts/helm-docs.sh"
+        ]
+      }
+    },
     {
       "matchPackagePatterns": ["redis-ha"],
       "enabled": false