DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added README.md, made secret optional

Browse source 
This commit adds a README.md with some basic docs pulled from the
values.yaml. It also contains a small quality of life improvement for
making the argocd-secret optional so operators can manage their secrets
externally.
This commit is contained in:
seanson@users.noreply.github.com 2019-09-06 16:11:42 +10:00
parent cd6bf14b23
commit 08f4d84a49
No known key found for this signature in database
GPG key ID: 356A1B69190BEB01
3 changed files with 105 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

87
charts/argo-cd/README.md Normal file
View file

@ -0,0 +1,87 @@
# argo-cd
This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes.
The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases).
This chart currently installs the non-HA version of ArgoCD.
## Prerequisites
- Kubernetes 1.7+
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add argo https://argoproj.github.io/argo-helm
$ helm install --name my-release argo/argo-cd
```
## Chart Values
| Key | Type | Default | Description |
| -------------------------------------- | ------ | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| applicationController.containerPort | int | `8082` | Container port for application controller server and metrics |
| applicationController.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| applicationController.image.repository | string | `"argoproj/argocd"` | Docker image repo |
| applicationController.image.tag | string | `"v1.2.0"` | Docker image tag |
| applicationController.servicePort | int | `8082` | Service port for applicaiton controller server |
| applicationController.volumeMounts | list | `[]` | Additional volume mounts |
| applicationController.volumes | list | `[]` | Additional volumes |
| clusterAdminAccess.enabled | bool | `true` | Standard Argo CD installation with cluster-admin access. Set this true if you plan to use Argo CD to deploy applications in the same cluster that Argo CD runs in (i.e. kubernetes.svc.default). Will still be able to deploy to external clusters with inputted credentials. |
| config.configManagementPlugins | string | `nil` | List of custom config management plugins, see [values.yaml](./values.yaml) for format |
| config.createSecret | bool | `true` | Creates the argocd-secret secret, set to false to manage externally |
| config.dexConfig | string | `nil` | Configuration for external auth and URL, see [values.yaml](./values.yaml) for format |
| config.helmRepositories | string | `nil` | Configuration for external Helm charts, see [values.yaml](./values.yaml) for format |
| config.oidcConfig | string | `nil` | Configuration for OpenID connect, see [values.yaml](./values.yaml) for format |
| config.repositories | string | `nil` | Configuration for remote Git repositories for Applications, see [values.yaml](./values.yaml) for format |
| config.resourceCustomizations | string | `nil` | resourceCustomizations can be used to create custom health checks for resources [https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/health.md#way-1-define-a-custom-health-check-in-argocd-cm-configmap] |
| config.url | string | `nil` | External URL for ArgoCD |
| config.webhook.bitbucketSecret | string | `nil` | BitBucket incoming webhook secret |
| config.webhook.githubSecret | string | `nil` | GitHub incoming webhook secret |
| config.webhook.gitlabSecret | string | `nil` | GitLab incoming webhook secret |
| dexServer.containerPortGrpc | int | `5557` | Container port for Dex Server GRPC |
| dexServer.containerPortHttp | int | `5556` | Container port for Dex Server HTTP |
| dexServer.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| dexServer.image.repository | string | `"quay.io/dexidp/dex"` | Docker image repo |
| dexServer.image.tag | string | `"v2.12.0"` | Docker image tag |
| dexServer.initImage.pullPolicy | string | `"Always"` | Docker image pull policy |
| dexServer.initImage.repository | string | `"argoproj/argocd"` | Docker image repo |
| dexServer.initImage.tag | string | `"v1.2.0"` | Docker image tag |
| dexServer.servicePortGrpc | int | `5557` | Service port for Dex Server GRPC |
| dexServer.servicePortHttp | int | `5556` | Service port for Dex Server GRPC |
| dexServer.volumeMounts | list | `[]` | Additional volume mounts |
| dexServer.volumes | list | `[]` | Additional volumes |
| ingress.annotations | object | `{}` | Annotations for ingress object, set `nginx.ingress.kubernetes.io/force-ssl-redirect: "true"` and `nginx.ingress.kubernetes.io/ssl-passthrough: "true"` if serving GRPC and HTTPS on the same ingress |
| ingress.enabled | bool | `false` | Enable ingress |
| ingress.hosts[0] | string | `"argocd.example.com"` | Ingress host |
| ingress.path | string | `"/"` | Ingress path |
| rbac.policyCsv | string | `nil` | RBAC policy in CSV, see [values.yaml](./values.yaml) for format |
| rbac.policyDefault | string | `nil` | The default role Argo CD will fall back to, when authorizing API requests, ie: `role:readonly` |
| rbac.scopes | string | `nil` | Scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). ie: `[groups]` |
| redis.containerPort | int | `6379` | Container port for Redis |
| redis.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| redis.image.repository | string | `"redis"` | Docker image repo |
| redis.image.tag | string | `"5.0.3"` | Docker image tag |
| redis.servicePort | int | `6379` | Service port for Redis |
| repoServer.containerPort | int | `8081` | Container port for repo server |
| repoServer.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| repoServer.image.repository | string | `"argoproj/argocd"` | Docker image repo |
| repoServer.image.tag | string | `"v1.2.0"` | Docker image tag |
| repoServer.servicePort | int | `8081` | Service port for repo server |
| repoServer.volumeMounts | list | `[]` | Additional volume mounts |
| repoServer.volumes | list | `[]` | Additional volumes |
| server.annotations | object | `{}` | Annotations for the server deployment |
| server.containerPort | int | `8080` | Container port for server |
| server.extraArgs | list | `[]` | Add additional arguments |
| server.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| server.image.repository | string | `"argoproj/argocd"` | Docker image repo |
| server.image.tag | string | `"v1.2.0"` | Docker image tag |
| server.metricsPort | int | `8083` | Container port for server metrics |
| server.serviceAnnotations | object | `{}` | Annotations for server service |
| server.servicePortHttp | int | `80` | HTTP Container port for server |
| server.servicePortHttps | int | `443` | HTTPS Container port for server |
| server.volumeMounts | list | `[]` | Additional volume mounts, see [values.yaml](./values.yaml) for syntax for SSH known hosts |
| server.volumes | list | `[]` | Additional volumes, see [values.yaml](./values.yaml) for syntax for SSH known hosts |

2
charts/argo-cd/templates/argocd-secret.yaml
View file

@ -1,3 +1,4 @@
{{- if .Values.config.createSecret }}
apiVersion: v1
kind: Secret
metadata:
@ -22,3 +23,4 @@ data:
bitbucket.webhook.uuid: {{ .Values.config.webhook.bitbucketSecret }}
{{- end }}
{{- end }}
{{- end }}

20
charts/argo-cd/values.yaml
View file

@ -20,7 +20,12 @@ server:
pullPolicy: Always
extraArgs: []
volumeMounts: []
# - name: ssh-known-hosts
# mountPath: /app/config/ssh
volumes: []
# - name: ssh-known-hosts
# configMap:
# name: argocd-ssh-known-hosts-cm
annotations: {}
repoServer:
@ -52,23 +57,18 @@ dexServer:
# terminate tls at ArgoCD level
ingress:
enabled: false
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
path: /
hosts:
- argocd.example.com
# Standard Argo CD installation with cluster-admin access.
# Set this true if you plan to use Argo CD to deploy applications in the same cluster that
# Argo CD runs in (i.e. kubernetes.svc.default).
# Will still be able to deploy to external clusters with inputted credentials.
clusterAdminAccess:
enabled: true
config:
createSecret: true
helmRepositories:
# - name: privateRepo
# url: http://chartmuseum.privatecloud.com
@ -120,8 +120,6 @@ config:
githubSecret:
gitlabSecret:
bitbucketSecret:
# resourceCustomizations can be used to create custom health checks for resources
# https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/health.md#way-1-define-a-custom-health-check-in-argocd-cm-configmap
resourceCustomizations:
# certmanager.k8s.io/Certificate:
# health.lua: |
@ -153,9 +151,7 @@ rbac:
# p, role:org-admin, repositories, update, *, allow
# p, role:org-admin, repositories, delete, *, allow
# g, your-github-org:your-team, role:org-admin
# The default role Argo CD will fall back to, when authorizing API requests
policyDefault: #role:readonly
# Scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
scopes: #[groups]
redis: